From fd8b994ddefe487ef03a52b382e5286a022b60e7 Mon Sep 17 00:00:00 2001
From: ralf <rb@egroupware.org>
Date: Fri, 25 Aug 2023 18:01:46 +0200
Subject: [PATCH] fix "no SSL connection" error when trying to change password
 over a ldaps connection also fix PHP Fatal error "Can NOT convert object to
 string", when trying to log an error

---
 api/src/Accounts/Ads.php | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/api/src/Accounts/Ads.php b/api/src/Accounts/Ads.php
index 0b2dcdaf1f..7cecc955c0 100644
--- a/api/src/Accounts/Ads.php
+++ b/api/src/Accounts/Ads.php
@@ -728,10 +728,10 @@ class Ads
 				}
 			}
 		}
-		// attributes not (yet) suppored by adldap
+		// attributes not (yet) supported by adldap
 		if ($ldap && !($ret = @ldap_modify($ds=$this->ldap_connection(), $old['account_dn'], $ldap)))
 		{
-			error_log(__METHOD__."(".array2string($data).") ldap_modify($ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret));
+			error_log(__METHOD__."(".array2string($data).") ldap_modify(\$ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret));
 			return false;
 		}
 		return $old['account_id'];
@@ -882,7 +882,7 @@ class Ads
 		// attributes not (yet) suppored by adldap
 		if ($ldap && !($ret = @ldap_modify($ds=$this->ldap_connection(), $old['account_dn'], $ldap)))
 		{
-			error_log(__METHOD__."(".array2string($data).") ldap_modify($ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret).' ('.ldap_error($ds).') '.function_backtrace());
+			error_log(__METHOD__."(".array2string($data).") ldap_modify(\$ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret).' ('.ldap_error($ds).') '.function_backtrace());
 			return false;
 		}
 		//elseif ($ldap) error_log(__METHOD__."(".array2string($data).") ldap_modify($ds, '$old[account_dn]', ".array2string($ldap).') returned '.array2string($ret).' '.function_backtrace());
@@ -1442,8 +1442,6 @@ class adLDAP extends \adLDAP
 		throw $e;
 	}
 
-
-
 	/**
 	 * Not so random anymore ;)
 	 *
@@ -1454,6 +1452,16 @@ class adLDAP extends \adLDAP
 		return $this->_controller ?? parent::randomController();
 	}
 
+	/**
+	 * Reimplemented to check ldaps uri instead of the no longer used attribute $this->useSSL
+	 *
+	 * @return bool
+	 */
+	function getUseSSL()
+	{
+		return substr($this->_controller, 0, 8) === 'ldaps://';
+	}
+
 	/**
 	 * Magic method called when object gets serialized
 	 *
@@ -1608,7 +1616,7 @@ class adLDAPUsers extends \adLDAPUsers
 		// Add the entry
 		$result = ldap_add($ds=$this->adldap->getLdapConnection(), $dn="CN=" . $add["cn"][0] . "," . $attributes["container"] . "," . $this->adldap->getBaseDn(), $add);
 		if ($result != true) {
-			error_log(__METHOD__."(".array2string($attributes).") ldap_add($ds, '$dn', ".array2string($add).") returned ".array2string($result)." ldap_error()=".ldap_error($ds));
+			error_log(__METHOD__."(".array2string($attributes).") ldap_add(\$ds, '$dn', ".array2string($add).") returned ".array2string($result)." ldap_error()=".ldap_error($ds));
 			return false;
 		}
 
@@ -1623,7 +1631,7 @@ class adLDAPUsers extends \adLDAPUsers
 				$control_options = array("NORMAL_ACCOUNT");
 				$mod = array("userAccountControl" => $this->accountControl($control_options));
 				$result = ldap_modify($ds, $dn, $mod);
-				if (!$result) error_log(__METHOD__."(".array2string($attributes).") ldap_modify($ds, '$dn', ".array2string($mod).") returned ".array2string($result)." ldap_error()=".ldap_error($ds));
+				if (!$result) error_log(__METHOD__."(".array2string($attributes).") ldap_modify(\$ds, '$dn', ".array2string($mod).") returned ".array2string($result)." ldap_error()=".ldap_error($ds));
 			}
 		}
 
@@ -1669,7 +1677,7 @@ class adLDAPUsers extends \adLDAPUsers
     	$result = ldap_mod_replace($ds=$this->adldap->getLdapConnection(), $dn, array(
     		'unicodePwd' => $this->encodePassword($password),
     	));
-    	if (!$result) error_log(__METHOD__."('$dn', '$password') ldap_mod_replace($ds, '$dn', \$password) returned FALSE: ".ldap_error($ds));
+    	if (!$result) error_log(__METHOD__."('$dn', '$password') ldap_mod_replace(\$ds, '$dn', \$password) returned FALSE: ".ldap_error($ds));
     	return $result;
     }
 
@@ -1795,7 +1803,7 @@ class adLDAPUsers extends \adLDAPUsers
 	        $result = @ldap_modify($ds=$this->adldap->getLdapConnection(), $userDn, $mod);
 	        if ($result == false) {
 				if (isset($mod['unicodePwd'])) $mod['unicodePwd'] = '***';
-				error_log(__METHOD__."(".array2string($attributes).") ldap_modify($ds, '$userDn', ".array2string($mod).") returned ".array2string($result)." ldap_error()=".ldap_error($ds));
+				error_log(__METHOD__."(".array2string($attributes).") ldap_modify(\$ds, '$userDn', ".array2string($mod).") returned ".array2string($result)." ldap_error()=".ldap_error($ds));
 	        	return false;
 	        }
 		}