diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2018-06-27 23:09:44 +0200 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2018-06-27 23:12:07 +0200 |
| commit | 7a728f2154a1d0670b1f073315983b2969fafb07 (patch) | |
| tree | d0d61cfb90f8f8eda810adfa4e6a9bbc18b013ae | |
| parent | ad2ef3a81fd0dff07eaec63223829a17dd9c771f (diff) | |
| download | nextcloud-server-7a728f2154a1d0670b1f073315983b2969fafb07.tar.gz nextcloud-server-7a728f2154a1d0670b1f073315983b2969fafb07.zip | |
LDAP backup server should not be queried when auth fails
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
| -rw-r--r-- | apps/user_ldap/lib/Connection.php | 12 | ||||
| -rw-r--r-- | apps/user_ldap/tests/ConnectionTest.php | 53 |
2 files changed, 54 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index e6a01a17d25..6140aa297b4 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -511,6 +511,8 @@ class Connection extends LDAPUtility { /** * Connects and Binds to LDAP + * + * @throws ServerNotAvailableException */ private function establishConnection() { if(!$this->configuration->ldapConfigurationActive) { @@ -557,18 +559,12 @@ class Connection extends LDAPUtility { || $this->getFromCache('overrideMainServer')); $isBackupHost = (trim($this->configuration->ldapBackupHost) !== ""); $bindStatus = false; - $error = -1; try { if (!$isOverrideMainServer) { $this->doConnect($this->configuration->ldapHost, $this->configuration->ldapPort); - $bindStatus = $this->bind(); - $error = $this->ldap->isResource($this->ldapConnectionRes) ? - $this->ldap->errno($this->ldapConnectionRes) : -1; - } - if($bindStatus === true) { - return $bindStatus; } + return $this->bind(); } catch (ServerNotAvailableException $e) { if(!$isBackupHost) { throw $e; @@ -576,7 +572,7 @@ class Connection extends LDAPUtility { } //if LDAP server is not reachable, try the Backup (Replica!) Server - if($isBackupHost && ($error !== 0 || $isOverrideMainServer)) { + if($isBackupHost || $isOverrideMainServer) { $this->doConnect($this->configuration->ldapBackupHost, $this->configuration->ldapBackupPort); $this->bindResult = []; diff --git a/apps/user_ldap/tests/ConnectionTest.php b/apps/user_ldap/tests/ConnectionTest.php index cead84b05b0..c6c1fe11922 100644 --- a/apps/user_ldap/tests/ConnectionTest.php +++ b/apps/user_ldap/tests/ConnectionTest.php @@ -38,7 +38,7 @@ use OCA\User_LDAP\ILDAPWrapper; * @package OCA\User_LDAP\Tests */ class ConnectionTest extends \Test\TestCase { - /** @var \OCA\User_LDAP\ILDAPWrapper */ + /** @var \OCA\User_LDAP\ILDAPWrapper|\PHPUnit_Framework_MockObject_MockObject */ protected $ldap; /** @var Connection */ @@ -110,7 +110,7 @@ class ConnectionTest extends \Test\TestCase { ->method('setOption') ->will($this->returnValue(true)); - $this->ldap->expects($this->exactly(3)) + $this->ldap->expects($this->exactly(2)) ->method('connect') ->will($this->returnValue('ldapResource')); @@ -119,7 +119,7 @@ class ConnectionTest extends \Test\TestCase { ->will($this->returnValue(0)); // Not called often enough? Then, the fallback to the backup server is broken. - $this->connection->expects($this->exactly(4)) + $this->connection->expects($this->exactly(3)) ->method('getFromCache') ->with('overrideMainServer') ->will($this->onConsecutiveCalls(false, false, true, true)); @@ -145,6 +145,53 @@ class ConnectionTest extends \Test\TestCase { $this->connection->init(); } + public function testDontUseBackupServerOnFailedAuth() { + $mainHost = 'ldap://nixda.ldap'; + $backupHost = 'ldap://fallback.ldap'; + $config = [ + 'ldapConfigurationActive' => true, + 'ldapHost' => $mainHost, + 'ldapPort' => 389, + 'ldapBackupHost' => $backupHost, + 'ldapBackupPort' => 389, + 'ldapAgentName' => 'uid=agent', + 'ldapAgentPassword' => 'SuchASecret' + ]; + + $this->connection->setIgnoreValidation(true); + $this->connection->setConfiguration($config); + + $this->ldap->expects($this->any()) + ->method('isResource') + ->will($this->returnValue(true)); + + $this->ldap->expects($this->any()) + ->method('setOption') + ->will($this->returnValue(true)); + + $this->ldap->expects($this->once()) + ->method('connect') + ->will($this->returnValue('ldapResource')); + + $this->ldap->expects($this->any()) + ->method('errno') + ->will($this->returnValue(49)); + + $this->connection->expects($this->any()) + ->method('getFromCache') + ->with('overrideMainServer') + ->willReturn(false); + + $this->connection->expects($this->never()) + ->method('writeToCache'); + + $this->ldap->expects($this->exactly(1)) + ->method('bind') + ->willReturn(false); + + $this->connection->init(); + } + public function testBindWithInvalidCredentials() { // background: Bind with invalid credentials should return false // and not throw a ServerNotAvailableException. |