Merge branch 'BookStackApp:development' into development

diff --git a/.env.example.complete b/.env.example.complete
index 03e52d6bb673d05e99cd20f9b7eeac2dd399a2c4..d84d58d9da26c2e829a0ece728dec09202b1dd9b 100644 (file)
--- a/.env.example.complete
+++ b/.env.example.complete
@@ -368,4 +368,4 @@ LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver
 # IP address '146.191.42.4' would result in '146.191.x.x' being logged.
 # For the IPv6 address '2001:db8:85a3:8d3:1319:8a2e:370:7348' this would result as:
 # '2001:db8:85a3:8d3:x:x:x:x'
-IP_ADDRESS_PRECISION=4
\ No newline at end of file
+IP_ADDRESS_PRECISION=4

diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
index 359eeca2f5e863ab229c102a15880cce00580823..ddd7c6280574efa26066bf67ba24f5f13dd1719c 100644 (file)
--- a/app/Auth/Access/LdapService.php
+++ b/app/Auth/Access/LdapService.php
@@ -216,29 +216,67 @@ class LdapService
             $this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
         }
 
-        $serverDetails = $this->parseServerString($this->config['server']);
-        $ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']);
+        $serverDetails = $this->parseEnvironmentServer($this->config['server']);
+        $this->ldapConnection = $this->prepareServerConnection($serverDetails);
 
-        if ($ldapConnection === false) {
-            throw new LdapException(trans('errors.ldap_cannot_connect'));
-        }
-
-        // Set any required options
-        if ($this->config['version']) {
-            $this->ldap->setVersion($ldapConnection, $this->config['version']);
-        }
+        return $this->ldapConnection;
+    }
 
-        // Start and verify TLS if it's enabled
-        if ($this->config['start_tls']) {
-            $started = $this->ldap->startTls($ldapConnection);
-            if (!$started) {
-                throw new LdapException('Could not start TLS connection');
+    /**
+     * Processes an array of received servers and returns the first working connection.
+     *
+     * @param  array  $serverDetails
+     * @return resource
+     * @throws LdapException
+     */
+    protected function prepareServerConnection(array $serverDetails)
+    {
+        $lastException = null;
+        foreach ($serverDetails as $server) {
+            try {
+                $ldapConnection = $this->ldap->connect($server['host'], $server['port']);
+
+                if (!$ldapConnection) {
+                    throw new LdapException(trans('errors.ldap_cannot_connect'));
+                }
+
+                // Set any required options
+                if ($this->config['version']) {
+                    $this->ldap->setVersion($ldapConnection, $this->config['version']);
+                }
+
+                // Start and verify TLS if it's enabled
+                if ($this->config['start_tls']) {
+                    $started = $this->ldap->startTls($ldapConnection);
+                    if (!$started) {
+                        throw new LdapException('Could not start TLS connection');
+                    }
+                }
+
+                return $ldapConnection;
+            } catch (LdapException $exception) {
+                $lastException = $exception;
             }
         }
 
-        $this->ldapConnection = $ldapConnection;
+        throw $lastException;
+    }
 
-        return $this->ldapConnection;
+    /**
+     * Parse environment variable with LDAP server and returns an array of recognized servers.
+     * If you need to use multiple addresses, separate them with a semicolon.
+     * Ex: 'ldap.example.com:8069;ldaps://ldap.example.com'
+     */
+    protected function parseEnvironmentServer(string $environmentServer): array
+    {
+        $explodedEnvironmentServer = explode(';', $environmentServer);
+        $result_servers = [];
+
+        foreach ($explodedEnvironmentServer as $serverString) {
+            $result_servers[] = $this->parseServerString($serverString);
+        }
+
+        return $result_servers;
     }
 
     /**