From 9d937489db916667268481328e03d85533bed481 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Mon, 1 Mar 2021 19:20:05 +0100
Subject: [PATCH] do not die after LDAP auth failed with expired acc

- some servers return error code 53

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 apps/user_ldap/lib/Connection.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 9a99b94689..6ba21c6de2 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -676,9 +676,12 @@ class Connection extends LDAPUtility {
 				'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
 				ILogger::WARN);
 
-			// Set to failure mode, if LDAP error code is not LDAP_SUCCESS or LDAP_INVALID_CREDENTIALS
-			// or (needed for Apple Open Directory:) LDAP_INSUFFICIENT_ACCESS
-			if ($errno !== 0 && $errno !== 49 && $errno !== 50) {
+			// Set to failure mode, if LDAP error code is not one of
+			// - LDAP_SUCCESS (0)
+			// - LDAP_INVALID_CREDENTIALS (49)
+			// - LDAP_INSUFFICIENT_ACCESS (50, spotted Apple Open Directory)
+			// - LDAP_UNWILLING_TO_PERFORM (53, spotted eDirectory)
+			if (!in_array($errno, [0, 49, 50, 53], true)) {
 				$this->ldapConnectionRes = null;
 			}