Usernames with apostrophes with LDAP

Usernames with apostrophes with LDAP

by Ian Fogarty -
Number of replies: 13

Hi

Our Moodle installation authenticates against LDAP (MS) and is working fine for the majority of users but we have discovered the apostrophe problem. I know this has been discussed in the forums previously but I was unable to find any solution which could be applied to us.

Does anyone know of a solution which can be applied. I am thinking of just doing an export of the users from Active Directory with apostrophes in their names to a csv and import them into Moodle. I thought though before doing this I would check with the fine people of the community.

As with all the other posts, manual accounts with apostrophes work (now that I have enabled enableextendedlogincharacters)

If it is needed, PHP 5.1.3, IIS5, Windows 2000 Server, MySQL 5, Moodle 1.6

Ian

Average of ratings: -
In reply to Ian Fogarty

Re: Usernames with apostrophes with LDAP

by Alick Brown -

I'd be interested in an answer to this... Having just started a Moodle site with ldap authentication, half a group found they could not access it.

Passwords here have to include Upper & lower case, a numeric character and a punctuation character. I guess it's the latter causing the problem - is it only apostrophes that cause problems or are there any other characters which upset Moodle authentication?

Average of ratings: -
In reply to Ian Fogarty

Re: Usernames with apostrophes with LDAP

by Martín Langhoff -
Hmmmm. This is supposed to work correctly.
Quick question: can you test it with 1.5?
Average of ratings: -
In reply to Martín Langhoff

Re: Usernames with apostrophes with LDAP

by Ian Fogarty -

Not sure if you wanted a test on 1.5 for our setup or for the other post but I thought I would give it a go anyway!

Just installed 1.5.4 Stable and hooked up to AD. My user account (nice normal characters work with no problem) but with a test user account "arthur o'pint" with a normal lower case password did not work.

The Windows Application Log (IP address altered), registered the following:

php[4076], [client 10.0.0.1] http://intranet/moodledev3 Failed Login: arthur o\'pint Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727).

The one difference I could see is that when I use the apostrophe on 1.6, when the login page is returned (after trying once), the username is escaped with a \ before the apostrophe i.e. Try to login initially with "arthur o'pint" and the correct password, the login page is returned stating Invalid Login but now displays "arthur o\'pint"

On 1.5.4, this does not happen, it returns the typed username but still displays Invalid Login.

Just looking at the other enteries in the event log, the following is also logged in the order of earliest to latest...

PHP Warning: ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter in D:\moodleDev3\moodle\auth\ldap\lib.php on line 1364.

PHP Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in D:\moodleDev3\moodle\auth\ldap\lib.php on line 1371.

PHP Warning: ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter in D:\moodleDev3\moodle\auth\ldap\lib.php on line 1364.

PHP Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in D:\moodleDev3\moodle\auth\ldap\lib.php on line 1371.

PHP Warning: ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter in D:\moodleDev3\moodle\auth\ldap\lib.php on line 1364.

PHP Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in D:\moodleDev3\moodle\auth\ldap\lib.php on line 1371.

and then finishes with the error posted above (PHP is configured to log errors to the Windows Event Log).

Average of ratings: -
In reply to Ian Fogarty

Re: Usernames with apostrophes with LDAP

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
While trying to fix this other issue with apostrophes in profile data (http://moodle.org/mod/forum/discuss.php?d=55083), I've had the same trouble (in fact, I thought the problem was with the username first, so that's what I debugged -and fixed- only to later discover that was profile data what was the real the trouble).

Anyway, to make a long story short, you need to 'unquote' $username before calling auth_ldap_find_userdn(). Otherwise you won't find the user in the LDAP server (at least using OpenLDAP libraries, you get the 'bad search filter' error, and the search aborts).

So adding a:

    $username = str_replace ("\'", "'", $username);

before the lines that read:

    if ($ldapconnection) {
        $ldap_user_dn = auth_ldap_find_userdn($ldapconnection, $username);
   
around line 61 in auth/ldap/lib.php should do the trick. By the way, if your users have apostrophes in their profile data (first name, last name, etc) and those fields are locked, have a look at the thread mentionned above.

Saludos. Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Usernames with apostrophes with LDAP

by Ian Fogarty -

Hi Iñaki

That worked brilliantly. The users with apostrophes can now login but it seems though that Moodle is not pulling back the information from LDAP for the firstname, lastname etc.

I made that change you mentioned in the other post (55083, about changing user\edit.php) but what it seems is that..

A user logins in with the apostrophe, they are redirected to their profile page and from looking at that, their firstname, surname, email, description and id number are blank (these fields are blocked for the users).

The error messages still appear in the event log (though I imagine that this is now due to the profile issue and not login. The error messages are (in order of earliest to latest...)

PHP Warning: ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter in D:\moodleStudent\moodle\auth\ldap\lib.php on line 1380.

PHP Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in D:\moodleStudent\moodle\auth\ldap\lib.php on line 1387.

PHP Warning: ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter in D:\moodleStudent\moodle\auth\ldap\lib.php on line 1380.

PHP Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in D:\moodleStudent\moodle\auth\ldap\lib.php on line 1387.

PHP Warning: ldap_search() [<a href='function.ldap-search'>function.ldap-search</a>]: Search: Bad search filter in D:\moodleStudent\moodle\auth\ldap\lib.php on line 1380.

PHP Warning: ldap_first_entry(): supplied argument is not a valid ldap result resource in D:\moodleStudent\moodle\auth\ldap\lib.php on line 1387.

The student details for the user are:
Username: arthur o'pint>
Firstname: arthur
Surname: o'pint
Email: arthur.o'pint@<domain>
password: normal lower case characters

I am guessing that the strip characters code would have to be applied for the username, surname and email address but from looking at the code, I am not sure where!

Thanks

Ian

Average of ratings: -
In reply to Ian Fogarty

Re: Usernames with apostrophes with LDAP

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Hummm, let's add some code to be able to debug this issue.

Just before line 1380, add the following code (the one in blue):

        if ($CFG->ldap_search_sub){

            error_log ("username is -" . $username . "-");

            //use ldap_search to find first user from subtree
            $ldap_result = ldap_search($ldapconnection, $context, "(".$CFG->ldap_user_attribute."=".$username.")",array($CFG->ldap_user_attribute));

        } else {
            //search only in this context
            $ldap_result = ldap_list($ldapconnection, $context, "(".$CFG->ldap_user_attribute."=".$username.")",array($CFG->ldap_user_attribute));
        }

And then have a look at the event logs to see what you get everytime one of those users tries to log in.

Saludos. Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Usernames with apostrophes with LDAP

by Ian Fogarty -

Just tried it now, and the following appears in the Windows Application Event log....

The following information is part of the event: php[2004], username is -arthur o\'pint-.

In addition to this, after logging in, in the top right hand corner, instead of saying "You are logged in as <name> (logout)", the page is just displaying "You are logged in as (logout)".

Does this help?

Ian

Average of ratings: -
In reply to Ian Fogarty

Re: Usernames with apostrophes with LDAP

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Oooops! My mistake. There are more calls to auth_ldap_find_userdn() in the code that need the same fix (removing the quotes).

So I guess the Right Way(tm) to fix this isssue is removing the quotes inside auth_ldap_find_userdn() instead of prior to calling the function.

So remove the str_replace() you added before and add the following code to auth_ldap_find_userdn() (around line 1368):
    if (!empty($CFG->ldap_create_context)){
      array_push($ldap_contexts, $CFG->ldap_create_context);
    }

    $username = str_replace ("\'", "'", $username);

    foreach ($ldap_contexts as $context) {
Saludos. Iñaki.
Average of ratings: Useful (1)
In reply to Iñaki Arenaza

Re: Usernames with apostrophes with LDAP

by Ian Fogarty -
Hi Iñaki

Just put this fix in and it works perfectly. Thank you for your help. I started creating manual accouts for the people concerned but this got quite repetative.

Is this a bug which should be reported/applied to future moodle builds or do you think is this more of a problem only concerned with our implementation of Moodle?

Thank you again for your help.

Ian
Average of ratings: -
In reply to Ian Fogarty

Re: Usernames with apostrophes with LDAP

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
As far as I know, this is a bug in Moodle itself, so this should be reported in the bug tracker (and hopefully fixed for current+future versions smile.

Saludos. Iñaki.
Average of ratings: -
In reply to Iñaki Arenaza

Re: Usernames with apostrophes with LDAP

by Alastair Hole -
Have you checked all your magic quotes settings?
http://uk.php.net/magic_quotes

PHP may well be escaping all the single quote characters as \' due to it's configuration. I'm not sure what the recommended setup is for Moodle, we've been fortunate enough not to encounter this issue with the default configuration.
Average of ratings: -
In reply to Alastair Hole

Re: Usernames with apostrophes with LDAP

by Iñaki Arenaza -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
The recommended setup is to have magic_quotes_gpc = on, so you get all those \' in the data. This is why the str_replace() is recomended (it works both with magic_quotes on and off).

Saludos. Iñaki.
Average of ratings: Useful (1)