diff --git a/application/libraries/Ldap_client.php b/application/libraries/Ldap_client.php index 9c55e642..1dd78cd6 100644 --- a/application/libraries/Ldap_client.php +++ b/application/libraries/Ldap_client.php @@ -97,52 +97,19 @@ class Ldap_client $user = $this->CI->accounts->get_user_by_username($username); if (empty($user['ldap_dn'])) { - return null; + return null; // User does not exist in Easy!Appointments } // Connect to LDAP server - $host = setting('ldap_host'); - $port = (int) setting('ldap_port'); - $user_dn = setting('ldap_user_dn'); - $ldap_password = setting('ldap_password'); + $ldap_host = setting('ldap_host'); + $ldap_port = (int) setting('ldap_port'); - $connection = @ldap_connect($host, $port); + $connection = @ldap_connect($ldap_host, $ldap_port); - if (!$connection) { - throw new Exception('Could not connect to LDAP server: ' . @ldap_error($connection)); - } - - @ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3); - @ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search. - - $bind = @ldap_bind($connection, $user_dn, $ldap_password); - - if (!$bind) { - throw new Exception('LDAP bind failed: ' . @ldap_error($connection)); - } - - // Check the provided password against the LDAP service - - $filter = '(objectclass=*)'; - - $result = @ldap_search($connection, $user['ldap_dn'], $filter); - - if (!$result) { - return null; - } - - $ldap_entries = @ldap_get_entries($connection, $result); - - foreach ($ldap_entries as $ldap_entry) { - if (!is_array($ldap_entry) || empty($ldap_entry['dn']) || $ldap_entry['dn'] !== $user['ldap_dn']) { - continue; - } - - if (!$this->validate_password($password, $ldap_entry['userpassword'][0])) { - continue; - } + $user_bind = @ldap_bind($connection, $user['ldap_dn'], $password); + if ($user_bind) { $role = $this->CI->roles_model->find($user['id_roles']); $default_timezone = $this->CI->timezones->get_default_timezone();