rules for (LDAP)DistinguishedName don't work

[ftoledo]

Code of Conduct

• I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• I have searched the existing issues

Version

10.0.6

Bug description

i add a rule that asign entity via ldap dn filter:

i if try to use the rules test engine i have several warnings

Relevant log output

[2023-02-10 22:51:40] glpiphplog.WARNING:   *** PHP Warning (2): ldap_get_entries() expects parameter 1 to be resource, null given in /var/www/html/src/AuthLDAP.php at line 4235
  Backtrace :
  src/AuthLDAP.php:4235                              ldap_get_entries()
  src/RuleRightCollection.php:258                    AuthLDAP::get_entries_clean()
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:51:40] glpiphplog.WARNING:   *** PHP Warning (2): count(): Parameter must be an array or an object that implements Countable in /var/www/html/src/RuleRightCollection.php at line 260
  Backtrace :
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:51:52] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: connection in /var/www/html/src/RuleRightCollection.php at line 258
  Backtrace :
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:51:52] glpiphplog.WARNING:   *** PHP Warning (2): ldap_get_entries() expects parameter 1 to be resource, null given in /var/www/html/src/AuthLDAP.php at line 4235
  Backtrace :
  src/AuthLDAP.php:4235                              ldap_get_entries()
  src/RuleRightCollection.php:258                    AuthLDAP::get_entries_clean()
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:51:52] glpiphplog.WARNING:   *** PHP Warning (2): count(): Parameter must be an array or an object that implements Countable in /var/www/html/src/RuleRightCollection.php at line 260
  Backtrace :
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:52:32] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: connection in /var/www/html/src/RuleRightCollection.php at line 258
  Backtrace :
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:52:32] glpiphplog.WARNING:   *** PHP Warning (2): ldap_get_entries() expects parameter 1 to be resource, null given in /var/www/html/src/AuthLDAP.php at line 4235
  Backtrace :
  src/AuthLDAP.php:4235                              ldap_get_entries()
  src/RuleRightCollection.php:258                    AuthLDAP::get_entries_clean()
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()
  
[2023-02-10 22:52:32] glpiphplog.WARNING:   *** PHP Warning (2): count(): Parameter must be an array or an object that implements Countable in /var/www/html/src/RuleRightCollection.php at line 260
  Backtrace :
  src/RuleCollection.php:1727                        RuleRightCollection->prepareInputDataForProcess()
  src/RuleCollection.php:1878                        RuleCollection->testAllRules()
  front/rulesengine.test.php:82                      RuleCollection->showRulesEnginePreviewResultsForm()

Page URL

No response

Steps To reproduce

create new rule
add critea via (LDAP)DistinguishedName
add "assign" to specific entity
test the rules.

expected result: set the entity via ldap dn data

Your GLPI setup information

GLPI 10.0.6 ( => /var/www/html)
Installation mode: TARBALL
Current language:es_ES

 
Operating system: Linux hostname 5.4.17-2136.315.5.el8uek.x86_64 #2 SMP Wed Dec 21 19:38:18 PST 2022
	x86_64
PHP 7.4.30 fpm-fcgi (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apcu, bcmath, bz2, calendar, cgi-fcgi, ctype,
	curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, intl, json, ldap, libxml, mbstring, mysqli, mysqlnd,
	openssl, pcre, pdo_mysql, pdo_sqlite, posix, session, shmop, snmp, sockets, sqlite3, standard, sysvmsg, sysvsem, sysvshm,
	tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="30" memory_limit="1000M" post_max_size="8M" safe_mode="" session.save_handler="files"
	upload_max_filesize="2M" 
Software: nginx/1.14.1
	Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0
Server Software: MariaDB Server
	Server Version: 10.3.35-MariaDB
	Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
	
PHP version (7.4.30) is supported.PHP version (7.4.30) is supported.
Sessions configuration is OK.Sessions configuration is OK.
Allocated memory is sufficient.Allocated memory is sufficient.
mysqli extension is installed.mysqli extension is installed.
Following extensions are installed: dom, fileinfo, json, simplexml.Following extensions are installed: dom, fileinfo, json, simplexml.
curl extension is installed.curl extension is installed.
gd extension is installed.gd extension is installed.
intl extension is installed.intl extension is installed.
libxml extension is installed.libxml extension is installed.
zlib extension is installed.zlib extension is installed.
The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.
Database engine version (10.3.35) is supported.Database engine version (10.3.35) is supported.
No files from previous GLPI version detected.No files from previous GLPI version detected.
The log file has been created successfully.The log file has been created successfully.
Write access to /var/www/html/files/_cache has been validated. Write access to /var/www/html/config has been validated. Write access to /var/www/html/files/_cron has been validated. Write access to /var/www/html/files has been validated. Write access to /var/www/html/files/_dumps has been validated. Write access to /var/www/html/files/_graphs has been validated. Write access to /var/www/html/files/_lock has been validated. Write access to /var/www/html/files/_pictures has been validated. Write access to /var/www/html/files/_plugins has been validated. Write access to /var/www/html/files/_rss has been validated. Write access to /var/www/html/files/_sessions has been validated. Write access to /var/www/html/files/_tmp has been validated. Write access to /var/www/html/files/_uploads has been validated.Write access to /var/www/html/files/_cache has been validated.
Write access to /var/www/html/config has been validated.
Write access to /var/www/html/files/_cron has been validated.
Write access to /var/www/html/files has been validated.
Write access to /var/www/html/files/_dumps has been validated.
Write access to /var/www/html/files/_graphs has been validated.
Write access to /var/www/html/files/_lock has been validated.
Write access to /var/www/html/files/_pictures has been validated.
Write access to /var/www/html/files/_plugins has been validated.
Write access to /var/www/html/files/_rss has been validated.
Write access to /var/www/html/files/_sessions has been validated.
Write access to /var/www/html/files/_tmp has been validated.
Write access to /var/www/html/files/_uploads has been validated.
The following directories should be placed outside "/var/www/html": ‣ "/var/www/html/files" ("GLPI_VAR_DIR") ‣ "/var/www/html/config" ("GLPI_CONFIG_DIR") You can ignore this suggestion if you are certain that these directories are not accessible through your web server.The following directories should be placed outside "/var/www/html":
‣ "/var/www/html/files" ("GLPI_VAR_DIR")
‣ "/var/www/html/config" ("GLPI_CONFIG_DIR")
You can ignore this suggestion if you are certain that these directories are not accessible through your web server.
For security reasons, SELinux mode should be Enforcing.For security reasons, SELinux mode should be Enforcing.
PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol. PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.PHP directive "session.cookie_secure" should be set to "on" when GLPI can be accessed on HTTPS protocol.
PHP directive "session.cookie_httponly" should be set to "on" to prevent client-side script to access cookie values.
exif extension is installed.exif extension is installed.
ldap extension is installed.ldap extension is installed.
openssl extension is installed.openssl extension is installed.
zip extension is installed.zip extension is installed.
bz2 extension is installed.bz2 extension is installed.
Zend OPcache extension is installed.Zend OPcache extension is installed.
Following extensions are installed: ctype, iconv, mbstring. Following extensions are not present: sodium.Following extensions are installed: ctype, iconv, mbstring.
Following extensions are not present: sodium.
Write access to /var/www/html/marketplace has been validated.Write access to /var/www/html/marketplace has been validated.
Timezones seems loaded in database.Timezones seems loaded in database.

 
	formcreator          Name: Form Creator                   Version: 2.13.4     State: To update                               
		Install Method: Marketplace
	itilcategorygroups   Name: Grupos de Categorias           Version: 2.5.1      State: Enabled                                 
		Install Method: Marketplace

Anything else?

maybe related to #12304 ?

[cedric-anne]

@ftoledo

Could you try with #14369 ?

[cedric-anne]

@ftoledo

Could you try with #14369 ?

My bad, it cannot work, LDAP connection identifier is not available here. Fix is not valid, and I do not know what should be done here.

[bahusafoo]

The test reporting No despite the rules working and applying is actually occurring for Any LDAP authorization rules.

I ran into this creating an LDAP Criteria for the "company" attribute (Active Directory uses this for Organization). Even changing to "contains" - the rule never tests successfully, however, when importing/syncing users the authorizations do apply (IE assigning an entity to a user)