0034566: The "realname" field is cleared after a user is updated. - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0034566	mantisbt	administration	public	2024-08-08 07:25	2024-08-25 04:31

Reporter	hendrik.klemp	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	2.26.0
Target Version	2.26.3	Fixed in Version	2.26.3

Summary	0034566: The "realname" field is cleared after a user is updated.
Description	In version 2.26.1 and 2.26.2 the field "realname" of the user is deleted if the user has been updated by an administrator. We use the LDAP connection for user administration. And have also set the following variables. $g_use_ldap_realname = ON; $g_ldap_uid_field = 'sAMAccountName'; In the log file I can see that the connection to the LDAP server is successful but the realname was cleared in the SQL Statement. 2024-08-07 09:17 UTC LDAP ldap_api.php:317 ldap_get_field_from_username() Retrieving field 'displayName' for 'UserIDxxx' 2024-08-07 09:17 UTC LDAP ldap_api.php:241 ldap_cache_user_data() Retrieving data for 'UserIDxxx' from LDAP server 2024-08-07 09:17 UTC LDAP ldap_api.php:66 ldap_connect_bind() Checking syntax of LDAP server URI 'ldap://LdapServerxxx:389'. 2024-08-07 09:17 UTC LDAP ldap_api.php:75 ldap_connect_bind() LDAP server URI syntax check succeeded 2024-08-07 09:17 UTC LDAP ldap_api.php:88 ldap_connect_bind() Setting LDAP protocol version to 3 2024-08-07 09:17 UTC LDAP ldap_api.php:139 ldap_connect_bind() Attempting bind to ldap server as 'S-xxxxxxxxxxxxxxxxxxxxxxxxxx' 2024-08-07 09:17 UTC LDAP ldap_api.php:152 ldap_connect_bind() Bind to ldap server successful 2024-08-07 09:17 UTC LDAP ldap_api.php:264 ldap_cache_user_data() Searching for (&(memberOf=CN=Groupxxxx,OU=OUxxxx,OU=OUxxxxx,DC=dcxxxx,DC=dcxxxxxx)(sAMAccountName=UserIDxxx)) 2024-08-07 09:17 UTC LDAP ldap_api.php:299 ldap_cache_user_data() Unbinding from LDAP server 2024-08-07 09:17 UTC LDAP ldap_api.php:317 ldap_get_field_from_username() Retrieving field 'displayName' for '1' 2024-08-07 09:17 UTC LDAP ldap_api.php:241 ldap_cache_user_data() Retrieving data for '1' from LDAP server 2024-08-07 09:17 UTC LDAP ldap_api.php:66 ldap_connect_bind() Checking syntax of LDAP server URI 'ldap://LdapServerxxx:389'. 2024-08-07 09:17 UTC LDAP ldap_api.php:75 ldap_connect_bind() LDAP server URI syntax check succeeded 2024-08-07 09:17 UTC LDAP ldap_api.php:88 ldap_connect_bind() Setting LDAP protocol version to 3 2024-08-07 09:17 UTC LDAP ldap_api.php:139 ldap_connect_bind() Attempting bind to ldap server as 'S-xxxxxxxxxxxxxxxxxxxxxxxxxx' 2024-08-07 09:17 UTC LDAP ldap_api.php:152 ldap_connect_bind() Bind to ldap server successful 2024-08-07 09:17 UTC LDAP ldap_api.php:264 ldap_cache_user_data() Searching for (&(memberOf=CN=Groupxxxx,OU=OUxxxx,OU=OUxxxxx,DC=dcxxxx,DC=dcxxxxxx)(sAMAccountName=1)) 2024-08-07 09:17 UTC LDAP ldap_api.php:276 ldap_cache_user_data() No matches found. 2024-08-07 09:17 UTC LDAP ldap_api.php:317 ldap_get_field_from_username() Retrieving field 'mail' for 'UserIDxxx' 2024-08-07 09:17 UTC DB user_api.php:589 user_count_level() array ( 0 => 'SELECT COUNT(id) FROM mantist_user_mantist WHERE access_level >= 90 AND enabled = \'1\'', 1 => '0.0005', ) 2024-08-07 09:17 UTC DB UserUpdateCommand.php:344 UserUpdateCommand->update_user() array ( 0 => 'UPDATE mantist_user_mantist SET username=\'UserIDxxx\', email=\'User.Name@domain.de\', access_level=10, enabled=\'1\', protected=\'0\', realname=\'\' WHERE id=8', 1 => '0.0043', )
Steps To Reproduce	1) Log in to the system as an administrator 2) Open the administration 3) Switch to the Users tab (now the "real name" field is still correctly filled in) 4) Click on a user to edit them (in this view the correct value is always displayed in the "real name" field) 5) Set access rights to any value 6) Press the "Update user" button. 7) Then switch back to the overview of all users 8) The "real name" field is now empty for the user.
Tags	No tags attached.

dregad 2024-08-09 06:02 developer ~0069085	Just to clarify, as you mentioned 2.26.1 & 2.26.2, does this mean that it was working in earlier versions ? Or did you just not test ? 2024-08-07 09:17 UTC LDAP ldap_api.php:317 ldap_get_field_from_username() Retrieving field 'displayName' for '1' 2024-08-07 09:17 UTC LDAP ldap_api.php:241 ldap_cache_user_data() Retrieving data for '1' from LDAP server This `1` is weird, it should be querying for the actual username. I assume you have no entry in your Active Directory with samAccountName == 1, so the function returns null which explains why the realtime is set to blank. Seems like a bug either in LDAP API or the UserUpdateCommand, need to have a look at the code.

dregad 2024-08-09 08:23 developer ~0069086	I can reproduce the problem using LDAP simulation. It is caused by incorrect logic in UserUpdateCommand::validate() function: `# ... if realname should be set by LDAP, then fetch it. if( $t_ldap && config_get_global( 'use_ldap_realname' ) ) { $t_username = !is_null( $t_new_username ) ?: $t_old_username; $t_realname = ldap_realname_from_username( $t_username );` $t_new_username is null (because it was not changed), so $t_username is set to true, which is treated as string `'1'` in ldap_realname_from_username(). This regression was introduced in 0032464.

hendrik.klemp 2024-08-12 03:19 reporter ~0069088	Thank you for the quick solution

MantisBT: master-2.26 67839c27 2024-08-09 12:55 dregad Details Diff	Do not clear realname when updating user with LDAP When $g_use_ldap_realname = ON, wrong logic in method UserUpdateCommand::validate() caused 'True' to be passed as username parameter to ldap_realname_from_username(), which returned null instead of the expected real name, as the user '1' cannot be found in the LDAP directory (an incorrect realname would have been returned, if this user existed). Fixes 0034566		Affected Issues 0034566
	mod - core/commands/UserUpdateCommand.php		Diff File