From 638df94f88fb4d401258feb26cc6511167d1d72e Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Tue, 17 Nov 2009 08:48:16 -0800
Subject: [PATCH 1/3] Need to check the Profile rather than the User.

---
 classes/Notice.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/Notice.php b/classes/Notice.php
index 1db431f2a7..ebb5022b99 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -207,7 +207,7 @@ class Notice extends Memcached_DataObject
 
         # Sandboxed are non-false, but not 1, either
 
-        if (!$user->hasRight(Right::PUBLICNOTICE) ||
+        if (!$profile->hasRight(Right::PUBLICNOTICE) ||
             ($source && $autosource && in_array($source, $autosource))) {
             $notice->is_local = Notice::LOCAL_NONPUBLIC;
         } else {

From 3d6a55a49f298b83d4f0cdfe2f14ea201f45a565 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Tue, 17 Nov 2009 09:07:44 -0800
Subject: [PATCH 2/3] Fix ticket 1816: Database errors recorded as "Array"

PEAR error backtrace lines are now correctly formatted as strings in debug log, roughly as debug_print_backtrace() does (but with argument values swapped out for types to avoid being overly verbose).

Todo: exceptions and PEAR error objects should log backtraces the same way; right now it doesn't look like exceptions get backtraces logged.

Todo: At one line per line, it's potentially tough to figure out what backtrace goes with what event if traffic is heavy; even if not heavy it's awkward to jump back into a log file after grepping to find the backtrace. Consider using a random per-event ID which can go in the log output -- bonus points for exposing the error ID to users so ops can track down actual error details in logs from a user report.
---
 index.php | 41 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index 577b491ed0..997ee6197f 100644
--- a/index.php
+++ b/index.php
@@ -76,11 +76,16 @@ function handleError($error)
     if (common_config('site', 'logdebug')) {
         $logmsg .= " : ". $error->getDebugInfo();
     }
+    // DB queries often end up with a lot of newlines; merge to a single line
+    // for easier grepability...
+    $logmsg = str_replace("\n", " ", $logmsg);
     common_log(LOG_ERR, $logmsg);
+
+    // @fixme backtrace output should be consistent with exception handling
     if (common_config('site', 'logdebug')) {
         $bt = $error->getBacktrace();
-        foreach ($bt as $line) {
-            common_log(LOG_ERR, $line);
+        foreach ($bt as $n => $line) {
+            common_log(LOG_ERR, formatBacktraceLine($n, $line));
         }
     }
     if ($error instanceof DB_DataObject_Error
@@ -109,6 +114,38 @@ function handleError($error)
     exit(-1);
 }
 
+/**
+ * Format a backtrace line for debug output roughly like debug_print_backtrace() does.
+ * Exceptions already have this built in, but PEAR error objects just give us the array.
+ *
+ * @param int $n line number
+ * @param array $line per-frame array item from debug_backtrace()
+ * @return string
+ */
+function formatBacktraceLine($n, $line)
+{
+    $out = "#$n ";
+    if (isset($line['class'])) $out .= $line['class'];
+    if (isset($line['type'])) $out .= $line['type'];
+    if (isset($line['function'])) $out .= $line['function'];
+    $out .= '(';
+    if (isset($line['args'])) {
+        $args = array();
+        foreach ($line['args'] as $arg) {
+            // debug_print_backtrace seems to use var_export
+            // but this gets *very* verbose!
+            $args[] = gettype($arg);
+        }
+        $out .= implode(',', $args);
+    }
+    $out .= ')';
+    $out .= ' called at [';
+    if (isset($line['file'])) $out .= $line['file'];
+    if (isset($line['line'])) $out .= ':' . $line['line'];
+    $out .= ']';
+    return $out;
+}
+
 function checkMirror($action_obj, $args)
 {
     global $config;

From 4ff2d37b10977f77fe3e627f93176657a45270bb Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Tue, 17 Nov 2009 13:00:45 -0500
Subject: [PATCH 3/3] Reformatted for 80 character width, and clarified the
 username/nickname attribute difference

---
 plugins/LdapAuthentication/README | 63 +++++++++++++++++++++----------
 1 file changed, 43 insertions(+), 20 deletions(-)

diff --git a/plugins/LdapAuthentication/README b/plugins/LdapAuthentication/README
index b10a1eb930..dc3f4ba884 100644
--- a/plugins/LdapAuthentication/README
+++ b/plugins/LdapAuthentication/README
@@ -1,42 +1,63 @@
-The LDAP Authentication plugin allows for StatusNet to handle authentication through LDAP.
+The LDAP Authentication plugin allows for StatusNet to handle authentication
+through LDAP.
 
 Installation
 ============
-add "addPlugin('ldapAuthentication', array('setting'=>'value', 'setting2'=>'value2', ...);" to the bottom of your config.php
+add "addPlugin('ldapAuthentication',
+    array('setting'=>'value', 'setting2'=>'value2', ...);"
+to the bottom of your config.php
 
 Settings
 ========
 provider_name*: a unique name for this authentication provider.
-authoritative (false): Set to true if LDAP's responses are authoritative (meaning if LDAP fails, do check any other plugins or the internal password database).
-autoregistration (false): Set to true if users should be automatically created when they attempt to login.
-email_changeable (true): Are users allowed to change their email address? (true or false)
-password_changeable (true): Are users allowed to change their passwords? (true or false)
+authoritative (false): Set to true if LDAP's responses are authoritative
+    (if authorative and LDAP fails, no other password checking will be done).
+autoregistration (false): Set to true if users should be automatically created
+    when they attempt to login.
+email_changeable (true): Are users allowed to change their email address?
+    (true or false)
+password_changeable (true): Are users allowed to change their passwords?
+    (true or false)
 
-host*: LDAP server name to connect to. You can provide several hosts in an array in which case the hosts are tried from left to right.. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-port: Port on the server. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-version: LDAP version. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-starttls: TLS is started after connecting. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-binddn: The distinguished name to bind as (username). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-bindpw: Password for the binddn. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-basedn*: LDAP base name (root directory). See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+host*: LDAP server name to connect to. You can provide several hosts in an
+    array in which case the hosts are tried from left to right.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+port: Port on the server.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+version: LDAP version.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+starttls: TLS is started after connecting.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+binddn: The distinguished name to bind as (username).
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+bindpw: Password for the binddn.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+basedn*: LDAP base name (root directory).
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
 options: See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-filter: Default search filter. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
-scope: Default search scope. See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+filter: Default search filter.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
+scope: Default search scope.
+    See http://pear.php.net/manual/en/package.networking.net-ldap2.connecting.php
 
-attributes: an array with the key being the StatusNet user attribute name, and the value the LDAP attribute name
-    username*
-    nickname*
+attributes: an array that relates StatusNet user attributes to LDAP ones
+    username*: LDAP attribute value entered when authenticating to StatusNet
+    nickname*: LDAP attribute value shown as the user's nickname
     email
     fullname
     homepage
     location
-    
+
 * required
 default values are in (parenthesis)
 
+For most LDAP installations, the "nickname" and "username" attributes should
+    be the same.
+
 Example
 =======
-Here's an example of an LDAP plugin configuration that connects to Microsoft Active Directory.
+Here's an example of an LDAP plugin configuration that connects to
+    Microsoft Active Directory.
 
 addPlugin('ldapAuthentication', array(
     'provider_name'=>'Example',
@@ -47,7 +68,9 @@ addPlugin('ldapAuthentication', array(
     'basedn'=>'OU=Users,OU=StatusNet,OU=US,DC=americas,DC=global,DC=loc',
     'host'=>array('server1', 'server2'),
     'attributes'=>array(
+        'username'=>'sAMAccountName',
         'nickname'=>'sAMAccountName',
         'email'=>'mail',
         'fullname'=>'displayName')
 ));
+