mirrors/easyappointments
1
0
Fork 1
mirror of https://github.com/alextselegidis/easyappointments.git synced 2024-11-10 10:02:33 +03:00
Code Issues Projects Releases Packages Wiki Activity

Update the LDAP password validation because some servers will not include "userpassword" to the LDAP entries result (#1547)

Browse source
This commit is contained in:
Alex Tselegidis 2024-06-01 15:35:57 +02:00
parent 9d7e0ba94e
commit 08f8315313
1 changed files with 6 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
application/libraries/Ldap_client.php
View file

@ -97,52 +97,19 @@ class Ldap_client
$user = $this->CI->accounts->get_user_by_username($username); $user = $this->CI->accounts->get_user_by_username($username);
if (empty($user['ldap_dn'])) { if (empty($user['ldap_dn'])) {
return null; return null; // User does not exist in Easy!Appointments
} }
// Connect to LDAP server // Connect to LDAP server
$host = setting('ldap_host'); $ldap_host = setting('ldap_host');
$port = (int) setting('ldap_port'); $ldap_port = (int) setting('ldap_port');
$user_dn = setting('ldap_user_dn');
$ldap_password = setting('ldap_password');
$connection = @ldap_connect($host, $port); $connection = @ldap_connect($ldap_host, $ldap_port);
if (!$connection) { $user_bind = @ldap_bind($connection, $user['ldap_dn'], $password);
throw new Exception('Could not connect to LDAP server: ' . @ldap_error($connection));
}
@ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
$bind = @ldap_bind($connection, $user_dn, $ldap_password);
if (!$bind) {
throw new Exception('LDAP bind failed: ' . @ldap_error($connection));
}
// Check the provided password against the LDAP service
$filter = '(objectclass=*)';
$result = @ldap_search($connection, $user['ldap_dn'], $filter);
if (!$result) {
return null;
}
$ldap_entries = @ldap_get_entries($connection, $result);
foreach ($ldap_entries as $ldap_entry) {
if (!is_array($ldap_entry) || empty($ldap_entry['dn']) || $ldap_entry['dn'] !== $user['ldap_dn']) {
continue;
}
if (!$this->validate_password($password, $ldap_entry['userpassword'][0])) {
continue;
}
if ($user_bind) {
$role = $this->CI->roles_model->find($user['id_roles']); $role = $this->CI->roles_model->find($user['id_roles']);
$default_timezone = $this->CI->timezones->get_default_timezone(); $default_timezone = $this->CI->timezones->get_default_timezone();