Do not interrupt authentication chain on invalid ldap connection infos

Catch LdapExceptions and throw AuthenticationException to not interrupt authentication chain fixes #7497
2014-11-04 12:35:41 +01:00 · 2014-11-04 12:35:41 +01:00 · f9fee2df70
parent 18bd49e636
commit f9fee2df70
1 changed files with 11 additions and 3 deletions
--- a/library/Icinga/Authentication/Backend/LdapUserBackend.php
+++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php
@ -68,8 +68,16 @@ class LdapUserBackend extends UserBackend
     */
    public function assertAuthenticationPossible()
    {
-        $q = $this->conn->select()->from($this->userClass);
-        $result = $q->fetchRow();
+        try {
+            $q = $this->conn->select()->from($this->userClass);
+            $result = $q->fetchRow();
+        } catch (LdapException $e) {
+            throw new AuthenticationException(
+                'Connection not possible: %s',
+                $e->getMessage()
+            );
+        }
+
        if (! isset($result)) {
            throw new AuthenticationException(
                'No objects with objectClass="%s" in DN="%s" found.',
@ -158,7 +166,7 @@ class LdapUserBackend extends UserBackend
            } catch (AuthenticationException $e) {
                // Authentication not possible
                throw new AuthenticationException(
-                    'Authentication against backend "%s" not possible: ',
+                    'Authentication against backend "%s" not possible: %s',
                    $this->getName(),
                    $e
                );