ZF-11002: Omitted attributes get retrieved then forgotten

Issue Type: Improvement Created: 2011-01-27T08:38:54.000+0000 Last Updated: 2011-02-13T05:53:33.000+0000 Status: Resolved Fix version(s): - 1.11.4 (03/Mar/11)

Reporter: Claude Duvergier (cduv) Assignee: Stefan Gehrig (sgehrig) Tags: - Zend_Auth_Adapter_Ldap

Related issues: Attachments:


The Zend_Auth_Adapter_Ldap::getAccountObject() method accepts a list parameters to return and a list of parameters to omit.

When $returnAttribs is an empty array(), all attributes are fetched (Zend_Ldap::getEntry() behavior), and then attributes are filtered using $omitAttribs.

But when $returnAttribs and $omitAttribs are not empty, elements of $returnAttribs should be filtered using $omitAttribs before calling (Zend_Ldap::getEntry().

+Reproduce code:+

<pre class="highlight">
$auth = Zend_Auth::getInstance();
$ldapOptions = array(...); // place valid LDAP configuration options here
$authAdapter = new Zend_Auth_Adapter_Ldap($ldapOptions, 'theUserName', 'theSecretPassword');
$result = $auth->authenticate($authAdapter);
$authedUser = $authAdaptater->getAccountObject(array('dn', 'sn', 'uid', 'lastname', 'phonenumber'), array('jpegphoto', 'phonenumber'));

$authedUser will contains the following attributes: dn, sn, uid and lastname but during the execution, phonenumber has been fetched from LDAP server (for nothing).

+Fix proposal:+

<pre class="highlight">
public function getAccountObject(array $returnAttribs = array(), array $omitAttribs = array())
    if (!$this->_authenticatedDn) {
        return false;
    $returnObject = new stdClass();
    $returnAttribs = array_map('strtolower', $returnAttribs ); //FIXED: desired attribute names are lowered too (for array_diff() to work)
    $omitAttribs = array_map('strtolower', $omitAttribs);
    $returnAttribs = array_diff($returnAttribs, $omitAttribs); //FIXED: $returnAttribs is filtered before LDAP fetching
    $entry = $this->getLdap()->getEntry($this->_authenticatedDn, $returnAttribs, true);
    foreach ($entry as $attr => $value) {
        if (in_array($attr, $omitAttribs)) {
            // skip attributes marked to be omitted
        if (is_array($value)) {
            $returnObject->$attr = (count($value) > 1) ? $value : $value[0];
        } else {
            $returnObject->$attr = $value;
    return $returnObject;


Posted by Stefan Gehrig (sgehrig) on 2011-02-01T10:40:18.000+0000

Will be fixed on short-notice... Thanks for the issue report.

Posted by Stefan Gehrig (sgehrig) on 2011-02-13T05:53:31.000+0000

Fixed in trunk (r23693) and in 1.11-release branch (r23694)

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.