search

simplesamlphp / simplesamlphp-module-ldap

Module that provides authentication against LDAP stores
GNU Lesser General Public License v2.1
4 stars 11 forks source link

Unexpectedly returns no value when attributes is set to NULL #44

Closed seieric closed 1 year ago

seieric commented 1 year ago

When "attributes" of ldap configuration is set to NULL, this module is supposed to provide all the ldap attributes to SP. However, it returns NO ldap attributes under the circumstance right now.

Why?

I found evaluation of "attributes" configuration in src/Auth/Source/Ldap.php. Here is what the process is doing when "attributes" is set to NULL

  1. Try to get "attributes" configuration by using getOptionalValue
  2. getOptionalValue func returns the default value supplied which is $this->ldapConfig->hasValue('attributes') ? null: [] because "attributes" is NULL.
  3. $this->ldapConfig->hasValue func returns false cause its implementation is return array_key_exists($name, $this->configuration) && !is_null($this->configuration[$name]);. (refer to simplesamlphp/simplesamlphp:src/SimpleSAML/Configuration.php)
  4. Therefore $attributes is set to empty array.
  5. $attributes === null ends up to false even though original configuration value is NULL. And no ldap attributes are returned.

Solution

Here is a brief solution:

    private function processAttributes(Entry $entry): array
    {
        $attributes = $this->ldapConfig->getOptionalValue(
            'attributes',
            // If specifically set to NULL return all attributes, if not set at all return nothing (safe default)
            // $this->ldapConfig->hasValue('attributes') ? null: [],
           in_array('attributes', $this->ldapConfig->getOptions()) ? null: [],
        );
[...]

My environment

tvdijen commented 1 year ago

This has already been fixed in #40 and released in v2.1.4