From 58a5a4578ce452b5e946ad753d0e39dd0f4a8963 Mon Sep 17 00:00:00 2001 From: FreddleSpl0it Date: Tue, 13 Aug 2024 12:14:05 +0200 Subject: [PATCH] [Web] use cn as fallback ldap login --- data/web/inc/functions.auth.inc.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/data/web/inc/functions.auth.inc.php b/data/web/inc/functions.auth.inc.php index 9ab54e4bb..f93eb54cf 100644 --- a/data/web/inc/functions.auth.inc.php +++ b/data/web/inc/functions.auth.inc.php @@ -498,7 +498,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){ $ldap_query = $ldap_query->rawFilter($iam_settings['filter']); } $ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user) - ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname']); + ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'cn']); $user_res = $ldap_query->firstOrFail(); } catch (Exception $e) { @@ -513,12 +513,15 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){ } try { if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) { - $_SESSION['return'][] = array( - 'type' => 'danger', - 'log' => array(__FUNCTION__, $user, '*', $user_res), - 'msg' => 'ldap_auth_failed' - ); - return false; + // fallback to cn + if (!$iam_provider->auth()->attempt($user_res['cn'][0], $pass)) { + $_SESSION['return'][] = array( + 'type' => 'danger', + 'log' => array(__FUNCTION__, $user, '*', $user_res), + 'msg' => 'ldap_auth_failed' + ); + return false; + } } } catch (Exception $e) { // clear $_SESSION['return'] to not leak data