Menu
▾
▴
[Openinteract-dev] SPOPS::LDAP does not filter for objectclass=CONFIG->ldap_fetch_ob ject_class in fetch() calls
|
From: Kutter M. <mar...@er...> - 2004-08-09 12:26:47
|
Hi * ! There's a little flaw in SPOPS::LDAP. On calling $class->fetch($id) a LDAP the following LDAP filter is generated: ($class->id_field=$id) This allows multiple objects to be returned from the LDAP search in case there are two ore more objects with different object classes but same values in the id_field attribute of the object being fetched. As fetch() needs a single object returned from a search, this behaviour can cause fetch() calls to fail. More than one object in the same LDAP subtree with same values for same attributes are a very common case: Just imagine the user (posixAccount) root and the group (posixGroup) root. posixAccount normally uses the uid attribute as RDN, but requires cn to be set. posixGroup normally uses the cn attribute as RDN - and you can't fetch any of them any more. The attached patch fixes the issue by filtering for (& (objectclass=$class->ldap_fetch_object_class) ($class->id_field=$id) ) Regards, Martin Kutter |
