connect to ldap server which doesn't allow anonymous bind

2024-11-26 15:32:13 +00:00 · 2013-07-31 22:00:51 +02:00 · 2013-07-31 22:00:51 +02:00 · ea27bd41fd
commit ea27bd41fd
parent 616c6c3706
4 changed files with 21 additions and 2 deletions
--- a/conf/settings.xml.template
+++ b/conf/settings.xml.template
@ -118,6 +118,8 @@
          host = "ldaps://ldap.host.com"
          port = "389"
          baseDN = ""
+          bindDN="" 
+          bindPw=""
        >
        </connector>
        <!-- ***** CONNECTOR Microsoft Active Directory  *****
@ -135,6 +137,8 @@
          port = "389"
          baseDN = ""
          accountDomainName = "example.com"
+	  bindDN="" 
+	  bindPw=""
        >
        </connector>
      </connectors>
--- a/inc/inc.ClassSettings.php
+++ b/inc/inc.ClassSettings.php
@ -186,6 +186,8 @@ class Settings { /* {{{ */
 	var $_ldapHost = ""; // URIs are supported, e.g.: ldaps://ldap.host.com
 	var $_ldapPort = 389; // Optional.
 	var $_ldapBaseDN = "";
+	var $_ldapBindDN = "";
+	var $_ldapBindPw = "";
 	var $_ldapAccountDomainName = "";
 	var $_ldapType = 1; // 0 = ldap; 1 = AD
 	var $_converters = array(); // list of commands used to convert files to text for Indexer
@ -382,6 +384,8 @@ class Settings { /* {{{ */
 				$this->_ldapHost = strVal($connectorNode["host"]);
 				$this->_ldapPort = intVal($connectorNode["port"]);
 				$this->_ldapBaseDN = strVal($connectorNode["baseDN"]);
+				$this->_ldapBindDN = strVal($connectorNode["bindDN"]);
+				$this->_ldapBindPw = strVal($connectorNode["bindPw"]);
 				$this->_ldapType = 0;
 			}
 			else if ($params['enable'] && ($typeConn == "AD"))
@ -389,6 +393,8 @@ class Settings { /* {{{ */
 				$this->_ldapHost = strVal($connectorNode["host"]);
 				$this->_ldapPort = intVal($connectorNode["port"]);
 				$this->_ldapBaseDN = strVal($connectorNode["baseDN"]);
+				$this->_ldapBindDN = strVal($connectorNode["bindDN"]);
+				$this->_ldapBindPw = strVal($connectorNode["bindPw"]);
 				$this->_ldapType = 1;
 				$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]);
 			}
--- a/install/settings.xml.template_install
+++ b/install/settings.xml.template_install
@ -121,6 +121,8 @@
          host = "ldaps://ldap.host.com"
          port = "389"
          baseDN = ""
+          bindDN="" 
+          bindPw=""
        >
        </connector>
        <!-- ***** CONNECTOR Microsoft Active Directory  *****
@ -138,6 +140,8 @@
          port = "389"
          baseDN = ""
          accountDomainName = "example.com"
+	  bindDN="" 
+	  bindPw=""
        >
        </connector>
      </connectors>
--- a/op/op.Login.php
+++ b/op/op.Login.php
@ -99,8 +99,13 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 		// Required for most authentication methods, including SASL.
 		ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

-		// try an anonymous bind first. If it succeeds, get the DN for the user.
-		$bind = @ldap_bind($ds);
+		// try an authenticated/anonymous bind first. If it succeeds, get the DN for the user.
+		$bind = false;
+		if (isset($settings->_ldapBindDN)) {
+			$bind = @ldap_bind($ds, $settings->_ldapBindDN, $settings->_ldapBindPw);
+		} else {
+			$bind = @ldap_bind($ds);
+		}
 		$dn = false;
 				
 		/* new code by doudoux - TO BE TESTED */