self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-01-08 04:05:03 +02:00
Code Issues Releases Activity

Use DN instead of DistinguishedName for LDAP login

Browse Source
This commit is contained in:
FreddleSpl0it 2024-08-15 12:49:57 +02:00
parent 962ac39e4a
commit fa3c453d6e
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
data/web/inc/functions.auth.inc.php
View File

@ -498,7 +498,7 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
$ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
}
$ldap_query = $ldap_query->where($iam_settings['username_field'], '=', $user)
->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'cn']);
->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname', 'distinguishedname', 'dn']);
$user_res = $ldap_query->firstOrFail();
} catch (Exception $e) {
@ -506,29 +506,26 @@ function ldap_mbox_login($user, $pass, $iam_settings, $extra = null){
$_SESSION['return'] = array();
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*'),
'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
'msg' => 'ldap_error'
);
return false;
}
try {
if (!$iam_provider->auth()->attempt($user_res['distinguishedname'][0], $pass)) {
// fallback to cn
if (!$iam_provider->auth()->attempt($user_res['cn'][0], $pass)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*', $user_res),
'msg' => 'ldap_auth_failed'
);
return false;
}
if (!$iam_provider->auth()->attempt($user_res['dn'], $pass)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*', $user_res),
'msg' => 'ldap_auth_failed'
);
return false;
}
} catch (Exception $e) {
// clear $_SESSION['return'] to not leak data
$_SESSION['return'] = array();
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $user, '*'),
'log' => array(__FUNCTION__, $user, '*', $e->getMessage()),
'msg' => 'ldap_error'
);
return false;