Update user info on login can prevent re-login

I haven't been able to replicate this against OpenLDAP (v3), so it may be limited to ActiveDirectory.

Bob, the similar-sounding bug might have been https://bugs.launchpad.net/mahara/+bug/649409, which as I remember it, stopped 'update user info on login' from working at all.

If this is an Active Directory thing, we can't easily test it, and we don't have a patch from someone who can, so perhaps in the meantime we could just disable the 'update user info on login' checkbox whenever the User type is set to Active Directory.

Disabling the checkbox seems to be a good interim solution although I can't
be certain that all AD sites operate the same as ours - for example it might
be a particular attribute entry (or missing entry) that causes the problem,
or, it might be related to W2K3 and not W2K8. Personally I would just add a
note in "Release notes" to let users know that there is a potential problem
with AD if they try to enable that checkbox?
Thanks
Bob

On 10 May 2011 13:39, Richard Mansfield <email address hidden> wrote:

> Bob, the similar-sounding bug might have been
> https://bugs.launchpad.net/mahara/+bug/649409, which as I remember it,
> stopped 'update user info on login' from working at all.
>
> If this is an Active Directory thing, we can't easily test it, and we
> don't have a patch from someone who can, so perhaps in the meantime we
> could just disable the 'update user info on login' checkbox whenever the
> User type is set to Active Directory.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/656679
>
> Title:
> Update user info on login can prevent re-login
>
> Status in Mahara ePortfolio:
> Triaged
>
> Bug description:
> Using Active Directory LDAP for authentication. It seemed that having
> the 'Update user info on login' tickbox enabled caused Mahara to
> appear to go-offline to that user upon re-logins. I tried this with
> several users and it was repeatable. There was a similar sounding bug
> reported a while back I think - it may be the same.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/mahara/+bug/656679/+subscribe
>

A note sounds good, it might save people time if we add it to the description under the checkbox (hardly anyone reads release notes). Something like "This setting may not work on some AD implementations".

Hi Richard,
Maybe "Note: Enabling this may prevent some AD sites/users from subsequent
Mahara logins"
Thanks
Bob

On 11 May 2011 08:06, Richard Mansfield <email address hidden> wrote:

> A note sounds good, it might save people time if we add it to the
> description under the checkbox (hardly anyone reads release notes).
> Something like "This setting may not work on some AD implementations".
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/656679
>
> Title:
> Update user info on login can prevent re-login
>
> Status in Mahara ePortfolio:
> Triaged
>
> Bug description:
> Using Active Directory LDAP for authentication. It seemed that having
> the 'Update user info on login' tickbox enabled caused Mahara to
> appear to go-offline to that user upon re-logins. I tried this with
> several users and it was repeatable. There was a similar sounding bug
> reported a while back I think - it may be the same.
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/mahara/+bug/656679/+subscribe
>

The note is added, but I'll leave this open till the real problem is fixed.

Reviewed: https://reviews.mahara.org/266
Committed: http://gitorious.org/mahara/mahara/commit/cdfbe963c2a0bb39faee472df1f8f82575ee5df7
Submitter: Francois Marier (<email address hidden>)
Branch: master

commit cdfbe963c2a0bb39faee472df1f8f82575ee5df7
Author: I��aki Arenaza <email address hidden>
Date: Tue May 31 23:00:24 2011 +0200

    Update user info on login can prevent re-login if a LDAP attribute is empty.

    If the LDAP attribute is empty, some LDAP servers don't return the attribute in
    the answer (as an empty value). This means the missing attribute is not present
    in the $ldapdetails array returned by get_userinfo_ldap(). If we try to compare
    the missing entry with the existing user value, they are always different
    (unless the existing entry was also empty). Which means we assign an empty value
    to the user profile field (which is not allowed by the db).

    Simply testing if the LDAP attribute has been retrieved and is not empty before
    making the comparison fixes the problem.

    Tested with both MS AD (on W2003) and OpenLDAP 2.4.23 (on Debian).

    Fixes bug #656679 (which also fixes bug #788029)

    Change-Id: I81b59114b7fedeb8b575738b21ca4d6fd2670532
    Signed-off-by: I��aki Arenaza <email address hidden>

Reviewed: https://reviews.mahara.org/269
Committed: http://gitorious.org/mahara/mahara/commit/18c7415febcc36c2ee1e172568e7c106e73b9484
Submitter: Francois Marier (<email address hidden>)
Branch: 1.4_STABLE

commit 18c7415febcc36c2ee1e172568e7c106e73b9484
Author: I��aki Arenaza <email address hidden>
Date: Tue May 31 23:00:24 2011 +0200

    Update user info on login can prevent re-login if a LDAP attribute is empty.

    If the LDAP attribute is empty, some LDAP servers don't return the attribute in
    the answer (as an empty value). This means the missing attribute is not present
    in the $ldapdetails array returned by get_userinfo_ldap(). If we try to compare
    the missing entry with the existing user value, they are always different
    (unless the existing entry was also empty). Which means we assign an empty value
    to the user profile field (which is not allowed by the db).

    Simply testing if the LDAP attribute has been retrieved and is not empty before
    making the comparison fixes the problem.

    Tested with both MS AD (on W2003) and OpenLDAP 2.4.23 (on Debian).

    Fixes bug #656679 (which also fixes bug #788029)

    Change-Id: I0a44bae18dea10e79f96479045a9dadf7b8120b8
    Signed-off-by: I��aki Arenaza <email address hidden>