diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 2e4f2322..2f6ee42b 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -1487,8 +1487,9 @@ function getDefaultLDAPErrorString($server) {
logNewMessage(LOG_DEBUG, 'Password change failed because of ' . $extError);
$extError = _('Your password does not meet the password strength qualifications. Please retry with another one.');
}
- $message = _('LDAP error, server says:') . ' ' . ldap_error($server);
- if (!empty($extError)) {
+ $genericErrorMessage = ldap_error($server);
+ $message = _('LDAP error, server says:') . ' ' . $genericErrorMessage;
+ if (!empty($extError) && ($genericErrorMessage != $extError)) {
$message .= ' - ' . $extError;
}
return $message;
diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc
index db99d3a9..5c7db093 100644
--- a/lam/lib/ldap.inc
+++ b/lam/lib/ldap.inc
@@ -67,19 +67,19 @@ class Ldap{
}
/**
- * Connects to the server using the given username and password
- *
- * @param string $user user name
- * @param string $passwd password
- * @param boolean $allowAnonymous specifies if anonymous binds are allowed
- * @return mixed if connect succeeds the 0 is returned, else false or error number
- */
+ * Connects to the server using the given username and password
+ *
+ * @param string $user user name
+ * @param string $passwd password
+ * @param boolean $allowAnonymous specifies if anonymous binds are allowed
+ * @throws LAMException unable to connect
+ */
public function connect($user, $passwd, $allowAnonymous=false) {
// close any prior connection
@$this->close();
// do not allow anonymous bind
if (!$allowAnonymous && ((!$user)||($user == "")||(!$passwd))) {
- return false;
+ throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
}
// save password und username encrypted
$this->encrypt_login($user, $passwd);
@@ -94,17 +94,29 @@ class Ldap{
if ($bind) {
$return = ldap_errno($this->server);
$this->is_connected = true;
- // return success number
- return $return;
+ return;
}
// return error number
+ $errorNumber = ldap_errno($this->server);
+ $clientSource = empty($_SERVER['REMOTE_ADDR']) ? '' : $_SERVER['REMOTE_ADDR'];
+ if (($errorNumber === False)
+ || ($errorNumber == 81)) {
+ // connection failed
+ logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
+ throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
+ }
+ elseif ($errorNumber == 49) {
+ // user name/password invalid. Return to login page.
+ logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (wrong password). ' . getDefaultLDAPErrorString($this->server));
+ throw new LAMException(_("Wrong password/user name combination. Please try again."), getDefaultLDAPErrorString($this->server));
+ }
else {
- return ldap_errno($this->server);
+ // other errors
+ logNewMessage(LOG_ERR, 'User ' . $user . ' (' . $clientSource . ') failed to log in (LDAP error: ' . getDefaultLDAPErrorString($this->server) . ').');
+ throw new LAMException(_("LDAP error, server says:"), "($errorNumber) " . getDefaultLDAPErrorString($this->server));
}
}
- else {
- return false;
- }
+ throw new LAMException(_("Cannot connect to specified LDAP server. Please try again."));
}
/** Closes connection to server */
@@ -121,8 +133,13 @@ class Ldap{
*/
public function server() {
if (!$this->is_connected) {
- $this->connect($this->getUserName(), $this->getPassword());
- $this->is_connected = true;
+ try {
+ $this->connect($this->getUserName(), $this->getPassword());
+ $this->is_connected = true;
+ }
+ catch (LAMException $e) {
+ logNewMessage(LOG_ERR, $e->getTitle() . ' ' . $e->getMessage());
+ }
}
return $this->server;
}
diff --git a/lam/templates/login.php b/lam/templates/login.php
index 4cb74df6..29281410 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -11,6 +11,7 @@ use \htmlGroup;
use \htmlInputCheckbox;
use \htmlButton;
use \htmlStatusMessage;
+use LAMException;
use \Ldap;
use \htmlResponsiveRow;
use \htmlDiv;
@@ -170,12 +171,13 @@ $manifestUrl = preg_replace('/\\?.*/', '', $manifestUrl);
$_SESSION['header'] .= '';
/**
-* Displays the login window.
-*
-* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
-* @param string $error_message error message to display
-*/
-function display_LoginPage($licenseValidator, $error_message) {
+ * Displays the login window.
+ *
+ * @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
+ * @param string $error_message error message to display
+ * @param string $errorDetails error details
+ */
+function display_LoginPage($licenseValidator, $error_message, $errorDetails = null) {
$config_object = $_SESSION['config'];
$cfgMain = $_SESSION["cfgMain"];
logNewMessage(LOG_DEBUG, "Display login page");
@@ -405,7 +407,7 @@ function display_LoginPage($licenseValidator, $error_message) {
// error message
if(!empty($error_message)) {
$row->add(new \htmlSpacer(null, '5px'), 12);
- $message = new htmlStatusMessage('ERROR', $error_message);
+ $message = new htmlStatusMessage('ERROR', $error_message, $errorDetails);
$message->colspan = 3;
$row->add($message, 12);
}
@@ -506,7 +508,7 @@ if(isset($_POST['checklogin'])) {
// search user in LDAP if needed
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
- $searchFilter = str_replace('%USER%', $username ,$searchFilter);
+ $searchFilter = str_replace('%USER%', $username, $searchFilter);
$searchDN = '';
$searchPassword = '';
$configLoginSearchDn = $_SESSION['config']->getLoginSearchDN();
@@ -517,57 +519,58 @@ if(isset($_POST['checklogin'])) {
$searchSuccess = true;
$searchError = '';
$searchLDAP = new Ldap($_SESSION['config']);
- $searchLDAPResult = $searchLDAP->connect($searchDN, $searchPassword, true);
- if (! ($searchLDAPResult == 0)) {
- $searchSuccess = false;
- $searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . getDefaultLDAPErrorString($searchLDAP->server());
- }
- else {
- $searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
- if ($searchResult) {
- $searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult);
- if ($searchInfo) {
- cleanLDAPResult($searchInfo);
- if (sizeof($searchInfo) == 0) {
- $searchSuccess = false;
- $searchError = _('Wrong password/user name combination. Please try again.');
- }
- elseif (sizeof($searchInfo) > 1) {
- $searchSuccess = false;
- $searchError = _('The given user name matches multiple LDAP entries.');
- }
- else {
- $username = $searchInfo[0]['dn'];
- }
- }
- else {
- $searchSuccess = false;
- $searchError = _('Unable to find the user name in LDAP.');
- if (ldap_errno($searchLDAP->server()) != 0) {
- $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
- }
- }
+ try {
+ $searchLDAP->connect($searchDN, $searchPassword, true);
+ $searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
+ if ($searchResult) {
+ $searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult);
+ if ($searchInfo) {
+ cleanLDAPResult($searchInfo);
+ if (sizeof($searchInfo) == 0) {
+ $searchSuccess = false;
+ $searchError = _('Wrong password/user name combination. Please try again.');
+ }
+ elseif (sizeof($searchInfo) > 1) {
+ $searchSuccess = false;
+ $searchError = _('The given user name matches multiple LDAP entries.');
+ }
+ else {
+ $username = $searchInfo[0]['dn'];
+ }
+ }
+ else {
+ $searchSuccess = false;
+ $searchError = _('Unable to find the user name in LDAP.');
+ if (ldap_errno($searchLDAP->server()) != 0) {
+ $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
+ }
+ }
+ }
+ else {
+ $searchSuccess = false;
+ $searchError = _('Unable to find the user name in LDAP.');
+ if (ldap_errno($searchLDAP->server()) != 0) {
+ $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
+ }
+ }
+ if (!$searchSuccess) {
+ $error_message = $searchError;
+ logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
+ $searchLDAP->close();
+ display_LoginPage($licenseValidator, $error_message);
+ exit();
}
- else {
- $searchSuccess = false;
- $searchError = _('Unable to find the user name in LDAP.');
- if (ldap_errno($searchLDAP->server()) != 0) {
- $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
- }
- }
- }
- if (!$searchSuccess) {
- $error_message = $searchError;
- logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
$searchLDAP->close();
- display_LoginPage($licenseValidator, $error_message);
- exit();
}
- $searchLDAP->close();
+ catch (LAMException $e) {
+ $searchLDAP->close();
+ display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
+ exit();
+ }
}
// try to connect to LDAP
- $result = $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifying username/password
- if($result === 0) {// Username/password correct. Do some configuration and load main frame.
+ try {
+ $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifying username/password
$_SESSION['loggedIn'] = true;
// set security settings for session
$_SESSION['sec_session_id'] = session_id();
@@ -586,26 +589,10 @@ if(isset($_POST['checklogin'])) {
}
die();
}
- else {
- if (($result === False)
- || ($result == 81)) {
- // connection failed
- $error_message = _("Cannot connect to specified LDAP server. Please try again.");
- logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
- }
- elseif ($result == 49) {
- // user name/password invalid. Return to login page.
- $error_message = _("Wrong password/user name combination. Please try again.");
- logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (wrong password).');
- }
- else {
- // other errors
- $error_message = _("LDAP error, server says:") . "\n
($result) " . ldap_err2str($result);
- logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
- }
- display_LoginPage($licenseValidator, $error_message);
+ catch (LAMException $e) {
+ display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
exit();
- }
+ }
}
//displays the login window