Fixed #11509: Allow LDAP anonymous bind.

This commit is contained in:
Katharina Drexel 2022-07-15 09:20:55 +02:00
parent e72c4f989f
commit 9d627936e6
No known key found for this signature in database
GPG key ID: 5DE32D31BA76AE6D

View file

@ -176,16 +176,22 @@ class Ldap extends Model
throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.'); throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.');
} }
if (! $ldapbind = @ldap_bind($connection, $ldap_username, $ldap_pass)) { if ( $ldap_username ) {
throw new Exception('Could not bind to LDAP: '.ldap_error($connection)); if (! $ldapbind = @ldap_bind($connection, $ldap_username, $ldap_pass)) {
} throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
// TODO - this just "falls off the end" but the function states that it should return true or false }
// unfortunately, one of the use cases for this function is wrong and *needs* for that failure mode to fire // TODO - this just "falls off the end" but the function states that it should return true or false
// so I don't want to fix this right now. // unfortunately, one of the use cases for this function is wrong and *needs* for that failure mode to fire
// this method MODIFIES STATE on the passed-in $connection and just returns true or false (or, in this case, undefined) // so I don't want to fix this right now.
// at the next refactor, this should be appropriately modified to be more consistent. // this method MODIFIES STATE on the passed-in $connection and just returns true or false (or, in this case, undefined)
} // at the next refactor, this should be appropriately modified to be more consistent.
} else {
// LDAP should also work with anonymous bind (no dn, no password available)
if (! $ldapbind = @ldap_bind($connection )) {
throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
}
}
}
/** /**
* Parse and map LDAP attributes based on settings * Parse and map LDAP attributes based on settings