search

heiglandreas / authLdap

LDAP-Authentication for WordPress
http://andreas.heigl.org/cat/dev/wp/authldap/
MIT License
69 stars 38 forks source link

2.5.7 breaks login #235

Closed jpl166 closed 1 year ago

jpl166 commented 1 year ago

[Thu Aug 31 13:02:45.175794 2023] [proxy_fcgi:error] [pid 2896998:tid 140326748079872] [remote 74.70.75.187:64921] AH01071: Got error 'PHP message: PHP Warning: Illegal offset type in isset or empty in /home/bth/public_html/wp-includes/class-wp-roles.php on line 276PHP message: PHP Warning: Illegal offset type in /home/bth/public_html/wp-includes/class-wp-user.php on line 549', referer:...

This has completely broken all authLDAP logins for us, as the login "succeeds" but then sets a NULL list of roles.

jpl166 commented 1 year ago

Running WP 6.3.1 on PHP 7.4

heiglandreas commented 1 year ago

Can you provide me the config of your setup? I've tried to reproduce the issue but sadly can't.

Also activating the authLdap debugging and sending over the content of the error-log would be helpful.

Thanks!

jpl166 commented 1 year ago

Our default site config, installed using wp-cli so it's in JSON form and escaped in the necessary ways:

{
    "Enabled":"1",
    "CachePW":false,
    "URI":"ldap:\/\/localhost\/dc=eastkingdom,dc=org",
    "URISeparator":" ",
    "Filter":"",
    "NameAttr":"givenName",
    "SecName":"sn",
    "UidAttr":"",
    "MailAttr":"",
    "WebAttr":"",
    "Groups":{
        "administrator":"wp-support@eastkingdom.org,$WEBMINISTER",
        "editor":"webtranslation@eastkingdom.org",
        "author":"",
        "contributor":"",
        "subscriber":""
    },
    "Debug":"false",
    "GroupAttr":"mail",
    "GroupFilter":"(&(objectClass=groupOfNames)(member=%dn%))",
    "DefaultRole":"",
    "GroupEnable":"1",
    "GroupOverUser":"1",
    "Version":1,
    "StartTLS":false,
    "GroupSeparator":""
}

I've tested with multiple members of the "wp-support@eastkingdom.org" group, which we've been using for literally years without issue. It would let me in (as one member of that group) without any role assigned, which isn't very useful.

heiglandreas commented 1 year ago

Would you mind also activating authLdap-Debugging, log in once and then send me the content of the log? That'd be absolutely awesome!

heiglandreas commented 1 year ago

No need to send me the info. I already got what I needed. The fix is currently going through CI and will be available shortly. Thanks for reporting!