summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap/ajax
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2015-05-08 17:15:29 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-05-18 18:14:05 +0200
commit5a563936579110bfa7d333ae8f32121cbc36cc7d (patch)
tree0d9b5c31e449fd8fcee9502583f2dda4ccb8c28a /apps/user_ldap/ajax
parentb9e53097577499b519f9fcdd053421cb1507bab3 (diff)
downloadnextcloud-server-5a563936579110bfa7d333ae8f32121cbc36cc7d.tar.gz
nextcloud-server-5a563936579110bfa7d333ae8f32121cbc36cc7d.zip
throw exception on LDAP error 1, which we usually do not see and is pretty generic. AD uses is for uses not enlisted in the RFC, like on issues with anonymous binds. we also try to guess this case and show a hint.
Diffstat (limited to 'apps/user_ldap/ajax')
-rw-r--r--apps/user_ldap/ajax/testConfiguration.php17
1 files changed, 17 insertions, 0 deletions
diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php
index 289957764a1..f5fd5f23b87 100644
--- a/apps/user_ldap/ajax/testConfiguration.php
+++ b/apps/user_ldap/ajax/testConfiguration.php
@@ -39,6 +39,23 @@ try {
if ($connection->setConfiguration($_POST)) {
//Configuration is okay
if ($connection->bind()) {
+ /*
+ * This shiny if block is an ugly hack to find out whether anonymous
+ * bind is possible on AD or not. Because AD happily and constantly
+ * replies with success to any anonymous bind request, we need to
+ * fire up a broken operation. If AD does not allow anonymous bind,
+ * it will end up with LDAP error code 1 which is turned into an
+ * exception by the LDAP wrapper. We catch this. Other cases may
+ * pass (like e.g. expected syntax error).
+ */
+ try {
+ $ldapWrapper->read($connection->getConnectionResource(), 'neverwhere', 'objectClass=*', array('dn'));
+ } catch (\Exception $e) {
+ if($e->getCode() === 1) {
+ OCP\JSON::error(array('message' => $l->t('The configuration is invalid: anonymous bind is not allowed.')));
+ exit;
+ }
+ }
OCP\JSON::success(array('message'
=> $l->t('The configuration is valid and the connection could be established!')));
} else {