From 083ad362e19aecc5c5febc8e0c39c8da03f463e3 Mon Sep 17 00:00:00 2001 From: Michael Hafen Date: Wed, 29 Oct 2008 13:48:04 -0600 Subject: [PATCH] in Auth_with_ldap.pm try binding with user password or compare This changes the checkpw code in Auth_with_ldap. Along with comparing the user entered password against the directory attibute userPassword you can try to bind with the users dn and password. This is controlled by the option auth_by_bind, which, if set, causes this code to try binding instead of comparing. Signed-off-by: Galen Charlton --- C4/Auth_with_ldap.pm | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index 3eb801b579..2c0f711314 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -100,10 +100,20 @@ sub checkpw_ldap { } my $userldapentry = $search->shift_entry; - my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); - if ($cmpmesg->code != 6) { - warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); - return 0; + if ( $ldap->{auth_by_bind} ) { + my $user_ldapname = $userldapentry->dn(); + my $user_db = Net::LDAP->new( [$prefhost] ); + $res = $user_db->bind( $user_ldapname, password => $password ); + if ( $res->code ) { + $debug and warn "Bind as user failed ". description( $res ); + return 0; + } + } else { + my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); + if ($cmpmesg->code != 6) { + warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); + return 0; + } } unless ($config{update} or $config{replicate}) { return 1; -- 2.20.1