From cdc431f8b89ba98062db93e5ed7a186917e51554 Mon Sep 17 00:00:00 2001
From: ramonn <noreply@pandorafms.org>
Date: Tue, 19 Feb 2013 17:16:46 +0000
Subject: [PATCH] 2013-02-19  Ramon Novoa  <rnovoa@artica.es>

	* include/auth/ldap.php: Do not bind anonymously to check whether the
	  user exists.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@7681 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog             |  5 +++++
 pandora_console/include/auth/ldap.php | 15 ++++-----------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index b1e01f4da9..676565a903 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,8 @@
+2013-02-19  Ramon Novoa  <rnovoa@artica.es>
+
+	* include/auth/ldap.php: Do not bind anonymously to check whether the
+	  user exists.
+
 2013-02-19 Miguel de Dios <miguel.dedios@artica.es>
 	
 	* godmode/alerts/configure_alert_command.php,
diff --git a/pandora_console/include/auth/ldap.php b/pandora_console/include/auth/ldap.php
index ea307cd66b..15fd6be8e0 100644
--- a/pandora_console/include/auth/ldap.php
+++ b/pandora_console/include/auth/ldap.php
@@ -364,19 +364,12 @@ function ldap_valid_login ($login, $password) {
 			return $ret;
 		}
 		
-		if (ldap_search_user ($login)) {
-			$r = @ldap_bind ($ds, $config["auth"]["ldap_login_attr"]."=".$login.",".$config["auth"]["ldap_base_dn"], $password);
-			if (!$r) {
-				$ldap_cache["error"] .= 'Invalid login';
-				//$ldap_cache["error"] .= ': incorrect password'; // uncomment for debugging
-			}
-			else {
-				$ret = true;
-			}
+		$r = @ldap_bind ($ds, $config["auth"]["ldap_login_attr"]."=".$login.",".$config["auth"]["ldap_base_dn"], $password);
+		if (!$r) {
+			$ldap_cache["error"] .= 'Invalid login';
 		}
 		else {
-			$ldap_cache["error"] .= 'Invalid login';
-			//$ldap_cache["error"] .= ': no such user';
+			$ret = true;
 		}
 		@ldap_close ($ds);
 	}