Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #14110 LDAP authentication fails when providing a list of LDAP servers
    Actions
    Infos
    #14110
    Michel Cramatte (mcramatte)
    2019-11-21 14:56
    2019-11-06 11:19
    15301
    Details
    LDAP authentication fails when providing a list of LDAP servers

    Context :

    • This issue has been discovered after an upgrade from Tuleap 9.6 to 11.7
    • Simultaneously, we upgraded PHP from version 5.3.3 to scl PHP 7.3.11
    • OS is CentOS 6.7

    Issue :

    • LDAP authentication fails when providing a list of LDAP servers in sys_ldap_server field.
    • With a single server, issue does not appear: login is successful.

    Error in /var/log/tuleap/ldap_syslog :

    • 2019-11-06T09:56:38+01:00 [23034] [warning] Cannot connect to any LDAP server: xx.xx.xx.xx,yy.yy.yy.yy ***ERROR: ***ERROR no:

    Proposed fix :

    • in /usr/share/tuleap/plugins/ldap/include/LDAP.class.php script
    • line 114
    • we replaced //foreach (explode('[,;]', $this->ldapParams['server']) as $ldap_server) { 
    • by foreach (preg_split('/[,;]/', $this->ldapParams['server']) as $ldap_server) {
    • reason : explode does not support regexp as delimiter.

     

    Authentication & LDAP
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2019-11-21
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #13877 Tuleap Releases 11.9 Delivered 2019-13-12 16:08 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #14110

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/84/16684/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD e3aa39b992
    User avatar Yannis ROSSETTO (rossettoy) , 2019-11-21 14:54
    request #14110: LDAP authentication fails when providing a list of LDAP servers 1f583c6c48
    User avatar Thomas Gerbet (tgerbet) , 2019-11-08 09:55
    Referenced by request #14110

    Artifact Tracker v5

    rel #13877 11.9

    Git commit

    tuleap/tuleap/stable

    request #7718 Fix LDAP injections d355e777e2
    User avatar Thomas Gerbet (tgerbet) , 2014-12-29 09:45

    Other

    gerrit #16684
    Display settings

    Follow-ups

    User avatar
    Yannis ROSSETTO (rossettoy)2019-11-21 14:56
    Integrated into Tuleap 11.8.99.74
    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2019-11-21
    User avatar
    Thomas Gerbet (tgerbet)2019-11-06 11:45
    Hi,

    Thanks for detailed bug report.

    I confirm the issue, issue was introduced by git #tuleap/stable/d355e777e2dad007421bc4412b6d743c61f7a06c (it looks like I successfully have introduced a bug with my first contribution to Tuleap o/).

    That's being said, it's a bit weird that you did not notice the issue before because from what I see it should be present since Tuleap 7.9.
    • Category changed from Site admin to Authentication & LDAP
    • Status changed from New to Verified
    • Assigned to changed from None to Thomas Gerbet (tgerbet)
    • Reported in version changed from 11.6 to All
    • Platform cleared values: CentOS 6