LDAP plug in includes attribute with blank value

On Mon, Jun 19, 2017 at 3:06 PM, Mike Manske <michael.manske@ligo.org> wrote:
> Nope not this attribute in the DN or anything crazy like that.
>
> I can check if I still have creds in the bug tracking system. I will
> include the code, which is dead simple.
>
> On Mon, Jun 19, 2017 at 8:25 AM, Benn Oshrin <benno@internet2.edu> wrote:
>> The LDAP attribute assembly code should only work with attributes that
>> are returned by the assemblePluginAttributes function. You aren't using
>> this attribute to construct the DN, are you?
>>
>> If not, can you file a bug report so we don't lose track of the issue,
>> and include your version of PHP?
>>
>> Thanks,
>>
>> Benn
>>
>> On 6/16/17 9:12 PM, Mike Manske wrote:
>>> slapd reports as I expected: "do_add: no values for type
>>> mailAlternateAddress". So it sounds like it is trying to add the
>>> element even though there are no values.
>>>
>>>
>>> Unconfigured Attribute Mode is set to "Ignore."
>>>
>>>
>>>
>>> On Fri, Jun 16, 2017 at 4:35 PM, Benn Oshrin <benno@internet2.edu> wrote:
>>>> Are there any errors in the LDAP server log files? For example with
>>>> OpenLDAP there is typically a message indicating what the object class
>>>> violation was. That might help us pin down what exactly the provisioner
>>>> is trying to do.
>>>>
>>>> Also, is Unconfigured Attribute Mode set to "Ignore" or "Remove"?
>>>>
>>>> Thanks,
>>>>
>>>> Benn
>>>>
>>>> On 6/16/17 5:25 PM, Mike Manske wrote:
>>>>> Version 2.
>>>>>
>>>>> We wrote an ldap plugin to use the qmailUser object class, attribute
>>>>> 'mailAlternateAddress'. As per the schema, this value should be
>>>>> optional, and allow multiple values. In the configuration, we did not
>>>>> specify any additional person object classes, as qmailUser is already
>>>>> included.
>>>>>
>>>>> I have the model attributes defined as:
>>>>> // using qmail
>>>>> public $attributes = array(
>>>>> 'qmailUser' => array(
>>>>> 'objectclass' => array(
>>>>> 'required' => true
>>>>> ),
>>>>> 'attributes' => array(
>>>>> 'mailAlternateAddress' => array(
>>>>> 'required' => false,
>>>>> 'multiple' => true,
>>>>> 'extendedtype' => 'email_address_types',
>>>>> 'defaulttype' => 'altListSub'
>>>>> )
>>>>> )
>>>>> )
>>>>> );
>>>>>
>>>>> All of this works fine, EXCEPT when there is no alternate
>>>>> mailAlternateAddress defined. My sense is that COmanage is trying to
>>>>> add a mailAlternateAddress with a blank value, which violates the
>>>>> schema.
>>>>>
>>>>> When I try to provision a user that does not have a
>>>>> mailAlternateAddress, the following msg is displayed: Provisioning
>>>>> failed: Protocol error (500).
>>>>>
>>>>> I validated that my assemblePluginAttributes function returns an empty
>>>>> array when there is no value found in the provisioning data. I even
>>>>> tried to force a return of null and the same problem occurred.
>>>>>