Item13234: LdapUserMapping: login2cUID doesn't check whether login exists

The API contract of the login2cUID function says that unless the $dontcheck parameter is set, the function should return undef for invalid login names.

The current implementation (from Git) simply uses the standard converter (hex escapes) and returns the result, even if the login name is not known to LdapContrib.

A related issue is that the logic for falling back to TopicUserMapping is deficient: it executes if $cUID is not defined (pretty much impossible at that point in the code) or if it's identical to the login passed by the caller (which can happen after a successful conversion, e.g. $login eq 'foo'). In that case, the lookup is delegated to TopicUserMapping even if the conversion has been successful, and TopicUserMapping probably doesn't know the same login and so will return undef.

This logic is based on an older version of LdapContrib and might work better, but I'd like a second opinion:

sub login2cUID {
  my ($this, $name, $dontcheck) = @_;

  my $origName = $name;
  #writeDebug("called login2cUID($name)");

  my $loginName = $this->{ldap}->getLoginOfWikiName($name);
  $name = $loginName if defined $loginName; # called with a wikiname

  #$name = lc($name) unless $this->{ldap}{caseSensitiveLogin};
  my $cUID = $this->{mapping_id} . Foswiki::Users::mapLogin2cUID($name);

  my $valid = $loginName || $this->{ldap}->getWikiNameOfLogin($name);
  return $cUID if $valid;

  # don't ask topic user mapping for large wikis
  if ($this->{ldap}{secondaryPasswordManager}) {
    return $this->SUPER::login2cUID($origName, $dontcheck);
  }
  return $cUID if $dontcheck;
}

PS. edited to remove irrelevant internal legacy code and clarify which code this changes.

-- JanKrueger - 28 Jan 2015

Commenting is disabled while not logged in