mirror of
https://github.com/alextselegidis/easyappointments.git
synced 2024-11-10 01:52:22 +03:00
Update the LDAP password validation because some servers will not include "userpassword" to the LDAP entries result (#1547)
This commit is contained in:
parent
9d7e0ba94e
commit
08f8315313
1 changed files with 6 additions and 39 deletions
|
@ -97,52 +97,19 @@ class Ldap_client
|
|||
$user = $this->CI->accounts->get_user_by_username($username);
|
||||
|
||||
if (empty($user['ldap_dn'])) {
|
||||
return null;
|
||||
return null; // User does not exist in Easy!Appointments
|
||||
}
|
||||
|
||||
// Connect to LDAP server
|
||||
|
||||
$host = setting('ldap_host');
|
||||
$port = (int) setting('ldap_port');
|
||||
$user_dn = setting('ldap_user_dn');
|
||||
$ldap_password = setting('ldap_password');
|
||||
$ldap_host = setting('ldap_host');
|
||||
$ldap_port = (int) setting('ldap_port');
|
||||
|
||||
$connection = @ldap_connect($host, $port);
|
||||
$connection = @ldap_connect($ldap_host, $ldap_port);
|
||||
|
||||
if (!$connection) {
|
||||
throw new Exception('Could not connect to LDAP server: ' . @ldap_error($connection));
|
||||
}
|
||||
|
||||
@ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
@ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
|
||||
|
||||
$bind = @ldap_bind($connection, $user_dn, $ldap_password);
|
||||
|
||||
if (!$bind) {
|
||||
throw new Exception('LDAP bind failed: ' . @ldap_error($connection));
|
||||
}
|
||||
|
||||
// Check the provided password against the LDAP service
|
||||
|
||||
$filter = '(objectclass=*)';
|
||||
|
||||
$result = @ldap_search($connection, $user['ldap_dn'], $filter);
|
||||
|
||||
if (!$result) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$ldap_entries = @ldap_get_entries($connection, $result);
|
||||
|
||||
foreach ($ldap_entries as $ldap_entry) {
|
||||
if (!is_array($ldap_entry) || empty($ldap_entry['dn']) || $ldap_entry['dn'] !== $user['ldap_dn']) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (!$this->validate_password($password, $ldap_entry['userpassword'][0])) {
|
||||
continue;
|
||||
}
|
||||
$user_bind = @ldap_bind($connection, $user['ldap_dn'], $password);
|
||||
|
||||
if ($user_bind) {
|
||||
$role = $this->CI->roles_model->find($user['id_roles']);
|
||||
|
||||
$default_timezone = $this->CI->timezones->get_default_timezone();
|
||||
|
|
Loading…
Reference in a new issue