search

centreon / centreon-archived

Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from Cloud to Edge.
https://www.centreon.com
GNU General Public License v2.0
576 stars 240 forks source link

Non ascii characters in usernames, name deleted on login. 2.7.x #4096

Closed oyvjel closed 8 years ago

oyvjel commented 8 years ago

I have a username autenticated by AD with norwegian characters:

CN=Øyvind SN ,OU=Users,OU=NCOP,DC=ncop,DC=local oyvjel Øyvind SN Øyvind SN - ( from Import LDAP search, the only place I have found norwegian characters to be correctly displayed)

Centreon deletes the "Full Name" field on each login with this user, resulting i failure in config generation, even if Full Name is set to "Safe_Ascii_Name" i Centreon. The LDAP DN field is abbreviated to "CN=" . Still autentication is working.

Generally non ascii characters are not handled properly, ref #4079, and have to be converted to ascii when upgrading from 2.6 Tested in 2.7.0 and 2.7.1

querwin commented 8 years ago

Maybe the same issue as this ticket : https://github.com/centreon/centreon/issues/4088

Can you try the fix ?

oyvjel commented 8 years ago

4088 does not solve the problem.

It is the "contact_name", not "contact_alias" that is the problem. Column "contact_name" is set to "" in the database. I can still log in. However errors are reported when i try to generate config-files.

The problematic characters must come from LDAP. Even if I try to get rid of all norweegian characters in the Centreon config and database the probem reappear after LDAP login.

oyvjel commented 8 years ago

Problem is in centreonAuth.LDAP.class.php, l 253

$this->pearDB->escape($userDisplay, false) returns the name with national characters apparently in ISO-8859 ( after adding to insertLog string, LDAP AUTH : Update user DN for user (�yvind_J|�yvind_J) oyvjel) :

grep LDAP /var/log/centreon/*.log | tail | file - /dev/stdin: ISO-8859 text

I guess the DB is expecting UTF8

oyvjel commented 8 years ago

This seems to fix my problem ( and add to logging):

252c252
<         $this->CentreonLog->insertLog(3, "LDAP AUTH : Update user DN for user (". utf8_encode($userDisplay) ."|".$this->pearDB->escape($userDisplay, false).") " . html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8'));
---
>                 $this->CentreonLog->insertLog(3, "LDAP AUTH : Update user DN for user " . html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8'));
255c255
<                   contact_name = '" . $this->pearDB->escape(utf8_encode($userDisplay), false) . "',
---
>                   contact_name = '" . $this->pearDB->escape($userDisplay, false) . "',
oyvjel commented 8 years ago

Fix revealed a new problem:

Utf8 characters in the DB are translated to HTML entities before or during config generation. The entity-strings (Ø) starting with & screws up the parsing resulting in error.

Still have to edit the user after every login. ( changing AD is not an option)

oyvjel commented 8 years ago

Had to reapply this patch after upgrading to 2.7.2

--- centreonAuth.LDAP.class.php.bak 2016-01-14 15:07:58.777324043 +0100
+++ centreonAuth.LDAP.class.php 2016-03-10 15:56:29.476122075 +0100
@@ -249,10 +249,11 @@
                 /*
                  * Update the user dn and extended informations for user
                  */
-                $this->CentreonLog->insertLog(3, "LDAP AUTH : Update user DN for user " . html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8'));
+         //                $this->CentreonLog->insertLog(3, "LDAP AUTH : Update user DN for user " . html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8'));
+       $this->CentreonLog->insertLog(3, "LDAP AUTH : Update user DN for user (". utf8_encode($userDisplay) ."|".$this->pearDB->escape($userDisplay, false).") " . html_entity_decode($this->contactInfos['contact_alias'], ENT_QUOTES, 'UTF-8'));
                 $queryUpdateExtInfos = "UPDATE contact SET
                    contact_ldap_dn = '" . $this->pearDB->escape($userDn, false) . "',
-                   contact_name = '" . $this->pearDB->escape($userDisplay, false) . "',
+                   contact_name = '" . $this->pearDB->escape(utf8_encode($userDisplay), false) . "',
                    contact_email = " . $userEmail . ",
                    contact_pager = " . $userPager . ",
                                         ar_id = ".$this->arId."
oyvjel commented 8 years ago

Still have to apply above patch. Upgraded to 2.7.5 today, and the upgrade reintroduced the bug. After I upgraded to 2.7.4 I ran the script to fix utf8 in the database once, no change.

It does not matter what I enter as Full Name in Centreon. On next logon AD will conflict and the Full Name is set to NULL. This will result in the following error when I try to generate config for pollers:

[ - ] montest
Reading main configuration file '/usr/share/centreon/filesGeneration/nagiosCFG/7/nagiosCFG.DEBUG'.
Reading resource file '/usr/share/centreon//filesGeneration/nagiosCFG/7/resource.cfg'
Error while processing a config file: Configuration parsing failed in file '/usr/share/centreon//filesGeneration/nagiosCFG/7/contacts.cfg' on line 18: Contact has no name (property 'contact_name')
One or more problems occurred while processing the config files.

With the patch applied, Centreon will copy Full Name from AD on on login and the problem is solved.