search

operasoftware / dns-ui

Opera's LDAP-authenticated PowerDNS user interface
Apache License 2.0
283 stars 57 forks source link

Problem with LDAP user lookup after upgrade #215

Open slekkus75 opened 3 weeks ago

slekkus75 commented 3 weeks ago

Good day, after upgrading to Debian12 we experience issues with LDAP lookup for new users. Running 0.2.7 or 0.2.8 (php8.1 and php8.2) issue remains. Existing LDAP users are OK - new LDAP users get an "Oops!" logging in and are not added to the user list in dns-ui.

Below is a sanitized part from apache error log:

Stack trace:, referer: http://dns-ui/zones
  #0 /opt/dns-ui/model/user.php(172): exception_error_handler(), referer: http://dns-ui/zones

  #1 /opt/dns-ui/model/user.php(110): User->get_details_from_ldap(), referer: http://dns-ui/zones

  #2 /opt/dns-ui/model/userdirectory.php(106): User->get_details(), referer: http://dns-ui/zones

  #3 /opt/dns-ui/requesthandler.php(24): UserDirectory->get_user_by_uid(), referer: http://dns-ui/zones

  #4 /opt/dns-ui/public_html/init.php(18): require('...'), referer: http://dns-ui/zones

  #5 {main}, referer: http://dns-ui/zones
thomas-pike commented 3 weeks ago

Hi. You've included the stack trace, but not the actual error itself (which is the most important piece of information here).

slekkus75 commented 3 weeks ago

Eddited views/error500.php as found here, see the error below. dnsguierror

I have worked around this issue, commenting out model/user.php 171 to 176 and setting admin = 1 at line 170 This way the LDAP user is added.

thomas-pike commented 3 weeks ago

Ok, so the error itself is Array to string conversion in model/user.php on line 173. That doesn't make a whole lot of sense for that particular line of code though. Perhaps you have an older or modified version? What is actually on line 173 for you?

slekkus75 commented 3 weeks ago 
170                         $this->admin = 0;
171                         $group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
172                         $ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
173                         foreach($ldapgroups as $ldapgroup) {
174                                 if($ldapgroup['cn'] == $config['ldap']['admin_group_cn']) $this->admin = 1;

Printing variable $group_member it consists of a single string with DNs, no spaces.

A workaround for adding the user is by setting admin to 1 and commenting out this part:

167                         } else {
168                                 $this->active = 1;
169                         }
170                         $this->admin = 1; # Changed ffrom 0 to 1 (TEST) and comment below
171                         /**
172                         $group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
173                        file_put_contents('/tmp/ldapdebuggroupmember.txt', $group_member);
174                         $ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
175                         foreach($ldapgroups as $ldapgroup) {
176                                 if($ldapgroup['cn'] == $config['ldap']['admin_group_cn']) $this->admin = 1;
177                         }
178                         **/
179
180                 } else {
181                         throw new UserNotFoundException('User does not exist in LDAP.');
182                 }
183         }