Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Use DN instead of DistinguishedName for LDAP login

Browse Source
This commit is contained in:
FreddleSpl0it 2024-08-15 12:49:57 +02:00
parent 962ac39e4a
commit fa3c453d6e
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
data/web/inc/functions.auth.inc.php
View File

@ -498,7 +498,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
$ldap_query = $ldap_query->rawFilter($iam_settings['filter']); $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
} }
$ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user) $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user)
->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'cn']); ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'dn']);
$user_res = $ldap_query->firstOrFail(); $user_res = $ldap_query->firstOrFail();
} catch (Exception $e) { } catch (Exception $e) {
@ -506,15 +506,13 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
$_SESSION['return'] = array(); $_SESSION['return'] = array();
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*'), 'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
'msg' => 'ldap_error' 'msg' => 'ldap_error'
); );
return false; return false;
} }
try { try {
if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) { if (!$iam_provider->auth()->attempt($user_res['dn'], $pass)) {
// fallback to cn
if (!$iam_provider->auth()->attempt($user_res['cn'][0], $pass)) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*', $user_res), 'log' => array(__FUNCTION__, $user, '*', $user_res),
@ -522,13 +520,12 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
); );
return false; return false;
} }
}
} catch (Exception $e) { } catch (Exception $e) {
// clear $_SESSION['return'] to not leak data // clear $_SESSION['return'] to not leak data
$_SESSION['return'] = array(); $_SESSION['return'] = array();
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*'), 'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
'msg' => 'ldap_error' 'msg' => 'ldap_error'
); );
return false; return false;