Fixed #11509: Allow LDAP anonymous bind.

This commit is contained in:
Katharina Drexel 2022-07-15 09:20:55 +02:00
parent e72c4f989f
commit 9d627936e6
No known key found for this signature in database
GPG key ID: 5DE32D31BA76AE6D

View file

@ -176,6 +176,7 @@ class Ldap extends Model
throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.'); throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.');
} }
if ( $ldap_username ) {
if (! $ldapbind = @ldap_bind($connection, $ldap_username, $ldap_pass)) { if (! $ldapbind = @ldap_bind($connection, $ldap_username, $ldap_pass)) {
throw new Exception('Could not bind to LDAP: '.ldap_error($connection)); throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
} }
@ -184,8 +185,13 @@ class Ldap extends Model
// so I don't want to fix this right now. // so I don't want to fix this right now.
// this method MODIFIES STATE on the passed-in $connection and just returns true or false (or, in this case, undefined) // this method MODIFIES STATE on the passed-in $connection and just returns true or false (or, in this case, undefined)
// at the next refactor, this should be appropriately modified to be more consistent. // at the next refactor, this should be appropriately modified to be more consistent.
} else {
// LDAP should also work with anonymous bind (no dn, no password available)
if (! $ldapbind = @ldap_bind($connection )) {
throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
}
}
} }
/** /**
* Parse and map LDAP attributes based on settings * Parse and map LDAP attributes based on settings