fixed LDAP search login method

This commit is contained in:
Roland Gruber 2009-11-03 20:57:53 +00:00
parent dd6acb4906
commit 7739e27403
2 changed files with 36 additions and 23 deletions

View File

@ -112,6 +112,7 @@ class Ldap{
$bind = @ldap_bind($this->server, $user, $passwd); $bind = @ldap_bind($this->server, $user, $passwd);
if ($bind) { if ($bind) {
$return = ldap_errno($this->server); $return = ldap_errno($this->server);
$this->is_connected = true;
// return success number // return success number
return $return; return $return;
} }

View File

@ -431,37 +431,45 @@ if(!empty($_POST['checklogin'])) {
$username = $_POST['username']; $username = $_POST['username'];
// search user in LDAP if needed // search user in LDAP if needed
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) { if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
$searchLDAP = new Ldap($_SESSION['config']);
$searchLDAP->connect('', '');
$searchFilter = $_SESSION['config']->getLoginSearchFilter(); $searchFilter = $_SESSION['config']->getLoginSearchFilter();
$searchFilter = str_replace('%USER%', $username ,$searchFilter); $searchFilter = str_replace('%USER%', $username ,$searchFilter);
$searchSuccess = true; $searchSuccess = true;
$searchError = ''; $searchError = '';
$searchResult = @ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER); $searchLDAP = new Ldap($_SESSION['config']);
if ($searchResult) { $searchLDAPResult = $searchLDAP->connect('', '', true);
$searchInfo = @ldap_get_entries($searchLDAP->server(), $searchResult); if (! ($searchLDAPResult == 0)) {
if ($searchInfo) { $searchSuccess = false;
if ($searchInfo['count'] == 0) { $searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . @ldap_error($searchLDAP->server());
$searchSuccess = false; }
$searchError = _('Wrong password/user name combination. Please try again.'); else {
} $searchResult = @ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
elseif ($searchInfo['count'] > 1) { if ($searchResult) {
$searchSuccess = false; $searchInfo = @ldap_get_entries($searchLDAP->server(), $searchResult);
$searchError = _('The given user name matches multiple LDAP entries.'); if ($searchInfo) {
if ($searchInfo['count'] == 0) {
$searchSuccess = false;
$searchError = _('Wrong password/user name combination. Please try again.');
}
elseif ($searchInfo['count'] > 1) {
$searchSuccess = false;
$searchError = _('The given user name matches multiple LDAP entries.');
}
else {
$username = $searchInfo[0]['dn'];
}
} }
else { else {
$username = $searchInfo[0]['dn']; $searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.');
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . ldap_error($searchLDAP->server());
} }
} }
else { else {
$searchSuccess = false; $searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.') . ' ' . ldap_error($searchLDAP->server()); $searchError = _('Unable to find the user name in LDAP.');
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . ldap_error($searchLDAP->server());
} }
} }
else {
$searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.') . ' ' . ldap_error($searchLDAP->server());
}
if (!$searchSuccess) { if (!$searchSuccess) {
$error_message = $searchError; $error_message = $searchError;
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in. ' . $searchError . ''); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
@ -493,27 +501,31 @@ if(!empty($_POST['checklogin'])) {
} }
else { else {
if ($result === False) { if ($result === False) {
// connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again."); $error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
display_LoginPage($_SESSION['config']); // connection failed display_LoginPage($_SESSION['config']);
exit(); exit();
} }
elseif ($result == 81) { elseif ($result == 81) {
// connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again."); $error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
display_LoginPage($_SESSION['config']); // connection failed display_LoginPage($_SESSION['config']);
exit(); exit();
} }
elseif ($result == 49) { elseif ($result == 49) {
// user name/password invalid. Return to login page.
$error_message = _("Wrong password/user name combination. Please try again."); $error_message = _("Wrong password/user name combination. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (wrong password).'); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (wrong password).');
display_LoginPage($_SESSION['config']); // Username/password invalid. Return to login page. display_LoginPage($_SESSION['config']);
exit(); exit();
} }
else { else {
// other errors
$error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result); $error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result);
logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').'); logNewMessage(LOG_ERR, 'User ' . $_POST['username'] . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
display_LoginPage($_SESSION['config']); // other errors display_LoginPage($_SESSION['config']);
exit(); exit();
} }
} }