Loading...
 
Skip to main content

LDAP Authentication Broken Between Tiki 12.2 and 21.4

Status
Open
Subject
LDAP Authentication Broken Between Tiki 12.2 and 21.4
Version
21.x
Category
  • Bug
  • Less than 30-minutes fix
Feature
User Administration (Registration, Login & Banning)
Resolution status
New
Submitted by
smb@purdue.edu
Lastmod by
smb@purdue.edu
Rating
(0)
Description

While upgrading from Tiki 12.2 to 21.4, we found that our external LDAP authentication stopped working. After turning on some debugging and looking at the code, I found this major difference between the two versions in lib/auth/ldap.php.

In 12.2 starting at line 90:
$this->options'host' = array();
foreach ($t as $h) {
if (preg_match('#^ldaps?://#', $h)) { // entry is already URI
$this->options'host'[] = $h;
} else {
$this->options'host'[] = $prefix . $h . ':' . $port;
}
}

In 21.4 starting at line 96:
$this->options'host' = [];
foreach ($t as $h) {
if (preg_match('#^ldaps?://#', $h)) { // entry is already URI
$this->options'host' = $h;
} else {
$this->options'host' = $h;
}
}

Note that in 21.4 regardless of result of the if, the executed code is the same and the LDAP connection will fail if the "host" is not in URI format. I believe the else clause should look similar to that from 12.2. A workaround is to enter a full URI in the configuration for the LDAP server host.

Importance
5
Easy to solve?
9
Priority
45
Demonstrate Bug on Tiki 19+
Demonstrate Bug (older Tiki versions)
Ticket ID
7727
Created
Wednesday 14 April, 2021 19:02:55 UTC
by smb@purdue.edu
LastModif
Wednesday 14 April, 2021 19:02:55 UTC


Show PHP error messages