Browse files

MDL-31540 Try to remove duplicates before storing LDAP search contexts

If the user specifies the same LDAP search context more than once,
when we sync users we retrieve the same set of users twice. When we
try to insert the "duplicated" user in the temp table again, the db
barfs and the db layer aborts the whole transaction.

So we try to detect and remove duplicates. This is a bit tricky (LDAP
is such a complex and wonderful protocol) as the contexts are
distinguished names and the matching/comparison rules are complex. But
assuming that we only use the attribute types used in 99.999% of the
distinguished names used for contexts out there (that is: dc, ou, cn,
o, l and c), and also assuming that the user is not using different
encodings/escapings for the same context, we can lower case the
contexts to compare them (and remove duplicates).

This is safe according to RFC-4517 (section 4.2.15. distinguishedNameMatch)
and RFC-4519 (where the EQUAILITY property is defined for the
different user application attribute types).

This shouldn't break any configuration that wasn't broken before :)

Signed-off-by: Iñaki Arenaza <>
  • Loading branch information...
1 parent 5bbf3cb commit ca769fa7f8e2d00fa5283e6a802b6d14eb47bc45 @iarenaza iarenaza committed Mar 2, 2012
Showing with 7 additions and 1 deletion.
  1. +7 −1 auth/ldap/auth.php
8 auth/ldap/auth.php
@@ -1790,10 +1790,16 @@ function process_config($config) {
$config->ntlmsso_type = 'ntlm';
+ // Try to remove duplicates before storing the contexts (to avoid problems in sync_users()).
+ $config->contexts = explode(';', $config->contexts);
+ $config->contexts = array_map(create_function('$x', 'return textlib::strtolower(trim($x));'),
+ $config->contexts);
+ $config->contexts = implode(';', array_unique($config->contexts));
// Save settings
set_config('host_url', trim($config->host_url), $this->pluginconfig);
set_config('ldapencoding', trim($config->ldapencoding), $this->pluginconfig);
- set_config('contexts', trim($config->contexts), $this->pluginconfig);
+ set_config('contexts', $config->contexts, $this->pluginconfig);
set_config('user_type', moodle_strtolower(trim($config->user_type)), $this->pluginconfig);
set_config('user_attribute', moodle_strtolower(trim($config->user_attribute)), $this->pluginconfig);
set_config('search_sub', $config->search_sub, $this->pluginconfig);

0 comments on commit ca769fa

Please sign in to comment.