diff options
author | ArthurHoaro <arthur.hoareau@wizacha.com> | 2020-06-25 16:18:25 +0200 |
---|---|---|
committer | ArthurHoaro <arthur.hoareau@wizacha.com> | 2020-06-25 16:18:25 +0200 |
commit | 8694e8411b19d499ff58d8168fba448c63a5e443 (patch) | |
tree | 6f4ab1ef85c224d95ce3c4bb975729374500ca49 | |
parent | a69cfe0dd23fbd2e25c07ec92717998585a9560d (diff) | |
download | Shaarli-8694e8411b19d499ff58d8168fba448c63a5e443.tar.gz Shaarli-8694e8411b19d499ff58d8168fba448c63a5e443.tar.zst Shaarli-8694e8411b19d499ff58d8168fba448c63a5e443.zip |
LDAP - Force protocol LDAPv3
On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version,
causing authentication issues.
See: https://stackoverflow.com/a/48238224/1484919
-rw-r--r-- | application/security/LoginManager.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php index 5f395a87..39ec9b2e 100644 --- a/application/security/LoginManager.php +++ b/application/security/LoginManager.php | |||
@@ -204,12 +204,20 @@ class LoginManager | |||
204 | */ | 204 | */ |
205 | public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null) | 205 | public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null) |
206 | { | 206 | { |
207 | $connect = $connect ?? function($host) { return ldap_connect($host); }; | 207 | $connect = $connect ?? function($host) { |
208 | $bind = $bind ?? function($handle, $dn, $password) { return ldap_bind($handle, $dn, $password); }; | 208 | $resource = ldap_connect($host); |
209 | |||
210 | ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3); | ||
211 | |||
212 | return $resource; | ||
213 | }; | ||
214 | $bind = $bind ?? function($handle, $dn, $password) { | ||
215 | return ldap_bind($handle, $dn, $password); | ||
216 | }; | ||
209 | 217 | ||
210 | return $bind( | 218 | return $bind( |
211 | $connect($this->configManager->get('ldap.host')), | 219 | $connect($this->configManager->get('ldap.host')), |
212 | sprintf($this->configManager->get('ldap.dn'), $login), | 220 | sprintf($this->configManager->get('ldap.dn'), $login), |
213 | $password | 221 | $password |
214 | ); | 222 | ); |
215 | } | 223 | } |