New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bugfix: wrapped the building of authsource config with issets. #539
Conversation
the silent fail on searchformultiple(...) did not show anything in the log when actually it was the $this->getLdap() that failed.
Not doing this gave me errors about ldap.port and ldap.timeout not being an integer (but NULL) from Configuration.php Dec 23 08:28:10 simplesamlphp WARNING [94b0f44d76] AttributeAddFromLDAP: exception = exception 'Exception' with message 'ldap:AuthProcess: The option 'ldap.port' is not a valid integer value.' in /Users/remy/git/saml-IdP/lib/SimpleSAML/Configuration.php:737 Stack trace: #0 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/BaseFilter.php(267): SimpleSAML_Configuration->getInteger('ldap.port', 389) #1 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php(172): sspmod_ldap_Auth_Process_BaseFilter->getLdap() ...
Thanks Remy. If you are using the isset tests, can we then leave off those ugly |
@thijskh I guess so, my php skills are a bit rusty from old days. Didn't bother to google what those |
No more ugly |
Great. I'll review it in more detail next week... (unless someone beats me to it) |
Fijne kerst! (dutch for 'merry christmas') |
any change you looked into this issue? |
accidentally pushed another feature against my master..... will set this straight right away.. |
This reverts commit 78ccac0.
if (isset($authsource['debug'])) { | ||
$authconfig['ldap.debug'] = $authsource['debug']; | ||
} | ||
if (isset($authsource['search.base']) && $authsource['search.enable']) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will now generate a notice when search.enable is not set. I think that is not desired...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same for checks below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll change the code on these...
$authconfig['ldap.enable_tls'] = $authsource['enable_tls']; | ||
} | ||
if (isset($authsource['port'])) { | ||
$authconfig['ldap.port'] = $authsource['port']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Spacing does not seem to follow the coding guidelines (4 spaces for indent)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry 'bout that.... fixed in upcoming push.
// Only set the username attribute if the authsource specifies one attribute | ||
if (@$authsource['search.enable'] && is_array(@$authsource['search.attributes']) | ||
if ($authsource['search.enable'] && is_array($authsource['search.attributes']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we're not sure these two will be set at this point?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
true... both need a check to avoid a notice...
….... Since I moved this code into an if that already only gets executed when authsource['search.enable'] = true it is no longer needed in this check....
fixed indent and restructured code to avoid notices. |
* | ||
* @author Yørn de Jong | ||
* @author Jaime Perez | ||
* @author Steve Moitozo | ||
* @author JAARS, Inc. | ||
* @author Ryan Panning | ||
* @author Remy Blom <remy.blom@hku.nl> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would think we'd better get rid of these changelog and @author comments; that info is, in more accurate form, in vcs metadata...
Thanks @doedje! |
I have taken the liberty to squash the commits, because the accidental changes+revert cause a lot of noise in the history otherwise. Might want to do that yourself next time. |
I totally agree with you, I will have to look into how I to do that... thanx! |
…esamlphp#539) * Adjusted the silent fail to log a warning when $this->getLdap() fails the silent fail on searchformultiple(...) did not show anything in the log when actually it was the $this->getLdap() that failed. * Bugfix: Wrapped the building of authsource config with issets Not doing this gave me errors about ldap.port and ldap.timeout not being an integer (but NULL) from Configuration.php Dec 23 08:28:10 simplesamlphp WARNING [94b0f44d76] AttributeAddFromLDAP: exception = exception 'Exception' with message 'ldap:AuthProcess: The option 'ldap.port' is not a valid integer value.' in /Users/remy/git/saml-IdP/lib/SimpleSAML/Configuration.php:737 Stack trace: #0 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/BaseFilter.php(267): SimpleSAML_Configuration->getInteger('ldap.port', 389) #1 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php(172): sspmod_ldap_Auth_Process_BaseFilter->getLdap() ... * removed the @ as thijskh suggested... * feature: AttributeCopy can take array for 1 attribute * Revert "feature: AttributeCopy can take array for 1 attribute" This reverts commit 78ccac0. * BaseFilter.php: fix indent and added more isset checks... * BaseFilter.php: removed an unneeded if ($authsource['search.enable'] .... Since I moved this code into an if that already only gets executed when authsource['search.enable'] = true it is no longer needed in this check....
The change in
AttributeAddFromLDAP.php
was needed to discover the bug in the first place. Without it there was never an error in the log while clearly an exception was thrown somewhere during$this->getLdap()
.The change in
BaseFilter.php
makes sure that undefined configuration parameters in$authsource
are not set tonull
in$authconfig
, but rather stay undefined.Not doing so did result in the following exeception because
ldap.port
was indeed undefined in myauthsources.php
but was set tonull
because of the code inBaseFilter.php
. The error never ended up in the log and I was presuming the value to be set to it's default, as it does when using the authsource as a direct authsource. Confusion all along.... =]