ZF-6573: Zend_Ldap::getCanonicalAccountName ignores Zend_Ldap::ACCTNAME_FORM_DN canonicalization type when it is specified in Zend_Ldap::options therefore Zend_Ldap throws exception Zend_Ldap_Exception with message "Unknown canonical name form: 1".
Description
I think the problem is when Zend_Ldap::getCanonicalAccountName() method is called whitout second parameter which represents canonical form. This is done in method Zend_Auth_Adapter_Ldap::authenticate():
262 $canonicalName = $ldap->getCanonicalAccountName($username);
Zend_Ldap::getCanonicalAccountName method firstly evaluates the following condition:
414 if ($form === Zend_Ldap::ACCTNAME_FORM_DN)
415 return $this->_getAccountDn($acctname);
$form variable is not set therefore it continues next to the following statement:
427 if ($form === 0)
428 $form = $this->_getAccountCanonicalForm();
Previous method retrieves canonical name form from Zend_Ldap::_options. In this case, canonical name form is 1.
Then execution proceed to the switch statement. Unfortunately this switch statement is missing Zend_Ldap::ACCTNAME_FORM_DN case, which equals 1, therefore flow is redirected to default case which throws an exception with message "Unknown canonical name form: 1".
Is the switch statement missing Zend_Ldap::ACCTNAME_FORM_DN case ? Or maybe evaluation in line 427 should be called before evaluation in 414 ?
Here is the Zend_Ldap::getCanonicalAccountName() method:
/**
* @param string $acctname The name to canonicalize
* @param int $type The desired form of canonicalization
* @return string The canonicalized name in the desired form
* @throws Zend_Ldap_Exception
*/
public function getCanonicalAccountName($acctname, $form = 0)
{
$this->_splitName($acctname, $dname, $uname);
if (!$this->_isPossibleAuthority($dname)) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null,
"Binding domain is not an authority for user: $acctname",
Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH);
}
414 if ($form === Zend_Ldap::ACCTNAME_FORM_DN)
415 return $this->_getAccountDn($acctname);
if (!$uname) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, "Invalid account name syntax: $acctname");
}
$uname = strtolower($uname);
427 if ($form === 0)
428 $form = $this->_getAccountCanonicalForm();
switch ($form) {
case Zend_Ldap::ACCTNAME_FORM_USERNAME:
return $uname;
case Zend_Ldap::ACCTNAME_FORM_BACKSLASH:
$accountDomainNameShort = $this->_options['accountDomainNameShort'];
if (!$accountDomainNameShort) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Option required: accountDomainNameShort');
}
return "$accountDomainNameShort\\$uname";
case Zend_Ldap::ACCTNAME_FORM_PRINCIPAL:
$accountDomainName = $this->_options['accountDomainName'];
if (!$accountDomainName) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Option required: accountDomainName');
}
return "$uname@$accountDomainName";
default:
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, "Unknown canonical name form: $form");
}
}
Comments
Posted by Stefan Gehrig (sgehrig) on 2009-07-20T11:41:46.000+0000
fixed in trunk rev. 16888