diff options
| author | blizzz <blizzz@owncloud.com> | 2013-02-07 07:06:35 -0800 |
|---|---|---|
| committer | blizzz <blizzz@owncloud.com> | 2013-02-07 07:06:35 -0800 |
| commit | 6cff5418a75775b9cb2f8c877797b469d5cd3ce9 (patch) | |
| tree | d488103da577658e6da949deec61ad1cf26934f2 | |
| parent | 0efcf33e2f349ad7b2be183ee5363db784d2cc5f (diff) | |
| parent | 15e383fd013ab44f6f0b3edcbbde206dadb33219 (diff) | |
| download | nextcloud-server-6cff5418a75775b9cb2f8c877797b469d5cd3ce9.tar.gz nextcloud-server-6cff5418a75775b9cb2f8c877797b469d5cd3ce9.zip | |
Merge pull request #1524 from owncloud/fix_ldaps_tls_setting
LDAP: don't try to put TLS on top of already secure connection (will fail).
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 18 | ||||
| -rw-r--r-- | apps/user_ldap/templates/settings.php | 2 |
2 files changed, 16 insertions, 4 deletions
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index acc33e047c6..f92779b1cad 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -409,6 +409,11 @@ class Connection { $this->config[$key] = array(); } } + if((strpos($this->config['ldapHost'], 'ldaps') === 0) + && $this->config['ldapTLS']) { + $this->config['ldapTLS'] = false; + \OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO); + } @@ -523,7 +528,7 @@ class Connection { if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) { $this->doConnect($this->config['ldapHost'], $this->config['ldapPort']); $bindStatus = $this->bind(); - $error = ldap_errno($this->ldapConnectionRes); + $error = is_resource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1; } else { $bindStatus = false; $error = null; @@ -547,6 +552,9 @@ class Connection { } private function doConnect($host, $port) { + if(empty($host)) { + return false; + } $this->ldapConnectionRes = ldap_connect($host, $port); if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) { if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) { @@ -564,9 +572,13 @@ class Connection { if(!$this->config['ldapConfigurationActive']) { return false; } - $ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']); + $cr = $this->getConnectionResource(); + if(!is_resource($cr)) { + return false; + } + $ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']); if(!$ldapLogin) { - \OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR); + \OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR); $this->ldapConnectionRes = null; return false; } diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index eb3840a611b..c6f1834e013 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -35,7 +35,7 @@ <p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php echo $_['ldap_backup_host_default']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p> <p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php echo $_['ldap_backup_port_default']; ?>" /></p> <p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php echo $_['ldap_override_main_server_default']; ?>" title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p> - <p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p> + <p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it additionally for LDAPS connections, it will fail.');?>" /></p> <p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php echo $_['ldap_nocase_default']; ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p> <p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" data-default="<?php echo $_['ldap_turn_off_cert_check_default']; ?>" value="1"><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p> <p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" data-default="<?php echo $_['ldap_cache_ttl_default']; ?>" /></p> |