Andy thanks for your suggestion this lead us to fixing the issue and no more error.
-- Richard Lo Systems Manager Whittier College [email protected]<mailto:[email protected]> From: Andy Kurth [mailto:[email protected]] Sent: Monday, April 07, 2014 11:40 AM To: [email protected] Subject: Re: Error with VCL pages (301) This is occurring because your custom LDAP code is attempting to use the full LDAP group's DN for the VCL group name and the DN is longer than 60 characters: cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp If you look in the usergroup table, you'll see that an entry was added but the usergroup.name<http://usergroup.name> value was truncated: cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=c The usergroup.name<http://usergroup.name> is defined as a varchar(60) and MySQL automatically truncates the value if you try to enter something longer. Every time a user logs in, it retrieves the user's groups from LDAP and checks if each group already exists in VCL. Since it's checking for the complete non-truncated name, this always returns false because a group with the full name doesn't exist in VCL. It then tries to add the group and the "Duplicate entry" error is generated because MySQL is again attempting to add a group with the same truncated name. You have 2 options: 1) If you really want to use the full DN, you can alter the usergroup.name<http://usergroup.name> column to allow for longer group names: ALTER TABLE usergroup CHANGE name name VARCHAR(100) You should manually rename your existing groups which have truncated names to the correct name immediately after altering the column so that you don't wind up with groups with both the truncated and complete name. This won't harm anything that I can think of. There may be some fields in the VCL website which also have matching 60 character limits but you can't edit the names of LDAP-created groups so it shouldn't matter. 2) The downside of allowing for longer group names is that you'll have a bunch of very long names in the VCL website. A more elegant approach would be to update your updatewcldapGroups subroutine to construct friendlier VCL group names by adding parenthesis around the part of the DN you want to use for the VCL group name. The updateEXAMPLE1Groups subroutine has examples. You could simply do the following if you just want to have the group named after the "Business Administration" CN: if(preg_match('/^cn=(.+),ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp/', $data[0]['memberof'][$i], $match)) array_push($newusergroups, getUserGroupID($match[1], $user['affiliationid'])); Or combine the CN and OU into "Major - Business Administration": if(preg_match('/^cn=(.+),ou=(Major|AnotherOU),o=poets.whittier.edu<http://poets.whittier.edu>,o=cp/', $data[0]['memberof'][$i], $match)) array_push($newusergroups, getUserGroupID($match[1] . ' - ' . $match[2], $user['affiliationid'])); Regards, Andy On Mon, Apr 7, 2014 at 1:43 PM, Lo Richard <[email protected]<mailto:[email protected]>> wrote: Hi All I am having an issue with new users first time logging into the VCL landing page successfully but when the user us tries to create a new reservation the error that is emailed to the admin is 'Error with VCL Pages (301)' and the user sees 'You don't have access to any environments and, therefore, cannot make any reservations.' There is nothing unique with the user compared to another user in the same LDAP group. The error email is shown below. If the same user tries to log in again another error email is sent which will be attached below as well. First error log email : Duplicate entry 'cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=c-3' for key 2 INSERT INTO usergroup (name, affiliationid, custom, courseroll) VALUES ('cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp', 3, 0, 0) ERROR(301): Failed to execute query 2 in updateGroup Mode was submitLogin Backtrace: =-=-=-=-=-=-=-=-=-=-=-= Call#:1 => index.php:submitLogin() (line#:90) Call#:2 => authentication.php:ldapLogin() (line#:340) Call#:3 => authentication.php:updateLDAPUser() (line#:434) Call#:4 => ldapauth.php:updatewcldapGroups() (line#:266) Call#:5 => ldapauth.php:getUserGroupID() (line#:447) Call#:6 => utils.php:doQuery() (line#:8232) Backtrace with Arguments: =-=-=-=-=-=-=-=-=-=-=-= Call#:1 => index.php:submitLogin() (line#:90) Arguments(none): ----------------------- Call#:2 => authentication.php:ldapLogin() (line#:340) Arguments(3) Argument#: 1 => Whittier Username Argument#: 2 => ncurtice Argument#: 3 => #(password hidden) ----------------------- Call#:3 => authentication.php:updateLDAPUser() (line#:434) Arguments(2) Argument#: 1 => Whittier Username Argument#: 2 => ncurtice ----------------------- Call#:4 => ldapauth.php:updatewcldapGroups() (line#:266) Arguments(1) Argument#: 1 => Array ( [unityid] => ncurtice [affiliationid] => 3 [affiliation] => wcldap [firstname] => Nicholas [lastname] => Curtice [preferredname] => [email] => [email protected]<mailto:[email protected]> [IMtype] => none [IMid] => [uid] => [id] => 42 [width] => 1024 [height] => 768 [bpp] => 16 [audiomode] => local [mapdrives] => 1 [mapprinters] => 1 [mapserial] => 0 [showallgroups] => 0 [lastupdated] => 2014-04-04 14:29:47 ) ----------------------- Call#:5 => ldapauth.php:getUserGroupID() (line#:447) Arguments(2) Argument#: 1 => cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp Argument#: 2 => 3 ----------------------- Call#:6 => utils.php:doQuery() (line#:8232) Arguments(2) Argument#: 1 => INSERT INTO usergroup (name, affiliationid, custom, courseroll) VALUES ('cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp', 3, 0, 0) Argument#: 2 => 301 ----------------------- Second email if user attempts to login again: Duplicate entry 'cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=c-3' for key 2 INSERT INTO usergroup (name, affiliationid, custom, courseroll) VALUES ('cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp', 3, 0, 0) ERROR(301): Failed to execute query 2 in updateGroup Mode was main Backtrace: =-=-=-=-=-=-=-=-=-=-=-= Call#:1 => index.php:initGlobals() (line#:58) Call#:2 => utils.php:getUserInfo() (line#:209) Call#:3 => utils.php:updateUserData() (line#:3424) Call#:4 => utils.php:updateLDAPUser() (line#:3604) Call#:5 => ldapauth.php:updatewcldapGroups() (line#:266) Call#:6 => ldapauth.php:getUserGroupID() (line#:447) Call#:7 => utils.php:doQuery() (line#:8232) Backtrace with Arguments: =-=-=-=-=-=-=-=-=-=-=-= Call#:1 => index.php:initGlobals() (line#:58) Arguments(none): ----------------------- Call#:2 => utils.php:getUserInfo() (line#:209) Arguments(1) Argument#: 1 => ncurtice@wcldap ----------------------- Call#:3 => utils.php:updateUserData() (line#:3424) Arguments(3) Argument#: 1 => ncurtice Argument#: 2 => loginid Argument#: 3 => 3 ----------------------- Call#:4 => utils.php:updateLDAPUser() (line#:3604) Arguments(2) Argument#: 1 => Whittier Username Argument#: 2 => ncurtice ----------------------- Call#:5 => ldapauth.php:updatewcldapGroups() (line#:266) Arguments(1) Argument#: 1 => Array ( [IMtype] => none [IMid] => [affiliationid] => 3 [affiliation] => wcldap [shibonly] => 0 [emailnotices] => 1 [preferredname] => [uid] => [id] => 42 [width] => 1024 [height] => 768 [bpp] => 16 [audiomode] => local [mapdrives] => 1 [mapprinters] => 1 [mapserial] => 0 [showallgroups] => 0 [unityid] => ncurtice [firstname] => Nicholas [lastname] => Curtice [email] => [email protected]<mailto:[email protected]> [lastupdated] => 2014-04-07 08:55:46 ) ----------------------- Call#:6 => ldapauth.php:getUserGroupID() (line#:447) Arguments(2) Argument#: 1 => cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp Argument#: 2 => 3 ----------------------- Call#:7 => utils.php:doQuery() (line#:8232) Arguments(2) Argument#: 1 => INSERT INTO usergroup (name, affiliationid, custom, courseroll) VALUES ('cn=Business Administration,ou=Major,o=poets.whittier.edu<http://poets.whittier.edu>,o=cp', 3, 0, 0) Argument#: 2 => 301 ----------------------- - Richard Lo Systems Manager IT Services Whittier College 13406 E. Philadephia Street Whittier, CA 90601 phone. 562-907-4881 [email protected]<mailto:[email protected]>
