Giving an array as base stalls the webservice

Description

Distribution Name and Version

Debian Stretch

FusionDirectory Version

1.0.19-1-debian, 1.2

Plugin with the defect

webservice

PHP version used

7.0-49

Origin of php packages

Debian stretch

Steps to Reproduce

We are not sure which steps are needed.

1. Create a department, /test.
2. Create a template within this department.
3. Create an user for the api, e.g. api.
4. Give the api user manager rights on the department.
5. From within a JSON-RPC client log in and
6. Issue a usetemplate with e.g. the following params:

'params': [session_id,
'user',
templatedn,
{'user': {
  'base': {'ou=test,dc=example,dc=org':'/test'},
  'uid': 'uid',
  'sn': 'name',
  'givenName': 'givenname',
 },
}

Expected behavior:

Creation of new user object based on template and submitted values OR error message.

Actual behavior:

Failed request to ldap, Apache process stalls for ~30sec, empty 200 response

(login) apache2: FusionDirectory [api-user]: (debug) Method getId of type JSON-RPC : Params:Array#012(#012)
(template) apache2: FusionDirectory [api-user]: (debug) Method usetemplate of type JSON-RPC : Params:Array#012(#012    [0] => user#012    [1] =>  cn=template_id,ou=templates,ou=people,ou=test,dc=example,dc=org#012    [2] => Array#012        (#012            [user] => Array#012                (#012                    [base] => Array#012                        (#012                            [ou=test,dc=example,dc=org] => /test#012                        )#012#012                    [sn] => name#012                    [uid] => 03test#012                    [givenName] => givennname#012                )#012#012        )#012#012)
slapd[633]: conn=1014 op=2 do_search: invalid dn: "new"

Reproduces how often:

100% (5/5)

Additional Information

Both exists in 1.0.19 and after upgrading to 1.2 from the repo.

We are not sure if we use the api correctly regarding the base, the issue does not reproduce when omitting the attribute base. However when omitting the base we receive the error You have no permission to modify the field "sn" of object "new", as fusiondirectory seems to create and modify a temporary(?) account at dn=new.

changed the description

assigned to @MCMic

added PJ1802-0188 label

changed milestone to %FusionDirectory 1.3

added plugin-webservice label

changed title from webservice: Lockup with usetemplate JSON API to Giving an array as base stalls the webservice

You should not give an array as the base, just a string. I will add a check for this in core.

Try:

{'user': {
  'base': 'ou=test,dc=example,dc=org',
  'uid': 'uid',
  'sn': 'name',
  'givenName': 'givenname',
 },
}

mentioned in issue fd#5807 (closed)

Giving an array as the base now returns a proper error thanks to fd#5807 (closed)

Can you test passing a string and confirm that it works as it should?

added Need Info To Be Tested labels

added 15m of time spent at 2018-03-29

removed Need Info label

removed To Be Tested label

closed

added won't fix label

No news, closing this.

See fd#5807 (closed) which is the real bug and fix, this one was just misuse of the webservice.