Skip to content

[4.3] Fix LDAP "Bind Directly as User" #37959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Dec 1, 2022
Merged

[4.3] Fix LDAP "Bind Directly as User" #37959

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6ef6cd5
[4.x] Fix LDAP "Bind Directly as User"
tatankat Jun 1, 2022
5276777
Fix direct bind with empty User's DN
tatankat Jun 20, 2022
acca59a
Fix Bind and Search-code from direct bind was used
tatankat Jun 20, 2022
14f3f2c
Fix field descriptions according to current code
tatankat Jun 20, 2022
e6772e9
Fix code style
tatankat Jun 20, 2022
d4cdcca
Merge tag 'psr12anchor' into psr12/merge/37959
joomla-bot Jun 27, 2022
fe08d8a
Phase 1 convert BRANCH to PSR-12
joomla-bot Jun 27, 2022
657cc9f
Phase 2 convert BRANCH to PSR-12
joomla-bot Jun 27, 2022
26a9b73
Merge tag 'psr12final' into psr12/merge/37959
joomla-bot Jun 27, 2022
06ca743
Merge branch '4.2-dev' into fix_ldap_direct
tatankat Jun 30, 2022
cfdbc95
remove leftover codestyle error
tatankat Jun 30, 2022
3824173
Set required fields as required
tatankat Aug 3, 2022
e8c43a3
Add logging
tatankat Sep 11, 2022
cbe7ffb
Improve logging a bit
tatankat Sep 12, 2022
8be9f21
Even more logging
tatankat Sep 12, 2022
3e5484c
Merge branch '4.3-dev' into fix_ldap_direct
obuisard Dec 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions administrator/language/en-GB/plg_authentication_ldap.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,18 +14,18 @@ PLG_LDAP_FIELD_HOST_LABEL="Host"
PLG_LDAP_FIELD_LDAPDEBUG_DESC="Enables debug hardcoded to level 7"
PLG_LDAP_FIELD_LDAPDEBUG_LABEL="Debug"
PLG_LDAP_FIELD_NEGOCIATE_LABEL="Negotiate TLS"
PLG_LDAP_FIELD_PASSWORD_DESC="The Connect Password is the password of an administrative account. This is used in Authenticate then Bind and Authenticated Compare authorisation methods."
PLG_LDAP_FIELD_PASSWORD_DESC="The Connect Password is the password of an administrative account."
PLG_LDAP_FIELD_PASSWORD_LABEL="Connect Password"
PLG_LDAP_FIELD_PORT_LABEL="Port"
PLG_LDAP_FIELD_REFERRALS_DESC="This option sets the value of the LDAP_OPT_REFERRALS flag. You will need to set it to No for Windows 2003 servers."
PLG_LDAP_FIELD_REFERRALS_LABEL="Follow Referrals"
PLG_LDAP_FIELD_SEARCHSTRING_DESC="A query string used to search for a given User. The [search] keyword is dynamically replaced by the User-provided login. An example string is: uid=[search]. Several strings can be used separated by semicolons. Only used when searching."
PLG_LDAP_FIELD_SEARCHSTRING_DESC="A query string used to search for a given User. The [search] keyword is dynamically replaced by the User-provided login. An example string is: uid=[search]. Several strings can be used separated by semicolons. Used after initial bind for all methods."
PLG_LDAP_FIELD_SEARCHSTRING_LABEL="Search String"
PLG_LDAP_FIELD_UID_DESC="LDAP Attribute which has the User's Login ID. For Active Directory this is sAMAccountName."
PLG_LDAP_FIELD_UID_LABEL="Map: User ID"
PLG_LDAP_FIELD_USERNAME_DESC="The Connect Username and Connect Password define connection parameters for the DN lookup phase. Two options are available:- Anonymous DN lookup (leave both fields blank); Administrative connection: Connect Username is the username of an administrative account, for example Administrator. Connect password is the actual password of your administrative account."
PLG_LDAP_FIELD_USERNAME_DESC="The Connect Username and Connect Password define connection parameters for the DN lookup phase. Two options are available: anonymous DN lookup (Leave both fields blank) and administrative connection (Connect Username is the username of an administrative account, for example Administrator). Only used in Bind and Search method."
PLG_LDAP_FIELD_USERNAME_LABEL="Connect Username"
PLG_LDAP_FIELD_USERSDN_DESC="The [username] keyword is dynamically replaced by the User-provided login. An example string is: uid=[username], dc=my-domain, dc=com. Several strings can be used, separated by semicolons. Only used for direct binds."
PLG_LDAP_FIELD_USERSDN_DESC="The [username] keyword is dynamically replaced by the User-provided login. An example string is: uid=[username], dc=my-domain, dc=com. Several strings can be used, separated by semicolons. Only used for Bind Directly as User method."
PLG_LDAP_FIELD_USERSDN_LABEL="User's DN"
PLG_LDAP_FIELD_V3_DESC="Default is LDAP2, but the latest versions of OpenLdap require clients to use LDAPV3."
PLG_LDAP_FIELD_V3_LABEL="LDAP V3"
Expand Down
10 changes: 7 additions & 3 deletions plugins/authentication/ldap/ldap.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,7 @@ public function onUserAuthenticate($credentials, $options, &$response)
{
try
{
$dn = str_replace('[username]', $this->params->get('username', ''), $this->params->get('users_dn', ''));

$dn = $this->params->get('username', '');
$ldap->bind($dn, $this->params->get('password', ''));
}
catch (ConnectionException | LdapException $exception)
Expand Down Expand Up @@ -142,7 +141,12 @@ public function onUserAuthenticate($credentials, $options, &$response)
// We just accept the result here
try
{
$ldap->bind($ldap->escape($credentials['username'], '', LDAP_ESCAPE_DN), $credentials['password']);
if ($this->params->get('users_dn', '') == '') {
$dn = $credentials['username'];
} else {
$dn = str_replace('[username]', $ldap->escape($credentials['username'], '', LDAP_ESCAPE_DN), $this->params->get('users_dn', ''));
}
$ldap->bind($dn, $credentials['password']);
}
catch (ConnectionException | LdapException $exception)
{
Expand Down