-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathroundcubemail-password-anon-ldap-bind.patch
More file actions
74 lines (69 loc) · 3.21 KB
/
roundcubemail-password-anon-ldap-bind.patch
File metadata and controls
74 lines (69 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
--- roundcubemail-0.3.1/plugins/password/config.inc.php.dist~ 2009-10-09 18:04:01.000000000 +0200
+++ roundcubemail-0.3.1/plugins/password/config.inc.php.dist 2010-05-16 13:06:35.000000000 +0200
@@ -95,9 +95,11 @@
$rcmail_config['password_ldap_basedn'] = 'dc=exemple,dc=com';
// LDAP connection method
-// There is two connection method for changing a user's LDAP password.
+// There are three connection methods for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
+// 'anonymous': bind anonymously, then search for dn with given uid, and
+// rebind using found dn
// Default: 'user'
$rcmail_config['password_ldap_method'] = 'user';
--- roundcubemail-0.3.1/plugins/password/drivers/ldap.php.orig 2010-05-16 12:57:28.000000000 +0200
+++ roundcubemail-0.3.1/plugins/password/drivers/ldap.php 2010-05-16 13:02:42.000000000 +0200
@@ -30,25 +30,44 @@
}
if (empty($userDN)) {return PASSWORD_CONNECT_ERROR;}
-
- // Connection Method
- switch($rcmail->config->get('password_ldap_method')) {
- case 'user': $binddn = $userDN; $bindpw = $curpass; break;
- case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break;
- default: $binddn = $userDN; $bindpw = $curpass; break; // default is user mode
- }
-
- // Configuration array
+
+ $basedn = $rcmail->config->get('password_ldap_basedn');
+ // Configuration array
$ldapConfig = array (
- 'binddn' => $binddn,
- 'bindpw' => $bindpw,
- 'basedn' => $rcmail->config->get('password_ldap_basedn'),
+ 'binddn' => '',
+ 'bindpw' => '',
+ 'basedn' => $basedn,
'host' => $rcmail->config->get('password_ldap_host'),
'port' => $rcmail->config->get('password_ldap_port'),
'starttls' => $rcmail->config->get('password_ldap_starttls'),
'version' => $rcmail->config->get('password_ldap_version'),
);
+
+ // Connection Method
+ switch($rcmail->config->get('password_ldap_method')) {
+ case 'anonymous' :
+ //if anonymous is set, we anonymously bind to ldap
+ //then, we search for the dn of the first entry
+ //that matches our mask.
+ $ldap = Net_LDAP2::connect($ldapConfig);
+ if (PEAR::isError($ldap)) {return PASSWORD_CONNECT_ERROR;}
+ $r = $ldap->search($basedn,'uid='.$_SESSION['username']);
+ $entries = $r->entries();
+ if (count($entries) <= 0) {return PASSWORD_CONNECT_ERROR;}
+ $binddn = $entries[0]->dn();
+ $userDN = $binddn;
+ $bindpass = $curpass;
+ $ldap->done();
+ break;
+ case 'user': $binddn = $userDN; $bindpass = $curpass; break;
+ case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpass = $rcmail->config->get('password_ldap_adminPW'); break;
+ default: $binddn = $userDN; $bindpass = $curpass; break; // default is user mode
+ }
+
+ $ldapConfig['binddn'] = $binddn;
+ $ldapConfig['bindpw'] = $bindpass;
+
// Connecting using the configuration array
$ldap = Net_LDAP2::connect($ldapConfig);