#123 LDAP Authentication Patch Code

0.7.x
open
nobody
5
2007-02-21
2007-02-21
Ghost
No

I had trouble using More.Groupware with LDAP on a Win2k3 box so I looked at the code and some posts on PHP.net and here is my patch that fixes and simplifies the function authentify_user() in ldap.inc.php.

/************* Begin Code **************/
//no one in their right mind should have an empty pass and no username should be empty so lets not even bother trying to authenticate.
if(empty($user) || empty($pass)) return false;

//connect to the LDAP server
if($ldap = @ldap_connect($appconf["auth_ldaphost"]))
{
//if it's AD, set the options for Win2k3...not sure if this works with NT below Win2k3.
if($appconf["auth_ldaptype"] == 1)
{
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($conn, LDAP_OPT_REFERRALS,0);
}
$auth_user = $user.$appconf["auth_ldapsuffixe"];
if($bind = @ldap_bind($ldap, $auth_user, $pass))
{
@ldap_close($ldap);
return true;
} // if bound to ldap
} // if connected to ldap

@ldap_close($ldap);
return false;
/************* End Code **************/

Once I modified the function, I had no issues whatsoever. It should work perfectly fine with OpenLDAP and others as well. Not sure about secure connections (ldaps) yet, but I think it will if everything else is set up correctly.

Discussion