ZF-6573: Zend_Ldap::getCanonicalAccountName ignores Zend_Ldap::ACCTNAME_FORM_DN canonicalization type when it is specified in Zend_Ldap::options therefore Zend_Ldap throws exception Zend_Ldap_Exception with message "Unknown canonical name form: 1".

Description

I think the problem is when Zend_Ldap::getCanonicalAccountName() method is called whitout second parameter which represents canonical form. This is done in method Zend_Auth_Adapter_Ldap::authenticate():


262  $canonicalName = $ldap->getCanonicalAccountName($username); 

Zend_Ldap::getCanonicalAccountName method firstly evaluates the following condition:


414 if ($form === Zend_Ldap::ACCTNAME_FORM_DN) 
415     return $this->_getAccountDn($acctname);

$form variable is not set therefore it continues next to the following statement:


427 if ($form === 0)
428     $form = $this->_getAccountCanonicalForm();

Previous method retrieves canonical name form from Zend_Ldap::_options. In this case, canonical name form is 1.

Then execution proceed to the switch statement. Unfortunately this switch statement is missing Zend_Ldap::ACCTNAME_FORM_DN case, which equals 1, therefore flow is redirected to default case which throws an exception with message "Unknown canonical name form: 1".

Is the switch statement missing Zend_Ldap::ACCTNAME_FORM_DN case ? Or maybe evaluation in line 427 should be called before evaluation in 414 ?

Here is the Zend_Ldap::getCanonicalAccountName() method:


/**
     * @param string $acctname The name to canonicalize
     * @param int $type The desired form of canonicalization
     * @return string The canonicalized name in the desired form
     * @throws Zend_Ldap_Exception
     */
    public function getCanonicalAccountName($acctname, $form = 0)
    {
        $this->_splitName($acctname, $dname, $uname);

        if (!$this->_isPossibleAuthority($dname)) {
            /**
             * @see Zend_Ldap_Exception
             */
            require_once 'Zend/Ldap/Exception.php';
            throw new Zend_Ldap_Exception(null,
                    "Binding domain is not an authority for user: $acctname",
                    Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH);
        }

414        if ($form === Zend_Ldap::ACCTNAME_FORM_DN)
415            return $this->_getAccountDn($acctname);

        if (!$uname) {
            /**
             * @see Zend_Ldap_Exception
             */
            require_once 'Zend/Ldap/Exception.php';
            throw new Zend_Ldap_Exception(null, "Invalid account name syntax: $acctname");
        }

        $uname = strtolower($uname);

427        if ($form === 0)
428            $form = $this->_getAccountCanonicalForm();

        switch ($form) {
            case Zend_Ldap::ACCTNAME_FORM_USERNAME:
                return $uname;
            case Zend_Ldap::ACCTNAME_FORM_BACKSLASH:
                $accountDomainNameShort = $this->_options['accountDomainNameShort'];
                if (!$accountDomainNameShort) {
                    /**
                     * @see Zend_Ldap_Exception
                     */
                    require_once 'Zend/Ldap/Exception.php';
                    throw new Zend_Ldap_Exception(null, 'Option required: accountDomainNameShort');
                }
                return "$accountDomainNameShort\\$uname";
            case Zend_Ldap::ACCTNAME_FORM_PRINCIPAL:
                $accountDomainName = $this->_options['accountDomainName'];
                if (!$accountDomainName) {
                    /**
                     * @see Zend_Ldap_Exception
                     */
                    require_once 'Zend/Ldap/Exception.php';
                    throw new Zend_Ldap_Exception(null, 'Option required: accountDomainName');
                }
                return "$uname@$accountDomainName";
            default:
                /**
                 * @see Zend_Ldap_Exception
                 */
                require_once 'Zend/Ldap/Exception.php';
                throw new Zend_Ldap_Exception(null, "Unknown canonical name form: $form");
        }
    }

Comments

fixed in trunk rev. 16888