[Xerte] Re: Bug in XOT 1.7 ldap authentication

Julian Tenney Julian.Tenney at nottingham.ac.uk
Fri Sep 23 10:08:41 BST 2011


I haven't the faintest idea what you've just said...

-----Original Message-----
From: xerte-bounces at lists.nottingham.ac.uk [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Pat Lockley
Sent: 23 September 2011 10:06
To: Xerte discussion list
Subject: [Xerte] Re: Bug in XOT 1.7 ldap authentication

Can't fix it properly without an ldap to test. If you install an xampp and point it at Nottingham and add in china using management you could swap the variables around

On 23 Sep 2011, at 08:45, Julian Tenney <Julian.Tenney at nottingham.ac.uk> wrote:

> What needs to happen to the zip to fix the bug?
> 
> -----Original Message-----
> From: xerte-bounces at lists.nottingham.ac.uk [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Pat Lockley
> Sent: 22 September 2011 17:32
> To: Xerte discussion list
> Subject: [Xerte] Re: Bug in XOT 1.7 ldap authentication
> 
> ooops, if only it didn't say eureka_site i could have blamed some one else.
> 
> the ldap table should come in version 1.7?
> 
> Is your install without an ldap table (as this removes the $$$
> ugliness)? The installer should add one entry to the ldap table (if
> entered in the installer).
> 
> I haven't got an ldap to test against anymore, but I would suggest
> altering the code within valid login so as to leave authenticate to
> host valid in case you switch to the ldap table (in future, assuming
> the same bug isn't there).
> 
> Pat
> 
> On Thu, Sep 22, 2011 at 5:19 PM,  <C.J.Fryer at lse.ac.uk> wrote:
>> Hello
>> 
>> I think I've found a bug in the LDAP Authentication code in Xerte Online
>> Toolkits version 1.7.  When I try to log in with my LDAP credentials, I
>> get a blank screen.  If I turn on error_reporting in config.php, I see
>> the following errors in the log:
>> 
>> "PHP Warning:  Missing argument 9 for authenticate_to_host(), called in
>> \xertenew\website_code\php\login_library.php on line 448 and defined in
>> \xertenew\website_code\php\login_library.php on line 270"
>> 
>> "PHP Warning:  Missing argument 10 for authenticate_to_host(), called in
>> \xertenew\website_code\php\login_library.php on line 448 and defined in
>> \xertenew\website_code\php\login_library.php on line 270"
>> 
>> In our database, sitedetails.ldap_host contains a $$$-separated list of
>> directory servers, rather than anything in a table called "ldap".  So
>> this places us in a particular branch within function valid_login().
>> 
>> Line 448 of website_code\php\login_library.php is:
>> 
>> $login_check =
>> authenticate_to_host($host[$x],$port[$x],$bind_pwd[$x],$basedn[$x],$bind
>> _dn[$x],$username,$password,$xerte_toolkits_site)
>> 
>> But the function authenticate_to_host on line 270 expects 10 arguments,
>> and they are in a different order:
>> 
>> function
>> authenticate_to_host($host,$port,$bind_pwd,$bind_dn,$basedn,$ldap_filter
>> ,$ldap_filter_attr,$eureka_username,$password,$eureka_site)
>> 
>> I am not sure whether it would be better to modify valid_login() so it
>> passes the correct arguments, or authenticate_to_host() itself, so the
>> arguments are handled differently.
>> 
>> Chris
>> 
>> 
>> 
>> Please access the attached hyperlink for an important electronic communications disclaimer: http://lse.ac.uk/emailDisclaimer
>> 
>> _______________________________________________
>> Xerte mailing list
>> Xerte at lists.nottingham.ac.uk
>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>> 
>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>> 
>> This message has been checked for viruses but the contents of an attachment
>> may still contain software viruses which could damage your computer system:
>> you are advised to perform your own checks. Email communications with the
>> University of Nottingham may be monitored as permitted by UK legislation.
>> 
>> 
> 
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
> 
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
> 
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.

_______________________________________________
Xerte mailing list
Xerte at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte



More information about the Xerte mailing list