[Xerte] Re: Bug in XOT 1.7 ldap authentication

Pat Lockley patrick.lockley at googlemail.com
Thu Sep 22 17:31:51 BST 2011 

ooops, if only it didn't say eureka_site i could have blamed some one else.

the ldap table should come in version 1.7?

Is your install without an ldap table (as this removes the $$$
ugliness)? The installer should add one entry to the ldap table (if
entered in the installer).

I haven't got an ldap to test against anymore, but I would suggest
altering the code within valid login so as to leave authenticate to
host valid in case you switch to the ldap table (in future, assuming
the same bug isn't there).

Pat

On Thu, Sep 22, 2011 at 5:19 PM,  <C.J.Fryer at lse.ac.uk> wrote:
> Hello
>
> I think I've found a bug in the LDAP Authentication code in Xerte Online
> Toolkits version 1.7.  When I try to log in with my LDAP credentials, I
> get a blank screen.  If I turn on error_reporting in config.php, I see
> the following errors in the log:
>
> "PHP Warning:  Missing argument 9 for authenticate_to_host(), called in
> \xertenew\website_code\php\login_library.php on line 448 and defined in
> \xertenew\website_code\php\login_library.php on line 270"
>
> "PHP Warning:  Missing argument 10 for authenticate_to_host(), called in
> \xertenew\website_code\php\login_library.php on line 448 and defined in
> \xertenew\website_code\php\login_library.php on line 270"
>
> In our database, sitedetails.ldap_host contains a $$$-separated list of
> directory servers, rather than anything in a table called "ldap".  So
> this places us in a particular branch within function valid_login().
>
> Line 448 of website_code\php\login_library.php is:
>
> $login_check =
> authenticate_to_host($host[$x],$port[$x],$bind_pwd[$x],$basedn[$x],$bind
> _dn[$x],$username,$password,$xerte_toolkits_site)
>
> But the function authenticate_to_host on line 270 expects 10 arguments,
> and they are in a different order:
>
> function
> authenticate_to_host($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter
> ,$ldap_filter_attr,$eureka_username,$password,$eureka_site)
>
> I am not sure whether it would be better to modify valid_login() so it
> passes the correct arguments, or authenticate_to_host() itself, so the
> arguments are handled differently.
>
> Chris
>
>
>
> Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>

More information about the Xerte mailing list