search

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
https://packetfence.org
GNU General Public License v2.0
1.39k stars 291 forks source link

Change useOpenLdap.js to case-insensitive attribute name indices #8366

Closed E-ThanG closed 2 weeks ago

E-ThanG commented 4 weeks ago

Changed useOpenLdap.js to case-insensitive attribute name indices, set base_dn for getSubSchemaDN to null, and added explicit limits to sendLdapSearchRequest function calls.

Description

Fixes issue with case mismatch of subSchemaSubEntry, subSchema, and attributeTypes names on various LDAP servers. This resulted in AD LDAP and RedHat Directory389 LDAP (And probably others) not able to use LDAP Authentication Source conditions.

Impacts

AD LDAP and RedHat Directory389 schema download

Delete branch after merge

YES

Checklist

Bug Fixes

Partially fixes #8088 "LDAP Conditions not working for LDAP authentication Source" There's another unresolved bug that remains for that issue though. see: https://github.com/inverse-inc/packetfence/issues/8088#issuecomment-2434450924

CLAassistant commented 4 weeks ago

CLA assistant check
All committers have signed the CLA.

satkunas commented 2 weeks ago

@E-ThanG thank you for your contribution

I will need to apply these changes to type=AD as well.

E-ThanG commented 2 weeks ago

@E-ThanG thank you for your contribution

I will need to apply these changes to type=AD as well.

I considered that, but in my testing AD wasn't case sensitive. In fact, the returned attribute case seemed to change depending on the case of my query. It certainly wouldn't hurt to also have it there though.