From 60bf2ab7d8e03debc168d2515b957c8e1d411efa Mon Sep 17 00:00:00 2001 From: Michael Hafen Date: Wed, 29 Oct 2008 13:48:04 -0600 Subject: [PATCH] in Auth_with_ldap.pm try binding with user password or compare This changes the checkpw code in Auth_with_ldap. Along with comparing the user entered password against the directory attibute userPassword you can try to bind with the users dn and password. This is controlled by the option auth_by_bind, which, if set, causes this code to try binding instead of comparing. Signed-off-by: Galen Charlton Signed-off-by: Henri-Damien LAURENT --- C4/Auth_with_ldap.pm | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm index c06161281c..cd0cfa4db3 100644 --- a/C4/Auth_with_ldap.pm +++ b/C4/Auth_with_ldap.pm @@ -100,10 +100,20 @@ sub checkpw_ldap { } my $userldapentry = $search->shift_entry; - my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); - if ($cmpmesg->code != 6) { - warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); - return 0; + if ( $ldap->{auth_by_bind} ) { + my $user_ldapname = $userldapentry->dn(); + my $user_db = Net::LDAP->new( [$prefhost] ); + $res = $user_db->bind( $user_ldapname, password => $password ); + if ( $res->code ) { + $debug and warn "Bind as user failed ". description( $res ); + return 0; + } + } else { + my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); + if ($cmpmesg->code != 6) { + warn "LDAP Auth rejected : invalid password for user '$userid'. " . description($cmpmesg); + return 0; + } } unless ($config{update} or $config{replicate}) { return 1; -- 2.39.5