From dd34d794b43e99ef172f629eaca3d831669b0ce8 Mon Sep 17 00:00:00 2001 From: Jeremy Crabtree Date: Fri, 17 Jun 2011 15:02:50 +1200 Subject: [PATCH] Bug 5094 auth_by_bind authentication can fail even if given a correct password and userid When using 0 0 Auth_with_ldap attempts to lookup the userid in the LDAP directory to fill $userldapentry despite it being unneeded in this case. The information retrieved will be thrown away, thus there is no need to retrieve it. This can cause authentication to fail overall even if the initial bind with the user's credentials succeeded Signed-off-by: Joe Atzberger Signed-off-by: Chris Cormack (cherry picked from commit 7bb178e30be74abda82eb4fcaaa873be3dfcc5ef) Signed-off-by: Chris Nighswonger --- C4/Auth_with_ldap.pm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index 9ae7f9151c..82d590764b 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -119,8 +119,14 @@ sub checkpw_ldap { } # FIXME dpavlin -- we really need $userldapentry leater on even if using auth_by_bind! - my $search = search_method($db, $userid) or return 0; # warnings are in the sub - $userldapentry = $search->shift_entry; + + # BUG #5094 + # 2010-08-04 JeremyC + # a $userldapentry is only needed if either updating or replicating are enabled + if($config{update} or $config{replicate}) { + my $search = search_method($db, $userid) or return 0; # warnings are in the sub + $userldapentry = $search->shift_entry; + } } else { my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword); -- 2.39.5