Skip Menu |

This queue is for tickets about the Catalyst-Authentication-Store-LDAP CPAN distribution.

Report information
The Basics
Id: 33200
Status: resolved
Priority: 0/
Queue: Catalyst-Authentication-Store-LDAP
People
Owner: karman [...] cpan.org
Requestors: andreas.marienborg [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.1000
Fixed in: (no value)

History Show all quoted text
  Wed Feb 13 02:00:00 2008 andreas.marienborg [...] gmail.com - Ticket created
Subject: lookup_user chokes on array in user_field
user_field can, according to the documentation, be an array of fields that can be the userid. This chokes in lookup_user with: "LDAP claims 'ARRAY0xBEEFCAKE' equals 'some_user_id' but results entry does not match." the attached patch includes a test-case for this, and a patch to lookup_user to check each of the userfields if user_fields is an array. If you need it some other way, or better tests or whatever, let me know.
Subject: catalyst-authentication-store-ldap-array-user-field.01.diff
diff -urN Catalyst-Authentication-Store-LDAP-0.1000.orig/lib/Catalyst/Authentication/Store/LDAP/Backend.pm Catalyst-Authentication-Store-LDAP-0.1000/lib/Catalyst/Authentication/Store/LDAP/Backend.pm --- Catalyst-Authentication-Store-LDAP-0.1000.orig/lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2008-02-13 07:52:05.000000000 +0100 +++ Catalyst-Authentication-Store-LDAP-0.1000/lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2008-02-13 07:55:42.000000000 +0100 @@ -315,10 +315,25 @@ # a little extra sanity check with the 'eq' since LDAP already # says it matches. if ( defined($entry) ) { - unless ( $entry->get_value($user_field) eq $id ) { - Catalyst::Exception->throw( - "LDAP claims '$user_field' equals '$id' but results entry does not match." - ); + if (ref($user_field) eq 'ARRAY') { + # userfield can be an array, lets check each one + my $match = 0; + foreach my $f (@$user_field) { + if ($entry->get_value($f) eq $id) { + $match = 1; + } + } + unless ($match) { + Catalyst::Exception->throw( + "LDAP claims '$user_field' equals '$id' but results entry does not match." + ); + } + } else { + unless ( $entry->get_value($user_field) eq $id ) { + Catalyst::Exception->throw( + "LDAP claims '$user_field' equals '$id' but results entry does not match." + ); + } } $userentry = $entry; } diff -urN Catalyst-Authentication-Store-LDAP-0.1000.orig/t/04-array_user_field.t Catalyst-Authentication-Store-LDAP-0.1000/t/04-array_user_field.t --- Catalyst-Authentication-Store-LDAP-0.1000.orig/t/04-array_user_field.t 1970-01-01 01:00:00.000000000 +0100 +++ Catalyst-Authentication-Store-LDAP-0.1000/t/04-array_user_field.t 2008-02-13 07:54:19.000000000 +0100 @@ -0,0 +1,37 @@ +#!/usr/bin/perl + +use strict; +use warnings; +use Catalyst::Exception; + +use Test::More tests => 5; +use lib 't/lib'; +use LDAPTest; +my $server = LDAPTest::spawn_server(); + +use_ok("Catalyst::Authentication::Store::LDAP::Backend"); + +my $back = Catalyst::Authentication::Store::LDAP::Backend->new( + { 'ldap_server' => LDAPTest::server_host(), + + # can test the timeout SKIP with this + 'ldap_server_options' => + { timeout => -1, debug => $ENV{PERL_DEBUG} || 0 }, + + 'binddn' => 'anonymous', + 'bindpw' => 'dontcarehow', + 'start_tls' => 0, + 'user_basedn' => 'ou=foobar', + 'user_filter' => '(&(objectClass=person)(uid=%s))', + 'user_scope' => 'one', + 'user_field' => [qw(uid displayName)], + 'use_roles' => 0, + } +); + +isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" ); +ok( my $user = $back->find_user( { username => 'somebody' } ), "find_user" ); +isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" ); +my $displayname = $user->displayname; +cmp_ok( $displayname, 'eq', 'Some Body', 'Should be Some Body' ); +
  Wed Feb 13 22:46:40 2008 peter [...] peknet.com - Correspondence added
Subject: Re: [rt.cpan.org #33200] lookup_user chokes on array in user_field
Date: Wed, 13 Feb 2008 21:45:38 -0600
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Peter Karman <peter [...] peknet.com>
Andreas Marienborg via RT wrote on 2/13/08 1:00 AM: Show quoted text
> Wed Feb 13 02:00:00 2008: Request 33200 was acted upon. > Transaction: Ticket created by ANDREMAR > Queue: Catalyst-Authentication-Store-LDAP > Subject: lookup_user chokes on array in user_field > Broken in: 0.1000 > Severity: (no value) > Owner: Nobody > Requestors: omega@palle.net > Status: new > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > > > > user_field can, according to the documentation, be an array of fields > that can be the userid. This chokes in lookup_user with: > > "LDAP claims 'ARRAY0xBEEFCAKE' equals 'some_user_id' but results entry > does not match." > > the attached patch includes a test-case for this, and a patch to > lookup_user to check each of the userfields if user_fields is an array. > > If you need it some other way, or better tests or whatever, let me know.
Thanks for the patch and test. I believe what is wrong is actually the documentation. The code was intentionally changed in the 0.1000 release, and this feature added in its place: http://search.cpan.org/~karman/Catalyst-Authentication-Store-LDAP-0.1000/lib/Catalyst/Authentication/Store/LDAP.pm#user_results_filter The email thread that led to the change is here: http://lists.scsys.co.uk/pipermail/catalyst-dev/2008-January/001017.html Please let me know if the new API just doesn't make sense to you. I will fix the documentation and note in the Changes file. -- Peter Karman . http://peknet.com/ . peter@peknet.com
  Wed Feb 13 22:46:42 2008 The RT System itself - Status changed from 'new' to 'open'
  Thu Feb 14 02:52:46 2008 andreas.marienborg [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #33200] lookup_user chokes on array in user_field
Date: Thu, 14 Feb 2008 08:51:50 +0100
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Andreas Marienborg <omega [...] palle.net>
On Feb 14, 2008, at 4:46 AM, peter@peknet.com via RT wrote: Show quoted text
> > <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > > > > > Andreas Marienborg via RT wrote on 2/13/08 1:00 AM:
>> Wed Feb 13 02:00:00 2008: Request 33200 was acted upon. >> Transaction: Ticket created by ANDREMAR >> Queue: Catalyst-Authentication-Store-LDAP >> Subject: lookup_user chokes on array in user_field >> Broken in: 0.1000 >> Severity: (no value) >> Owner: Nobody >> Requestors: omega@palle.net >> Status: new >> Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > >> >> >> user_field can, according to the documentation, be an array of fields >> that can be the userid. This chokes in lookup_user with: >> >> "LDAP claims 'ARRAY0xBEEFCAKE' equals 'some_user_id' but results >> entry >> does not match." >> >> the attached patch includes a test-case for this, and a patch to >> lookup_user to check each of the userfields if user_fields is an >> array. >> >> If you need it some other way, or better tests or whatever, let me >> know.
> > Thanks for the patch and test. > > I believe what is wrong is actually the documentation. The code was > intentionally changed in the 0.1000 release, and this feature added > in its place: > > http://search.cpan.org/~karman/Catalyst-Authentication-Store-LDAP-0.1000/lib/Catalyst/Authentication/Store/LDAP.pm#user_results_filter > > The email thread that led to the change is here: > > http://lists.scsys.co.uk/pipermail/catalyst-dev/2008-January/001017.html > > Please let me know if the new API just doesn't make sense to you. I > will fix the > documentation and note in the Changes file.
Aha, perhaps. I think we have both mail and nsUniqueId in user_field for the same reason. I'll try it with only nsUniqueId and see if that solves my issues
  Thu Feb 14 03:06:45 2008 andreas.marienborg [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #33200] lookup_user chokes on array in user_field
Date: Thu, 14 Feb 2008 09:05:56 +0100
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Andreas Marienborg <omega [...] palle.net>
On Feb 14, 2008, at 4:46 AM, peter@peknet.com via RT wrote: Show quoted text
> > <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > > > > > Andreas Marienborg via RT wrote on 2/13/08 1:00 AM:
>> Wed Feb 13 02:00:00 2008: Request 33200 was acted upon. >> Transaction: Ticket created by ANDREMAR >> Queue: Catalyst-Authentication-Store-LDAP >> Subject: lookup_user chokes on array in user_field >> Broken in: 0.1000 >> Severity: (no value) >> Owner: Nobody >> Requestors: omega@palle.net >> Status: new >> Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > >> >> >> user_field can, according to the documentation, be an array of fields >> that can be the userid. This chokes in lookup_user with: >> >> "LDAP claims 'ARRAY0xBEEFCAKE' equals 'some_user_id' but results >> entry >> does not match." >> >> the attached patch includes a test-case for this, and a patch to >> lookup_user to check each of the userfields if user_fields is an >> array. >> >> If you need it some other way, or better tests or whatever, let me >> know.
> > Thanks for the patch and test. > > I believe what is wrong is actually the documentation. The code was > intentionally changed in the 0.1000 release, and this feature added > in its place: > > http://search.cpan.org/~karman/Catalyst-Authentication-Store-LDAP-0.1000/lib/Catalyst/Authentication/Store/LDAP.pm#user_results_filter > > The email thread that led to the change is here: > > http://lists.scsys.co.uk/pipermail/catalyst-dev/2008-January/001017.html > > Please let me know if the new API just doesn't make sense to you. I > will fix the > documentation and note in the Changes file. > > -- > Peter Karman . http://peknet.com/ . peter@peknet.com >
the use case of the OP in that thread has basicly the same scenario as me. We filter om mail=%s, and would like the user_field to be nsUniqueId, but if I try to do that, it says "nsUniqueId" does not match mail, which of course is true. What is that bit of code there to fix? Is it just to sanity check the returned LDAP-entries? - andreas
  Thu Feb 14 21:04:09 2008 peter [...] peknet.com - Correspondence added
Subject: Re: [rt.cpan.org #33200] lookup_user chokes on array in user_field
Date: Thu, 14 Feb 2008 20:03:45 -0600
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Peter Karman <peter [...] peknet.com>
Andreas Marienborg via RT wrote on 2/14/08 2:06 AM: Show quoted text
> the use case of the OP in that thread has basicly the same scenario as > me. We filter om mail=%s, and would like the user_field to be > nsUniqueId, but if I try to do that, it says "nsUniqueId" does not > match mail, which of course is true. > > What is that bit of code there to fix? Is it just to sanity check the > returned LDAP-entries?
yes, just a sanity check. The assumption is that there is only going to be one exact match in the common case, when you are matching uid or username. But the less-common case (like yours) where you are matching on one field but returning value from another (that's how I'm reading your example anyway -- correct me if I'm wrong) might require post-ldap filtering. Hence the filter config feature. If I'm reading your need correctly, perhaps you could work up a patch that implements that feature more directly than the original loop does: match on mail but return a different field as the user_field. Maybe a config option? Or perhaps the original loop is/was the most effective implementation. Convince me. I'm just the maintainer at this point. :) -- Peter Karman . http://peknet.com/ . peter@peknet.com
  Wed Apr 09 22:46:42 2008 peter [...] peknet.com - Correspondence added
Subject: Re: [rt.cpan.org #33200] lookup_user chokes on array in user_field
Date: Wed, 09 Apr 2008 21:46:24 -0500
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Peter Karman <peter [...] peknet.com>
Andreas Marienborg via RT wrote on 2/14/08 1:52 AM: Show quoted text
> Queue: Catalyst-Authentication-Store-LDAP > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > > > > On Feb 14, 2008, at 4:46 AM, peter@peknet.com via RT wrote: >
>> <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > >>
I just released 0.1001 which may or may not have contained the POD fix. I didn't remember till after uploading to pause that it wasn't noted in the Changes file, and I'm not sure whether I actually made the change or not. svn log doesn't indicate I did. Did you ever resolve your problem? Was the 'user_results_filter' feature helpful? I'd like to close this ticket if the issue is no longer an issue. -- Peter Karman . http://peknet.com/ . peter@peknet.com
  Thu Apr 10 00:24:34 2008 Andreas Marienborg - Correspondence added
Subject: Re: [rt.cpan.org #33200] lookup_user chokes on array in user_field
Date: Thu, 10 Apr 2008 06:23:38 +0200
To: bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org
From: Andreas Marienborg <andreas.marienborg [...] gmail.com>
On Apr 10, 2008, at 4:46 AM, peter@peknet.com via RT wrote: Show quoted text
> > <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > > > > > Andreas Marienborg via RT wrote on 2/14/08 1:52 AM:
>> Queue: Catalyst-Authentication-Store-LDAP >> Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > >> >> >> On Feb 14, 2008, at 4:46 AM, peter@peknet.com via RT wrote: >>
>>> <URL: http://rt.cpan.org/Ticket/Display.html?id=33200 > >>>
> > I just released 0.1001 which may or may not have contained the POD > fix. I didn't > remember till after uploading to pause that it wasn't noted in the > Changes file, > and I'm not sure whether I actually made the change or not. svn log > doesn't > indicate I did. > > Did you ever resolve your problem? Was the 'user_results_filter' > feature > helpful? I'd like to close this ticket if the issue is no longer an > issue.
Yeah, sorry for not replying I fixed it by ditching one of the fields I think. I didn't use the filter, so it basically turned out to be a pure configuration error that was no longer allowed :) Thanks for the help!
  Thu Apr 10 11:53:40 2008 karman [...] cpan.org - Status changed from 'open' to 'resolved'
  Thu Apr 10 11:53:45 2008 karman [...] cpan.org - Given to KARMAN