From 7bb178e30be74abda82eb4fcaaa873be3dfcc5ef Mon Sep 17 00:00:00 2001
From: Jeremy Crabtree <JeremyC@uta.edu>
Date: Fri, 17 Jun 2011 15:02:50 +1200
Subject: [PATCH] Bug 5094  auth_by_bind authentication can fail even if given
 a correct password and userid

When using

<replicate>0</replicate> <!-- add new users from LDAP to Koha database -->
<update>0</update> <!-- update existing users in Koha database ->
<auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by
binding instead of password comparison, e.g., to use Active Directory -->

Auth_with_ldap attempts to lookup the userid in the LDAP directory to
fill $userldapentry despite it being unneeded in this case.  The information
retrieved will be thrown away, thus there is no need to retrieve it.
This can cause authentication to fail overall even if the initial bind with the
user's credentials succeeded

Signed-off-by: Joe Atzberger <ohiocore@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
---
 C4/Auth_with_ldap.pm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index 3613acfe8c..6ad17f756f 100644
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -119,8 +119,14 @@ sub checkpw_ldap {
         }
 
 	# FIXME dpavlin -- we really need $userldapentry leater on even if using auth_by_bind!
-	my $search = search_method($db, $userid) or return 0;   # warnings are in the sub
-	$userldapentry = $search->shift_entry;
+
+	# BUG #5094
+	# 2010-08-04 JeremyC
+	# a $userldapentry is only needed if either updating or replicating are enabled
+	if($config{update} or $config{replicate}) {
+	    my $search = search_method($db, $userid) or return 0;   # warnings are in the sub
+	    $userldapentry = $search->shift_entry;
+	}
 
 	} else {
 		my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
-- 
2.20.1