HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Odd forum permissions issue with LDAP users (Now 4.2.0)

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#54772 (In Topic #11928)
Avatar

Fan in training

Hey,

I'm having a bit of a bizarre issue with LDAP users & access to the OCP forum.

The LDAP users are in a group that has permissions to various areas of the forum. A user created via OCP in the same group gets the correct access, an LDAP user in the same group cannot. Its a reasonably vanilla config - is there anything obvious I might be doing wrong?


Last edit: by pieboy
Back to the top
 
Posted
Rating:
#54773
Avatar

Fan in training

ive just noticed that I also get an error when looking at the members page, the groups page loads fine though;
PHP NOTICE [8] Undefined offset: 0 in /var/www/site/sources/ocf_ldap.php on line 644 (version: 4-2.0 RC3, PHP version: 5.2.6-3ubuntu4.2, URL: /site/data/iframe.php?zone=site&wide_high=1&page=members)

Here is the stack trace:Below is a stack trace revealing the state the software was in when the error occurred. If this represents a bug in the unmodified software, you may want to check ocPortal website for a fix, and if there isn't one, report this as a bug. Please note that merely posting a stack trace is not sufficient for us to solve your problem; the stack trace is just an aid that presents us with additional information. We still need to know the error message, what you tried to do, how you tried to do it, version numbers, and any other appropriate information.
We apologise for this problem and if it's a bug we hope you will work with us so that we can fix it for you promptly.

File'/var/www/site/sources/failure.php'Line'508'Function'get
_html_trace'Args

File'/var/www/site/sources/global2.php'Line'743'Function'_fa
tal_exit'Args
'PHP NOTICE [8] Undefined offset: 0 in /var/www/site/sources/ocf_ldap.php on line 644'


File'/var/www/site/sources/failure.php'Line'138'Function'fat
al_exit'Args
'PHP NOTICE [8] Undefined offset: 0 in /var/www/site/sources/ocf_ldap.php on line 644'


File'/var/www/site/sources/global2.php'Line'641'Function'_oc
portal_error_handler'Args
'notice'

8

'Undefined offset: 0'

'/var/www/site/sources/ocf_ldap.php'

644


File'/var/www/site/sources/ocf_ldap.php'Line'644'Function'oc
portal_error_handler'Args
8

'Undefined offset: 0'

'/var/www/site/sources/ocf_ldap.php'

644

array ( 'member_id' => 71, 'PRIMARY_GROUP_MEMBERS' => array ( 72 => 13, ), 'LDAP_CONNECTION' => NULL, 'results' => NULL, 'entries' => array ( 'count' => 0, ), )


File'/var/www/site/sources/ocf_members.php'Line'359'Function
'ocf_ldap_get_member_primary_group'Args
71


File'/var/www/site/site/pages/modules/members.php'Line'153'F
unction'ocf_get_member_primary_group'Args
71


File'/var/www/site/site/pages/modules/members.php'Line'83'Fu
nction'directory'Class'Module_members'ObjectModule_members::
_
_set_state(array( ))Type'->'Args

File'/var/www/site/sources/zones.php'Line'333'Function'run'C
lass'Module_members'ObjectModule_members::__set_state(array( ))Type'->'Args

File'/var/www/site/sources/site.php'Line'839'Function'load_m
odule_page'Args
'site/pages/modules/members.php'

'members'


File'/var/www/site/sources/misc_scripts.php'Line'166'Functio
n'request_page'Args
'members'

true


File'/var/www/site/data/iframe.php'Line'49'Function'iframe_s
cript'Args
Back to the top
 
Posted
Rating:
#54774
Avatar

4.2-final has further-overhauled LDAP support. Please try in this, it'll be out soon.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#54888
Avatar

Fan in training

I updated to 4.2.0 today, and the issue is still there, the LDAP users are showing as being in the correct usergroups - however do not get the forum permissions from the group, and the members page still breaks when LDAP is enabled.

The update did resolve a problem with users no longer in LDAP being stuck in OCP though...

heres the stack from the members page;

File'/var/www/site/sources/failure.php'
Line'509'
Function'get_html_trace'
Args

File'/var/www/site/sources/global2.php'
Line'751'
Function'_fatal_exit'
Args'PHP NOTICE [8] Undefined offset: 0 in /var/www/site/sources/ocf_ldap.php on line 647'


File'/var/www/site/sources/failure.php'
Line'138'
Function'fatal_exit'
Args'PHP NOTICE [8] Undefined offset: 0 in /var/www/site/sources/ocf_ldap.php on line 647'


File'/var/www/site/sources/global2.php'
Line'649'
Function'_ocportal_error_handler'
Args'notice'

8

'Undefined offset: 0'

'/var/www/site/sources/ocf_ldap.php'

647


File'/var/www/site/sources/ocf_ldap.php'
Line'647'
Function'ocportal_error_handler'
Args8

'Undefined offset: 0'

'/var/www/site/sources/ocf_ldap.php'

647

array ( 'member_id' => 71, 'PRIMARY_GROUP_MEMBERS' => array ( 72 => 13, ), 'LDAP_CONNECTION' => NULL, 'results' => NULL, 'entries' => array ( 'count' => 0, ), )


File'/var/www/site/sources/ocf_members.php'
Line'362'
Function'ocf_ldap_get_member_primary_group'
Args71


File'/var/www/site/site/pages/modules/members.php'
Line'153'
Function'ocf_get_member_primary_group'
Args71


File'/var/www/site/site/pages/modules/members.php'
Line'83'
Function'directory'
Class'Module_members'
ObjectModule_members::__set_state(array( ))
Type'->'
Args

File'/var/www/site/sources/zones.php'
Line'331'
Function'run'
Class'Module_members'
ObjectModule_members::__set_state(array( ))
Type'->'
Args

File'/var/www/site/sources/site.php'
Line'880'
Function'load_module_page'
Args'site/pages/modules/members.php'

'members'


File'/var/www/site/sources/misc_scripts.php'
Line'168'
Function'request_page'
Args'members'

true


File'/var/www/site/data/iframe.php'
Line'49'
Function'iframe_script'
Args
Back to the top
 
Posted
Rating:
#54889
Avatar

Please try this:
Attachment
sources/ocf_ldap.php
» Download: ocf_ldap.php (24 Kb, 105 downloads so far)



Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#54891
Avatar

Fan in training

Chris,

Thanks - thats resolved the problem with the members page, however LDAP users still do not get the correct group based permissions as a standard OCP user in the same group :(
Back to the top
 
Posted
Rating:
#54892
Avatar

What effect does this have?

Attachment
» Download: ocf_ldap.php (24 Kb, 115 downloads so far)


Are we talking primary group membership, or secondary group membership?


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#54893
Avatar

Fan in training

that seems to have made no difference.

We are talking about Primary usergroups. It seems like the users are getting 'noobie' permissions, rather than their primary group
Back to the top
 
Posted
Rating:
#54894
Avatar

Does it correctly report their primary group? Because the fix I gave you earlier seemed to be that your LDAP setup doesn't support it.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#54895
Avatar

Fan in training

When looking at the users profile, it shows the correct primary usergroup. When looking at the usergroups, it shows all of the LDAP users in the correct groups (both of these were working before the changed files were uploaded). The members page wasnt loading at all, but has been since your changes were made.

The users get the correct permissions for other things, such as Zones - it appears to only be related to forum permissions. The users simply get 'newbie' group access instead
Back to the top
 
Posted
Rating:
#54896
Avatar

I think at this point I'd need to look on the server. Is that going to be possible, or are you behind a Firewall (unfortunately with people using LDAP I usually find they are).
If possible please send FTP details to chris@ocportal.com. It may be a few days before I could look at the problem, as I am going into semi-holiday mode for about a week now, but I'll try. Probably I would take a look at how the code is running and find the issue relatively easily, just it's too hard to speculate without stepping through doing that.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: