mirror/ssh-key-authority
1
0
Fork 0
mirror of https://github.com/operasoftware/ssh-key-authority.git synced 2025-12-16 18:04:15 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add setting to enable LDAP_OPT_REFERRALS, default off

Browse Source 
How referrals work:
 http://umich.edu/~dirsvcs/ldap/doc/other/ldap-ref.html

When they cause problems:
 https://bugs.php.net/bug.php?id=30670

Resolves: #16
This commit is contained in:
Thomas Pike
2018-07-21 15:01:13 +02:00
parent cf328c5f95
commit 42ff27c0a6
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/config-sample.ini
View File

@@ -85,6 +85,10 @@ starttls = 0
dn_user = "ou=users,dc=example,dc=com"
; LDAP subtree containing GROUP entries
dn_group = "ou=groups,dc=example,dc=com"
; Set to 1 if the LDAP library should process referrals. In most cases this
; is not needed, and for AD servers it can cause errors when querying the
; whole tree.
follow_referrals = 0
; Leave bind_dn empty if binding is not required
bind_dn =

5
core.php
View File

@@ -35,7 +35,10 @@ require('routes.php');
require('ldap.php');
require('email.php');
$ldap = new LDAP($config['ldap']['host'], $config['ldap']['starttls'], $config['ldap']['bind_dn'], $config['ldap']['bind_password']);
$ldap_options = array();
$ldap_options[LDAP_OPT_PROTOCOL_VERSION] = 3;
$ldap_options[LDAP_OPT_REFERRALS] = !empty($config['ldap']['follow_referrals']);
$ldap = new LDAP($config['ldap']['host'], $config['ldap']['starttls'], $config['ldap']['bind_dn'], $config['ldap']['bind_password'], $ldap_options);
setup_database();
$relative_frontend_base_url = (string)parse_url($config['web']['baseurl'], PHP_URL_PATH);

8
ldap.php
View File

@@ -21,13 +21,15 @@ class LDAP {
private $starttls;
private $bind_dn;
private $bind_password;
private $options;
public function __construct($host, $starttls, $bind_dn, $bind_password) {
public function __construct($host, $starttls, $bind_dn, $bind_password, $options) {
$this->conn = null;
$this->host = $host;
$this->starttls = $starttls;
$this->bind_dn = $bind_dn;
$this->bind_password = $bind_password;
$this->options = $options;
}
private function connect() {
@@ -36,8 +38,10 @@ class LDAP {
if($this->starttls) {
if(!ldap_start_tls($this->conn)) throw new LDAPConnectionFailureException('Could not initiate TLS connection to LDAP server');
}
foreach($this->options as $option => $value) {
ldap_set_option($this->conn, $option, $value);
}
if(!empty($this->bind_dn)) {
ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
if(!ldap_bind($this->conn, $this->bind_dn, $this->bind_password)) throw new LDAPConnectionFailureException('Could not bind to LDAP server');
}
}