aboutsummaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@arthur-schiwon.de>2018-06-27 23:09:44 +0200
committerArthur Schiwon <blizzz@arthur-schiwon.de>2018-06-27 23:15:44 +0200
commit993342f6a1e4651acf873aeec2ef5812363249ff (patch)
tree14d9afe90390d70095d7483eb51eb105b1d2702c /apps/user_ldap
parentfb9f4e3ebf821d82f89f193cf1aff518e27b8f8d (diff)
downloadnextcloud-server-993342f6a1e4651acf873aeec2ef5812363249ff.tar.gz
nextcloud-server-993342f6a1e4651acf873aeec2ef5812363249ff.zip
LDAP backup server should not be queried when auth fails
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/lib/Connection.php12
-rw-r--r--apps/user_ldap/tests/ConnectionTest.php53
2 files changed, 54 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 758d3f906b7..dc2c13df5b3 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -504,6 +504,8 @@ class Connection extends LDAPUtility {
/**
* Connects and Binds to LDAP
+ *
+ * @throws ServerNotAvailableException
*/
private function establishConnection() {
if(!$this->configuration->ldapConfigurationActive) {
@@ -545,18 +547,12 @@ class Connection extends LDAPUtility {
|| $this->getFromCache('overrideMainServer'));
$isBackupHost = (trim($this->configuration->ldapBackupHost) !== "");
$bindStatus = false;
- $error = -1;
try {
if (!$isOverrideMainServer) {
$this->doConnect($this->configuration->ldapHost,
$this->configuration->ldapPort);
- $bindStatus = $this->bind();
- $error = $this->ldap->isResource($this->ldapConnectionRes) ?
- $this->ldap->errno($this->ldapConnectionRes) : -1;
- }
- if($bindStatus === true) {
- return $bindStatus;
}
+ return $this->bind();
} catch (ServerNotAvailableException $e) {
if(!$isBackupHost) {
throw $e;
@@ -564,7 +560,7 @@ class Connection extends LDAPUtility {
}
//if LDAP server is not reachable, try the Backup (Replica!) Server
- if($isBackupHost && ($error !== 0 || $isOverrideMainServer)) {
+ if($isBackupHost || $isOverrideMainServer) {
$this->doConnect($this->configuration->ldapBackupHost,
$this->configuration->ldapBackupPort);
$this->bindResult = [];
diff --git a/apps/user_ldap/tests/ConnectionTest.php b/apps/user_ldap/tests/ConnectionTest.php
index cead84b05b0..c6c1fe11922 100644
--- a/apps/user_ldap/tests/ConnectionTest.php
+++ b/apps/user_ldap/tests/ConnectionTest.php
@@ -38,7 +38,7 @@ use OCA\User_LDAP\ILDAPWrapper;
* @package OCA\User_LDAP\Tests
*/
class ConnectionTest extends \Test\TestCase {
- /** @var \OCA\User_LDAP\ILDAPWrapper */
+ /** @var \OCA\User_LDAP\ILDAPWrapper|\PHPUnit_Framework_MockObject_MockObject */
protected $ldap;
/** @var Connection */
@@ -110,7 +110,7 @@ class ConnectionTest extends \Test\TestCase {
->method('setOption')
->will($this->returnValue(true));
- $this->ldap->expects($this->exactly(3))
+ $this->ldap->expects($this->exactly(2))
->method('connect')
->will($this->returnValue('ldapResource'));
@@ -119,7 +119,7 @@ class ConnectionTest extends \Test\TestCase {
->will($this->returnValue(0));
// Not called often enough? Then, the fallback to the backup server is broken.
- $this->connection->expects($this->exactly(4))
+ $this->connection->expects($this->exactly(3))
->method('getFromCache')
->with('overrideMainServer')
->will($this->onConsecutiveCalls(false, false, true, true));
@@ -145,6 +145,53 @@ class ConnectionTest extends \Test\TestCase {
$this->connection->init();
}
+ public function testDontUseBackupServerOnFailedAuth() {
+ $mainHost = 'ldap://nixda.ldap';
+ $backupHost = 'ldap://fallback.ldap';
+ $config = [
+ 'ldapConfigurationActive' => true,
+ 'ldapHost' => $mainHost,
+ 'ldapPort' => 389,
+ 'ldapBackupHost' => $backupHost,
+ 'ldapBackupPort' => 389,
+ 'ldapAgentName' => 'uid=agent',
+ 'ldapAgentPassword' => 'SuchASecret'
+ ];
+
+ $this->connection->setIgnoreValidation(true);
+ $this->connection->setConfiguration($config);
+
+ $this->ldap->expects($this->any())
+ ->method('isResource')
+ ->will($this->returnValue(true));
+
+ $this->ldap->expects($this->any())
+ ->method('setOption')
+ ->will($this->returnValue(true));
+
+ $this->ldap->expects($this->once())
+ ->method('connect')
+ ->will($this->returnValue('ldapResource'));
+
+ $this->ldap->expects($this->any())
+ ->method('errno')
+ ->will($this->returnValue(49));
+
+ $this->connection->expects($this->any())
+ ->method('getFromCache')
+ ->with('overrideMainServer')
+ ->willReturn(false);
+
+ $this->connection->expects($this->never())
+ ->method('writeToCache');
+
+ $this->ldap->expects($this->exactly(1))
+ ->method('bind')
+ ->willReturn(false);
+
+ $this->connection->init();
+ }
+
public function testBindWithInvalidCredentials() {
// background: Bind with invalid credentials should return false
// and not throw a ServerNotAvailableException.