Giving an array as base stalls the webservice
Description
Distribution Name and Version
Debian Stretch
FusionDirectory Version
1.0.19-1-debian, 1.2
Plugin with the defect
webservice
PHP version used
7.0-49
Origin of php packages
Debian stretch
Steps to Reproduce
We are not sure which steps are needed.
- Create a department,
/test. - Create a template within this department.
- Create an user for the api, e.g.
api. - Give the
apiusermanagerrights on the department. - From within a JSON-RPC client log in and
- Issue a usetemplate with e.g. the following params:
'params': [session_id,
'user',
templatedn,
{'user': {
'base': {'ou=test,dc=example,dc=org':'/test'},
'uid': 'uid',
'sn': 'name',
'givenName': 'givenname',
},
}Expected behavior:
Creation of new user object based on template and submitted values OR error message.
Actual behavior:
Failed request to ldap, Apache process stalls for ~30sec, empty 200 response
(login) apache2: FusionDirectory [api-user]: (debug) Method getId of type JSON-RPC : Params:Array#012(#012)
(template) apache2: FusionDirectory [api-user]: (debug) Method usetemplate of type JSON-RPC : Params:Array#012(#012 [0] => user#012 [1] => cn=template_id,ou=templates,ou=people,ou=test,dc=example,dc=org#012 [2] => Array#012 (#012 [user] => Array#012 (#012 [base] => Array#012 (#012 [ou=test,dc=example,dc=org] => /test#012 )#012#012 [sn] => name#012 [uid] => 03test#012 [givenName] => givennname#012 )#012#012 )#012#012)
slapd[633]: conn=1014 op=2 do_search: invalid dn: "new"Reproduces how often:
100% (5/5)
Additional Information
Both exists in 1.0.19 and after upgrading to 1.2 from the repo.
We are not sure if we use the api correctly regarding the base, the issue does not reproduce when omitting the attribute base.
However when omitting the base we receive the error You have no permission to modify the field "sn" of object "new", as fusiondirectory seems to create and modify a temporary(?) account at dn=new.