diff options
Diffstat (limited to 'plugins/LdapAuthorization/LdapAuthorizationPlugin.php')
-rw-r--r-- | plugins/LdapAuthorization/LdapAuthorizationPlugin.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php index 7f48ce5e1..042b2db8d 100644 --- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php +++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php @@ -131,13 +131,13 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin { $ldap = $this->ldap_get_connection(); $link = $ldap->getLink(); - $r = ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); + $r = @ldap_compare($link, $groupDn, $this->uniqueMember_attribute, $userDn); if ($r === true){ return true; }else if($r === false){ return false; }else{ - common_log(LOG_ERR, ldap_error($r)); + common_log(LOG_ERR, "LDAP error determining if userDn=$userDn is a member of groupDn=groupDn using uniqueMember_attribute=$this->uniqueMember_attribute error: ".ldap_error($link)); return false; } } @@ -167,7 +167,12 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err=$ldap->bind(); if (Net_LDAP2::isError($err)) { - common_log(LOG_WARNING, 'Could not connect to LDAP server: '.$err->getMessage()); + // if we were called with a config, assume caller will handle + // incorrect username/password (LDAP_INVALID_CREDENTIALS) + if (isset($config) && $err->getCode() == 0x31) { + return null; + } + throw new Exception('Could not connect to LDAP server: '.$err->getMessage()); return false; } if($config == null) $this->default_ldap=$ldap; @@ -185,6 +190,9 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin if($ldap==null) { $ldap = $this->ldap_get_connection(); } + if(! $ldap) { + throw new Exception("Could not connect to LDAP"); + } $filter = Net_LDAP2_Filter::create($this->attributes['username'], 'equals', $username); $options = array( 'attributes' => $attributes |