Possible LDAP Error

fine

#1

I believe there is an issue in the interaction between Miq_LDAP and the LDAP authenticator.

The LDAP authenticator creates new users in create_user_from_ldap and, if they have a UPN, sets their user ID to the UPN, else it is set to their DN.
However, in MIQ_LDAP’s get_user_object, which is called when the provisioning request is created, if the LDAP mode is set to samaccountname then the code executed expects to be able to parse the samaccountname from the user id. This would be find if all user ids were the DN, but if they are the UPN this fails. A work around is to set the LDAP mode to UPN.

I am unsure if in most orgs the UPN is set to <samaccountname>@<domain> but that it not the case for me, resulting in this error.


#2

The above might be kind of hard to follow, so steps to reproduce:

  1. Set auth to LDAP and LDAP mode to sam account name
  2. Log in as a user whose UPN is not of the form <sam_account_name>@<domain>
  3. Attempt to order a service catalog item
  4. MIQ will throw an error about undefined function 'attribute_names' for Nil because the LDAP lookup did not return a user

I am running Fine-3 but the code that handles this is the same in all future releases so I assume this hasn’t been found yet.