From 8b333c935ddb2dbc4625dad9949582e80e31deb2 Mon Sep 17 00:00:00 2001
From: Ben Tyger <btyger@syferlock.com>
Date: Tue, 18 May 2021 14:26:52 -0400
Subject: [PATCH] Added LDAP Service account support for LDAP server that don't
 allow anon

---
 app/Controllers/Auth/AuthController.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/Controllers/Auth/AuthController.php b/app/Controllers/Auth/AuthController.php
index fd56aed..d6f9a28 100644
--- a/app/Controllers/Auth/AuthController.php
+++ b/app/Controllers/Auth/AuthController.php
@@ -45,6 +45,16 @@ abstract class AuthController extends Controller
             ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
             ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
         }
+        
+        $serviceAccountFQDN= (array_key_exists('service_account_dn', $this->config['ldap'])) ? 
+            $this->config['ldap']['service_account_dn'] : null;
+        if (is_string($serviceAccountFQDN)) {
+            
+            if (ldap_bind($server,$serviceAccountFQDN,$this->config['ldap']['service_account_password']) === false) {
+                $this->logger->error("Bind with service account ($serviceAccountFQDN) failed.");
+                return false;
+            }
+        }
 
         return $server;
     }