This is occurring because your custom LDAP code is attempting to use the
full LDAP group's DN for the VCL group name and the DN is longer than 60
characters:
cn=Business Administration,ou=Major,o=poets.whittier.edu,o=cp
If you look in the usergroup table, you'll see that an entry was added but
the usergroup.name value was truncated:
cn=Business Administration,ou=Major,o=poets.whittier.edu,o=c
The usergroup.name is defined as a varchar(60) and MySQL automatically
truncates the value if you try to enter something longer.
Every time a user logs in, it retrieves the user's groups from LDAP and
checks if each group already exists in VCL. Since it's checking for the
complete non-truncated name, this always returns false because a group with
the full name doesn't exist in VCL. It then tries to add the group and the
"Duplicate entry" error is generated because MySQL is again attempting to
add a group with the same truncated name.
You have 2 options:
1) If you really want to use the full DN, you can alter the
usergroup.namecolumn to allow for longer group names:
ALTER TABLE usergroup CHANGE name name VARCHAR(100)
You should manually rename your existing groups which have truncated names
to the correct name immediately after altering the column so that you don't
wind up with groups with both the truncated and complete name. This won't
harm anything that I can think of. There may be some fields in the VCL
website which also have matching 60 character limits but you can't edit the
names of LDAP-created groups so it shouldn't matter.
2) The downside of allowing for longer group names is that you'll have a
bunch of very long names in the VCL website. A more elegant approach would
be to update your updatewcldapGroups subroutine to construct friendlier VCL
group names by adding parenthesis around the part of the DN you want to use
for the VCL group name. The updateEXAMPLE1Groups subroutine has examples.
You could simply do the following if you just want to have the group named
after the "Business Administration" CN:
if(preg_match('/^cn=(.+),ou=Major,o=poets.whittier.edu,o=cp/',
$data[0]['memberof'][$i], $match))
array_push($newusergroups, getUserGroupID($match[1],
$user['affiliationid']));
Or combine the CN and OU into "Major - Business Administration":
if(preg_match('/^cn=(.+),ou=(Major|AnotherOU),o=poets.whittier.edu,o=cp/',
$data[0]['memberof'][$i], $match))
array_push($newusergroups, getUserGroupID($match[1] . ' - ' . $match[2],
$user['affiliationid']));
Regards,
Andy
On Mon, Apr 7, 2014 at 1:43 PM, Lo Richard <[email protected]> wrote:
> Hi All
>
>
>
> I am having an issue with new users first time logging into the VCL
> landing page successfully but when the user us tries to create a new
> reservation the error that is emailed to the admin is 'Error with VCL Pages
> (301)' and the user sees 'You don't have access to any environments and,
> therefore, cannot make any reservations.' There is nothing unique with the
> user compared to another user in the same LDAP group.
>
> The error email is shown below. If the same user tries to log in again
> another error email is sent which will be attached below as well.
>
>
>
> *First error log email :*
>
> Duplicate entry 'cn=Business
> Administration,ou=Major,o=poets.whittier.edu,o=c-3'
> for key 2
>
>
>
> INSERT INTO usergroup (name, affiliationid, custom, courseroll) VALUES
> ('cn=Business Administration,ou=Major,o=poets.whittier.edu,o=cp', 3, 0, 0)
>
> ERROR(301): Failed to execute query 2 in updateGroup Mode was submitLogin
>
>
>
>
>
> Backtrace:
>
> =-=-=-=-=-=-=-=-=-=-=-=
>
> Call#:1 => index.php:submitLogin() (line#:90)
>
> Call#:2 => authentication.php:ldapLogin() (line#:340)
>
> Call#:3 => authentication.php:updateLDAPUser() (line#:434)
>
> Call#:4 => ldapauth.php:updatewcldapGroups() (line#:266)
>
> Call#:5 => ldapauth.php:getUserGroupID() (line#:447)
>
> Call#:6 => utils.php:doQuery() (line#:8232)
>
>
>
> Backtrace with Arguments:
>
> =-=-=-=-=-=-=-=-=-=-=-=
>
> Call#:1 => index.php:submitLogin() (line#:90)
>
> Arguments(none):
>
> -----------------------
>
> Call#:2 => authentication.php:ldapLogin() (line#:340)
>
> Arguments(3)
>
>
>
> Argument#: 1 => Whittier Username
>
> Argument#: 2 => ncurtice
>
> Argument#: 3 => #*(password hidden)*
>
> -----------------------
>
> Call#:3 => authentication.php:updateLDAPUser() (line#:434)
>
> Arguments(2)
>
>
>
> Argument#: 1 => Whittier Username
>
> Argument#: 2 => ncurtice
>
> -----------------------
>
> Call#:4 => ldapauth.php:updatewcldapGroups() (line#:266)
>
> Arguments(1)
>
>
>
> Argument#: 1 => Array
>
> (
>
> [unityid] => ncurtice
>
> [affiliationid] => 3
>
> [affiliation] => wcldap
>
> [firstname] => Nicholas
>
> [lastname] => Curtice
>
> [preferredname] =>
>
> [email] => [email protected]
>
> [IMtype] => none
>
> [IMid] =>
>
> [uid] =>
>
> [id] => 42
>
> [width] => 1024
>
> [height] => 768
>
> [bpp] => 16
>
> [audiomode] => local
>
> [mapdrives] => 1
>
> [mapprinters] => 1
>
> [mapserial] => 0
>
> [showallgroups] => 0
>
> [lastupdated] => 2014-04-04 14:29:47
>
> )
>
>
>
> -----------------------
>
> Call#:5 => ldapauth.php:getUserGroupID() (line#:447)
>
> Arguments(2)
>
>
>
> Argument#: 1 => cn=Business Administration,ou=Major,o=poets.whittier.edu
> ,o=cp
>
> Argument#: 2 => 3
>
> -----------------------
>
> Call#:6 => utils.php:doQuery() (line#:8232)
>
> Arguments(2)
>
>
>
> Argument#: 1 => INSERT INTO usergroup (name, affiliationid, custom,
> courseroll) VALUES ('cn=Business Administration,ou=Major,o=
> poets.whittier.edu,o=cp', 3, 0, 0)
>
> Argument#: 2 => 301
>
> -----------------------
>
>
>
>
>
> *Second email if user attempts to login again:*
>
>
>
> Duplicate entry 'cn=Business
> Administration,ou=Major,o=poets.whittier.edu,o=c-3'
> for key 2
>
>
>
> INSERT INTO usergroup (name, affiliationid, custom, courseroll) VALUES
> ('cn=Business Administration,ou=Major,o=poets.whittier.edu,o=cp', 3, 0, 0)
>
> ERROR(301): Failed to execute query 2 in updateGroup Mode was main
>
>
>
>
>
> Backtrace:
>
> =-=-=-=-=-=-=-=-=-=-=-=
>
> Call#:1 => index.php:initGlobals() (line#:58)
>
> Call#:2 => utils.php:getUserInfo() (line#:209)
>
> Call#:3 => utils.php:updateUserData() (line#:3424)
>
> Call#:4 => utils.php:updateLDAPUser() (line#:3604)
>
> Call#:5 => ldapauth.php:updatewcldapGroups() (line#:266)
>
> Call#:6 => ldapauth.php:getUserGroupID() (line#:447)
>
> Call#:7 => utils.php:doQuery() (line#:8232)
>
>
>
> Backtrace with Arguments:
>
> =-=-=-=-=-=-=-=-=-=-=-=
>
> Call#:1 => index.php:initGlobals() (line#:58)
>
> Arguments(none):
>
> -----------------------
>
> Call#:2 => utils.php:getUserInfo() (line#:209)
>
> Arguments(1)
>
>
>
> Argument#: 1 => ncurtice@wcldap
>
> -----------------------
>
> Call#:3 => utils.php:updateUserData() (line#:3424)
>
> Arguments(3)
>
>
>
> Argument#: 1 => ncurtice
>
> Argument#: 2 => loginid
>
> Argument#: 3 => 3
>
> -----------------------
>
> Call#:4 => utils.php:updateLDAPUser() (line#:3604)
>
> Arguments(2)
>
>
>
> Argument#: 1 => Whittier Username
>
> Argument#: 2 => ncurtice
>
> -----------------------
>
> Call#:5 => ldapauth.php:updatewcldapGroups() (line#:266)
>
> Arguments(1)
>
>
>
> Argument#: 1 => Array
>
> (
>
> [IMtype] => none
>
> [IMid] =>
>
> [affiliationid] => 3
>
> [affiliation] => wcldap
>
> [shibonly] => 0
>
> [emailnotices] => 1
>
> [preferredname] =>
>
> [uid] =>
>
> [id] => 42
>
> [width] => 1024
>
> [height] => 768
>
> [bpp] => 16
>
> [audiomode] => local
>
> [mapdrives] => 1
>
> [mapprinters] => 1
>
> [mapserial] => 0
>
> [showallgroups] => 0
>
> [unityid] => ncurtice
>
> [firstname] => Nicholas
>
> [lastname] => Curtice
>
> [email] => [email protected]
>
> [lastupdated] => 2014-04-07 08:55:46
>
> )
>
>
>
> -----------------------
>
> Call#:6 => ldapauth.php:getUserGroupID() (line#:447)
>
> Arguments(2)
>
>
>
> Argument#: 1 => cn=Business Administration,ou=Major,o=poets.whittier.edu
> ,o=cp
>
> Argument#: 2 => 3
>
> -----------------------
>
> Call#:7 => utils.php:doQuery() (line#:8232)
>
> Arguments(2)
>
>
>
> Argument#: 1 => INSERT INTO usergroup (name, affiliationid, custom,
> courseroll) VALUES ('cn=Business Administration,ou=Major,o=
> poets.whittier.edu,o=cp', 3, 0, 0)
>
> Argument#: 2 => 301
>
> -----------------------
>
>
>
>
>
>
>
>
>
>
>
> -
>
> *Richard Lo*
>
> Systems Manager
>
> IT Services
>
> Whittier College
>
> 13406 E. Philadephia Street
>
> Whittier, CA 90601
>
> phone. 562-907-4881
>
> [email protected]
>
>
>
