From: ArthurHoaro <arthur.hoareau@wizacha.com>
Date: Thu, 25 Jun 2020 14:18:25 +0000 (+0200)
Subject: LDAP - Force protocol LDAPv3
X-Git-Tag: v0.12.0-beta~7^2
X-Git-Url: https://git.immae.eu/?p=github%2Fshaarli%2FShaarli.git;a=commitdiff_plain;h=8694e8411b19d499ff58d8168fba448c63a5e443

LDAP - Force protocol LDAPv3

On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version,
causing authentication issues.

See: https://stackoverflow.com/a/48238224/1484919
---

diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 5f395a87..39ec9b2e 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -204,12 +204,20 @@ class LoginManager
      */
     public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null)
     {
-        $connect = $connect ?? function($host) { return ldap_connect($host); };
-        $bind = $bind ?? function($handle, $dn, $password) { return ldap_bind($handle, $dn, $password); };
+        $connect = $connect ?? function($host) {
+            $resource = ldap_connect($host);
+
+            ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+            return $resource;
+        };
+        $bind = $bind ?? function($handle, $dn, $password) {
+            return ldap_bind($handle, $dn, $password);
+        };
 
         return $bind(
             $connect($this->configManager->get('ldap.host')),
-            sprintf($this->configManager->get('ldap.dn'), $login), 
+            sprintf($this->configManager->get('ldap.dn'), $login),
             $password
         );
     }