Issue while modifying an account information in admin

vishakha 2020-10-05 15:41:14 UTC #1

EGroupware\Api\Contacts\Ldap::save() 648 update of uid=test,ou=People,dc=test,dc=com failed errorcode: 2

I’m trying to modify an account in admin and have this issue in error logs

Using version 20.1.20200901
Apache server
PHP 7.4
mariadb
archive installation

RalfBecker 2020-10-06 10:46:18 UTC #2

I believe that is already fixed, not with yesterdays maintenance release, but the one before.

Ralf

vishakha 2020-10-07 23:53:15 UTC #3

I upgraded to the latest version new-maintenance-release-20-1-20201005 just now, but still see the same issue while modifying an account in admin

Error saving the contact! Invalid syntax: EGroupware\Api\Contacts\Ldap: 681

[Wed Oct 07 18:51:59.493231 2020] [php7:notice] [pid 1731364] [client 142.182.37.219:38544] EGroupware\Api\Contacts\Ldap::save() 680 update of uid=test,ou=People,dc=test,dc=com failed errorcode:2

RalfBecker 2020-10-08 07:32:45 UTC #4

Ok, that means you have an other issue

Problem is LDAP is very generic, you need to give a lot more information like type of LDAP server, used schemata, …

At the end it usually comes down to debugging:

add an error_log of what the ldap_modify is trying to set, eg. before here
if there’s nothing directly suspicious, start with unsetting the first half of the entries and retry
still failing, try the second half
and so on, until you find which attribute and value is causing the problem
check the schema of the attribute to find out what’s wrong with the value
it could be all sort of things: not updatable, ACL issues, value is not allowed, …
if you know what the problem is, it’s usually easy to fix

If you need help with figuring out what the problem between your LDAP and EGroupware is, we’re happy to help via our commercial support: https://www.egroupware.org/en/egroupware-support/

Don’t get me wrong, the support is for finding out what’s wrong, adding a fix to EGroupware code-base is not charged.

Ralf

vishakha 2021-06-07 15:50:57 UTC #5

I’m circling back on this old issue.
Turns out only the logged in admin user can modify his/her own account without having this issue

Error saving the contact! Invalid syntax: EGroupware\Api\Contacts\Ldap: 681

[Wed Oct 07 18:51:59.493231 2020] [php7:notice] [pid 1731364] [client 142.182.37.219:38544] EGroupware\Api\Contacts\Ldap::save() 680 update of uid=test,ou=People,dc=test,dc=com failed errorcode:2

If the admin user modifies any other account, we get this issue.
Could there be issue because of permissions set in the slapd.conf for ldap config

RalfBecker 2021-06-07 18:27:22 UTC #6

Yes, it can be an ACL issue. In OpenLDAP you can eg. set an attribute only be modifyable by the owner, thought the RootDN user can always modify unless violating some contrains.

Ralf

vishakha 2021-06-07 18:31:55 UTC #7

Maybe that’s why I’m getting insufficient access while writing and editing

RalfBecker 2021-06-07 18:52:45 UTC #8

As it’s your ACL you should know what it allows

Write access only to your own entry and read access by everyone (plus twice and unnecessary read by group test).

I’m happy to help to a certain degree, but you’re starting to exceed it. LDAP is a complicated topic and needs a lot of knowledge. That’s why we don’t recommend and don’t support it in the CE version for free!

Ralf

vishakha 2021-06-07 18:56:24 UTC #9

okay thank you for giving some information, I agree LDAP is a lot complicated

vishakha 2021-06-08 16:27:47 UTC #10

Thank you for your debugging tips, I found that the address,city,postal code, these information attributes are causing the issue, not sure why though yet

vishakha 2021-06-08 16:45:08 UTC #11

The home postal address when entered gives the issue and I see “$” sign in the ldapContact array besides the city,state,zip values.
Is this normal,maybe that’s where the invalid syntax is coming from.
The weird thing is it still saves the information despite giving this issue.
If this information is blank,it saves without giving any issue

"homepostaladdress":"Street$City, $zipcode$$"

"homepostaladdress":"Street$City, Array$zipcode$$"

RalfBecker 2021-06-08 18:45:16 UTC #12

That’s from the evolutionOrgPerson schema:

github.com

EGroupware/egroupware/blob/master/api/src/Contacts/Ldap.php#L1404


		if(!empty($data['cat_id']))
		{
			$ldapContact['category'] = array();
			foreach(is_array($data['cat_id']) ? $data['cat_id'] : explode(',',$data['cat_id'])  as $cat)
			{
				$ldapContact['category'][] = Api\Translation::convert(
					Api\Categories::id2name($cat),$this->charset,'utf-8');
			}
		}
		foreach(array(
			'postaladdress' => $data['adr_one_street'] .'$'. $data['adr_one_locality'] .', '. $data['adr_one_region'] .'$'. $data['adr_one_postalcode'] .'$$'. $data['adr_one_countryname'],
			'homepostaladdress' => $data['adr_two_street'] .'$'. $data['adr_two_locality'] .', '. $data['adr_two_region'] .'$'. $data['adr_two_postalcode'] .'$$'. $data['adr_two_countryname'],
		) as $attr => $value)
		{
			if($value != '$, $$$')
			{
				$ldapContact[$attr] = Api\Translation::convert($value,$this->charset,'utf-8');
			}
			elseif($isUpdate)
			{
				$ldapContact[$attr] = array();

What LDAP server and schemas do you use?

Ralf

vishakha 2021-06-10 14:51:37 UTC #13

We use Openldap

vishakha 2021-06-15 16:06:44 UTC #14

On deleting an account from egroupware, it gives the error "Unknown account"
Is it because egroupware can’t delete accounts from LDAP and this is trying to find this account in egroupware db ?

cyril 2024-07-26 08:25:20 UTC #15

Hi,
I found another problem that prevents the modification of accounts stored on LDAP. On line 263 of the file api/src/Contacts/Ldap.php, you have to change ‘freeBusyuri’ to all lowercase, otherwise the OpenLDAP server responds: “freeBusyuri: attribute type undefined”

RalfBecker 2024-07-26 11:09:34 UTC #16

Please do NOT reopen old threads!

I commited your fix, as I wrote you in reply to your mail.

Ralf

cyril 2024-07-26 12:12:10 UTC #17

Sorry I won’t do it again