beenull/XBackBone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Merge pull request #547 from samrzhevsky/master

Browse source 
LDAP fixes
This commit is contained in:
Sergio Brighenti 2023-12-17 10:45:49 +01:00 committed by GitHub
parent ee55a9ea3a e7a0a99fe6
commit 903f87e693
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Controllers/Auth/AuthController.php
View file

@ -27,7 +27,7 @@ abstract class AuthController extends Controller
/** /**
* Connects to LDAP server and logs in with service account (if configured) * Connects to LDAP server and logs in with service account (if configured)
* @return resource|false * @return \LDAP\Connection|resource|false
*/ */
public function ldapConnect() public function ldapConnect()
{ {
@ -48,14 +48,14 @@ abstract class AuthController extends Controller
ldap_set_option($server, LDAP_OPT_REFERRALS, 0); ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10); ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
} else { } else {
$this->logger->error(ldap_error($server)); $this->logger->error('LDAP-URI was not parseable');
return false; return false;
} }
// Upgrade to StartTLS // Upgrade to StartTLS
$useStartTLS = @is_bool($this->config['ldap']['useStartTLS']) ? $this->config['ldap']['useStartTLS'] : false; $useStartTLS = @is_bool($this->config['ldap']['useStartTLS']) ? $this->config['ldap']['useStartTLS'] : false;
if (($useStartTLS === true) && (ldap_start_tls($server) === false)) { if (($useStartTLS === true) && (ldap_start_tls($server) === false)) {
$this->logger-debug(ldap_error($server)); $this->logger->debug(ldap_error($server));
$this->logger->error("Failed to establish secure LDAP swith StartTLS"); $this->logger->error("Failed to establish secure LDAP swith StartTLS");
return false; return false;
} }
@ -77,7 +77,7 @@ abstract class AuthController extends Controller
/** /**
* Returns User's LDAP DN * Returns User's LDAP DN
* @param string $username * @param string $username
* @param resource $server LDAP Server Resource * @param \LDAP\Connection|resource $server LDAP Server Resource
* @return string|null * @return string|null
*/ */
protected function getLdapRdn(string $username, $server) protected function getLdapRdn(string $username, $server)
@ -85,7 +85,7 @@ abstract class AuthController extends Controller
//Dynamic LDAP User Binding //Dynamic LDAP User Binding
if (@is_string($this->config['ldap']['search_filter'])) { if (@is_string($this->config['ldap']['search_filter'])) {
//Replace ???? with username //Replace ???? with username
$searchFilter = str_replace('????', ldap_escape($username, null, LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']); $searchFilter = str_replace('????', ldap_escape($username, '', LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
$ldapAddributes = array('dn'); $ldapAddributes = array('dn');
$this->logger->debug("LDAP Search filter: $searchFilter"); $this->logger->debug("LDAP Search filter: $searchFilter");
$ldapSearchResp = ldap_search( $ldapSearchResp = ldap_search(