snipe-it
snipe-it copied to clipboard
Location from AD set for wrong users in LDAP sync
Debug mode
- [X] I have enabled debug mode
- [X] I have read checked the Common Issues page
Describe the bug
When LDAP sync is enabled and the location field is set to map from a field in an LDAP user object, and no location has the ldap_location_ou field set, and only a single user has a value in LDAP user object, that location value is used for many users (most likely all that follow that user).
The problem seems to stem from $location
maybe (?) having two different meanings in the LDAP sync class:
- In https://github.com/uberbrady/snipe-it/blob/master/app/Console/Commands/LdapSync.php#L110-L122 it seems to be some kind of default location.
- In https://github.com/uberbrady/snipe-it/blob/master/app/Console/Commands/LdapSync.php#L216-L220 it is set to be the location of a single LDAP user.
I have fixed it locally by setting $location = null
before on line 200, directly before $item = [];
. However, that might not be the correct fix since, as I said, I believe the variable $location
is used for two different things.
Reproduction steps
- Create an LDAP sync and fill the location field.
- Remove the location value from all LDAP users.
- Set the location field on a single LDAP user (one which isn't processed last by the LDAP sync command).
- Start the LDAP sync.
Expected behavior
The location from one LDAP user should not be used for other LDAP users.
Screenshots
No response
Snipe-IT Version
v6.2.3 - build 11759
Operating System
Ubuntu 22.04
Web Server
Apache
PHP Version
7.4.3-4ubuntu2.19
Operating System
No response
Browser
No response
Version
No response
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
No response
Additional context
No response
We can also confirm the issue.
I guess this could be the cause:
// ONLY if you are using the "ldap_location" option *AND* you have an actual result
238 if ($ldap_result_location && $item['location']) {
239 $location = Location::firstOrCreate([
240 'name' => $item['location'],
241 ]);
242 }
Seems like in case the location field in the ldap directory isn't set, the value of the last iteration is taken. Also the workaround setting $location = null did the trick on our installation too.
My system also has a similar issue. The LDPA can sync all users' information with the right data but the location data is not right. The location shows the same value. Will any solution?