[Rt-commit] rt branch 5.0/add-checking-to-verify-attr-match-list-maps created. rt-5.0.3-120-g153aed67ae
BPS Git Server
git at git.bestpractical.com
Wed Sep 14 22:52:22 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/add-checking-to-verify-attr-match-list-maps has been created
at 153aed67aec9f4fefbaad23ca4dbb8778a22b83e (commit)
- Log -----------------------------------------------------------------
commit 153aed67aec9f4fefbaad23ca4dbb8778a22b83e
Author: Blaine Motsinger <blaine at bestpractical.com>
Date: Wed Sep 14 17:00:45 2022 -0500
Add checking to verify attr_match_list maps
To allow updating user attributes in RT with concatenated
attributes from LDAP, the ExternalSettings attr_map configuration
supports defining multiple LDAP attributes as an arrayref.
RealName in this example:
'attr_map' => {
'Name' => 'uid',
'EmailAddress' => 'mail',
'RealName' => [ 'givenName', 'sn' ],
},
However, if an entry in attr_match_list maps to an arrayref in
attr_map, Net::LDAP::Filter will not build the search filter,
and will not return a filter object, resulting in a failed
response from the LDAP search.
'attr_match_list' => [ 'Name', 'EmailAddress', 'RealName' ],
This commit adds checking to verify entries defined in
attr_match_list don't map to an arrayref in attr_map. If found,
the LDAP search using that attr_match_list attribute is skipped
and the error logged.
diff --git a/lib/RT/Authen/ExternalAuth/LDAP.pm b/lib/RT/Authen/ExternalAuth/LDAP.pm
index 3336dde1c0..d0430093a9 100644
--- a/lib/RT/Authen/ExternalAuth/LDAP.pm
+++ b/lib/RT/Authen/ExternalAuth/LDAP.pm
@@ -243,7 +243,13 @@ sub GetAuth {
# loop over each of the attr_match_list members for LDAP search
my $ldap_msg;
foreach my $attr_match ( @{$attr_match_list} ) {
- unless ( defined $attr_map->{$attr_match} ) {
+ if ( defined $attr_map->{$attr_match} ) {
+ if ( ref $attr_map->{$attr_match} eq 'ARRAY' ) {
+ $RT::Logger->error( "LDAP attr_match_list entry for $attr_match does not support mapping multiple values in attr_map; skipping" );
+ next;
+ }
+ }
+ else {
$RT::Logger->error( "Invalid LDAP mapping for $attr_match, no defined fields in attr_map" );
next;
}
@@ -592,7 +598,13 @@ sub UserExists {
# loop over each of the attr_match_list members for the initial lookup
foreach my $attr_match ( @{$attr_match_list} ) {
- unless ( defined $attr_map->{$attr_match} ) {
+ if ( defined $attr_map->{$attr_match} ) {
+ if ( ref $attr_map->{$attr_match} eq 'ARRAY' ) {
+ $RT::Logger->error( "LDAP attr_match_list entry for $attr_match does not support mapping multiple values in attr_map; skipping" );
+ next;
+ }
+ }
+ else {
$RT::Logger->error( "Invalid LDAP mapping for $attr_match, no defined fields in attr_map" );
next;
}
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list