OCS Inventory: OCSReports

Case sensitive bug with LDAP support on ldap AUTH method

Bug #1250428 reported by Resurrección Mazo González on 2013-11-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OCS Inventory: OCSReports	Fix Released	Low	Erwan

Bug Description

PHP ldap_get_entries() function obtain attributes in case sensitive mode, so if you work with LDAP directory, these attributes are identical, because LDAP protocol is case insensitive.
entry[n].['employeeType'] = entry[n].['employeetype']

But when you manipulate the retrieved information through PHP (ldap_get_entries()), entries obtained are array key indexed with case sensitive keys, so that if you use an attribute like "employeeType" in your LDAP OCS config, and the LDAP server returns a key index named "employeetype", make cause error comparison en OCS AUTH/ldap.php code:
...
if ($info[0][$f1_name][0] != '')
...
if ($info[0][$f2_name][0] != '')

But at LDAP level are the same.

This bug can be corrected forcing a lowercase in the code:
if ($info[0][strtolower($f1_name)][0] != '')
...
$_SESSION['OCS']['details'][$f1_name]=$info[0][strtolower($f1_name)];
...
if ($info[0][strtolower($f2_name)][0] != '')
...
$_SESSION['OCS']['details'][$f2_name]=$info[0][strtolower($f2_name)];
...

This solution patchs this bug case. If yo don't apply it, if your LDAP server returns a attribute names not normalized, you could have problems in comparison values, using the attribute name as index.

For example, if you configure retrieve an entry with employeeType attribute configured a $fq_name additional attribute, yor PHP entry results in:

$info[0] = array(n) {
["employeetype"]=> array(2) { ["count"]=> int(1) [0]=> string(5) "admin" } [4]=> string(12) "employeetype"
...
}

When you initialize $_SESSION['OCS']['details'][$f1_name], it produce an error because you try to compare case sensitive strings:
...
if ($info[0][strtolower($f1_name)][0] != '')

That implies "employeeType != employeetype".