From a455ba666a378cd1aed30ff55412ddaebca7d9f1 Mon Sep 17 00:00:00 2001
From: Arturo Gonzalez <arturo.gonzalez@artica.es>
Date: Fri, 24 Nov 2017 14:03:49 +0100
Subject: [PATCH] Added code to login with admin ldap user

---
 pandora_console/godmode/setup/setup_auth.php | 12 ++++++
 pandora_console/include/auth/mysql.php       | 42 ++++++++++++++++++++
 pandora_console/include/functions_config.php | 12 ++++++
 3 files changed, 66 insertions(+)

diff --git a/pandora_console/godmode/setup/setup_auth.php b/pandora_console/godmode/setup/setup_auth.php
index 1b18f0f7ec..96893aa091 100644
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@@ -106,6 +106,18 @@ if (is_ajax ()) {
 				$row['name'] = __('Login attribute');
 				$row['control'] = html_print_input_text ('ldap_login_attr', $config['ldap_login_attr'], '', 60, 100, true);
 				$table->data['ldap_login_attr'] = $row;
+
+				// Admin LDAP login
+				$row = array();
+				$row['name'] = __('Admin LDAP login');
+				$row['control'] = html_print_input_text ('ldap_admin_login', $config['ldap_admin_login'], '', 60, 100, true);
+				$table->data['ldap_admin_login'] = $row;
+
+				// Admin LDAP password
+				$row = array();
+				$row['name'] = __('Admin LDAP password');
+				$row['control'] = html_print_input_password ('ldap_admin_pass', $config['ldap_admin_pass'], $alt = '', 60, 100, true);
+				$table->data['ldap_admin_pass'] = $row;
 			break;
 
 			case 'pandora':
diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 4b85e3a8e0..acd777102c 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -689,6 +689,20 @@ function ldap_process_user_login ($login, $password) {
 		}
 	}
 
+	$correct_admin_bind = true;
+	if ($config['ldap_admin_login'] != "" && $config['ldap_admin_pass'] != "") {
+		if (!@ldap_bind($ds, io_safe_output($config['ldap_admin_login']), $config['ldap_admin_pass'])) {
+			$correct_admin_bind = false;
+		}
+	}
+
+	if (!$correct_admin_bind) {
+		$config["auth_error"] = 'Admin ldap connection fail';
+		@ldap_close ($ds);
+		
+		return false;
+	}
+
 	$dc = io_safe_output($config["ldap_base_dn"]);
 	
 	#Search group of this user it belong.
@@ -770,6 +784,20 @@ function get_ldap_login_attr ($login) {
 	switch ($config['ldap_login_user_attr']) {
 		case 'email':
 			$dc = io_safe_output($config["ldap_base_dn"]);
+
+			$correct_admin_bind = true;
+			if ($config['ldap_admin_login'] != "" && $config['ldap_admin_pass'] != "") {
+				if (!@ldap_bind($ds, io_safe_output($config['ldap_admin_login']), $config['ldap_admin_pass'])) {
+					$correct_admin_bind = false;
+				}
+			}
+
+			if (!$correct_admin_bind) {
+				$config["auth_error"] = 'Admin ldap connection fail';
+				@ldap_close ($ds);
+				
+				return false;
+			}
 	
 			$filter="(" . $config['ldap_login_attr'] . "=" . io_safe_output($id_user) . ")";
 			$justthese = array("mail");
@@ -859,6 +887,20 @@ function prepare_permissions_groups_of_user_ldap ($id_user, $password,
 	
 	$dc = io_safe_output($config["ldap_base_dn"]);
 	
+	$correct_admin_bind = true;
+	if ($config['ldap_admin_login'] != "" && $config['ldap_admin_pass'] != "") {
+		if (!@ldap_bind($ds, io_safe_output($config['ldap_admin_login']), $config['ldap_admin_pass'])) {
+			$correct_admin_bind = false;
+		}
+	}
+
+	if (!$correct_admin_bind) {
+		$config["auth_error"] = 'Admin ldap connection fail';
+		@ldap_close ($ds);
+		
+		return false;
+	}
+
 	#Search group of this user it belong.
 	$filter="(" . $config['ldap_login_attr'] . "=" . io_safe_output($id_user) . ")";
 	$justthese = array("objectclass=group");
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index 26e87a9cd8..30078c5685 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -343,6 +343,10 @@ function config_update_config () {
 						$error_update[] = __('Base DN');
 					if (!config_update_value ('ldap_login_attr', get_parameter ('ldap_login_attr')))
 						$error_update[] = __('Login attribute');
+					if (!config_update_value ('ldap_admin_login', get_parameter ('ldap_admin_login')))
+						$error_update[] = __('Admin LDAP login');
+					if (!config_update_value ('ldap_admin_pass', get_parameter ('ldap_admin_pass')))
+						$error_update[] = __('Admin LDAP password');
 					if (!config_update_value ('fallback_local_auth', get_parameter ('fallback_local_auth')))
 						$error_update[] = __('Fallback to local authentication');
 					if (!config_update_value ('ldap_login_user_attr', get_parameter ('ldap_login_user_attr')))
@@ -1358,6 +1362,14 @@ function config_process_config () {
 	if (!isset ($config['ldap_login_attr'])) {
 		config_update_value ( 'ldap_login_attr', 'uid');
 	}
+
+	if (!isset ($config['ldap_admin_login'])) {
+		config_update_value ( 'ldap_admin_login', '');
+	}
+
+	if (!isset ($config['ldap_admin_pass'])) {
+		config_update_value ( 'ldap_admin_pass', '');
+	}
 	
 	if (!isset ($config['fallback_local_auth'])) {
 		config_update_value ( 'fallback_local_auth', '0');