Author: patrick.holz

Description:
Hi,

I'm using the current version of LdapAuthentication in Mediawiki 1.19.9 LTS. The following problem occured when I tried to block an old user (which had been created in Mediawiki before we used the extension): Mediawiki asked me if I really want to block myself. I checked other blocked users and it turned out that instead of the expired users some other, currently active users could not log in.

So I went on doing some debugging in the php code and I found out that the problem has its origin in "functions/User.php", more precisely in the function "newFromName":

$name = $wgAuth->getCanonicalName( $t->getText() );

So there the LDAP server is asked for the canonical name of the user and it seems that it returns incorrect values in a way that confuses mediawiki extremely. Suddenly a complete different user is used as the "target" of the operation.

I change the line mentioned above to:

$name = $t->getText();

...and now it works for me. I think that the plugin should check for invalid values coming as result of "getCanonicalName" from the LDAP server and use the unchecked version "$t->getText();" instead.

Kind regards,
Patrick Holz

Version: master
Severity: normal
OS: Linux