From c9351807e9c4d46662257b85f106877e1198c542 Mon Sep 17 00:00:00 2001 From: Dobrica Pavlinusic Date: Wed, 12 Mar 2014 10:45:09 +0100 Subject: [PATCH] Bug 8148 - LDAP auth_by_bind doesn't fallback to local auth This patch covers LDAP auth_by_bind configuration so that wrong LDAP password will return -1 to C4::Auth so we can abort local auth and prevent users logging in with stale database passwords. Signed-off-by: Martin Renvoize Signed-off-by: Tomas Cohen Arazi --- C4/Auth.pm | 2 +- C4/Auth_with_ldap.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index c2faf8d7e4..2b8a0365b0 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1543,7 +1543,7 @@ sub checkpw { if ($ldap) { $debug and print STDERR "## checkpw - checking LDAP\n"; my ($retval,$retcard,$retuserid) = checkpw_ldap(@_); # EXTERNAL AUTH - return 0 if $retval == -1; + return 0 if $retval == -1; # Incorrect password for LDAP login attempt ($retval) and return ($retval,$retcard,$retuserid); } diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index cf120e6919..b42506dfbe 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -146,7 +146,7 @@ sub checkpw_ldap { my $res = $db->bind( $principal_name, password => $password ); if ( $res->code ) { warn "LDAP bind failed as kohauser $userid: " . description($res); - return 0; + return -1; } if ( !defined($userldapentry) && ( $config{update} or $config{replicate} ) ) -- 2.39.5