beenull/XBackBone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

LDAP fixes

Browse source 
1. Changed `ldap_connect` error handling. `ldap_error` expects `LDAP\Connection`, and `ldap_connect` returns `false` if the syntax check fails
2. Fixed deprecation: passing null to parameter (`$ignore`) of type string
3. Fixed PHPDoc types for compatibility with PHP 8.1+
This commit is contained in:
samrzhevsky 2023-08-28 00:31:22 +03:00
parent ee55a9ea3a
commit e7a0a99fe6
No known key found for this signature in database
GPG key ID: 6B977223D78CDEB3
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
app/Controllers/Auth/AuthController.php
View file

@ -27,7 +27,7 @@ abstract class AuthController extends Controller
/**
* Connects to LDAP server and logs in with service account (if configured)
* @return resource|false
* @return \LDAP\Connection|resource|false
*/
public function ldapConnect()
{
@ -39,7 +39,7 @@ abstract class AuthController extends Controller
$ldapSchema=(@is_string($this->config['ldap']['schema'])) ?
strtolower($this->config['ldap']['schema']) : 'ldap';
$ldapURI="$ldapSchema://".$this->config['ldap']['host'].':'.$this->config['ldap']['port'];
// Connecting to LDAP server
$this->logger->debug("Connecting to $ldapURI");
$server = ldap_connect($ldapURI);
@ -48,18 +48,18 @@ abstract class AuthController extends Controller
ldap_set_option($server, LDAP_OPT_REFERRALS, 0);
ldap_set_option($server, LDAP_OPT_NETWORK_TIMEOUT, 10);
} else {
$this->logger->error(ldap_error($server));
$this->logger->error('LDAP-URI was not parseable');
return false;
}
// Upgrade to StartTLS
$useStartTLS = @is_bool($this->config['ldap']['useStartTLS']) ? $this->config['ldap']['useStartTLS'] : false;
if (($useStartTLS === true) && (ldap_start_tls($server) === false)) {
$this->logger-debug(ldap_error($server));
$this->logger->debug(ldap_error($server));
$this->logger->error("Failed to establish secure LDAP swith StartTLS");
return false;
}
// Authenticating LDAP service account (if configured)
$serviceAccountFQDN= (@is_string($this->config['ldap']['service_account_dn'])) ?
$this->config['ldap']['service_account_dn'] : null;
@ -77,7 +77,7 @@ abstract class AuthController extends Controller
/**
* Returns User's LDAP DN
* @param string $username
* @param resource $server LDAP Server Resource
* @param \LDAP\Connection|resource $server LDAP Server Resource
* @return string|null
*/
protected function getLdapRdn(string $username, $server)
@ -85,7 +85,7 @@ abstract class AuthController extends Controller
//Dynamic LDAP User Binding
if (@is_string($this->config['ldap']['search_filter'])) {
//Replace ???? with username
$searchFilter = str_replace('????', ldap_escape($username, null, LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
$searchFilter = str_replace('????', ldap_escape($username, '', LDAP_ESCAPE_FILTER), $this->config['ldap']['search_filter']);
$ldapAddributes = array('dn');
$this->logger->debug("LDAP Search filter: $searchFilter");
$ldapSearchResp = ldap_search(
@ -112,7 +112,7 @@ abstract class AuthController extends Controller
if ($this->config['ldap']['user_domain'] !== null) {
$bindString .= ','.$this->config['ldap']['user_domain'];
}
if ($this->config['ldap']['base_domain'] !== null) {
$bindString .= ','.$this->config['ldap']['base_domain'];
}