Details

    • New Feature
    • Resolution: Unresolved
    • Major
    • None
    • Professional Edition
    • Web Interface
    • centos8, php 7.2, Observium 22.4.11952

    Description

      As in ticket OBS-1684 described before: I assign users authenticated via LDAP read-only devices. But when them logging in their page is empty. (No device listed)

       

      I tried to assign users to a role, which contains a set of devices, try to assign directly some devices, logged out and logged in again - nothing helps. 

       

      we're using a standard ldap, all users are listed so I have no idea anymore and it looks like a bug.

      Attachments

        Issue Links

          Activity

            [OBS-4097] LDAP user don't see assigned devices

            Got it - with _  

             

            l

            albrecht Rajko Albrecht added a comment - Got it - with _     l

            The code is pretty complicated, but there's a function which is supposed to find the user_id from LDAP, it sets -1 to start, and then tries to replace it with a valid ID. I think this function is failing and never replacing the -1, though i don't know why.

            LDAP is a horrible mess to interact with, and we have no real way to test it.

            The user_id inserted into _SESSION should come from the same place, so i'm not sure why it isn't working.

            adama Adam Armstrong added a comment - The code is pretty complicated, but there's a function which is supposed to find the user_id from LDAP, it sets -1 to start, and then tries to replace it with a valid ID. I think this function is failing and never replacing the -1, though i don't know why. LDAP is a horrible mess to interact with, and we have no real way to test it. The user_id inserted into _SESSION should come from the same place, so i'm not sure why it isn't working.

            it needs to be in preferences/general.inc.php around like 20, before the array_merge but after the two arrays are defined.

            adama Adam Armstrong added a comment - it needs to be in preferences/general.inc.php around like 20, before the array_merge but after the two arrays are defined.
            albrecht Rajko Albrecht added a comment - - edited

            added in file preferences.inc.php after line 90 ($filename = $config......) and 

             

            r($userdata);
            r($userdata2);

            prints null, eg, empty variables. 

            same when I put it to the very end of the file and the output is printed as last.

             

            p.s. and I don't find any place in code where these variables are assigned...

            albrecht Rajko Albrecht added a comment - - edited added in file preferences.inc.php after line 90 ($filename = $config......) and    r($userdata); r($userdata2); prints null, eg, empty variables.  same when I put it to the very end of the file and the output is printed as last.   p.s. and I don't find any place in code where these variables are assigned...

            hmm, what is the output of the $userdata and $userdata2 from the top of the page before they're merged?

             

            you can use r($userdata); to output the arrays

            adama Adam Armstrong added a comment - hmm, what is the output of the $userdata and $userdata2 from the top of the page before they're merged?   you can use r($userdata); to output the arrays

            No, the session does not have a valid UID - user_data (as displayed in profiles page) has the correct ID. And I think the queries are using the user id stored in session environment which is always -1 when using LDAP auth.

            albrecht Rajko Albrecht added a comment - No, the session does not have a valid UID - user_data (as displayed in profiles page) has the correct ID. And I think the queries are using the user id stored in session environment which is always -1 when using LDAP auth.

            This seems to be being broken on this page by the code to merge the user_data array with the SESSION array, but i can't see how session gets a valid user_id but the ldap functions don't!

            adama Adam Armstrong added a comment - This seems to be being broken on this page by the code to merge the user_data array with the SESSION array, but i can't see how session gets a valid user_id but the ldap functions don't!
            albrecht Rajko Albrecht added a comment - - edited

            I think I got it:

             

            array(starttime=>1651245613
            auth_mechanism=>ldap
            theme=>light
            username=>jeXXXX
            authenticated=>true
            userlevel=>1
            user_id=>-1
            user_limited=>true
            requesttoken=>XXX
            PREV_REMOTE_ADDR=>YYY
            ua=>XXXX
            cache=>array())

            The userid is wrong in session. while it displays the correct one in profile page.  

             

            EDIT: Yes. I tried to change some prefs - voila. The prefs are written with UID "-1" into db (table users_prefs) instead of the LDAP uid (which is 5075 as the profile page itself knows)

             

            so looks like the ldap uid is read AFTER setting the id in session variable (or not overwritten after reading the LDAP uid)

             

            albrecht Rajko Albrecht added a comment - - edited I think I got it:   array ( starttime => 1651245613 auth_mechanism => ldap theme => light username => jeXXXX authenticated => true userlevel => 1 user_id => -1 user_limited => true requesttoken => XXX PREV_REMOTE_ADDR => YYY ua => XXXX cache => array ( ) ) The userid is wrong in session. while it displays the correct one in profile page.     EDIT: Yes. I tried to change some prefs - voila. The prefs are written with UID "-1" into db (table users_prefs) instead of the LDAP uid (which is 5075 as the profile page itself knows)   so looks like the ldap uid is read AFTER setting the id in session variable (or not overwritten after reading the LDAP uid)  

            looks like the query is wrong: (just put a "echo("<h1>".$cache['where']['devices_permitted']."</h1>");" into the cache-data.inc.php)

            query permitted:  AND (( 0 AND  `device_id` IS NOT NULL)) 

            so why the "0" at the beginning of the where-clause?

             

            albrecht Rajko Albrecht added a comment - looks like the query is wrong: (just put a "echo("<h1>".$cache ['where'] ['devices_permitted'] ."</h1>");" into the cache-data.inc.php) query permitted:  AND (( 0 AND  `device_id` IS NOT NULL))  so why the "0" at the beginning of the where-clause?  

            Putting : 

            $config['debug_user_perms'] = TRUE;

            Into config.php will output some extra data at the bottom of the user's profile page.

            adama Adam Armstrong added a comment - Putting :  $config ['debug_user_perms'] = TRUE; Into config.php will output some extra data at the bottom of the user's profile page.

            People

              adama Adam Armstrong
              albrecht Rajko Albrecht
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: