LDAP fixes

1. Changed `ldap_connect` error handling. `ldap_error` expects `LDAP\Connection`, and `ldap_connect` returns `false` if the syntax check fails 2. Fixed deprecation: passing null to parameter (`$ignore`) of type string 3. Fixed PHPDoc types for compatibility with PHP 8.1+
2023-08-28 00:31:22 +03:00 · 2023-08-28 00:31:22 +03:00 · e7a0a99fe6
parent ee55a9ea3a
commit e7a0a99fe6
1 changed files with 9 additions and 9 deletions
--- a/app/Controllers/Auth/AuthController.php
+++ b/app/Controllers/Auth/AuthController.php
@ -27,7 +27,7 @@ abstract class AuthController extends Controller

    /**
     * Connects to LDAP server and logs in with service account (if configured)
-     * @return resource|false
+     * @return \LDAP\Connection|resource|false
     */
    public function ldapConnect()
    {
@ -48,14 +48,14 @@ abstract class AuthController extends Controller
            ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
            ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
        } else {
-            $this->logger->error(ldap_error($server));
+            $this->logger->error('LDAP-URI was not parseable');
            return false;
        }

        // Upgrade to StartTLS
        $useStartTLS = @is_bool($this->config['ldap']['useStartTLS']) ? $this->config['ldap']['useStartTLS'] : false;
        if (($useStartTLS === true) && (ldap_start_tls($server) === false)) {
-            $this->logger-debug(ldap_error($server));
+            $this->logger->debug(ldap_error($server));
            $this->logger->error("Failed to establish secure LDAP swith StartTLS");
            return false;
        }
@ -77,7 +77,7 @@ abstract class AuthController extends Controller
    /**
     * Returns User's LDAP DN
     * @param  string  $username
-     * @param resource $server LDAP Server Resource
+     * @param \LDAP\Connection|resource $server LDAP Server Resource
     * @return string|null
     */
    protected function getLdapRdn(string $username, $server)
@ -85,7 +85,7 @@ abstract class AuthController extends Controller
        //Dynamic LDAP User Binding
        if (@is_string($this->config['ldap']['search_filter'])) {
            //Replace ???? with username
-            $searchFilter = str_replace('????', ldap_escape($username, null, LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
+            $searchFilter = str_replace('????', ldap_escape($username, '', LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
            $ldapAddributes = array('dn');
            $this->logger->debug("LDAP Search filter: $searchFilter");
            $ldapSearchResp = ldap_search(