Allow connect to hosts with no anonymous access
Do not throw exceptions on failed ldap connects during capability discovery fixes #7325
This commit is contained in:
Matthias Jentsch
parent
d0706a55ea
commit
54eda31633
|
|
@ -336,9 +336,9 @@ class Connection
|
||||||
|
|
||||||
public function testCredentials($username, $password)
|
public function testCredentials($username, $password)
|
||||||
{
|
{
|
||||||
$ds = $this->prepareNewConnection();
|
$this->connect();
|
||||||
|
|
||||||
$r = @ldap_bind($ds, $username, $password);
|
$r = @ldap_bind($this->ds, $username, $password);
|
||||||
if ($r) {
|
if ($r) {
|
||||||
Logger::debug(
|
Logger::debug(
|
||||||
'Successfully tested LDAP credentials (%s / %s)',
|
'Successfully tested LDAP credentials (%s / %s)',
|
||||||
|
|
@ -351,7 +351,7 @@ class Connection
|
||||||
'Testing LDAP credentials (%s / %s) failed: %s',
|
'Testing LDAP credentials (%s / %s) failed: %s',
|
||||||
$username,
|
$username,
|
||||||
'***',
|
'***',
|
||||||
ldap_error($ds)
|
ldap_error($this->ds)
|
||||||
);
|
);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
@ -388,7 +388,19 @@ class Connection
|
||||||
}
|
}
|
||||||
|
|
||||||
$ds = ldap_connect($this->hostname, $this->port);
|
$ds = ldap_connect($this->hostname, $this->port);
|
||||||
list($cap, $namingContexts) = $this->discoverCapabilities($ds);
|
try {
|
||||||
|
$capabilities = $this->discoverCapabilities($ds);
|
||||||
|
list($cap, $namingContexts) = $capabilities;
|
||||||
|
} catch (LdapException $e) {
|
||||||
|
|
||||||
|
// discovery failed, guess defaults
|
||||||
|
$cap = (object) array(
|
||||||
|
'supports_ldapv3' => true,
|
||||||
|
'supports_starttls' => false,
|
||||||
|
'msCapabilities' => array()
|
||||||
|
);
|
||||||
|
$namingContexts = null;
|
||||||
|
}
|
||||||
$this->capabilities = $cap;
|
$this->capabilities = $cap;
|
||||||
$this->namingContexts = $namingContexts;
|
$this->namingContexts = $namingContexts;
|
||||||
|
|
||||||
|
|
@ -626,7 +638,8 @@ class Connection
|
||||||
if (! $result) {
|
if (! $result) {
|
||||||
throw new LdapException(
|
throw new LdapException(
|
||||||
sprintf(
|
sprintf(
|
||||||
'Capability query failed (%s:%d): %s',
|
'Capability query failed (%s:%d): %s. Check if hostname and port of the ldap resource are correct '
|
||||||
|
. ' and if anonymous access is permitted.',
|
||||||
$this->hostname,
|
$this->hostname,
|
||||||
$this->port,
|
$this->port,
|
||||||
ldap_error($ds)
|
ldap_error($ds)
|
||||||
|
|
@ -634,6 +647,16 @@ class Connection
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
$entry = ldap_first_entry($ds, $result);
|
$entry = ldap_first_entry($ds, $result);
|
||||||
|
if ($entry === false) {
|
||||||
|
throw new LdapException(
|
||||||
|
sprintf(
|
||||||
|
'Capabilities not available (%s:%d): %s. Discovery of root DSE probably not permitted.',
|
||||||
|
$this->hostname,
|
||||||
|
$this->port,
|
||||||
|
ldap_error($ds)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
$cap = (object) array(
|
$cap = (object) array(
|
||||||
'supports_ldapv3' => false,
|
'supports_ldapv3' => false,
|
||||||
|
|
@ -641,10 +664,6 @@ class Connection
|
||||||
'msCapabilities' => array()
|
'msCapabilities' => array()
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($entry === false) {
|
|
||||||
// TODO: Is it OK to have no capabilities?
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
$ldapAttributes = ldap_get_attributes($ds, $entry);
|
$ldapAttributes = ldap_get_attributes($ds, $entry);
|
||||||
$result = $this->cleanupAttributes($ldapAttributes);
|
$result = $this->cleanupAttributes($ldapAttributes);
|
||||||
$cap->supports_ldapv3 = $this->hasCapabilityLdapV3($result);
|
$cap->supports_ldapv3 = $this->hasCapabilityLdapV3($result);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue