[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #2340] LDAP module: serious bug looking up
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #2340] LDAP module: serious bug looking up groups |
Date: |
Mon, 20 Jan 2003 17:27:15 -0500 |
=================== BUG #2340: FULL BUG SNAPSHOT ===================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=2340&group_id=509
Submitted by: None Project: phpGroupWare
Submitted on: 2003-Jan-20 17:27
Category: API - Setup Bug Group: 0.9.14 release
Severity: 5 - Major Priority: High
Resolution: None Assigned to: None
Status: Open Component Version: None
Platform Version: Linux - RedHat Reproducibility: Every Time
Summary: LDAP module: serious bug looking up groups
Original Submission: in ldapmodify.php:
instead of
$srg =
ldap_search($ldap,$config['ldap_group_context'],'(|(cn=*))',array('gidnumber','cn','memberuid'));
(about line 96)
should be
$srg =
ldap_search($ldap,$config['ldap_group_context'],'(|(objectclass=posixGroup))',array('gidnumber','cn','memberuid'));
Object class = posixGroup is the valid form for searching groups
you should also consider seriously adding support for groupOfNames object class.
Manuel Amador (Rudd-O)
diradmin.open-it.org
PS: guys, you should seriously reconsider working on another job. Your code
doesn't even bother to check for the most obvious error conditions. We had all
kinds of errors. No one in their right mind would deem it usable.
Take a page from the OWASP how to program secure web applications.
No Followups Have Been Posted
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=2340&group_id=509
- [Phpgroupware-tracker] [Bug #2340] LDAP module: serious bug looking up groups,
nobody <=