View Issue Details

IDProjectCategoryView StatusLast Update
0024720mantisbtldappublic2023-02-22 19:21
ReporterSL-Gundam Assigned Todregad  
Status closedResolutionfixed 
Product Version2.16.0 
Target Version2.25.6Fixed in Version2.25.6 
Summary0024720: Editing user with use_ldap_email = ON empties email address

I'm using LDAP in MantisBT and use_ldap_email = ON

When i, as administrator, edit a user and save the changes, the email address field is emptied.
Logging in again under that user account updates the email address. But users rarely do that so this causes email notifications to be an issue

Please make it so that a users data that is connected to LDAP is not lost on edits to a user

Steps To Reproduce

In a situation where LDAP is enabled and use_ldap_email = ON

  1. Edit a user with a cached email address
  2. change the protected or enabled setting of the user
  3. You'll notice the email address is now lost
TagsNo tags attached.




2021-04-27 04:42

developer   ~0065438

I can't reproduce this.

When use_ldap_email = ON, manage_user_update.php queries the ldap server for the user's e-mail, and updates the DB accordingly.



2021-04-27 04:56

reporter   ~0065440

Just tested this with the latest master from git
See attached screenshots for before and after clicking on "Update User".



2021-04-27 04:56

reporter   ~0065441

image.png (21,635 bytes)   
image.png (21,635 bytes)   
image-2.png (20,492 bytes)   
image-2.png (20,492 bytes)   


2021-04-27 05:05

reporter   ~0065442

Last edited: 2021-04-27 05:06

After some more testing I've found two situations under which the email address is emptied

  1. The connection failed to the LDAP server. The email stored will be overwritten with an empty value.
  2. The user has been deleted from the LDAP server. an empty search result is returned from LDAP. The email stored will be overwritten with an empty value.

Not sure whether that was the case in the past or if situation has improved and it's only the above cases that are left



2021-04-27 08:14

developer   ~0065445

Right, I get it now... I didn't think of testing the scenario of a missing LDAP user of failed connection.

Behavior is confirmed as described, and the same applies to Real Name ($g_use_ldap_realname) as well.

I agree that we should definitely not clear the information in case of a connection error, but the same in the case of a user no longer existing in LDAP is debatable.



2021-04-27 13:04

developer   ~0065448

It would be quite trivial to not update the email or realname if the corresponding ldap_xxx function returns an empty string.

That being said, I'm wondering if that should not be considered an error preventing the update operation... @SL-Gundam What do you think ?

Note that these API functions do not make a difference between the user not found case vs the connection failed one, so a slightly different approach would be needed, if such distinction were needed.



2021-04-27 16:31

reporter   ~0065449

People leave the company. This would result in the account being deleted from LDAP.
I usually login to MantisBT to disable the user account so that emails are no longer send to a non-existing mail address.
At that point i would like to keep the information in MantisBT intact. Getting an error would prevent me from disabling the account.

Ideal solution:
If an LDAP connection fails an error would be useful since something is obviously not right at that point. In this case the edit should be prevented.
If an account does not exist in LDAP it should not update corresponding LDAP values but edits of other fields should be allowed.

Good solution:
Do not update any LDAP controlled fields with empty values.

Personally i would go for the "Good solution" since a not working LDAP connection should already cause enough problems during login.



2022-07-09 13:22

developer   ~0066802


Related Changesets

MantisBT: master 010f60cf

2022-07-09 13:16


Details Diff
Do not empty email, realname when updating with LDAP

When using LDAP with $g_use_ldap_email = ON or $g_use_ldap_realname = ON
and updating a user's record from manage_user_edit_page.php, the email
or realname fields were set to blank if the LDAP connection failed or
the user was not found in the directory.

This fixes the problem by keeping the old field value when the
ldap_email() or ldap_realname_from_username() functions return false.

Fixes 0024720
Affected Issues
mod - manage_user_update.php Diff File