bugfix: wrapped the building of authsource config with issets. #539
Conversation
the silent fail on searchformultiple(...) did not show anything in the log when actually it was the $this->getLdap() that failed.
Not doing this gave me errors about ldap.port and ldap.timeout not being an integer (but NULL) from Configuration.php
Dec 23 08:28:10 simplesamlphp WARNING [94b0f44d76] AttributeAddFromLDAP: exception = exception 'Exception' with message 'ldap:AuthProcess: The option 'ldap.port' is not a valid integer value.' in /Users/remy/git/saml-IdP/lib/SimpleSAML/Configuration.php:737
Stack trace:
#0 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/BaseFilter.php(267): SimpleSAML_Configuration->getInteger('ldap.port', 389)
#1 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php(172): sspmod_ldap_Auth_Process_BaseFilter->getLdap()
...
|
Thanks Remy. If you are using the isset tests, can we then leave off those ugly |
|
@thijskh I guess so, my php skills are a bit rusty from old days. Didn't bother to google what those |
|
No more ugly |
|
Great. I'll review it in more detail next week... (unless someone beats me to it) |
|
Fijne kerst! (dutch for 'merry christmas') |
|
any change you looked into this issue? |
|
accidentally pushed another feature against my master..... will set this straight right away.. |
This reverts commit 78ccac0.
| if (isset($authsource['debug'])) { | ||
| $authconfig['ldap.debug'] = $authsource['debug']; | ||
| } | ||
| if (isset($authsource['search.base']) && $authsource['search.enable']) { |
There was a problem hiding this comment.
This will now generate a notice when search.enable is not set. I think that is not desired...
There was a problem hiding this comment.
I'll change the code on these...
| $authconfig['ldap.enable_tls'] = $authsource['enable_tls']; | ||
| } | ||
| if (isset($authsource['port'])) { | ||
| $authconfig['ldap.port'] = $authsource['port']; |
There was a problem hiding this comment.
Spacing does not seem to follow the coding guidelines (4 spaces for indent)
There was a problem hiding this comment.
sorry 'bout that.... fixed in upcoming push.
| // Only set the username attribute if the authsource specifies one attribute | ||
| if (@$authsource['search.enable'] && is_array(@$authsource['search.attributes']) | ||
| if ($authsource['search.enable'] && is_array($authsource['search.attributes']) |
There was a problem hiding this comment.
I think we're not sure these two will be set at this point?
There was a problem hiding this comment.
true... both need a check to avoid a notice...
….... Since I moved this code into an if that already only gets executed when authsource['search.enable'] = true it is no longer needed in this check....
|
fixed indent and restructured code to avoid notices. |
| * | ||
| * @author Yørn de Jong | ||
| * @author Jaime Perez | ||
| * @author Steve Moitozo | ||
| * @author JAARS, Inc. | ||
| * @author Ryan Panning | ||
| * @author Remy Blom <remy.blom@hku.nl> |
There was a problem hiding this comment.
Would think we'd better get rid of these changelog and @author comments; that info is, in more accurate form, in vcs metadata...
|
Thanks @doedje! |
|
I have taken the liberty to squash the commits, because the accidental changes+revert cause a lot of noise in the history otherwise. Might want to do that yourself next time. |
|
I totally agree with you, I will have to look into how I to do that... thanx! |
…esamlphp#539) * Adjusted the silent fail to log a warning when $this->getLdap() fails the silent fail on searchformultiple(...) did not show anything in the log when actually it was the $this->getLdap() that failed. * Bugfix: Wrapped the building of authsource config with issets Not doing this gave me errors about ldap.port and ldap.timeout not being an integer (but NULL) from Configuration.php Dec 23 08:28:10 simplesamlphp WARNING [94b0f44d76] AttributeAddFromLDAP: exception = exception 'Exception' with message 'ldap:AuthProcess: The option 'ldap.port' is not a valid integer value.' in /Users/remy/git/saml-IdP/lib/SimpleSAML/Configuration.php:737 Stack trace: #0 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/BaseFilter.php(267): SimpleSAML_Configuration->getInteger('ldap.port', 389) #1 /Users/remy/git/saml-IdP/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php(172): sspmod_ldap_Auth_Process_BaseFilter->getLdap() ... * removed the @ as thijskh suggested... * feature: AttributeCopy can take array for 1 attribute * Revert "feature: AttributeCopy can take array for 1 attribute" This reverts commit 78ccac0. * BaseFilter.php: fix indent and added more isset checks... * BaseFilter.php: removed an unneeded if ($authsource['search.enable'] .... Since I moved this code into an if that already only gets executed when authsource['search.enable'] = true it is no longer needed in this check....
The change in
AttributeAddFromLDAP.phpwas needed to discover the bug in the first place. Without it there was never an error in the log while clearly an exception was thrown somewhere during$this->getLdap().The change in
BaseFilter.phpmakes sure that undefined configuration parameters in$authsourceare not set tonullin$authconfig, but rather stay undefined.Not doing so did result in the following exeception because
ldap.portwas indeed undefined in myauthsources.phpbut was set tonullbecause of the code inBaseFilter.php. The error never ended up in the log and I was presuming the value to be set to it's default, as it does when using the authsource as a direct authsource. Confusion all along.... =]