0010944: ldap_get_field_from_username does not properly check return value from ldap_get_entries

ID	Project	Category	View Status	Date Submitted	Last Update
0010944	mantisbt	ldap	public	2009-09-15 08:31	2012-10-27 09:21

Reporter	dhx	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	N/A
Status	closed	Resolution	duplicate

Summary	0010944: ldap_get_field_from_username does not properly check return value from ldap_get_entries
Description	Important lines from ldap_get_field_from_username: $t_info = ldap_get_entries( $t_ds, $t_sr ); ... if ( count( $t_info ) == 0 ) { ... $t_value = $t_info[0][$p_field][0]; A few things. count( $t_info ) == 0... is this ever true? The PHP documentation of the ldap_get_entries function seems to indicate that the 'count' key is always returned in the array. In other words, $t_info['count'] is always defined in the result and therefore count($t_info) is always at least 1? We then don't check if $p_field is a valid attribute in the result and even if it is, it seems that multiple (or no values) may be returned for each attribute? Kirill reported on IRC an error within this function: Undefined offset: 0 core/ldap_api.php Line: 229 core/ldap_api.php 117 - - ldap_get_field_from_username ( <string>'administrator', <string>'mail' ) Which seems to agree with our lack of checking that attributes/values do actually exist within the returned results?
Tags	No tags attached.

vboctor 2009-10-15 03:46 manager ~0023196	The following forum post may have a repro of the wrong error handling. It seems that system warnings show up when an invalid user is queried. http://www.mantisbt.org/forums/viewtopic.php?f=3&t=8282

tk 2009-11-17 01:40 reporter ~0023733	I think this is the same problem I posted in 0010230 and analysed in 0010230:0021146 . Essentially, you need to check for the number of rows in the resulting array since ldap_get_entries returns true even if no results are found. I.e., given $t_info = ldap_get_entries( $t_ds, $t_sr ); you need to test like if($t_info["count"]==0) return false; Regarding the email entry I proposed in 0010230:0021171 : $t_info = ldap_get_entries( $t_ds, $t_sr ); if( ( $t_info ) && ( $t_info['count'] > 0) && ( array_key_exists( 'mail', $t_info[0] ) ) ) { $t_ldap_mail = $t_info[0]['mail'][0]; }

dregad 2011-04-27 04:41 developer ~0028701	I think this is related to, and possibly duplicate of 0012960

dregad 2011-06-16 10:07 developer ~0029022	Since 0012960 was resolved, I think this one should be as well.

rombert 2011-06-16 10:24 reporter ~0029023	I'm going to leave this to @dhx as the reporter of this issue.

dregad 2011-08-28 19:23 developer ~0029578	@dhx, can you please confirm this is indeed resolved by 0012960 as I think it is ?

dregad 2012-10-06 05:27 developer ~0033053	dhx since you have not provided any feedback on this, I assume you agree with my assessment that it's a duplicate of 0012960.

duplicate of	0012960	closed	rombert	Email / Realname lookups against LDAP spew warning when account is not in LDAP
related to	0010230	closed	rombert	LDAP: ldap_email_from_username( $p_username ) cannot handle undefined email
has duplicate	0010943	closed	dhx	setting for ldap write notice