[Koha-patches] [PATCH] Bug 12831 - local only logins should work with LDAP
Dobrica Pavlinusic
dpavlin at rot13.org
Fri Aug 29 13:39:36 CEST 2014
This fixes regression introducted in Bug 8148.
If ldap is enabled, and using auth_by_bind, one will not be able to login
using any local accounts which do not appear in the ldap directory.
This is problematic because a number of koha system accounts are unlikely
to have a parallel in the active directory.. for instance SIP Service User
accounts.
---
C4/Auth_with_ldap.pm | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index b42506d..c313af9 100644
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -146,7 +146,11 @@ sub checkpw_ldap {
my $res = $db->bind( $principal_name, password => $password );
if ( $res->code ) {
warn "LDAP bind failed as kohauser $userid: " . description($res);
- return -1;
+ if ( $res->code == 34 ) { # invalid DN, probably local user
+ return 0; # fallback to local auth
+ } else {
+ return -1; # invalid password
+ }
}
if ( !defined($userldapentry)
&& ( $config{update} or $config{replicate} ) )
--
1.7.2.5
More information about the Koha-patches
mailing list