search

roundcube / roundcubemail

The Roundcube Webmail suite
https://roundcube.net
GNU General Public License v3.0
5.89k stars 1.64k forks source link

Plugin new_user_identity not working #9210

Closed MyriamTK closed 1 year ago

MyriamTK commented 1 year ago

Hello,

We're using roundcube version 1.6.4, and we're trying to set up the new_user_identity plugin. But it doesn't seem to work on our configuration. Authentication is via LDAP. We'd like to automatically populate new users with LDAP fields.

The directory is fully functional, and we can see all the user information.

However, when someone logs in for the first time, their settings are not configured in relation to ldap. His e-mail address is: login@domain.

Also, in the logs, when someone logs in for the first time, the ldap request is not correct. According to our configuration, it should be looking for an attribute called "supannAliasLogin" and not "uid". By default, it seems to me that the ldap request looks for the uid attribute (which doesn't exist for us).

Here's our config.inc.php :

$config['ldap_public'] = array (
  'Annuaire_TEST' =>
  array (
    'name' => 'Annuaire',
    'hosts' =>
    array (
      0 => 'ldap.test.fr',
    ),
    'port' => 389,
    'use_tls' => false,
    'ldap_version' => 3,
    'user_specific' => false,
    'base_dn' => 'dc=test,dc=fr',
    'bind_dn' => 'cn=admin,dc=test,dc=fr',
    'bind_pass' => 'password',
    'search_base_dn' => 'ou=people,dc=test,dc=fr',   
'search_filter' => '(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr)',
    'hidden' => false,
    'writable' => false,
    'required_fields' =>
    array (
      0 => 'cn',
      1 => 'sn',
      2 => 'mail',
    ),
    'search_fields' =>
    array (
      0 => 'sn',
      1 => 'mail',
      2 => 'cn',
      3 => 'supannAliasLogin',
    ),
    'email_field' => 'mail',
    'name_field' => 'cn',
    'surname_field' => 'sn',
    'fieldmap' =>
    array (
      'uid' => 'supannAliasLogin',
      'name' => 'cn',
      'surname' => 'sn',
      'firstname' => 'givenName',
      'jobtitle' => 'title',
      'email' => 'mail',
      'phone:work' => 'telephoneNumber',
      'address' => 'postalAddress',
      'department' => 'ou',
      'organization' => 'o',
    ),
    'sort' => 'cn',
    'scope' => 'sub',
    'filter' => '(&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))',
    'fuzzy_search' => true,
    'vlv' => false,
    'sizelimit' => '0',
    'timelimit' => '0',
  ),
);

And for the new_user_identity plugin conf : 

$config['new_user_identity_addressbook'] = 'Annuaire_TEST';
$config['new_user_identity_match'] = 'uid';

The logs : 

[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> C: Connect [ldap://ldap.test.fr:389]
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> S: OK
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> C: Bind [dn: cn=admin,dc=test,dc=fr]
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> S: OK
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> C: Search base dn: [dc=test,dc=fr] scope [sub] with filter [(&(&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))(|(uid=utest)))]
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> Using function ldap_search on scope sub ($ns_function is ldap_search)
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> C: (Without VLV) Setting a filter of (&(&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))(|(uid=utest)))
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> Executing search with return attributes: array (
  0 => 'supannaliaslogin',
  1 => 'cn',
  2 => 'sn',
  3 => 'givenname',
  4 => 'title',
  5 => 'mail',
  6 => 'telephonenumber',
  7 => 'postaladdress',
  8 => 'ou',
  9 => 'o',
  10 => 'objectClass',
)
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> S: 0 record(s) found
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> C: Search base dn: [dc=test,dc=fr] scope [sub] with filter [(&(&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))(|(uid=utest)))]
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> Using function ldap_search on scope sub ($ns_function is ldap_search)
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> C: (Without VLV) Setting a filter of (&(&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))(|(uid=utest)))
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> Executing search with return attributes: array (
  0 => 'dn',
)
[07-Nov-2023 16:53:47 +0100]: <2ksfec5e> S: 0 record(s) found

[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> C: Connect [ldap://ldap.test.fr:389]
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> S: OK
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> C: Bind [dn: cn=admin,dc=test,dc=fr]
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> S: OK
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> C: Search base dn: [dc=test,dc=fr] scope [sub] with filter [(&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))]
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> Using function ldap_search on scope sub ($ns_function is ldap_search)
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> C: (Without VLV) Setting a filter of (&(objectClass=supannPerson)(memberOf=cn=annuaire,ou=services,ou=groups,dc=test,dc=fr))
[07-Nov-2023 16:53:52 +0100]: <jg64c6p1> Executing search with return attributes: array (
  0 => 'supannaliaslogin',
  1 => 'cn',
  2 => 'sn',
  3 => 'givenname',
  4 => 'title',
  5 => 'mail',
  6 => 'telephonenumber',
  7 => 'postaladdress',
  8 => 'ou',
  9 => 'o',
  10 => 'objectClass',
)
[07-Nov-2023 16:54:12 +0100]: <jg64c6p1> S: 5865 record(s) found
[07-Nov-2023 16:54:12 +0100]: <jg64c6p1> C: Close

Thanks for your help!

alecpl commented 1 year ago

The plugin has a configuration file that you missed.

alecpl commented 1 year ago

Actually, this might be a regression since 1.6.2 (d1d29e7c77a39a).

alecpl commented 1 year ago

I hope this patch fixes the issue:

--- a/program/lib/Roundcube/rcube_ldap.php
+++ b/program/lib/Roundcube/rcube_ldap.php
@@ -914,20 +914,18 @@ class rcube_ldap extends rcube_addressbook
             $attributes = [];

             if ($fields == '*') {
-                $attributes = (array) ($this->prop['search_fields'] ?? []);
+                $fields = (array) ($this->prop['search_fields'] ?? []);

                 // If search fields aren't configured use some common fields
-                if (empty($search_fields)) {
+                if (empty($fields)) {
                     $fields = ['name', 'surname', 'firstname', 'email'];
                 }
             }

             // map address book fields into ldap attributes
-            if (empty($attributes)) {
-                foreach ((array) $fields as $field) {
-                    if (!empty($this->coltypes[$field]) && !empty($this->coltypes[$field]['attributes'])) {
-                        $attributes = array_merge($attributes, (array) $this->coltypes[$field]['attributes']);
-                    }
+            foreach ((array) $fields as $field) {
+                if (!empty($this->coltypes[$field]) && !empty($this->coltypes[$field]['attributes'])) {
+                    $attributes = array_merge($attributes, (array) $this->coltypes[$field]['attributes']);
                 }
             }

There's a confusion whether search_fields should be LDAP attributes or fieldmap keys. Now both will work, but it might cause issues, so we might need some other change in the future.

MyriamTK commented 1 year ago

Hello,

This fixes the problem perfectly!

Thanks for your help

alecpl commented 1 year ago

Patch merged.

stalra commented 6 months ago

This fix leads to problems with new_user_identity in our environment.

With fix the filter searches using cn= which won't work, without the fix the filter uses uid= which is correct and succeeds (identical configuration).