gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-09 13:06:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add more code documentation

Browse Source
This commit is contained in:
Uwe Steinmann 2023-08-25 12:33:35 +02:00
parent 8ac054cb72
commit c51088a3b6
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
inc/inc.ClassLdapAuthentication.php
View File

@ -110,6 +110,9 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
if (!is_bool($ds)) { if (!is_bool($ds)) {
/* Check if ldap base dn is set, and use ldap server if it is */ /* Check if ldap base dn is set, and use ldap server if it is */
/* $tmpDN will be set to a 'wild' guess how the user's dn might
* look like if searching for that user didn't return a dn.
*/
if (isset($settings->_ldapBaseDN)) { if (isset($settings->_ldapBaseDN)) {
$ldapSearchAttribut = "uid="; $ldapSearchAttribut = "uid=";
$tmpDN = "uid=".$username.",".$settings->_ldapBaseDN; $tmpDN = "uid=".$username.",".$settings->_ldapBaseDN;
@ -164,7 +167,14 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
} }
/* If the previous bind failed, try it with the users creditionals /* If the previous bind failed, try it with the users creditionals
* by simply setting $dn to a default string * by simply setting $dn to a guessed dn (see above)
* FIXME: This is probably a bad idea because users filtered out
* may still be able to authenticate, because $tmpDN could be a
* valid DN. Example: if baseDN is 'dc=seeddms,dc=org' and the
* user 'test' logs in, then $tmpDN will be 'uid=test,dc=seeddms,dc=org'
* If that user was filtered out, because filter was set to '(mail=*)'
* and the user doesn't have a mail address, then $dn will not be
* set and $tmpDN will be used instead, allowing a successfull bind.
*/ */
if (is_bool($dn)) { if (is_bool($dn)) {
$dn = $tmpDN; $dn = $tmpDN;