|
|
@@ -116,27 +116,47 @@ class LoginController extends AuthController
|
|
|
* @param string $username
|
|
|
* @param string $password
|
|
|
* @param $dbUser
|
|
|
- * @return bool
|
|
|
+ * @return bool|null
|
|
|
* @throws \Slim\Exception\HttpNotFoundException
|
|
|
* @throws \Slim\Exception\HttpUnauthorizedException
|
|
|
*/
|
|
|
protected function ldapLogin(Request $request, string $username, string $password, $dbUser)
|
|
|
{
|
|
|
+ // Build LDAP connection
|
|
|
$server = $this->ldapConnect();
|
|
|
if (!$server) {
|
|
|
$this->session->alert(lang('ldap_cant_connect'), 'warning');
|
|
|
return $dbUser;
|
|
|
}
|
|
|
+
|
|
|
+ //Get LDAP user's (R)DN
|
|
|
+ $userDN=$this->getLdapRdn($username, $password, $server);
|
|
|
+ if (!is_string($userDN)) {
|
|
|
+ return null;
|
|
|
+ }
|
|
|
+
|
|
|
+ //Bind as user to validate password
|
|
|
if (!@ldap_bind($server, $this->getLdapRdn($username), $password)) {
|
|
|
if ($dbUser && !$dbUser->ldap) {
|
|
|
return $dbUser;
|
|
|
}
|
|
|
return null;
|
|
|
}
|
|
|
+
|
|
|
if (!$dbUser) {
|
|
|
$email = $username;
|
|
|
if (!filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
|
|
- $search = ldap_search($server, $this->config['ldap']['base_domain'], ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username), ['mail']);
|
|
|
+ if (@is_string($this->config['ldap']['search_filter'])) {
|
|
|
+ $search = ldap_read(
|
|
|
+ $server,
|
|
|
+ $userDN,
|
|
|
+ 'objectClass=*',
|
|
|
+ array('mail',$this->config['ldap']['rdn_attribute'])
|
|
|
+ );
|
|
|
+
|
|
|
+ } else {
|
|
|
+ $search = ldap_search($server, $this->config['ldap']['base_domain'], ($this->config['ldap']['rdn_attribute'] ?? 'uid=').addslashes($username),['mail']);
|
|
|
+ }
|
|
|
$entry = ldap_first_entry($server, $search);
|
|
|
$email = @ldap_get_values($server, $entry, 'mail')[0] ?? platform_mail($username.rand(0, 100)); // if the mail is not set, generate a placeholder
|
|
|
}
|
Ben Tyger