port 95cee0e from stable45

1 files changed, 14 insertions, 1 deletions

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index e0c6741bcb2..53d4edbe69c 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -58,7 +58,7 @@ abstract class Access {
 			return false;
 		}
 		$rr = @ldap_read($cr, $dn, $filter, array($attr));
-		$dn = $dn = str_replace('\\5c', '\\', $dn);
+		$dn = $this->DNasBaseParameter($dn);
 		if(!is_resource($rr)) {
 			\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
 			//in case an error occurs , e.g. object does not exist
@@ -684,6 +684,7 @@ abstract class Access {
 	}
 
 	public function areCredentialsValid($name, $password) {
+		$name = $this->DNasBaseParameter($name);
 		$testConnection = clone $this->connection;
 		$credentials = array(
 			'ldapAgentName' => $name,
@@ -772,6 +773,18 @@ abstract class Access {
 	}
 
 	/**
+	 * @brief converts a stored DN so it can be used as base parameter for LDAP queries
+	 * @param $dn the DN
+	 * @returns String
+	 *
+	 * converts a stored DN so it can be used as base parameter for LDAP queries
+	 * internally we store them for usage in LDAP filters
+	 */
+	private function DNasBaseParameter($dn) {
+		return str_replace('\\5c', '\\', $dn);
+	}
+
+	/**
 	 * @brief get a cookie for the next LDAP paged search
 	 * @param $filter the search filter to identify the correct search
 	 * @param $limit the limit (or 'pageSize'), to identify the correct search well