fixed LDAP search login method
This commit is contained in:
Roland Gruber
parent
dd6acb4906
commit
7739e27403
|
|
@ -112,6 +112,7 @@ class Ldap{
|
||||||
$bind = @ldap_bind($this->server, $user, $passwd);
|
$bind = @ldap_bind($this->server, $user, $passwd);
|
||||||
if ($bind) {
|
if ($bind) {
|
||||||
$return = ldap_errno($this->server);
|
$return = ldap_errno($this->server);
|
||||||
|
$this->is_connected = true;
|
||||||
// return success number
|
// return success number
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -431,37 +431,45 @@ if(!empty($_POST['checklogin'])) {
|
||||||
$username = $_POST['username'];
|
$username = $_POST['username'];
|
||||||
// search user in LDAP if needed
|
// search user in LDAP if needed
|
||||||
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
|
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
|
||||||
$searchLDAP = new Ldap($_SESSION['config']);
|
|
||||||
$searchLDAP->connect('', '');
|
|
||||||
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
|
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
|
||||||
$searchFilter = str_replace('%USER%', $username ,$searchFilter);
|
$searchFilter = str_replace('%USER%', $username ,$searchFilter);
|
||||||
$searchSuccess = true;
|
$searchSuccess = true;
|
||||||
$searchError = '';
|
$searchError = '';
|
||||||
$searchResult = @ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
|
$searchLDAP = new Ldap($_SESSION['config']);
|
||||||
if ($searchResult) {
|
$searchLDAPResult = $searchLDAP->connect('', '', true);
|
||||||
$searchInfo = @ldap_get_entries($searchLDAP->server(), $searchResult);
|
if (! ($searchLDAPResult == 0)) {
|
||||||
if ($searchInfo) {
|
$searchSuccess = false;
|
||||||
if ($searchInfo['count'] == 0) {
|
$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . @ldap_error($searchLDAP->server());
|
||||||
$searchSuccess = false;
|
}
|
||||||
$searchError = _('Wrong password/user name combination. Please try again.');
|
else {
|
||||||
}
|
$searchResult = @ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
elseif ($searchInfo['count'] > 1) {
|
if ($searchResult) {
|
||||||
$searchSuccess = false;
|
$searchInfo = @ldap_get_entries($searchLDAP->server(), $searchResult);
|
||||||
$searchError = _('The given user name matches multiple LDAP entries.');
|
if ($searchInfo) {
|
||||||
|
if ($searchInfo['count'] == 0) {
|
||||||
|
$searchSuccess = false;
|
||||||
|
$searchError = _('Wrong password/user name combination. Please try again.');
|
||||||
|
}
|
||||||
|
elseif ($searchInfo['count'] > 1) {
|
||||||
|
$searchSuccess = false;
|
||||||
|
$searchError = _('The given user name matches multiple LDAP entries.');
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$username = $searchInfo[0]['dn'];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$username = $searchInfo[0]['dn'];
|
$searchSuccess = false;
|
||||||
|
$searchError = _('Unable to find the user name in LDAP.');
|
||||||
|
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . ldap_error($searchLDAP->server());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$searchSuccess = false;
|
$searchSuccess = false;
|
||||||
$searchError = _('Unable to find the user name in LDAP.') . ' ' . ldap_error($searchLDAP->server());
|
$searchError = _('Unable to find the user name in LDAP.');
|
||||||
|
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . ldap_error($searchLDAP->server());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
$searchSuccess = false;
|
|
||||||
$searchError = _('Unable to find the user name in LDAP.') . ' ' . ldap_error($searchLDAP->server());
|
|
||||||
}
|
|
||||||
if (!$searchSuccess) {
|
if (!$searchSuccess) {
|
||||||
$error_message = $searchError;
|
$error_message = $searchError;
|
||||||
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
|
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
|
||||||
|
|
@ -493,27 +501,31 @@ if(!empty($_POST['checklogin'])) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if ($result === False) {
|
if ($result === False) {
|
||||||
|
// connection failed
|
||||||
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
|
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
|
||||||
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
||||||
display_LoginPage($_SESSION['config']); // connection failed
|
display_LoginPage($_SESSION['config']);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
elseif ($result == 81) {
|
elseif ($result == 81) {
|
||||||
|
// connection failed
|
||||||
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
|
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
|
||||||
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
||||||
display_LoginPage($_SESSION['config']); // connection failed
|
display_LoginPage($_SESSION['config']);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
elseif ($result == 49) {
|
elseif ($result == 49) {
|
||||||
|
// user name/password invalid. Return to login page.
|
||||||
$error_message = _("Wrong password/user name combination. Please try again.");
|
$error_message = _("Wrong password/user name combination. Please try again.");
|
||||||
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (wrong password).');
|
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (wrong password).');
|
||||||
display_LoginPage($_SESSION['config']); // Username/password invalid. Return to login page.
|
display_LoginPage($_SESSION['config']);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
// other errors
|
||||||
$error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result);
|
$error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result);
|
||||||
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
|
||||||
display_LoginPage($_SESSION['config']); // other errors
|
display_LoginPage($_SESSION['config']);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue