Please sign in to comment.
MDL-31540 Try to remove duplicates before storing LDAP search contexts
If the user specifies the same LDAP search context more than once, when we sync users we retrieve the same set of users twice. When we try to insert the "duplicated" user in the temp table again, the db barfs and the db layer aborts the whole transaction. So we try to detect and remove duplicates. This is a bit tricky (LDAP is such a complex and wonderful protocol) as the contexts are distinguished names and the matching/comparison rules are complex. But assuming that we only use the attribute types used in 99.999% of the distinguished names used for contexts out there (that is: dc, ou, cn, o, l and c), and also assuming that the user is not using different encodings/escapings for the same context, we can lower case the contexts to compare them (and remove duplicates). This is safe according to RFC-4517 (section 4.2.15. distinguishedNameMatch) and RFC-4519 (where the EQUAILITY property is defined for the different user application attribute types). This shouldn't break any configuration that wasn't broken before :) Signed-off-by: Iñaki Arenaza <email@example.com>
- Loading branch information...