From 33ec26f6d62b7558bac3665b90315c950e5cb7b0 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 6 Feb 2013 14:24:00 +0100
Subject: [PATCH 1/4] LDAP: info string improved

---
 apps/user_ldap/templates/settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index eb3840a611..c6f1834e01 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -35,7 +35,7 @@
 				<p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php echo $_['ldap_backup_host_default']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
 				<p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php echo $_['ldap_backup_port_default']; ?>"  /></p>
 				<p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php echo $_['ldap_override_main_server_default']; ?>"  title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
-				<p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p>
+				<p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it additionally for LDAPS connections, it will fail.');?>" /></p>
 				<p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php echo $_['ldap_nocase_default']; ?>"  value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
 				<p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" data-default="<?php echo $_['ldap_turn_off_cert_check_default']; ?>" value="1"><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
 				<p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" data-default="<?php echo $_['ldap_cache_ttl_default']; ?>" /></p>

From e122fdbcb63cc4e36982dc23bd2a38c904417447 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 6 Feb 2013 14:30:17 +0100
Subject: [PATCH 2/4] LDAP: when ldaps and tls are configured, disable the
 latter one - they do not work together. ldaps already creates a secure
 connection.

---
 apps/user_ldap/lib/connection.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index acc33e047c..38b2b131e5 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -409,6 +409,11 @@ class Connection {
 				$this->config[$key] = array();
 			}
 		}
+		if((strpos($this->config['ldapHost'], 'ldaps') === 0)
+			&& $this->config['ldapTLS']) {
+			$this->config['ldapTLS'] = false;
+			\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched of TLS.', \OCP\Util::INFO);
+		}
 
 
 

From 781d247b39930e54d4e40c2c197c80367827b852 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 6 Feb 2013 14:32:00 +0100
Subject: [PATCH 3/4] LDAP: better detect timeouts. do not try to reconnect. do
 not try to bind when connection failed. makes ownCloud more responsive, esp.
 with multiple server connections configured

---
 apps/user_ldap/lib/connection.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 38b2b131e5..9b440da4f9 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -528,7 +528,7 @@ class Connection {
 			if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
 				$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
 				$bindStatus = $this->bind();
-				$error = ldap_errno($this->ldapConnectionRes);
+				$error = is_resource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1;
 			} else {
 				$bindStatus = false;
 				$error = null;
@@ -552,6 +552,9 @@ class Connection {
 	}
 
 	private function doConnect($host, $port) {
+		if(empty($host)) {
+			return false;
+		}
 		$this->ldapConnectionRes = ldap_connect($host, $port);
 		if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
 			if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
@@ -569,9 +572,13 @@ class Connection {
 		if(!$this->config['ldapConfigurationActive']) {
 			return false;
 		}
-		$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
+		$cr = $this->getConnectionResource();
+		if(!is_resource($cr)) {
+			return false;
+		}
+		$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
 		if(!$ldapLogin) {
-			\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
+			\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR);
 			$this->ldapConnectionRes = null;
 			return false;
 		}

From 15e383fd013ab44f6f0b3edcbbde206dadb33219 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Thu, 7 Feb 2013 16:05:45 +0100
Subject: [PATCH 4/4] Typo

---
 apps/user_ldap/lib/connection.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 9b440da4f9..f92779b1ca 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -412,7 +412,7 @@ class Connection {
 		if((strpos($this->config['ldapHost'], 'ldaps') === 0)
 			&& $this->config['ldapTLS']) {
 			$this->config['ldapTLS'] = false;
-			\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched of TLS.', \OCP\Util::INFO);
+			\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO);
 		}