gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 00:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check if bindDN is not empty, more documentation

Browse Source
This commit is contained in:
Uwe Steinmann 2023-08-24 13:13:11 +02:00
parent b8c59fd264
commit 87f3406bbf
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
inc/inc.ClassLdapAuthentication.php
View File

@ -135,13 +135,20 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
// If it succeeds, get the DN for the user and use it for an authentication // If it succeeds, get the DN for the user and use it for an authentication
// with the users password. // with the users password.
$bind = false; $bind = false;
if (isset($settings->_ldapBindDN)) { if (!empty($settings->_ldapBindDN)) {
$bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw); $bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw);
} else { } else {
$bind = @ldap_bind($ds); $bind = @ldap_bind($ds);
} }
$dn = false; $dn = false;
/* If bind succeed, then get the dn of the user */ /* If bind succeed, then get the dn of the user. If a filter
* is set, it will be used to allow only those users to log in
* matching the filter criteria. Depending on the type of server,
* (AD or regular LDAP), the search attribute is already set to
* 'sAMAccountName=' or 'uid='. All other filters are ANDed.
* A common filter is '(mail=*)' to ensure a user has an email
* address.
*/
if ($bind) { if ($bind) {
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) { if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")"); $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")");