LDAP user sync incorrectly proceeds when LDAP list or search fails

Bug #1607669 reported by Ghada El-Zoghbi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
Medium
Ghada El-Zoghbi
15.04
Fix Released
Medium
Unassigned
15.10
Fix Released
Medium
Unassigned
16.04
Fix Released
Medium
Unassigned
16.10
Fix Released
Medium
Ghada El-Zoghbi

Bug Description

Mahara: 16.04
DB: Postgres
OS: Linux

The LDAP user sync is incorrectly continuing when the search in the context fails to contact the server.

The following error is generated in the cron.log file:

Jul 29 00:01:05 server mahara-site: [WAR] 29 (auth/ldap/lib.php:937) ldap_list(): Search: Can't contact LDAP server
Jul 29 00:01:05 server mahara-site: Call stack (most recent first):
Jul 29 00:01:05 server mahara-site: * log_message("ldap_list(): Search: Can't contact LDAP server", 8, true, true, "/var/www/mahara-site/auth/ldap/lib.php", 937)
 at /var/www/mahara-site/lib/errors.php:489
Jul 29 00:01:05 server mahara-site: * error(2, "ldap_list(): Search: Can't contact LDAP server", "/var/www/mahara-site/auth/ldap/lib.php", 937, array(size 11)) a
t Unknown:0
Jul 29 00:01:05 server mahara-site: * ldap_list(resource(#87), "ou=people,o=ldapserver.xxx", "(uid=*)", array(size 5)) at /var/www/mahara-site/auth/ldap/lib.php:937
Jul 29 00:01:05 server mahara-site: * AuthLdap->ldap_get_users_scalable("auth_ldap_extusers_temp", "extusername", "") at /var/www/mahara-site/auth/ldap/lib.php:1
121
Jul 29 00:01:05 server mahara-site: * AuthLdap->sync_users() at /var/www/mahara-site/auth/ldap/lib.php:1614
Jul 29 00:01:05 server mahara-site: * PluginAuthLdap::auth_ldap_sync_cron() at Unknown:0
Jul 29 00:01:05 server mahara-site: * call_user_func_array(array(size 2), array(size 0)) at /var/www/mahara-site/lib/mahara.php:1714
Jul 29 00:01:05 server mahara-site: * call_static_method("PluginAuthLdap", "auth_ldap_sync_cron") at /var/www/mahara-site/lib/cron.php:89

It then proceeds to sync the users:

Jul 29 00:01:05 server mahara-site: [WAR] 29 (auth/ldap/lib.php:940) ldap_first_entry() expects parameter 2 to be resource, boolean given
Jul 29 00:01:05 server mahara-site: Call stack (most recent first):
Jul 29 00:01:05 server mahara-site: * log_message("ldap_first_entry() expects parameter 2 to be resou...", 8, true, true, "/var/www/mahara-site/auth/ldap/lib.php
", 940) at /var/www/mahara-site/lib/errors.php:489
Jul 29 00:01:05 server mahara-site: * error(2, "ldap_first_entry() expects parameter 2 to be resou...", "/var/www/mahara-site/auth/ldap/lib.php", 940, array(size
 12)) at Unknown:0
Jul 29 00:01:05 server mahara-site: * ldap_first_entry(resource(#87), false) at /var/www/mahara-site/auth/ldap/lib.php:940
Jul 29 00:01:05 server mahara-site: * AuthLdap->ldap_get_users_scalable("auth_ldap_extusers_temp", "extusername", "") at /var/www/mahara-site/auth/ldap/lib.php:1121
Jul 29 00:01:05 server mahara-site: * AuthLdap->sync_users() at /var/www/mahara-site/auth/ldap/lib.php:1614
Jul 29 00:01:05 server mahara-site: * PluginAuthLdap::auth_ldap_sync_cron() at Unknown:0
Jul 29 00:01:05 server mahara-site: * call_user_func_array(array(size 2), array(size 0)) at /var/www/mahara-site/lib/mahara.php:1714
Jul 29 00:01:05 server mahara-site: * call_static_method("PluginAuthLdap", "auth_ldap_sync_cron") at /var/www/mahara-site/lib/cron.php:89
Jul 29 00:01:05 server mahara-site:
Jul 29 00:01:05 server mahara-site: [WAR] 29 (auth/ldap/lib.php:971) ldap_free_result() expects parameter 1 to be resource, boolean given
Jul 29 00:01:05 server mahara-site: Call stack (most recent first):
Jul 29 00:01:05 server mahara-site: * log_message("ldap_free_result() expects parameter 1 to be resou...", 8, true, true, "/var/www/mahara-site/auth/ldap/lib.php", 971) at /var/www/mahara-site/lib/errors.php:489
Jul 29 00:01:05 server mahara-site: * error(2, "ldap_free_result() expects parameter 1 to be resou...", "/var/www/mahara-site/auth/ldap/lib.php", 971, array(size 13)) at Unknown:0
Jul 29 00:01:05 server mahara-site: * ldap_free_result(false) at /var/www/mahara-site/auth/ldap/lib.php:971
Jul 29 00:01:05 server mahara-site: * AuthLdap->ldap_get_users_scalable("auth_ldap_extusers_temp", "extusername", "") at /var/www/mahara-site/auth/ldap/lib.php:1121
Jul 29 00:01:05 server mahara-site: * AuthLdap->sync_users() at /var/www/mahara-site/auth/ldap/lib.php:1614
Jul 29 00:01:05 server mahara-site: * PluginAuthLdap::auth_ldap_sync_cron() at Unknown:0
Jul 29 00:01:05 server mahara-site: * call_user_func_array(array(size 2), array(size 0)) at /var/www/mahara-site/lib/mahara.php:1714
Jul 29 00:01:05 server mahara-site: * call_static_method("PluginAuthLdap", "auth_ldap_sync_cron") at /var/www/mahara-site/lib/cron.php:89
Jul 29 00:01:05 server mahara-site:
Jul 29 00:01:05 server mahara-site: [INF] 29 (auth/ldap/lib.php:1122) LDAP users found : 0
Jul 29 00:01:05 server mahara-site: [INF] 29 (auth/ldap/lib.php:1169) 0 users known to Mahara
Jul 29 00:01:05 server mahara-site: [INF] 29 (auth/ldap/lib.php:1232) 45161 users no longer in LDAP

Because we've set the sync to suspend users, all LDAP users are then suspended.

Changed in mahara:
assignee: nobody → Ghada El-Zoghbi (ghada-z)
Changed in mahara:
importance: Undecided → Medium
status: New → Confirmed
milestone: none → 16.10.0
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6758

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/6758
Committed: https://git.mahara.org/mahara/mahara/commit/1daee33a1ef67a0e0fc0599c67de08896408519e
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit 1daee33a1ef67a0e0fc0599c67de08896408519e
Author: Ghada El-Zoghbi <email address hidden>
Date: Fri Jul 29 18:40:35 2016 +1000

bug#1607669: Validate the results of ldap_search() and ldap_list() when syncing users.

When retrieving data from the LDAP server, check the results retrieved from
ldap_search() and ldap_list(). If there is an error, do not continue.

Otherwise, the sync_users() will assume that zero users were retrieved
from LDAP. It will then deleted or suspended users when
'If a user is no longer present in LDAP' is set to either suspend
users or delete them.

behatnotneeded

Change-Id: Ib57901c61f769d96720cf932d2e0d7f643853a56

Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/6762

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "15.10_STABLE" branch: https://reviews.mahara.org/6763

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/6764

Revision history for this message
Mahara Bot (dev-mahara) wrote : A change has been merged

Reviewed: https://reviews.mahara.org/6762
Committed: https://git.mahara.org/mahara/mahara/commit/b4298f9b4fc6edcb90c9914c6ad4af370b56a1a7
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit b4298f9b4fc6edcb90c9914c6ad4af370b56a1a7
Author: Ghada El-Zoghbi <email address hidden>
Date: Fri Jul 29 18:40:35 2016 +1000

bug#1607669: Validate the results of ldap_search() and ldap_list() when syncing users.

When retrieving data from the LDAP server, check the results retrieved from
ldap_search() and ldap_list(). If there is an error, do not continue.

Otherwise, the sync_users() will assume that zero users were retrieved
from LDAP. It will then deleted or suspended users when
'If a user is no longer present in LDAP' is set to either suspend
users or delete them.

behatnotneeded

Change-Id: Ib57901c61f769d96720cf932d2e0d7f643853a56
(cherry picked from commit 1daee33a1ef67a0e0fc0599c67de08896408519e)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/6763
Committed: https://git.mahara.org/mahara/mahara/commit/533d0f93cb126f3a496dd0df30fc640a71a3fdc2
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.10_STABLE

commit 533d0f93cb126f3a496dd0df30fc640a71a3fdc2
Author: Ghada El-Zoghbi <email address hidden>
Date: Fri Jul 29 18:40:35 2016 +1000

bug#1607669: Validate the results of ldap_search() and ldap_list() when syncing users.

When retrieving data from the LDAP server, check the results retrieved from
ldap_search() and ldap_list(). If there is an error, do not continue.

Otherwise, the sync_users() will assume that zero users were retrieved
from LDAP. It will then deleted or suspended users when
'If a user is no longer present in LDAP' is set to either suspend
users or delete them.

behatnotneeded

Change-Id: Ib57901c61f769d96720cf932d2e0d7f643853a56
(cherry picked from commit 1daee33a1ef67a0e0fc0599c67de08896408519e)

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/6764
Committed: https://git.mahara.org/mahara/mahara/commit/fb75f13988a5ac28b3373c8f3eed76d041c8a597
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit fb75f13988a5ac28b3373c8f3eed76d041c8a597
Author: Ghada El-Zoghbi <email address hidden>
Date: Fri Jul 29 18:40:35 2016 +1000

bug#1607669: Validate the results of ldap_search() and ldap_list() when syncing users.

When retrieving data from the LDAP server, check the results retrieved from
ldap_search() and ldap_list(). If there is an error, do not continue.

Otherwise, the sync_users() will assume that zero users were retrieved
from LDAP. It will then deleted or suspended users when
'If a user is no longer present in LDAP' is set to either suspend
users or delete them.

behatnotneeded

Change-Id: Ib57901c61f769d96720cf932d2e0d7f643853a56
(cherry picked from commit 1daee33a1ef67a0e0fc0599c67de08896408519e)

Robert Lyon (robertl-9)
Changed in mahara:
milestone: 16.10.0 → none
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.