Update the LDAP password validation because some servers will not inc…

…lude "userpassword" to the LDAP entries result (#1547)
alextselegidis · Jun 1, 2024 · 08f8315 · 08f8315
1 parent 9d7e0ba
commit 08f8315
Showing 1 changed file with 6 additions and 39 deletions.
diff --git a/application/libraries/Ldap_client.php b/application/libraries/Ldap_client.php
@@ -97,52 +97,19 @@ public function check_login(string $username, string $password): ?array
         $user = $this->CI->accounts->get_user_by_username($username);
 
         if (empty($user['ldap_dn'])) {
-            return null;
+            return null; // User does not exist in Easy!Appointments
         }
 
         // Connect to LDAP server
 
-        $host = setting('ldap_host');
-        $port = (int) setting('ldap_port');
-        $user_dn = setting('ldap_user_dn');
-        $ldap_password = setting('ldap_password');
-
-        $connection = @ldap_connect($host, $port);
-
-        if (!$connection) {
-            throw new Exception('Could not connect to LDAP server: ' . @ldap_error($connection));
-        }
-
-        @ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
-        @ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
-
-        $bind = @ldap_bind($connection, $user_dn, $ldap_password);
-
-        if (!$bind) {
-            throw new Exception('LDAP bind failed: ' . @ldap_error($connection));
-        }
-
-        // Check the provided password against the LDAP service
-
-        $filter = '(objectclass=*)';
-
-        $result = @ldap_search($connection, $user['ldap_dn'], $filter);
-
-        if (!$result) {
-            return null;
-        }
-
-        $ldap_entries = @ldap_get_entries($connection, $result);
+        $ldap_host = setting('ldap_host');
+        $ldap_port = (int) setting('ldap_port');
 
-        foreach ($ldap_entries as $ldap_entry) {
-            if (!is_array($ldap_entry) || empty($ldap_entry['dn']) || $ldap_entry['dn'] !== $user['ldap_dn']) {
-                continue;
-            }
+        $connection = @ldap_connect($ldap_host, $ldap_port);
 
-            if (!$this->validate_password($password, $ldap_entry['userpassword'][0])) {
-                continue;
-            }
+        $user_bind = @ldap_bind($connection, $user['ldap_dn'], $password);
 
+        if ($user_bind) {
             $role = $this->CI->roles_model->find($user['id_roles']);
 
             $default_timezone = $this->CI->timezones->get_default_timezone();