X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/cd6572b61af2165133468d2562d04dffdca8fca8..refs/pull/711/head:/app/Services/LdapService.php diff --git a/app/Services/LdapService.php b/app/Services/LdapService.php index 40b24f141..3eb2f2830 100644 --- a/app/Services/LdapService.php +++ b/app/Services/LdapService.php @@ -1,6 +1,5 @@ buildFilter($this->config['user_filter'], ['user' => $userName]); $baseDn = $this->config['base_dn']; - $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', 'mail']); - if ($users['count'] === 0) return null; + $emailAttr = $this->config['email_attribute']; + $followReferrals = $this->config['follow_referrals'] ? 1 : 0; + $this->ldap->setOption($ldapConnection, LDAP_OPT_REFERRALS, $followReferrals); + $users = $this->ldap->searchAndGetEntries($ldapConnection, $baseDn, $userFilter, ['cn', 'uid', 'dn', $emailAttr]); + if ($users['count'] === 0) { + return null; + } $user = $users[0]; return [ 'uid' => (isset($user['uid'])) ? $user['uid'][0] : $user['dn'], 'name' => $user['cn'][0], 'dn' => $user['dn'], - 'email' => (isset($user['mail'])) ? $user['mail'][0] : null + 'email' => (isset($user[$emailAttr])) ? (is_array($user[$emailAttr]) ? $user[$emailAttr][0] : $user[$emailAttr]) : null ]; } @@ -63,8 +67,12 @@ class LdapService public function validateUserCredentials(Authenticatable $user, $username, $password) { $ldapUser = $this->getUserDetails($username); - if ($ldapUser === null) return false; - if ($ldapUser['uid'] !== $user->external_auth_id) return false; + if ($ldapUser === null) { + return false; + } + if ($ldapUser['uid'] !== $user->external_auth_id) { + return false; + } $ldapConnection = $this->getConnection(); try { @@ -94,7 +102,9 @@ class LdapService $ldapBind = $this->ldap->bind($connection, $ldapDn, $ldapPass); } - if (!$ldapBind) throw new LdapException(($isAnonymous ? trans('errors.ldap_fail_anonymous') : trans('errors.ldap_fail_authed'))); + if (!$ldapBind) { + throw new LdapException(($isAnonymous ? trans('errors.ldap_fail_anonymous') : trans('errors.ldap_fail_authed'))); + } } /** @@ -105,16 +115,24 @@ class LdapService */ protected function getConnection() { - if ($this->ldapConnection !== null) return $this->ldapConnection; + if ($this->ldapConnection !== null) { + return $this->ldapConnection; + } // Check LDAP extension in installed if (!function_exists('ldap_connect') && config('app.env') !== 'testing') { throw new LdapException(trans('errors.ldap_extension_not_installed')); } - // Get port from server string if specified. + // Get port from server string and protocol if specified. $ldapServer = explode(':', $this->config['server']); - $ldapConnection = $this->ldap->connect($ldapServer[0], count($ldapServer) > 1 ? $ldapServer[1] : 389); + $hasProtocol = preg_match('/^ldaps{0,1}\:\/\//', $this->config['server']) === 1; + if (!$hasProtocol) { + array_unshift($ldapServer, ''); + } + $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1]; + $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389; + $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort); if ($ldapConnection === false) { throw new LdapException(trans('errors.ldap_cannot_connect')); @@ -144,5 +162,4 @@ class LdapService } return strtr($filterString, $newAttrs); } - -} \ No newline at end of file +}