From 7e052ff23b576f457c34fe2f211f4fa99c062f09 Mon Sep 17 00:00:00 2001 From: Dobrica Pavlinusic Date: Tue, 13 Jul 2010 20:48:41 +0200 Subject: [PATCH] Bug 4993 checkpw_ldap - do bind just once When using auth_by_bind, search was always done as anonymous user. This is a problem if we want to fetch LDAP values which have ACL permissions only for users. This change moves bind from search_method back into checkpw_ldap, making code cleaner and easier to understand Signed-off-by: Chris Cormack (cherry picked from commit 322a5ef4819960c5ba5b65ce07150ce873aa6a3d) Signed-off-by: Chris Nighswonger --- C4/Auth_with_ldap.pm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index acbd923514..3613acfe8c 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -82,11 +82,6 @@ sub search_method { my $userid = shift or return; my $uid_field = $mapping{userid}->{is} or die ldapserver_error("mapping for 'userid'"); my $filter = Net::LDAP::Filter->new("$uid_field=$userid") or die "Failed to create new Net::LDAP::Filter"; - my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword); - if ($res->code) { # connection refused - warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res); - return 0; - } my $search = $db->search( base => $base, filter => $filter, @@ -128,6 +123,11 @@ sub checkpw_ldap { $userldapentry = $search->shift_entry; } else { + my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword); + if ($res->code) { # connection refused + warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res); + return 0; + } my $search = search_method($db, $userid) or return 0; # warnings are in the sub $userldapentry = $search->shift_entry; my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); -- 2.39.5