From 56f3b542bd53a54106991d94943e596e6d65241a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9rick?= <frederick.capovilla@libeo.com>
Date: Wed, 19 Feb 2014 11:55:35 -0500
Subject: [PATCH] Bug 8148: Prevent local authentification fallback if an
 invalid LDAP password was entered.

http://bugs.koha-community.org/show_bug.cgi?id=8148
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>
---
 C4/Auth.pm           | 1 +
 C4/Auth_with_ldap.pm | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index ad6d99bce5..c2faf8d7e4 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -1543,6 +1543,7 @@ sub checkpw {
     if ($ldap) {
         $debug and print STDERR "## checkpw - checking LDAP\n";
         my ($retval,$retcard,$retuserid) = checkpw_ldap(@_);    # EXTERNAL AUTH
+        return 0 if $retval == -1;
         ($retval) and return ($retval,$retcard,$retuserid);
     }
 
diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index 6000e76851..4f47f660e4 100644
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -88,7 +88,9 @@ sub search_method {
 		  base => $base,
 	 	filter => $filter,
 		# attrs => ['*'],
-	) or die "LDAP search failed to return object.";
+    );
+    die "LDAP search failed to return object : " . $search->error if $search->code;
+
 	my $count = $search->count;
 	if ($search->code > 0) {
 		warn sprintf("LDAP Auth rejected : %s gets %d hits\n", $filter->as_string, $count) . description($search);
@@ -163,7 +165,7 @@ sub checkpw_ldap {
 		my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password );
 		if ($cmpmesg->code != 6) {
 			warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg);
-			return 0;
+			return -1;
 		}
 	}
 
-- 
2.20.1