Problem with LDAP user lookup after upgrade

[slekkus75]

Good day, after upgrading to Debian12 we experience issues with LDAP lookup for new users.
Running 0.2.7 or 0.2.8 (php8.1 and php8.2) issue remains. Existing LDAP users are OK - new LDAP users get an "Oops!" logging in and are not added to the user list in dns-ui.

Below is a sanitized part from apache error log:

Stack trace:, referer: http://dns-ui/zones
  #0 /opt/dns-ui/model/user.php(172): exception_error_handler(), referer: http://dns-ui/zones

  #1 /opt/dns-ui/model/user.php(110): User->get_details_from_ldap(), referer: http://dns-ui/zones

  #2 /opt/dns-ui/model/userdirectory.php(106): User->get_details(), referer: http://dns-ui/zones

  #3 /opt/dns-ui/requesthandler.php(24): UserDirectory->get_user_by_uid(), referer: http://dns-ui/zones

  #4 /opt/dns-ui/public_html/init.php(18): require('...'), referer: http://dns-ui/zones

  #5 {main}, referer: http://dns-ui/zones

[thomas-pike]

Hi. You've included the stack trace, but not the actual error itself (which is the most important piece of information here).

[slekkus75]

Eddited views/error500.php as found here, see the error below.

I have worked around this issue, commenting out model/user.php 171 to 176 and setting admin = 1 at line 170
This way the LDAP user is added.

[thomas-pike]

Ok, so the error itself is Array to string conversion in model/user.php on line 173. That doesn't make a whole lot of sense for that particular line of code though. Perhaps you have an older or modified version? What is actually on line 173 for you?

[slekkus75]

170                         $this->admin = 0;
171                         $group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
172                         $ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
173                         foreach($ldapgroups as $ldapgroup) {
174                                 if($ldapgroup['cn'] == $config['ldap']['admin_group_cn']) $this->admin = 1;

Printing variable $group_member it consists of a single string with DNs, no spaces.

A workaround for adding the user is by setting admin to 1 and commenting out this part:

167                         } else {
168                                 $this->active = 1;
169                         }
170                         $this->admin = 1; # Changed ffrom 0 to 1 (TEST) and comment below
171                         /**
172                         $group_member = $ldapuser[strtolower($config['ldap']['group_member_value'])];
173                        file_put_contents('/tmp/ldapdebuggroupmember.txt', $group_member);
174                         $ldapgroups = $this->ldap->search($config['ldap']['dn_group'], LDAP::escape($config['ldap']['group_member']).'='.LDAP::escape($group_member), array('cn'));
175                         foreach($ldapgroups as $ldapgroup) {
176                                 if($ldapgroup['cn'] == $config['ldap']['admin_group_cn']) $this->admin = 1;
177                         }
178                         **/
179
180                 } else {
181                         throw new UserNotFoundException('User does not exist in LDAP.');
182                 }
183         }