Merge pull request #5616 from nextcloud/ldap-wizard-remove-LDAPTLS_REQCERT-attempt
LDAP Wizard: do not attempt to recognise cert issue by using LDAPTLS_REQCERT
This commit is contained in:
Morris Jobke
GitHub
commit
43facdb95f
|
|
@ -82,14 +82,14 @@ interface ILDAPWrapper {
|
|||
/**
|
||||
* Return the LDAP error number of the last LDAP command
|
||||
* @param resource $link LDAP link resource
|
||||
* @return string error message as string
|
||||
* @return int error code
|
||||
*/
|
||||
public function errno($link);
|
||||
|
||||
/**
|
||||
* Return the LDAP error message of the last LDAP command
|
||||
* @param resource $link LDAP link resource
|
||||
* @return int error code as integer
|
||||
* @return string error message
|
||||
*/
|
||||
public function error($link);
|
||||
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ class LDAP implements ILDAPWrapper {
|
|||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @return mixed|string
|
||||
* @return integer
|
||||
*/
|
||||
public function errno($link) {
|
||||
return $this->invokeLDAPMethod('errno', $link);
|
||||
|
|
@ -108,7 +108,7 @@ class LDAP implements ILDAPWrapper {
|
|||
|
||||
/**
|
||||
* @param LDAP $link
|
||||
* @return int|mixed
|
||||
* @return string
|
||||
*/
|
||||
public function error($link) {
|
||||
return $this->invokeLDAPMethod('error', $link);
|
||||
|
|
|
|||
|
|
@ -1019,21 +1019,14 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
/**
|
||||
* Connects and Binds to an LDAP Server
|
||||
*
|
||||
* @param int $port the port to connect with
|
||||
* @param bool $tls whether startTLS is to be used
|
||||
* @param bool $ncc
|
||||
* @return bool
|
||||
* @throws \Exception
|
||||
*/
|
||||
private function connectAndBind($port = 389, $tls = false, $ncc = false) {
|
||||
if($ncc) {
|
||||
//No certificate check
|
||||
//FIXME: undo afterwards
|
||||
putenv('LDAPTLS_REQCERT=never');
|
||||
}
|
||||
|
||||
private function connectAndBind($port, $tls) {
|
||||
//connect, does not really trigger any server communication
|
||||
\OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG);
|
||||
$host = $this->configuration->ldapHost;
|
||||
$hostInfo = parse_url($host);
|
||||
if(!$hostInfo) {
|
||||
|
|
@ -1045,7 +1038,6 @@ class Wizard extends LDAPUtility {
|
|||
throw new \Exception(self::$l->t('Invalid Host'));
|
||||
}
|
||||
|
||||
\OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG);
|
||||
//set LDAP options
|
||||
$this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
$this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0);
|
||||
|
|
@ -1074,18 +1066,13 @@ class Wizard extends LDAPUtility {
|
|||
|
||||
if($login === true) {
|
||||
$this->ldap->unbind($cr);
|
||||
if($ncc) {
|
||||
throw new \Exception('Certificate cannot be validated.');
|
||||
}
|
||||
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
|
||||
return true;
|
||||
}
|
||||
|
||||
if($errNo === -1 || ($errNo === 2 && $ncc)) {
|
||||
if($errNo === -1) {
|
||||
//host, port or TLS wrong
|
||||
return false;
|
||||
} else if ($errNo === 2) {
|
||||
return $this->connectAndBind($port, $tls, true);
|
||||
}
|
||||
throw new \Exception($error, $errNo);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue