From 9b2f171cbd9423222757584135a9fb17f051cf12 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 5 Jul 2017 13:04:04 +0200 Subject: [PATCH 1/2] do not attempt to recognise cert issue by using LDAPTLS_REQCERT first, it does not work (at least not everywhere/reliably), second if it did it was not reset properly. Removes a bit of complexity. Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/Wizard.php | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index dfbde31314..0383dc61b1 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -1019,21 +1019,14 @@ class Wizard extends LDAPUtility { /** * Connects and Binds to an LDAP Server + * * @param int $port the port to connect with * @param bool $tls whether startTLS is to be used - * @param bool $ncc * @return bool * @throws \Exception */ - private function connectAndBind($port = 389, $tls = false, $ncc = false) { - if($ncc) { - //No certificate check - //FIXME: undo afterwards - putenv('LDAPTLS_REQCERT=never'); - } - + private function connectAndBind($port, $tls) { //connect, does not really trigger any server communication - \OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG); $host = $this->configuration->ldapHost; $hostInfo = parse_url($host); if(!$hostInfo) { @@ -1045,7 +1038,6 @@ class Wizard extends LDAPUtility { throw new \Exception(self::$l->t('Invalid Host')); } - \OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG); //set LDAP options $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3); $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0); @@ -1074,18 +1066,13 @@ class Wizard extends LDAPUtility { if($login === true) { $this->ldap->unbind($cr); - if($ncc) { - throw new \Exception('Certificate cannot be validated.'); - } \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG); return true; } - if($errNo === -1 || ($errNo === 2 && $ncc)) { + if($errNo === -1) { //host, port or TLS wrong return false; - } else if ($errNo === 2) { - return $this->connectAndBind($port, $tls, true); } throw new \Exception($error, $errNo); } From 25439919f83d1e1db385649943677597f7ed9a14 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 5 Jul 2017 22:06:36 +0200 Subject: [PATCH 2/2] fix phpdoc return types (no code change) Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/ILDAPWrapper.php | 4 ++-- apps/user_ldap/lib/LDAP.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/user_ldap/lib/ILDAPWrapper.php b/apps/user_ldap/lib/ILDAPWrapper.php index 4034d0baea..71dd60c372 100644 --- a/apps/user_ldap/lib/ILDAPWrapper.php +++ b/apps/user_ldap/lib/ILDAPWrapper.php @@ -82,14 +82,14 @@ interface ILDAPWrapper { /** * Return the LDAP error number of the last LDAP command * @param resource $link LDAP link resource - * @return string error message as string + * @return int error code */ public function errno($link); /** * Return the LDAP error message of the last LDAP command * @param resource $link LDAP link resource - * @return int error code as integer + * @return string error message */ public function error($link); diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php index ebee078413..eafd8eacd0 100644 --- a/apps/user_ldap/lib/LDAP.php +++ b/apps/user_ldap/lib/LDAP.php @@ -100,7 +100,7 @@ class LDAP implements ILDAPWrapper { /** * @param LDAP $link - * @return mixed|string + * @return integer */ public function errno($link) { return $this->invokeLDAPMethod('errno', $link); @@ -108,7 +108,7 @@ class LDAP implements ILDAPWrapper { /** * @param LDAP $link - * @return int|mixed + * @return string */ public function error($link) { return $this->invokeLDAPMethod('error', $link);