[#ZF-10687] LDAP connection bug with special characters - Zend Framework Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not an Issue
Affects Version/s: 1.9.0, 1.9.2, 1.9.6, 1.9.7, 1.9.8, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.11.0
Fix Version/s: None
Component/s: Zend_Ldap
Labels:
None

Description

authentication against Microsoft ADS (LDAP) does not work with special characters inside username! (latest version support only "-" and "_"
If we using a DN Form of authentication ex. "user.name@abc.com" seem does not work for usernames with special characters!
Hope, that this fix will find his way in one of the next releases, because as a workaround

Regards,
Dolphy

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Stefan Gehrig added a comment - 16/Nov/10 10:04 AM

Could you please provide some more information? Especially I'd need the configuration you use and some code snippet that shows your code setup.

I'm currently quite unsure where that limitation might come from.

Show

Stefan Gehrig added a comment - 16/Nov/10 10:04 AM Could you please provide some more information? Especially I'd need the configuration you use and some code snippet that shows your code setup. I'm currently quite unsure where that limitation might come from.

Hide

Permalink

dolphy phan added a comment - 16/Nov/10 6:50 PM

Here is my config:

alwaysUseDatabaseForLogin = "admin"
authAdapterMethod = "ldap"
ldap.options.host = "192.168.199.2"
ldap.options.port = "3268"
ldap.options.username = ""
ldap.options.password = ""
ldap.options.useStartTls = "0"
ldap.options.useSsl = "0"
ldap.options.bindRequiresDn = "0"
ldap.options.accountCanonicalForm = "4"
ldap.options.allowEmptyPassword = "0"
ldap.options.optReferrals = "0"
ldap.options.baseDn = "cn=%s,dc=pyco,dc=vn"
ldap.options.bindDnFormat = "%s@pyco.vn"
ldap.options.accountDomainName = "pyco.vn"
ldap.options.accountDomainNameShort = "pyco"
ldap.options.accountFilterFormat = ""
ldap.createGroupForUserInDB = "0"
ldap.createUserInDBOnLogin = "0"

Show

dolphy phan added a comment - 16/Nov/10 6:50 PM Here is my config: alwaysUseDatabaseForLogin = "admin" authAdapterMethod = "ldap" ldap.options.host = "192.168.199.2" ldap.options.port = "3268" ldap.options.username = "" ldap.options.password = "" ldap.options.useStartTls = "0" ldap.options.useSsl = "0" ldap.options.bindRequiresDn = "0" ldap.options.accountCanonicalForm = "4" ldap.options.allowEmptyPassword = "0" ldap.options.optReferrals = "0" ldap.options.baseDn = "cn=%s,dc=pyco,dc=vn" ldap.options.bindDnFormat = "%s@pyco.vn" ldap.options.accountDomainName = "pyco.vn" ldap.options.accountDomainNameShort = "pyco" ldap.options.accountFilterFormat = "" ldap.createGroupForUserInDB = "0" ldap.createUserInDBOnLogin = "0"

Hide

Permalink

Andreas Heigl added a comment - 17/Nov/10 1:11 AM

What kind of special characters are we talking about? Are there some apostrophes or Umlauts? or do you simply refer to a slash as special character?

And if you could provide some code snippets and examples of usernames that fail and that work it would be most helpful.

Show

Andreas Heigl added a comment - 17/Nov/10 1:11 AM What kind of special characters are we talking about? Are there some apostrophes or Umlauts? or do you simply refer to a slash as special character? And if you could provide some code snippets and examples of usernames that fail and that work it would be most helpful.

Hide

Permalink

dolphy phan added a comment - 21/Nov/10 6:42 PM

authentication ex. "user.name@abc.com" < dot inside username will failed to login.

Show

dolphy phan added a comment - 21/Nov/10 6:42 PM authentication ex. "user.name@abc.com" < dot inside username will failed to login.

Hide

Permalink

dolphy phan added a comment - 21/Nov/10 10:38 PM

Here is the errors I got
--------------------------
An unexpected failure occurred
0x1 (Operations error; 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece): searching: (&(objectClass=user)(sAMAccountName=khoa.phan))
host=192.168.199.2,port=3268,username=,password=*****,useStartTls=0,useSsl=0,bindRequiresDn=0,accountCanonicalForm=4,allowEmptyPassword=0,optReferrals=0,baseDn=cn=%s,dc=pyco,dc=vn,accountDomainName=pyco.vn,accountDomainNameShort=pyco,accountFilterFormat=
/var/www/html/usvndev/library/Zend/Ldap.php(987): 0x1 (Operations error; 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece): searching: (&(objectClass=user)(sAMAccountName=khoa.phan))
#0 /var/www/html/usvndev/library/Zend/Ldap.php(666): Zend_Ldap->search('(&(objectClass=...', 'cn=%s,dc=pyco,d...', 1, Array) #1 /var/www/html/usvndev/library/Zend/Ldap.php(538): Zend_Ldap->_getAccount('khoa.phan', Array) #2 /var/www/html/usvndev/library/Zend/Ldap.php(605): Zend_Ldap->_getAccountDn('khoa.phan@pyco....') #3 /var/www/html/usvndev/library/Zend/Auth/Adapter/Ldap.php(329): Zend_Ldap->getCanonicalAccountName('khoa.phan@pyco....', 1) #4 /var/www/html/usvndev/library/Zend/Auth.php(117): Zend_Auth_Adapter_Ldap->authenticate() #5 /var/www/html/usvndev/app/controllers/LoginController.php(73): Zend_Auth->authenticate(Object(USVN_Auth_Adapter_Ldap)) #6 /var/www/html/usvndev/app/controllers/LoginController.php(32): LoginController->_doLogin() #7 /var/www/html/usvndev/library/Zend/Controller/Action.php(513): LoginController->loginAction() #8 /var/www/html/usvndev/library/Zend/Controller/Dispatcher/Standard.php(295): Zend_Controller_Action->dispatch('loginAction') #9 /var/www/html/usvndev/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch(Object(USVN_Controller_Request_Http), Object(Zend_Controller_Response_Http)) #10 /var/www/html/usvndev/public/index.php(5): Zend_Controller_Front->dispatch() #11 {main}
khoa.phan@pyco.vn authentication failed: 0x1 (Operations error; 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece): searching: (&(objectClass=user)(sAMAccountName=khoa.phan))

Show

dolphy phan added a comment - 21/Nov/10 10:38 PM Here is the errors I got -------------------------- An unexpected failure occurred 0x1 (Operations error; 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece): searching: (&(objectClass=user)(sAMAccountName=khoa.phan)) host=192.168.199.2,port=3268,username=,password=*****,useStartTls=0,useSsl=0,bindRequiresDn=0,accountCanonicalForm=4,allowEmptyPassword=0,optReferrals=0,baseDn=cn=%s,dc=pyco,dc=vn,accountDomainName=pyco.vn,accountDomainNameShort=pyco,accountFilterFormat= /var/www/html/usvndev/library/Zend/Ldap.php(987): 0x1 (Operations error; 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece): searching: (&(objectClass=user)(sAMAccountName=khoa.phan)) #0 /var/www/html/usvndev/library/Zend/Ldap.php(666): Zend_Ldap->search('(&(objectClass=...', 'cn=%s,dc=pyco,d...', 1, Array) #1 /var/www/html/usvndev/library/Zend/Ldap.php(538): Zend_Ldap->_getAccount('khoa.phan', Array) #2 /var/www/html/usvndev/library/Zend/Ldap.php(605): Zend_Ldap->_getAccountDn('khoa.phan@pyco....') #3 /var/www/html/usvndev/library/Zend/Auth/Adapter/Ldap.php(329): Zend_Ldap->getCanonicalAccountName('khoa.phan@pyco....', 1) #4 /var/www/html/usvndev/library/Zend/Auth.php(117): Zend_Auth_Adapter_Ldap->authenticate() #5 /var/www/html/usvndev/app/controllers/LoginController.php(73): Zend_Auth->authenticate(Object(USVN_Auth_Adapter_Ldap)) #6 /var/www/html/usvndev/app/controllers/LoginController.php(32): LoginController->_doLogin() #7 /var/www/html/usvndev/library/Zend/Controller/Action.php(513): LoginController->loginAction() #8 /var/www/html/usvndev/library/Zend/Controller/Dispatcher/Standard.php(295): Zend_Controller_Action->dispatch('loginAction') #9 /var/www/html/usvndev/library/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch(Object(USVN_Controller_Request_Http), Object(Zend_Controller_Response_Http)) #10 /var/www/html/usvndev/public/index.php(5): Zend_Controller_Front->dispatch() #11 {main} khoa.phan@pyco.vn authentication failed: 0x1 (Operations error; 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece): searching: (&(objectClass=user)(sAMAccountName=khoa.phan))

Hide

Permalink

Stefan Gehrig added a comment - 22/Nov/10 10:41 AM

Looks strange, and I actually doubt that this error is related to the "dotted" username. Could you please try and remove the following lines from your configuration?

ldap.options.username = ""
ldap.options.password = ""

Show

Stefan Gehrig added a comment - 22/Nov/10 10:41 AM Looks strange, and I actually doubt that this error is related to the "dotted" username. Could you please try and remove the following lines from your configuration?

ldap.options.username = ""
ldap.options.password = ""

Hide

Permalink

dolphy phan added a comment - 24/Nov/10 6:01 PM

Hi Gehriq,

I remove those two lines in my config and got this errors

Account not found: khoa.phan@pyco.vn
0x20 (No such object; 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=pyco,DC=vn' ): searching: (&(objectClass=user)(sAMAccountName=khoa.phan))
host=192.168.199.2,port=3268,useStartTls=0,useSsl=0,bindRequiresDn=0,accountCanonicalForm=4,allowEmptyPassword=0,optReferrals=0,baseDn=cn=%s,dc=pyco,dc=vn,accountDomainName=pyco.vn,accountDomainNameShort=pyco,accountFilterFormat=
khoa.phan@pyco.vn authentication failed: 0x20 (No such object; 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=pyco,DC=vn' ): searching: (&(objectClass=user)(sAMAccountName=khoa.phan))

Ofcourse this account is avaialble.

Show

dolphy phan added a comment - 24/Nov/10 6:01 PM Hi Gehriq, I remove those two lines in my config and got this errors Account not found: khoa.phan@pyco.vn 0x20 (No such object; 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=pyco,DC=vn' ): searching: (&(objectClass=user)(sAMAccountName=khoa.phan)) host=192.168.199.2,port=3268,useStartTls=0,useSsl=0,bindRequiresDn=0,accountCanonicalForm=4,allowEmptyPassword=0,optReferrals=0,baseDn=cn=%s,dc=pyco,dc=vn,accountDomainName=pyco.vn,accountDomainNameShort=pyco,accountFilterFormat= khoa.phan@pyco.vn authentication failed: 0x20 (No such object; 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=pyco,DC=vn' ): searching: (&(objectClass=user)(sAMAccountName=khoa.phan)) Ofcourse this account is avaialble.

Hide

Permalink

dolphy phan added a comment - 24/Nov/10 6:32 PM

Hi again,

I tried to change config again n got this error
--------~~config.ini~~-----------
alwaysUseDatabaseForLogin = "admin"
authAdapterMethod = "ldap"
ldap.options.host = "192.168.199.2"
ldap.options.port = "3268"
ldap.options.useStartTls = "0"
ldap.options.useSsl = "0"
ldap.options.bindRequiresDn = "0"
ldap.options.accountCanonicalForm = "4"
ldap.options.allowEmptyPassword = "0"
ldap.options.optReferrals = "0"
ldap.options.baseDn = "dc=pyco,dc=vn"
ldap.options.bindDnFormat = "%s@pyco.vn"
ldap.options.accountDomainName = "pyco.vn"
ldap.options.accountDomainNameShort = "pyco"
ldap.options.accountFilterFormat = ""
ldap.createGroupForUserInDB = "0"
ldap.createUserInDBOnLogin = "0"
----------~~/config.ini~~-------------

Here the error

--------------~~error~~------------
[Thu Nov 25 09:24:58 2010] [error] [client 192.168.10.11] PHP Notice: Zend_Loader::Zend_Loader::registerAutoload is deprecated as of 1.8.0 and will be removed with 2.0.0; use Zend_Loader_Autoloader instead in /var/www/html/usvndev/library/Zend/Loader.php on line 266, referer: http://192.168.199.1/udev/login/
-------------~~/error~~-----------

Show

dolphy phan added a comment - 24/Nov/10 6:32 PM Hi again, I tried to change config again n got this error --------~~config.ini~~----------- alwaysUseDatabaseForLogin = "admin" authAdapterMethod = "ldap" ldap.options.host = "192.168.199.2" ldap.options.port = "3268" ldap.options.useStartTls = "0" ldap.options.useSsl = "0" ldap.options.bindRequiresDn = "0" ldap.options.accountCanonicalForm = "4" ldap.options.allowEmptyPassword = "0" ldap.options.optReferrals = "0" ldap.options.baseDn = "dc=pyco,dc=vn" ldap.options.bindDnFormat = "%s@pyco.vn" ldap.options.accountDomainName = "pyco.vn" ldap.options.accountDomainNameShort = "pyco" ldap.options.accountFilterFormat = "" ldap.createGroupForUserInDB = "0" ldap.createUserInDBOnLogin = "0" ----------~~/config.ini~~------------- Here the error --------------~~error~~------------ [Thu Nov 25 09:24:58 2010] [error] [client 192.168.10.11] PHP Notice: Zend_Loader::Zend_Loader::registerAutoload is deprecated as of 1.8.0 and will be removed with 2.0.0; use Zend_Loader_Autoloader instead in /var/www/html/usvndev/library/Zend/Loader.php on line 266, referer: http://192.168.199.1/udev/login/ -------------~~/error~~-----------

Hide

Permalink

Stefan Gehrig added a comment - 24/Nov/10 11:57 PM

OK - that looks completely different now... Zend_Ldap does not have any dependency on Zend_Loader and so does Zend_Auth_Adapter_Ldap. The last warning (a PHP user notice to be precise) must be originated from your own user-land code though.

Show

Stefan Gehrig added a comment - 24/Nov/10 11:57 PM OK - that looks completely different now... Zend_Ldap does not have any dependency on Zend_Loader and so does Zend_Auth_Adapter_Ldap. The last warning (a PHP user notice to be precise) must be originated from your own user-land code though.

Hide

Permalink

dolphy phan added a comment - 26/Nov/10 1:36 AM

Hi,

Yes, I got login successfully with ldap config... but I got this.

-------------------------~~ERROS~~---------------------------
Invalid login. Logins can only include alphanumeric characters,dashes ('-'), or underscores ('_')

Trace:

/var/www/html/usvndev/library/USVN/Db/Table/Row/User.php:184 USVN_Db_Table_Row_User::checkLogin
/var/www/html/usvndev/library/Zend/Db/Table/Row/Abstract.php:460 USVN_Db_Table_Row_User::_insert
/var/www/html/usvndev/library/Zend/Db/Table/Row/Abstract.php:437 Zend_Db_Table_Row_Abstract::_doInsert
/var/www/html/usvndev/library/USVN/User.php:92 Zend_Db_Table_Row_Abstract::save
/var/www/html/usvndev/app/controllers/LoginController.php:123 USVN_User::save
/var/www/html/usvndev/app/controllers/LoginController.php:32 LoginController::_doLogin
/var/www/html/usvndev/library/Zend/Controller/Action.php:513 LoginController::loginAction
/var/www/html/usvndev/library/Zend/Controller/Dispatcher/Standard.php:289 Zend_Controller_Action::dispatch
/var/www/html/usvndev/library/Zend/Controller/Front.php:946 Zend_Controller_Dispatcher_Standard::dispatch
/var/www/html/usvndev/public/index.php:5 Zend_Controller_Front::dispatch
-------------------------~~ERROS~~---------------------------

Show

dolphy phan added a comment - 26/Nov/10 1:36 AM Hi, Yes, I got login successfully with ldap config... but I got this. -------------------------~~ERROS~~--------------------------- Invalid login. Logins can only include alphanumeric characters,dashes ('-'), or underscores ('_') Trace: /var/www/html/usvndev/library/USVN/Db/Table/Row/User.php:184 USVN_Db_Table_Row_User::checkLogin /var/www/html/usvndev/library/Zend/Db/Table/Row/Abstract.php:460 USVN_Db_Table_Row_User::_insert /var/www/html/usvndev/library/Zend/Db/Table/Row/Abstract.php:437 Zend_Db_Table_Row_Abstract::_doInsert /var/www/html/usvndev/library/USVN/User.php:92 Zend_Db_Table_Row_Abstract::save /var/www/html/usvndev/app/controllers/LoginController.php:123 USVN_User::save /var/www/html/usvndev/app/controllers/LoginController.php:32 LoginController::_doLogin /var/www/html/usvndev/library/Zend/Controller/Action.php:513 LoginController::loginAction /var/www/html/usvndev/library/Zend/Controller/Dispatcher/Standard.php:289 Zend_Controller_Action::dispatch /var/www/html/usvndev/library/Zend/Controller/Front.php:946 Zend_Controller_Dispatcher_Standard::dispatch /var/www/html/usvndev/public/index.php:5 Zend_Controller_Front::dispatch -------------------------~~ERROS~~---------------------------

Hide

Permalink

Stefan Gehrig added a comment - 26/Nov/10 1:59 AM

Again - nothing to do with Zend_Ldap:

USVN_Db_Table_Row_User::checkLogin()

is the source of your error message.

Show

Stefan Gehrig added a comment - 26/Nov/10 1:59 AM Again - nothing to do with Zend_Ldap:

USVN_Db_Table_Row_User::checkLogin()

is the source of your error message.

Hide

Permalink

Stefan Gehrig added a comment - 26/Nov/10 2:00 AM

Obviously not a Zend_Ldap issue.

Show

Stefan Gehrig added a comment - 26/Nov/10 2:00 AM Obviously not a Zend_Ldap issue.

Hide

Permalink

devaud added a comment - 05/Jan/12 9:44 AM

The issue is:
go to this file:
/var/www/html/usvndev/library/USVN/Db/Table/Row/User.php
(or this /var/www/usvn/library/USVN/Db/Table/Row/User.php for me)
edit it
In the "check login" row, you just have to add a point into the code:

if (!preg_match('/^[0-9a-zA-Z_.\-]+$/', $login)) {

I dunno why the developpers didnt add it, but i just know that it works with that.
Hope it helps

Show

devaud added a comment - 05/Jan/12 9:44 AM The issue is: go to this file: /var/www/html/usvndev/library/USVN/Db/Table/Row/User.php (or this /var/www/usvn/library/USVN/Db/Table/Row/User.php for me) edit it In the "check login" row, you just have to add a point into the code: if (!preg_match('/^[0-9a-zA-Z_.\-]+$/', $login)) { I dunno why the developpers didnt add it, but i just know that it works with that. Hope it helps

People

Assignee:

Stefan Gehrig

Reporter:

dolphy phan

Vote (0)

Watch (1)

Dates

Created:

16/Nov/10 12:05 AM

Updated:

05/Jan/12 9:44 AM

Resolved:

26/Nov/10 2:00 AM

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified