Почетна Преглед Помоћ
Пријавите се
boarspring
/
repo_zf1
огледало од https://github.com/bluescreen/zf1-php7.2.git
2
0
Креирај огранак 1
Датотеке Дискусије 0 Вики
Преглед изворни кода

ZF-8388
should fix problem with authenticating users against Active Directory

git-svn-id: http://framework.zend.com/svn/framework/standard/trunk@21008 44c647ce-9c0f-0410-b52a-842ac1e357ba

sgehrig пре 16 година
родитељ
f66f571c42
комит
0389bfc7bb
1 измењених фајлова са 12 додато и 5 уклоњено
Један поглед Покажи статистику Diff
  1. 12 5
      library/Zend/Auth/Adapter/Ldap.php

+ 12 - 5
library/Zend/Auth/Adapter/Ldap.php
Прегледај датотеку 

@@ -317,10 +317,15 @@ class Zend_Auth_Adapter_Ldap implements Zend_Auth_Adapter_Interface
 
                 /*
 
                 /*
 
                  * Fixes problem when authenticated user is not allowed to retrieve
 
                  * Fixes problem when authenticated user is not allowed to retrieve
 
                  * group-membership information or own account.
 
                  * group-membership information or own account.
 
-                 * This requires that the user specified with "username" and "password"
 
-                 * in the Zend_Ldap options is able to retrieve the required information.
 
+                 * This requires that the user specified with "username" and optionally
 
+                 * "password" in the Zend_Ldap options is able to retrieve the required
 
+                 * information.
 
                  */
 
                  */
 
-                $ldap->bind();
 
+                $requireRebind = false;
 
+                if (isset($options['username'])) {
 
+                    $ldap->bind();
 
+                    $requireRebind = true;
 
+                }
 
                 $dn = $ldap->getCanonicalAccountName($canonicalName, Zend_Ldap::ACCTNAME_FORM_DN);
 
                 $dn = $ldap->getCanonicalAccountName($canonicalName, Zend_Ldap::ACCTNAME_FORM_DN);
 
 
 
                 $groupResult = $this->_checkGroupMembership($ldap, $canonicalName, $dn, $adapterOptions);
 
                 $groupResult = $this->_checkGroupMembership($ldap, $canonicalName, $dn, $adapterOptions);
 
@@ -329,8 +334,10 @@ class Zend_Auth_Adapter_Ldap implements Zend_Auth_Adapter_Interface
 
                     $messages[0] = '';
 
                     $messages[0] = '';
 
                     $messages[1] = '';
 
                     $messages[1] = '';
 
                     $messages[] = "$canonicalName authentication successful";
 
                     $messages[] = "$canonicalName authentication successful";
 
-                    // rebinding with authenticated user
 
-                    $ldap->bind($dn, $password);
 
+                    if ($requireRebind === true) {
 
+	                    // rebinding with authenticated user
 
+	                    $ldap->bind($dn, $password);
 
+                    }
 
                     return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $canonicalName, $messages);
 
                     return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $canonicalName, $messages);
 
                 } else {
 
                 } else {
 
                     $messages[0] = 'Account is not a member of the specified group';
 
                     $messages[0] = 'Account is not a member of the specified group';