Bug 8148 - LDAP auth_by_bind doesn't fallback to local auth

This patch covers LDAP auth_by_bind configuration so that wrong LDAP password will return -1 to C4::Auth so we can abort local auth and prevent users logging in with stale database passwords. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
10 years ago · c9351807e9
2 changed files with 2 additions and 2 deletions
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@ -1543,7 +1543,7 @@ sub checkpw {
    if ($ldap) {
        $debug and print STDERR "## checkpw - checking LDAP\n";
        my ($retval,$retcard,$retuserid) = checkpw_ldap(@_);    # EXTERNAL AUTH
-        return 0 if $retval == -1;
+        return 0 if $retval == -1; # Incorrect password for LDAP login attempt
        ($retval) and return ($retval,$retcard,$retuserid);
    }

--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@ -146,7 +146,7 @@ sub checkpw_ldap {
        my $res = $db->bind( $principal_name, password => $password );
        if ( $res->code ) {
            warn "LDAP bind failed as kohauser $userid: " . description($res);
-            return 0;
+            return -1;
        }
        if ( !defined($userldapentry)
            && ( $config{update} or $config{replicate} ) )