snipe-it icon indicating copy to clipboard operation
snipe-it copied to clipboard

Published 20 hours ago verified publisher icon snipe

Location from AD set for wrong users in LDAP sync

Open gettalong opened this issue 7 months ago • 1 comments

Debug mode

Describe the bug

When LDAP sync is enabled and the location field is set to map from a field in an LDAP user object, and no location has the ldap_location_ou field set, and only a single user has a value in LDAP user object, that location value is used for many users (most likely all that follow that user).

The problem seems to stem from $location maybe (?) having two different meanings in the LDAP sync class:

  • In https://github.com/uberbrady/snipe-it/blob/master/app/Console/Commands/LdapSync.php#L110-L122 it seems to be some kind of default location.
  • In https://github.com/uberbrady/snipe-it/blob/master/app/Console/Commands/LdapSync.php#L216-L220 it is set to be the location of a single LDAP user.

I have fixed it locally by setting $location = null before on line 200, directly before $item = [];. However, that might not be the correct fix since, as I said, I believe the variable $location is used for two different things.

Reproduction steps

  1. Create an LDAP sync and fill the location field.
  2. Remove the location value from all LDAP users.
  3. Set the location field on a single LDAP user (one which isn't processed last by the LDAP sync command).
  4. Start the LDAP sync.

Expected behavior

The location from one LDAP user should not be used for other LDAP users.

Screenshots

No response

Snipe-IT Version

v6.2.3 - build 11759

Operating System

Ubuntu 22.04

Web Server

Apache

PHP Version

7.4.3-4ubuntu2.19

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

gettalong avatar Nov 03 '23 12:11 gettalong

We can also confirm the issue.

I guess this could be the cause:

// ONLY if you are using the "ldap_location" option *AND* you have an actual result
238                 if ($ldap_result_location && $item['location']) {
239                         $location = Location::firstOrCreate([
240                                 'name' => $item['location'],
241                         ]);
242                 }

Seems like in case the location field in the ldap directory isn't set, the value of the last iteration is taken. Also the workaround setting $location = null did the trick on our installation too.

dbecker1234 avatar Mar 07 '24 10:03 dbecker1234

My system also has a similar issue. The LDPA can sync all users' information with the right data but the location data is not right. The location shows the same value. Will any solution?

erinchen777 avatar Apr 02 '24 16:04 erinchen777