Central Auth Plugin and PHP 8.0

After an update to PHP 8.0 on our Omeka Classic 3.0.3 server, our users were unable to log into the admin section of the Omeka server. Logging into Omeka with PHP 7.4 worked fine with no errors. The error logs show the following error:

[15-Dec-2022 19:36:26 UTC] PHP Fatal error:  Uncaught ArgumentCountError: ldap_first_attribute() expects exactly 2 arguments, 3 given in /var/www/html/application/libraries/Zend/Ldap/Collection/It
erator/Default.php:204
Stack trace:
#0 /var/www/html/application/libraries/Zend/Ldap/Collection/Iterator/Default.php(204): ldap_first_attribute()
#1 /var/www/html/application/libraries/Zend/Ldap/Collection.php(142): Zend_Ldap_Collection_Iterator_Default->current()
#2 /var/www/html/application/libraries/Zend/Ldap/Collection.php(101): Zend_Ldap_Collection->current()
#3 /var/www/html/application/libraries/Zend/Ldap.php(669): Zend_Ldap_Collection->getFirst()
#4 /var/www/html/application/libraries/Zend/Ldap.php(538): Zend_Ldap->_getAccount()
#5 /var/www/html/application/libraries/Zend/Ldap.php(605): Zend_Ldap->_getAccountDn()
#6 /var/www/html/application/libraries/Zend/Auth/Adapter/Ldap.php(328): Zend_Ldap->getCanonicalAccountName()
#7 /var/www/html/plugins/CentralAuth/adapters/LdapAdapter.php(38): Zend_Auth_Adapter_Ldap->authenticate()
#8 /var/www/html/plugins/CentralAuth/CentralAuthPlugin.php(255): CentralAuth_LdapAdapter->authenticate()
#9 /var/www/html/application/libraries/Omeka/Plugin/Broker.php(266): CentralAuthPlugin->filterLoginAdapter()
#10 /var/www/html/application/libraries/globals.php(324): Omeka_Plugin_Broker->applyFilters()
#11 /var/www/html/application/controllers/UsersController.php(439): apply_filters()
#12 /var/www/html/plugins/CentralAuth/controllers/UsersController.php(178): UsersController->loginAction()
#13 /var/www/html/application/libraries/Zend/Controller/Action.php(516): CentralAuth_UsersController->loginAction()
#14 /var/www/html/application/libraries/Zend/Controller/Dispatcher/Standard.php(308): Zend_Controller_Action->dispatch()
#15 /var/www/html/application/libraries/Zend/Controller/Front.php(954): Zend_Controller_Dispatcher_Standard->dispatch()
#16 /var/www/html/application/libraries/Zend/Application/Bootstrap/Bootstrap.php(105): Zend_Controller_Front->dispatch()
#17 /var/www/html/application/libraries/Zend/Application.php(384): Zend_Application_Bootstrap_Bootstrap->run()
#18 /var/www/html/application/libraries/Omeka/Application.php(73): Zend_Application->run()
#19 /var/www/html/admin/index.php(28): Omeka_Application->run()
#20 {main}
  thrown in /var/www/html/application/libraries/Zend/Ldap/Collection/Iterator/Default.php on line 204

I can easily replicate the issue by switching back and forth between PHP versions. Changing back to PHP 7.4 immediately fixes the issue.

Has anyone gotten the Central Auth plug-in to work with PHP 8? If so, what did you have to do?

This looks like it’s an incompatibility between PHP 8+ and the Zend LDAP library that’s bundled with Omeka. Arguably this is actually a bug in PHP, but it’s not likely it would be fixed, I think.

A fix for your specific problem should be simple, but would require editing a file within Omeka.

The file application/libraries/Zend/Ldap/Collection/Iterator/Default.php is the culprit. Lines 204 and 225 of that file look like this:

$ber_identifier);

If you delete the $ber_identifier part, so those lines are just the ending punctuation:

);

that should get rid of this error for you.

Hello @sewanee-raval, I’m the developer of the Central Auth plugin. I haven’t yet moved to PHP 8, and so far haven’t heard that there was compatibility issues.

Are you using the plugin to authenticate with LDAP? If so, I think it may be possible to simplify the LDAP support so it does not rely upon the old Zend classes.

If you are just using CAS, I could easily make a version that strips out the LDAP support to prevent this error. The library used for CAS by the plugin has not been maintained for several years though, so I’m uncertain how well it will work with newer PHP versions.

Our institution is currently moving on from CAS to SAML, and I will be releasing a plugin that takes a different approach to authentication soon.

Omeka Classic 3.1 includes some fixes to the Zend Framework libraries that may resolve this issue also.