Error handling when ldap server is not connected

[jmvelasco]

Hi, I need to create an auth system for my project (different from LDAP) but I like to study how this zfcuser addon is build to use as reference.

I have let the ldap set up as default, so I know I am not going to be able to authorize against any ldap, but even if the application can't connect seems to try to query, since I am getting this error:

Fatal error: Cannot use string offset as an array in /users/p0100/web/html/vendor/ZfcUserLdap/src/ZfcUserLdap/Mapper/User.php on line 40

and looking at the code I see it is at the

findByEmail

method because

$obj = $this->ldap->findByEmail($email);

is returning the string error:

string '0x51 (Can't contact LDAP server): ldap://s0.foo.net' (length=51)

I am expecting an application error saying the connection to ldap server has failed, not this broken error or just the authentication has failed, so I wonder this might be checked.

I pass this issue adding

if (null === strpos($obj,'0x51')) { ...

after

$obj = $this->ldap->findByEmail($email);

as a quick work around but I am pretty sure things might not be on this way.

[Nitecon]

Thanks for the report, I'm currently refactoring the entire service to integrate more closely with zfcuser, which will also entail cleanup of all these untidy things.

[Nitecon]

If you would like to submit a pull request in the mean time to get this fixed you are more than welcome to do so.

[Nitecon]

I've just completed rebuilding the entire zfcuser-ldap from almost scratch. I'll be adding additional logging next and cleaning up these items.

[jmvelasco]

I see you have been very busy that days ... :) I'd like to check that error handling, since I don't have a ldap server around, but I am having probles to set up the Module. Probably I am missing something, but I can't see what. The case is the application can't find the LdapAuth adapter:

Fatal error: Uncaught exception 'Zend\ServiceManager\Exception\ServiceNotFoundException' with message 'Zend\ServiceManager\ServiceManager::get was unable to fetch or create an instance for ZfcUserLdap\Authentication\Adapter\LdapAuth'

I have been reviewing and the folder exists and it is at the right place ... so I can't figure out what could I skip.

Any idea ?

[Nitecon]

It may be due to a classmap that I did not check in, you can try to go under the ZfcUserLdap module on command line and then running. ../../vendor/bin/classmap_generator.php

I believe that is the full name although I may have miss spelled it since I'm writing from my head. I'll look at it next week regardless.

[jmvelasco]

Hi,

I have found this missing:

'ZfcUserLdap\Authentication\Adapter\LdapAuth' => 'ZfcUserLdap\Authentication\Adapter\LdapAuth',

at the invokables service manager section in module.config.php. Adding this line the module loads.

Byw, I still appreciate some error handling missing when there is no connection available to any of the ldap servers. Maybe this is due the failback you wanted to implement for different servers. The application might check if there is an active server to continue, for example or return a controlled error handling if after trying to bind the entiry ldap server list there are any one active.

If there is no active ldap connection, then ldap property is NULL, so we get:

Fatal error: Call to a member function getEntry() on a non-object in C:\xampp\htdocs\ZendSkeletonApplication\vendor\ZfcUserLdap\src\ZfcUserLdap\Adapter\Ldap.php on line 91

I am not too much strong in ZF2, but maybe you can set a listener to the ldap bind event and make this check there, so if there is no active ldap connection resource the application may return a proper error message.

I have continue checking the error list and if fact, when there is no active connection to ldap we have an application error, what it could be expected ... so this has been an advance, but if there is not the ldap externsion loaded at the server is when the appliction breaks saying the access error noticed below. I wonder you want to check this as well ...

array(2) { [0]=> string(33) "0x7002: LDAP extension not loaded" [1]=> string(33) "0x7002: LDAP extension not loaded" } 

Good work and good luck! ·_-

[jmvelasco]

I wanted to try a ldap server, so I've installed openldap. With a ldap admin client I connect to the server with the following data:

Host: nomada4
Port: 389
Version: 3
Base: dc=maxrc,dc=com

(simple authentification)

Account:
username: cn=Manager,dc=maxcrc,dc=com
password: secret

When I set those data at the ldap config key:

        'server1' => array(
            'host'              => 'nomada4',
            'username'          => 'cn=Manager,dc=maxcrc,dc=com',
            'password'          => 'secret',
            'bindRequiresDn'    => true,
            'accountDomainName' => 'maxcrc.com',
            'baseDn'            => 'ou=People,dc=maxcrc,dc=com',
        ),

• with/without ou=People (the only ou at the ldap)

I get null from the AdapterChain:

Auth event was stopped without a response. Got "NULL" instead

I have not create any user at the ldap directory, but I execpt at least to connect.

Do you have any idea what I am missing?

Thanks, ·_-

[Nitecon]

I'm going to try work on adding a bunch more logging tonight. That way you should be able to trap your error and see whats going wrong. I have a few other projects that I have to take care of before the work week starts, but I'll do my best to get to this one as soon as possible.

[Nitecon]

I added better logging for the project now you should at least be able to see what your errors are, I tried it against ldap and it now throws an exception if you try to authenticate, with a lot of stuff in logs that should point you in the right direction.

[jmvelasco]

I don't know if I am doing something wrong, but again ... the modules gives an error until you add:

'ZfcUserLdap\Authentication\Adapter\LdapAuth' => 'ZfcUserLdap\Authentication\Adapter\LdapAuth',

to invokables section in service_manager at module.config.php file.

[jmvelasco]

Btw, the error log works as a charm:

2013-10-07T20:44:50+02:00 NOTICE (5): 0x51 (Can't contact LDAP server): ldap://s0.foo2.net
2013-10-07T20:57:37+02:00 NOTICE (5): Attempting bind with ldap
2013-10-07T20:57:38+02:00 NOTICE (5): Bind successful setting active server.
2013-10-07T20:57:38+02:00 NOTICE (5): Attempting bind with ldap
2013-10-07T20:57:38+02:00 NOTICE (5): Attempting to get username entry: uid=hreqhrqehrqh,dc=maxcrc,dc=com against the active ldap server
2013-10-07T20:57:38+02:00 DEBUG (7): Raw Ldap Object: NULL
2013-10-07T20:57:38+02:00 NOTICE (5): Username entry lookup response: NULL

and the application can connect now to ldap server, I don't know why ... `:/

[jmvelasco]

Good Work !

[Nitecon]

Hope you find your issue :) Closing this one for now.