Kutter Martin
2004-08-12 04:35:11 UTC
Hi * !
...oops, I did a typo in the patch - it won't work as expected.
Here's the correct version.
Regards,
Martin Kutter
-----Original Message-----
From: openinteract-dev-***@lists.sourceforge.net
[mailto:openinteract-dev-***@lists.sourceforge.net]On Behalf Of Kutter
Martin
Sent: Montag, 9. August 2004 14:26
To: 'openinteract-***@lists.sourceforge.net'
Subject: [Openinteract-dev] SPOPS::LDAP does not filter for
objectclass=CONFIG->ldap_fetch_ob ject_class in fetch() calls
Hi * !
There's a little flaw in SPOPS::LDAP.
On calling $class->fetch($id) a LDAP the following LDAP filter is generated:
($class->id_field=$id)
This allows multiple objects to be returned from the LDAP search in case
there are
two ore more objects with different object classes but same values in the
id_field
attribute of the object being fetched.
As fetch() needs a single object returned from a search, this behaviour can
cause
fetch() calls to fail.
More than one object in the same LDAP subtree with same values for same
attributes
are a very common case: Just imagine the user (posixAccount) root and the
group
(posixGroup) root.
posixAccount normally uses the uid attribute as RDN, but requires cn to be
set.
posixGroup normally uses the cn attribute as RDN - and you can't fetch any
of them
any more.
The attached patch fixes the issue by filtering for
(& (objectclass=$class->ldap_fetch_object_class) ($class->id_field=$id) )
Regards,
Martin Kutter
...oops, I did a typo in the patch - it won't work as expected.
Here's the correct version.
Regards,
Martin Kutter
-----Original Message-----
From: openinteract-dev-***@lists.sourceforge.net
[mailto:openinteract-dev-***@lists.sourceforge.net]On Behalf Of Kutter
Martin
Sent: Montag, 9. August 2004 14:26
To: 'openinteract-***@lists.sourceforge.net'
Subject: [Openinteract-dev] SPOPS::LDAP does not filter for
objectclass=CONFIG->ldap_fetch_ob ject_class in fetch() calls
Hi * !
There's a little flaw in SPOPS::LDAP.
On calling $class->fetch($id) a LDAP the following LDAP filter is generated:
($class->id_field=$id)
This allows multiple objects to be returned from the LDAP search in case
there are
two ore more objects with different object classes but same values in the
id_field
attribute of the object being fetched.
As fetch() needs a single object returned from a search, this behaviour can
cause
fetch() calls to fail.
More than one object in the same LDAP subtree with same values for same
attributes
are a very common case: Just imagine the user (posixAccount) root and the
group
(posixGroup) root.
posixAccount normally uses the uid attribute as RDN, but requires cn to be
set.
posixGroup normally uses the cn attribute as RDN - and you can't fetch any
of them
any more.
The attached patch fixes the issue by filtering for
(& (objectclass=$class->ldap_fetch_object_class) ($class->id_field=$id) )
Regards,
Martin Kutter