Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: COmanage Registry 3.2.4 (Oyster Pearl MR4)
Affects Version/s: COmanage Registry 3.2.3 (Oyster Pearl MR3)
Component/s: Registry Plugins
Labels:
- CMF-I2T

Description

The LDAP Provisioner will fail to provision if only one attribute from a non-required schema is to be provisioned and that attribute uses an attribute option, because the necessary value for the objectclass will not be included in what is sent to the LDAP server.

As a concrete example, if the only attribute from the voPerson schema to be provisioned is voPersonApplicationUID;app-foo then the voPerson objectclass will be omitted and the LDAP server will reject the modify/add command.

The issue is caused by this code in CoLdapProvisionerTarget.php:

// Check if we emitted anything
if(!empty($attributes[$attr]))

{ $attrEmitted = true; }

Since in the code that precedes this the key used is, for example, voPersonApplicationUID;app-foo it will not match voPersonApplicationUID, and so $attrEmitted will not be set true, and then in later code since $attrEmitted is false the objectclass is not added.

The fix is a better check to see if any of the keys for $attributes have "prefixes" (the part before the semicolon) that match $attr.

Attachments

Issue Links

is related to

CO-1914 LdapProvisioner Failed Schema Check (ldapPublicKey)

Resolved

CO-2111 voPosixAccount ObjectClass Not Written With Attribute Options

Resolved

Activity

People

Assignee:: Scott Koranda SCG (Inactive)

Reporter:: Scott Koranda SCG (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Nov/19 11:16 AM

Updated:: 03/Apr/21 8:19 PM

Resolved:: 06/Feb/20 1:14 PM