search

xperseguers / t3ext-ig_ldap_sso_auth

TYPO3 Extension ig_ldap_sso_auth. This extension provides LDAP and SSO support for TYPO3.
https://extensions.typo3.org/extension/ig_ldap_sso_auth
27 stars 68 forks source link

Searching LDAP tree from root #23

Closed nalmar closed 4 years ago

nalmar commented 6 years ago

Hi, I had a problem which I finally fixed for myself but that I think should be integrated it in the official code.

My frontend users didn't get their group membership assigned. I traced the problem to

line 52 of Classes/Library/LdapGroup.php :

            if (substr($groupDn, -strlen($baseDn)) !== $baseDn) {
                // Group $groupDn does not match the required baseDn for LDAP groups
                continue;
            }

In my organisation, I use an empty baseDn because groups can be in any of the ldap trees. In this scenario, substr($groupDn, -0) which returns the whole $groupDn is always !== $baseDn so groups don't get assigned.

I suggest changing the condition to if (!empty($baseDn) && substr($groupDn, -strlen($baseDn)) !== $baseDn) { which fix my problem.

There's at least another place a similar change has to be done, "import ldap group" in the backend return an empty list with an empty baseDn. There may be others places I'm not aware of.

Thank for all your efforts on ig_ldap_sso_auth

xperseguers commented 6 years ago

Hi,

Please check the PR I just created. I would happily have mentioned your name but you're a bit scarce with personal information :)

nalmar commented 6 years ago

:) I'm not a huge fan of personal info on social media

This will fix my problem but a similar change should probably also be applied to users for consistency and also to the backend panels : search wizard, import ldap groups,...

You certainly know your way around this extension code a lot better than me. I can try helping to locate all the places that should be changed but i'm afraid to miss something.