Added logic for LDAP user search

2021-05-19 13:11:20 -04:00 · 2021-05-19 13:11:20 -04:00 · ec5e7fc46f
commit ec5e7fc46f
parent 048b468ba5
1 changed files with 22 additions and 2 deletions
--- a/app/Controllers/Auth/LoginController.php
+++ b/app/Controllers/Auth/LoginController.php
@ -116,27 +116,47 @@ class LoginController extends AuthController
     * @param  string  $username
     * @param  string  $password
     * @param $dbUser
-     * @return bool
+     * @return bool|null
     * @throws \Slim\Exception\HttpNotFoundException
     * @throws \Slim\Exception\HttpUnauthorizedException
     */
    protected function ldapLogin(Request $request, string $username, string $password, $dbUser)
    {
+        // Build LDAP connection
        $server = $this->ldapConnect();
        if (!$server) {
            $this->session->alert(lang('ldap_cant_connect'), 'warning');
            return $dbUser;
        }
+        
+        //Get LDAP user's (R)DN
+        $userDN=$this->getLdapRdn($username, $password, $server);
+        if (!is_string($userDN)) {
+            return null;
+        }
+    
+        //Bind as user to validate password
        if (!@ldap_bind($server, $this->getLdapRdn($username), $password)) {
            if ($dbUser && !$dbUser->ldap) {
                return $dbUser;
            }
            return null;
        }
+        
        if (!$dbUser) {
            $email = $username;
            if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
-                $search = ldap_search($server, $this->config['ldap']['base_domain'], ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username), ['mail']);
+                if (@is_string($this->config['ldap']['search_filter'])) {
+                    $search = ldap_read(
+                        $server,
+                        $userDN,
+                        'objectClass=*',
+                        array('mail',$this->config['ldap']['rdn_attribute'])
+                    );
+                          
+                } else {
+                    $search = ldap_search($server, $this->config['ldap']['base_domain'], ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username),['mail']);
+                }
                $entry = ldap_first_entry($server, $search);
                $email = @ldap_get_values($server, $entry, 'mail')[0] ?? platform_mail($username.rand(0, 100)); // if the mail is not set, generate a placeholder
            }