diff --git a/library/Icinga/Authentication/Backend/LdapUserBackend.php b/library/Icinga/Authentication/Backend/LdapUserBackend.php index d17cb3624..44445cec8 100644 --- a/library/Icinga/Authentication/Backend/LdapUserBackend.php +++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php @@ -94,16 +94,18 @@ class LdapUserBackend extends UserBackend * @param User $user * @param string $password * - * @return bool|null - * @throws AuthenticationException + * @return bool True when the authentication was successful, false when the username or password was invalid + * @throws AuthenticationException When an error occurred during authentication */ public function authenticate(User $user, $password) { try { - return $this->conn->testCredentials( - $this->conn->fetchDN($this->createQuery($user->getUsername())), - $password - ); + $userDn = $this->conn->fetchDN($this->createQuery($user->getUsername())); + if (!$userDn) { + // User does not exist + return false; + } + return $this->conn->testCredentials($userDn, $password); } catch (Exception $e) { throw new AuthenticationException( sprintf( diff --git a/library/Icinga/Protocol/Ldap/Connection.php b/library/Icinga/Protocol/Ldap/Connection.php index 6419fbb6f..2611f5580 100644 --- a/library/Icinga/Protocol/Ldap/Connection.php +++ b/library/Icinga/Protocol/Ldap/Connection.php @@ -207,16 +207,19 @@ class Connection return true; } + /** + * Fetch the distinguished name of the first result of the given query + * + * @param $query + * @param array $fields + * + * @return bool|String Returns the distinguished name, or false when the given query yields no results + */ public function fetchDN($query, $fields = array()) { $rows = $this->fetchAll($query, $fields); if (count($rows) !== 1) { - throw new \Exception( - sprintf( - 'Cannot fetch single DN for %s', - $query - ) - ); + return false; } return key($rows); }