friendica
/
friendica-addons
7
2
Fork 13
Code Issues 3 Pull Requests 2 Releases 16 Wiki Activity

group membership checked against login instead of DN #911

Open
victort wants to merge 1 commits from victort/LDAP_Group_memebership_tweak into develop
pull from: victort/LDAP_Group_memebership_tweak
merge into: friendica:develop
Conversation 9 Commits 1 Files Changed 1 +1 -1
victort commented 2019-11-17 01:25:07 +01:00 (Migrated from github.com)
Copy Link

Hi , sorry if this is out of the blue.

After weeks of messing with why Friendica won't work with LDAP, i finally narrowed my particular problem down to Group Membership not parsing the attribute value correctly.

for my LDAP groups, the memberUid attribute is not filled with DNs of my users, but the uids of my users.

So after changing $dn to $res, suddenly all my group members would resolve!

It's a very minor change, but it might affect someone else.

I didn't see an issues tab on the friendica-addons repo, so I thought I'd just submit this change the pull request way. Sorry if this is out of sequence or something. While not a coder at all, I am happy to help resolve this any other way you'd like.

Hi , sorry if this is out of the blue. After weeks of messing with why Friendica won't work with LDAP, i finally narrowed _my particular_ problem down to Group Membership not parsing the attribute value correctly. for my LDAP groups, the `memberUid` attribute is not filled with DNs of my users, but the `uid`s of my users. So after changing `$dn` to `$res`, suddenly all my group members would resolve! It's a very minor change, but it might affect someone else. I didn't see an **issues** tab on the `friendica-addons` repo, so I thought I'd just submit this change the pull request way. Sorry if this is out of sequence or something. While not a coder at all, I am happy to help resolve this any other way you'd like.
annando (Migrated from github.com) reviewed 2019-11-17 01:25:07 +01:00
MrPetovan commented 2019-11-17 09:38:35 +01:00 (Migrated from github.com)
Copy Link

Hi @victort and thanks for your submission. Addons issues are centralized with core issues here: https://github.com/friendica/friendica/issues

I'm not qualified to judge if your change is applicable to all cases but I'm glad it solved yours. I'm going to let people with more familiarity with LDAP to take a better glance than me.

Hi @victort and thanks for your submission. Addons issues are centralized with core issues here: https://github.com/friendica/friendica/issues I'm not qualified to judge if your change is applicable to all cases but I'm glad it solved yours. I'm going to let people with more familiarity with LDAP to take a better glance than me.
MrPetovan commented 2019-11-17 09:39:08 +01:00 (Migrated from github.com)
Copy Link

CC @nupplaphil

CC @nupplaphil
annando commented 2019-11-17 19:19:15 +01:00 (Migrated from github.com)
Copy Link

I'm unsure about this. I have the feeling as if we should make it an option, but I don't have any LDAP server to test it.

I'm unsure about this. I have the feeling as if we should make it an option, but I don't have any LDAP server to test it.
victort commented 2019-11-18 01:53:05 +01:00 (Migrated from github.com)
Copy Link

I agree it should be an option. Also, I'm confused why $res works and $username doesn't. but I am not an expert in such things.

In my otherwise uninformed opinion, I too agree it should be an option, like ldap_group_member_attribute or something. It's just beyond my skills to do so.

anyway, thanks for considering.
US$0.02++

I agree it should be an option. Also, I'm confused why `$res` works and `$username` doesn't. but I am not an expert in such things. In my otherwise uninformed opinion, I too agree it should be an option, like `ldap_group_member_attribute` or something. It's just beyond my skills to do so. anyway, thanks for considering. `US$0.02++`
victort commented 2019-12-26 20:39:35 +01:00 (Migrated from github.com)
Copy Link

hi again,

Just for the record, I've experienced a regression when I upgraded to 2019.12, which reintroduced the checking-for-member-of-ldap-group problem, which i fixed with the same one liner.

hi again, Just for the record, I've experienced a regression when I upgraded to `2019.12`, which reintroduced the checking-for-member-of-ldap-group problem, which i fixed with the same one liner.
MrPetovan commented 2019-12-27 00:30:00 +01:00 (Migrated from github.com)
Copy Link

Hi @victort , thanks for the follow-up, this pull request hasn't been merged yet because of @annando 's concerns above, so it hasn't been part of the latest release and your one-liner patch is still warranted for your specific case.

Hi @victort , thanks for the follow-up, this pull request hasn't been merged yet because of @annando 's concerns above, so it hasn't been part of the latest release and your one-liner patch is still warranted for your specific case.
annando commented 2019-12-27 01:51:09 +01:00 (Migrated from github.com)
Copy Link

I totally forgot about this. I guess we should make it configurable. Then the responsibility is in the hands of the administrator.

I totally forgot about this. I guess we should make it configurable. Then the responsibility is in the hands of the administrator.
victort commented 2020-09-14 17:58:47 +02:00 (Migrated from github.com)
Copy Link

Hi again. No, I don't think you necessarily merge this, BUT.. I did want to mention that after upgrading to 2020.7, had to make this adjustment again before I could log in.

Thanks for playing!

Hi again. No, I don't think you necessarily merge this, BUT.. I did want to mention that after upgrading to 2020.7, had to make this adjustment again before I could log in. Thanks for playing!
annando commented 2020-09-14 19:18:21 +02:00 (Migrated from github.com)
Copy Link

Like last year, I totally forgot. Can you enhance the PR so that this change is configurable? I'm not totally sure if the change would work with all systems. So having a configuration for that would be the best.

Like last year, I totally forgot. Can you enhance the PR so that this change is configurable? I'm not totally sure if the change would work with all systems. So having a configuration for that would be the best.
This pull request has changes conflicting with the target branch.
  • ldapauth/ldapauth.php
You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.
git checkout -b victort/LDAP_Group_memebership_tweak develop
git pull origin victort/LDAP_Group_memebership_tweak

Step 2:

Merge the changes and update on Forgejo.
git checkout develop
git merge --no-ff victort/LDAP_Group_memebership_tweak
git push origin develop
Sign in to join this conversation.
Reviewers
No reviewers
annando
Labels
Clear labels   
2018.09

   
2019.01

   
2019.03

   
2019.06

   
2019.09

   
2019.12

   
2020.03

   
2020.06

   
2020.09

   
2020.12

   
2021.03

   
2021.07

   
2021.09

   
2022.02

   
2022.06

   
2022.09

   
2022.12

   
2023.04

   
2023.05

   
2023.09

   
2024.03

   
2024.06

   
dependencies

Pull requests that update a dependency file

  
Hackathon 2021
No Label
2018.09
2019.01
2019.03
2019.06
2019.09
2019.12
2020.03
2020.06
2020.09
2020.12
2021.03
2021.07
2021.09
2022.02
2022.06
2022.09
2022.12
2023.04
2023.05
2023.09
2024.03
2024.06
dependencies
Hackathon 2021
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: friendica/friendica-addons#911
No description provided.
Delete Branch "victort/LDAP_Group_memebership_tweak"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?