Item11230: LDAP patches (may be environment specific)

Net::LDAP 0.43 has a bug and I needed this patch to help me track it down:

@@ -335,7 +335,8 @@
     $args{"clientcert"} = $this->{tlsClientCert} if $this->{tlsClientCert};
     $args{"clientkey"} = $this->{tlsClientKey} if $this->{tlsClientKey};
     $args{"sslversion"} = $this->{tlsSSLVersion} if $this->{tlsSSLVersion};
-    $this->{ldap}->start_tls(%args);
+    my $msg = $this->{ldap}->start_tls(%args);
+    writeWarning($msg->{errorMessage}) if exists $msg->{errorMessage};
   }
 
   $passwd = $this->toUtf8($passwd) if $passwd;

The directory I'm connecting to uses "cn" (lowercase) as the groupAttribute, but puts "CN=" (uppercase) as the value in the member field. Also, as in Support.Question343, usernames are in a sub ou of the base dn, so more than just a ',' needs to be chopped:

@@ -2210,9 +2211,9 @@
           if (!$this->{preCache} && $member =~ /$this->{groupBase}/i) {
             my $innerGroupName = $member;
             $innerGroupName =~ s/$this->{groupBase}//o;
-            $innerGroupName =~ s/$this->{groupAttribute}=//o;
+            $innerGroupName =~ s/$this->{groupAttribute}=//oi;
             $innerGroupName =~ s/^,+//o;
-            $innerGroupName =~ s/,+$//o;
+            $innerGroupName =~ s/,.*$//o;
 
             # Smell: this may not be reliable and may work only with membersind
irection. TO CHECK
             if ($innerGroupName ne "" && $this->isGroup($innerGroupName, $data)
) {

-- JayenAshar - 02 Nov 2011

Thanks. Will add it to the next release.

-- MichaelDaum - 02 Nov 2011

That last bit of that last patch should maybe be:

$innerGroupName =~ ($this->{UserScope} eq 'sub' or $this->{GroupAttribute} eq 'sub') ? s/,.*$//o : s/,+$//o;

-- JayenAshar - 02 Nov 2011

Please add this to the next release. Thanks.

-- JayenAshar - 22 Dec 2011

Commenting is disabled while not logged in