From bbeb51461fbe3672b3a6bc62371abdd2e18f5828 Mon Sep 17 00:00:00 2001 From: Jared Biel Date: Tue, 24 Mar 2020 16:27:14 -0500 Subject: [PATCH 1/2] Fix LDAP logins --- app/Services/LdapAd.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/app/Services/LdapAd.php b/app/Services/LdapAd.php index bd3170e13..ba44ee507 100644 --- a/app/Services/LdapAd.php +++ b/app/Services/LdapAd.php @@ -63,6 +63,8 @@ class LdapAd extends LdapAdConfiguration parent::init(); if($this->isLdapEnabled()) { + $this->ldapConfig['account_prefix'] = 'uid='; + $this->ldapConfig['account_suffix'] = ','.$this->ldapConfig['base_dn']; $this->ldap = new Adldap(); $this->ldap->addProvider($this->ldapConfig); return true; @@ -90,12 +92,9 @@ class LdapAd extends LdapAdConfiguration $username .= '@' . $this->ldapSettings['ad_domain']; } - try { - $this->ldap->auth()->attempt($username, $password); - } catch (Exception $e) { - Log::error($e->getMessage()); + if ($this->ldap->auth()->attempt($username, $password, true) === false) { throw new Exception('Unable to validate user credentials!'); - } + } // Should we sync the logged in user Log::debug('Attempting to find user in LDAP directory'); From 67a1d2fa5fcf243de4b2c92b189b0419773c500f Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Wed, 26 Aug 2020 12:25:10 -0700 Subject: [PATCH 2/2] Remove hardcoding of LDAP Auth query to 'uid=', use setting instead --- app/Services/LdapAd.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Services/LdapAd.php b/app/Services/LdapAd.php index 228a44f23..2068f416c 100644 --- a/app/Services/LdapAd.php +++ b/app/Services/LdapAd.php @@ -63,7 +63,7 @@ class LdapAd extends LdapAdConfiguration parent::init(); if($this->isLdapEnabled()) { - $this->ldapConfig['account_prefix'] = 'uid='; + $this->ldapConfig['account_prefix'] = $this->ldapSettings['ldap_auth_filter_query']; $this->ldapConfig['account_suffix'] = ','.$this->ldapConfig['base_dn']; $this->ldap = new Adldap(); $this->ldap->addProvider($this->ldapConfig);