LDAP variables not being replaced

[repeattofade]

I've noticed that the functions in the rcube_ldap.php file for some operations (mostly the group add/modify/delete) do not resolve user specific variables.

For example, my base DN features %fu and this gets correctly converted to the email address by the basic functions. But I was unable to use contact groups at all until I had copied in the code to replace the %fu variable.

[alec]

What did you copied? As I know LDAP contact grpups are not supported yet.

[andudi]

hei repeattofade
the LDAP group feature is quite new, thus I suppose you used RC from SVN?

But what kind of server topology do you use for your tests?

I alredy wrote a howto on the wiki ​http://trac.roundcube.net/wiki/Howto_Ldap but this is for now for a (simple) setups... but if you are a LDAP guru, it should be no problem to adapt it!

Thus, please give me details of your LDAP setup, and about how you try/whish to use the LDAP group feature (if you do not use it, just let the 'groups' attribute at false as described in main.inc.php.dist)

To your problem: I do not have a setup with %fu variables yet, and I am verry happy if I have found now a tester for that feature :-)

Andreas

[repeattofade]

Hi Andreas

I downloaded the current trunk version (changeset 4613) so I'm using the feature as it is being created - it's not my live server but I wanted to test it as the LDAP group feature is one that is being requested by customers now.

I have a large OpenLDAP server in place already, with a quite extended topology. This is an example of my DNs:

mail=contact@address,ou=Customer's Address Book,cn=Customer's Email Address,ou=People,dc=domain

And in my main.inc.php

'groups' => array(

'base_dn' => 'ou=Address Book,cn=%fu,ou=People,dc=domain',
'filter' => '(objectClass=groupOfMembers)',

My users can bind to their address book just fine, but trying to use the contact groups has been problematic - the current code doesn't work as it is now. It simply returns 'cannot be saved' errors.

After some digging I realised it is because Roundcube was trying to create the groups as cn=Group Name,ou=Address Book,cn=%fu,ou=People,dc=domain - the email address variable was not being converted and as such openLDAP returned that it was not created. The base_dn stated in the group array from main.inc.php needs to be resolved.

To fix it, I copied the following code from function _connect() to the LDAP group functions:

$fu = $RCMAIL->user->get_username();
list($u, $d) = explode('@', $fu);
$dc = 'dc='.strtr($d, array('.' => ',dc='));
$replaces = array('%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);

Then I updated the references of $base_dn so that the variable %fu was replaced. The variables are needed in insert(), update(), delete(), _exec_search(), list_groups(), create_group(), delete_group(), rename_group(), add_to_group(), remove_from_group().

The way I have done this is quite messy - perhaps there could be a function created to do the replace work? I hope this helps you update this awesome feature.

[andudi]

hei [whoever]

since the implementation of this feature is quite new, I did not implement the %xy replacements yet!

But since I have found now a competent tester, I will go forward to implement it soon (I think I have to study the whole topic first, and this take some time)

Thanks already for your experiance!

I let you know about the progress...

Andreas

[andudi]

patch for the configuration

[andudi]

replacement patch for groups

[andudi]

hei repeattofade

I implemented the desired %xy remplacement for the groups base_dn, please test the patches I attached and give me feedback soon. I tested only the %u replacement, but I suppose %fu will work as well.

Strange, but when I tested this, I found that in the contacts base_dn the replacement was not really done properly, only in the bind_dn... I fixed this as well. I did not yet find a concerning ticket in the trac, but I suppose others must have this problem as well...?

Andreas

[andudi]

bugfix, replaces user-replacements.patch

[andudi]

I added a bugfix for user-replacements.patch, please use user-replacements.patch2 instead.
Andreas

[ldeviator]

I believe this issue is inside rcube_ldap.php in the function _connect()

right after

// Replace the bind_dn and base_dn variables.
$bind_dn   = strtr($bind_dn, $replaces);
$base_dn   = strtr($base_dn, $replaces);

I think you should put those replacements back in to the class variables like so

$this->prop['base_dn'] = $base_dn;
$this->prop['bind_dn'] = $bind_dn;

[thomasb]

Fix by andudi committed in [d1e08fc9]

Please test and reopen with this ticket if the problem is not solved.