Details
-
Bug
-
Resolution: Fixed
-
Major
-
COmanage Registry 3.2.3 (Oyster Pearl MR3)
Description
The LDAP Provisioner will fail to provision if only one attribute from a non-required schema is to be provisioned and that attribute uses an attribute option, because the necessary value for the objectclass will not be included in what is sent to the LDAP server.
As a concrete example, if the only attribute from the voPerson schema to be provisioned is voPersonApplicationUID;app-foo then the voPerson objectclass will be omitted and the LDAP server will reject the modify/add command.
The issue is caused by this code in CoLdapProvisionerTarget.php:
// Check if we emitted anything
if(!empty($attributes[$attr]))
Since in the code that precedes this the key used is, for example, voPersonApplicationUID;app-foo it will not match voPersonApplicationUID, and so $attrEmitted will not be set true, and then in later code since $attrEmitted is false the objectclass is not added.
The fix is a better check to see if any of the keys for $attributes have "prefixes" (the part before the semicolon) that match $attr.