aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur.hoareau@wizacha.com>2020-06-25 16:18:25 +0200
committerArthurHoaro <arthur.hoareau@wizacha.com>2020-06-25 16:18:25 +0200
commit8694e8411b19d499ff58d8168fba448c63a5e443 (patch)
tree6f4ab1ef85c224d95ce3c4bb975729374500ca49
parenta69cfe0dd23fbd2e25c07ec92717998585a9560d (diff)
downloadShaarli-8694e8411b19d499ff58d8168fba448c63a5e443.tar.gz
Shaarli-8694e8411b19d499ff58d8168fba448c63a5e443.tar.zst
Shaarli-8694e8411b19d499ff58d8168fba448c63a5e443.zip
LDAP - Force protocol LDAPv3
On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version, causing authentication issues. See: https://stackoverflow.com/a/48238224/1484919
-rw-r--r--application/security/LoginManager.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/application/security/LoginManager.php b/application/security/LoginManager.php
index 5f395a87..39ec9b2e 100644
--- a/application/security/LoginManager.php
+++ b/application/security/LoginManager.php
@@ -204,12 +204,20 @@ class LoginManager
204 */ 204 */
205 public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null) 205 public function checkCredentialsFromLdap($login, $password, $connect = null, $bind = null)
206 { 206 {
207 $connect = $connect ?? function($host) { return ldap_connect($host); }; 207 $connect = $connect ?? function($host) {
208 $bind = $bind ?? function($handle, $dn, $password) { return ldap_bind($handle, $dn, $password); }; 208 $resource = ldap_connect($host);
209
210 ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
211
212 return $resource;
213 };
214 $bind = $bind ?? function($handle, $dn, $password) {
215 return ldap_bind($handle, $dn, $password);
216 };
209 217
210 return $bind( 218 return $bind(
211 $connect($this->configManager->get('ldap.host')), 219 $connect($this->configManager->get('ldap.host')),
212 sprintf($this->configManager->get('ldap.dn'), $login), 220 sprintf($this->configManager->get('ldap.dn'), $login),
213 $password 221 $password
214 ); 222 );
215 } 223 }