[Koha-patches] [Signed Off] [PATCH] Bug 4993 checkpw_ldap - do bind just once
Chris Cormack
chrisc at catalyst.net.nz
Mon May 9 23:58:55 CEST 2011
From: Dobrica Pavlinusic <dpavlin at rot13.org>
When using auth_by_bind, search was always done as anonymous user.
This is a problem if we want to fetch LDAP values which have ACL
permissions only for users.
This change moves bind from search_method back into checkpw_ldap,
making code cleaner and easier to understand
Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz>
---
C4/Auth_with_ldap.pm | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index acbd923..3613acf 100644
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -82,11 +82,6 @@ sub search_method {
my $userid = shift or return;
my $uid_field = $mapping{userid}->{is} or die ldapserver_error("mapping for 'userid'");
my $filter = Net::LDAP::Filter->new("$uid_field=$userid") or die "Failed to create new Net::LDAP::Filter";
- my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
- if ($res->code) { # connection refused
- warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res);
- return 0;
- }
my $search = $db->search(
base => $base,
filter => $filter,
@@ -128,6 +123,11 @@ sub checkpw_ldap {
$userldapentry = $search->shift_entry;
} else {
+ my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
+ if ($res->code) { # connection refused
+ warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res);
+ return 0;
+ }
my $search = search_method($db, $userid) or return 0; # warnings are in the sub
$userldapentry = $search->shift_entry;
my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password );
--
1.7.4.1
More information about the Koha-patches
mailing list