diff options
| -rw-r--r-- | apps/user_ldap/ajax/testConfiguration.php | 17 | ||||
| -rw-r--r-- | apps/user_ldap/js/wizard/wizardTabGeneric.js | 6 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ldap.php | 2 |
3 files changed, 25 insertions, 0 deletions
diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php index 289957764a1..f5fd5f23b87 100644 --- a/apps/user_ldap/ajax/testConfiguration.php +++ b/apps/user_ldap/ajax/testConfiguration.php @@ -39,6 +39,23 @@ try { if ($connection->setConfiguration($_POST)) { //Configuration is okay if ($connection->bind()) { + /* + * This shiny if block is an ugly hack to find out whether anonymous + * bind is possible on AD or not. Because AD happily and constantly + * replies with success to any anonymous bind request, we need to + * fire up a broken operation. If AD does not allow anonymous bind, + * it will end up with LDAP error code 1 which is turned into an + * exception by the LDAP wrapper. We catch this. Other cases may + * pass (like e.g. expected syntax error). + */ + try { + $ldapWrapper->read($connection->getConnectionResource(), 'neverwhere', 'objectClass=*', array('dn')); + } catch (\Exception $e) { + if($e->getCode() === 1) { + OCP\JSON::error(array('message' => $l->t('The configuration is invalid: anonymous bind is not allowed.'))); + exit; + } + } OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!'))); } else { diff --git a/apps/user_ldap/js/wizard/wizardTabGeneric.js b/apps/user_ldap/js/wizard/wizardTabGeneric.js index c272df7e3cc..b755f3ca060 100644 --- a/apps/user_ldap/js/wizard/wizardTabGeneric.js +++ b/apps/user_ldap/js/wizard/wizardTabGeneric.js @@ -74,7 +74,13 @@ OCA = OCA || {}; && !this.configModel.configuration.ldap_dn) { message = t('user_ldap', 'Anonymous bind is not allowed. Please provide a User DN and Password.'); + } else if (message === 'LDAP Operations error' + && !this.configModel.configuration.ldap_dn + && !this.configModel.configuration.ldap_agent_password) + { + message = t('user_ldap', 'LDAP Operations error. Anonymous bind might not be allowed.'); } + return message; }, diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php index 48852a3a491..8d2c493a4dc 100644 --- a/apps/user_ldap/lib/ldap.php +++ b/apps/user_ldap/lib/ldap.php @@ -289,6 +289,8 @@ class LDAP implements ILDAPWrapper { throw new ServerNotAvailableException('Lost connection to LDAP server.'); } else if ($errorCode === 48) { throw new \Exception('LDAP authentication method rejected'); + } else if ($errorCode === 1) { + throw new \Exception('LDAP Operations error', $errorCode); } else { \OCP\Util::writeLog('user_ldap', 'LDAP error '.$errorMsg.' (' . |