2013-02-19 Ramon Novoa <rnovoa@artica.es>

* include/auth/ldap.php: Do not bind anonymously to check whether the user exists. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@7681 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2013-02-19 17:16:46 +00:00 · 2013-02-19 17:16:46 +00:00 · cdc431f8b8
parent 8a9bb86959
commit cdc431f8b8
2 changed files with 9 additions and 11 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,8 @@
 2013-02-19  Ramon Novoa  <rnovoa@artica.es>
 	* include/auth/ldap.php: Do not bind anonymously to check whether the
 	  user exists.
 2013-02-19 Miguel de Dios <miguel.dedios@artica.es>
 	* godmode/alerts/configure_alert_command.php,
--- a/pandora_console/include/auth/ldap.php
+++ b/pandora_console/include/auth/ldap.php
@ -364,19 +364,12 @@ function ldap_valid_login ($login, $password) {
 			return $ret;
 		}
-		if (ldap_search_user ($login)) {
+		$r = @ldap_bind ($ds, $config["auth"]["ldap_login_attr"]."=".$login.",".$config["auth"]["ldap_base_dn"], $password);
-			$r = @ldap_bind ($ds, $config["auth"]["ldap_login_attr"]."=".$login.",".$config["auth"]["ldap_base_dn"], $password);
+		if (!$r) {
-			if (!$r) {
+			$ldap_cache["error"] .= 'Invalid login';
 				$ldap_cache["error"] .= 'Invalid login';
 				//$ldap_cache["error"] .= ': incorrect password'; // uncomment for debugging
 			}
 			else {
 				$ret = true;
 			}
 		}
 		else {
-			$ldap_cache["error"] .= 'Invalid login';
+			$ret = true;
 			//$ldap_cache["error"] .= ': no such user';
 		}
 		@ldap_close ($ds);
 	}