From 7bb178e30be74abda82eb4fcaaa873be3dfcc5ef Mon Sep 17 00:00:00 2001 From: Jeremy Crabtree Date: Fri, 17 Jun 2011 15:02:50 +1200 Subject: [PATCH] Bug 5094 auth_by_bind authentication can fail even if given a correct password and userid When using 0 0 Auth_with_ldap attempts to lookup the userid in the LDAP directory to fill $userldapentry despite it being unneeded in this case. The information retrieved will be thrown away, thus there is no need to retrieve it. This can cause authentication to fail overall even if the initial bind with the user's credentials succeeded Signed-off-by: Joe Atzberger Signed-off-by: Chris Cormack --- C4/Auth_with_ldap.pm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index 3613acfe8c..6ad17f756f 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -119,8 +119,14 @@ sub checkpw_ldap { } # FIXME dpavlin -- we really need $userldapentry leater on even if using auth_by_bind! - my $search = search_method($db, $userid) or return 0; # warnings are in the sub - $userldapentry = $search->shift_entry; + + # BUG #5094 + # 2010-08-04 JeremyC + # a $userldapentry is only needed if either updating or replicating are enabled + if($config{update} or $config{replicate}) { + my $search = search_method($db, $userid) or return 0; # warnings are in the sub + $userldapentry = $search->shift_entry; + } } else { my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword); -- 2.39.5