[Davical-general] Possible bug when syncing LDAP-groups

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Davical-general] Possible bug when syncing LDAP-groups

Gunnar Gorges
Hi everyone,

with our ongoing LDAP testing we encountered the following error when
syncing groups after removing any one group from the filter (filterGroups):

*snip*

DAViCal: LOG: sync_LDAP: Query: Error: QF in
'/usr/share/davical/inc/drivers_ldap.php' on line 537
DAViCal: LOG: sync_LDAP: Query: QF: SQL error "42703" - ERROR: column
"active" of relation "dav_principal" does not exist LINE 1: UPDATE
dav_principal set active=FALSE WHERE username='mygroup' ... ^"

*snip*

We figured out that "active" needs to be replaced by "user_active"
within "drivers_ldap.php". I guess that's a bug that could be fixed in a
future release?

Additionally we noticed there is no function that would re-enable any
group that was removed this way:
- remove the group X from the "filterGroups" config option
- sync LDAP-groups
- re-insert group X to config
- sync LDAP-groups
-> group X is still deactivated.

Is that behaviour intentional?

Thanks and cheers,
Gunnar

--
Davical V 1.1.1
OS: Debian Squeeze (6)


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Possible bug when syncing LDAP-groups

Andrew McMillan
On Mon, 2012-07-23 at 17:41 +0200, Gunnar Gorges wrote:

> Hi everyone,
>
> with our ongoing LDAP testing we encountered the following error when
> syncing groups after removing any one group from the filter (filterGroups):
>
> *snip*
>
> DAViCal: LOG: sync_LDAP: Query: Error: QF in
> '/usr/share/davical/inc/drivers_ldap.php' on line 537
> DAViCal: LOG: sync_LDAP: Query: QF: SQL error "42703" - ERROR: column
> "active" of relation "dav_principal" does not exist LINE 1: UPDATE
> dav_principal set active=FALSE WHERE username='mygroup' ... ^"
>
> *snip*
>
> We figured out that "active" needs to be replaced by "user_active"
> within "drivers_ldap.php". I guess that's a bug that could be fixed in a
> future release?
Ah, yes.  Thanks.


> Additionally we noticed there is no function that would re-enable any
> group that was removed this way:
> - remove the group X from the "filterGroups" config option
> - sync LDAP-groups
> - re-insert group X to config
> - sync LDAP-groups
> -> group X is still deactivated.
>
> Is that behaviour intentional?

Sounds like a bug to me, but likely beyond my current available
concentration to fix this one without some help from someone who uses
LDAP.

Thanks,
                                        Andrew.

> Thanks and cheers,
> Gunnar
>
> =--
> Davical V 1.1.1
> OS: Debian Squeeze (6)



--
------------------------------------------------------------------------
andrew (AT) morphoss (DOT) com                            +64(272)DEBIAN
       There's so much to say but your eyes keep interrupting me.
------------------------------------------------------------------------


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Possible bug when syncing LDAP-groups

Gunnar Gorges
Since it was posted to the wrong thread I post it again, sorry for that.
Andrew, please let us know if this is of any help. We'd gladly do more
LDAP-testing if needed. Thanks!

Maik Nergert wrote:

Hi Andrew,

I've added some lines of code in drivers_ldap.php to re-active already
existing groups. Inserted directly after 'foreach ( $groups_to_update as
$group )' :

$qry = new AwlQuery( "SELECT username FROM dav_principal WHERE
username='".$group."' AND type_id=3 AND user_active=FALSE");
$qry->Exec('sync_LDAP_groups',__LINE__,__FILE__);

while($qry->Fetch()) {
$qry = new AwlQuery( "UPDATE dav_principal set user_active=TRUE WHERE
username='".$group."' AND type_id=3 AND user_active=FALSE");
$qry->Exec('sync_LDAP_groups',__LINE__,__FILE__);
$c->messages[] = sprintf(i18n('- reactivating group : %s'.$group),join());
}

This is pretty simple, maybe you can add this in the next release.
Suggestions welcome!

Maik

>> with our ongoing LDAP testing we encountered the following error when
>> syncing groups after removing any one group from the filter (filterGroups):
>>
>> *snip*
>>
>> DAViCal: LOG: sync_LDAP: Query: Error: QF in
>> '/usr/share/davical/inc/drivers_ldap.php' on line 537
>> DAViCal: LOG: sync_LDAP: Query: QF: SQL error "42703" - ERROR: column
>> "active" of relation "dav_principal" does not exist LINE 1: UPDATE
>> dav_principal set active=FALSE WHERE username='mygroup' ... ^"
>>
>> *snip*
>>
>> We figured out that "active" needs to be replaced by "user_active"
>> within "drivers_ldap.php". I guess that's a bug that could be fixed in a
>> future release?
>
> Ah, yes.  Thanks.
>
>
>> Additionally we noticed there is no function that would re-enable any
>> group that was removed this way:
>> - remove the group X from the "filterGroups" config option
>> - sync LDAP-groups
>> - re-insert group X to config
>> - sync LDAP-groups
>> -> group X is still deactivated.
>>
>> Is that behaviour intentional?
>
> Sounds like a bug to me, but likely beyond my current available
> concentration to fix this one without some help from someone who uses
> LDAP.
>
> Thanks,
> Andrew.
>
>> Thanks and cheers,
>> Gunnar
>>
>> =--
>> Davical V 1.1.1
>> OS: Debian Squeeze (6)
>
>
>

--
Gunnar Gorges
Central IT Services - ZMAW
Mail: [hidden email]
Tel.: +49 (0)40 41173 287




------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (6K) Download Attachment