deny ADS logins with empty passwords, in case anonymous search/bind is enabled on ADS

This commit is contained in:
Ralf Becker 2007-06-08 15:42:07 +00:00
parent 6ca395375e
commit d56c51d71d

View File

@ -48,8 +48,8 @@
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
/* Login with the LDAP Admin. User to find the User DN. */ // bind with username@ads_domain, only if a non-empty password given, in case anonymous search is enabled
if(!@ldap_bind($ldap,$username.'@'.$GLOBALS['egw_info']['server']['ads_domain'],$passwd)) if(empty($passwd) || !@ldap_bind($ldap,$username.'@'.$GLOBALS['egw_info']['server']['ads_domain'],$passwd))
{ {
//echo "<p>Cant bind with '$username@".$GLOBALS['egw_info']['server']['ads_domain']."' with PW '$passwd' !!!</p>\n"; //echo "<p>Cant bind with '$username@".$GLOBALS['egw_info']['server']['ads_domain']."' with PW '$passwd' !!!</p>\n";
return False; return False;