Univention Bugzilla – Attachment 8383 Details for
Bug 43384
SAML login can't check why login failed anymore (password expired., etc)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch
43384.patch (text/plain), 2.43 KB, created by
Jürn Brodersen
on 2017-01-30 12:26:34 CET
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
Jürn Brodersen
Created:
2017-01-30 12:26:34 CET
Size:
2.43 KB
patch
obsolete
>Index: simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php >=================================================================== >--- simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php (revision 75862) >+++ simplesamlphp-modules/uldap/lib/Auth/Source/uLDAP.php (working copy) >@@ -16,6 +16,8 @@ > * A LDAP configuration object. > */ > private $ldapConfig; >+ private $ldap; >+ private $config; > > > /** >@@ -33,22 +35,22 @@ > > $this->ldapConfig = new sspmod_ldap_ConfigHelper($config, > 'Authentication source ' . var_export($this->authId, TRUE)); >+ $this->ldap = new SimpleSAML_Auth_LDAP($config['hostname'], $config['enableTLS'], $config['debug'], $config['timeout']); >+ $this->ldap->bind($config['search.username'], $config['search.password']); >+ $this->config = $config; > } > > > /** >- * Attempt to log in using the given username and password. >+ * Check if login might be possible. > * > * @param string $username The username the user wrote. >- * @param string $password The password the user wrote. >- * param array $sasl_arg Associative array of SASL options >- * @return array Associative array with the users attributes. > */ >- protected function login($username, $password, array $sasl_args = NULL) { >+ private function is_login_possible($username) { > assert('is_string($username)'); >- assert('is_string($password)'); >- >- $attributes = $this->ldapConfig->login($username, $password, $sasl_args); >+ >+ $user_dn = $this->ldap->searchfordn($this->config['search.base'], $this->config['search.attributes'], $username, TRUE); >+ $attributes = $this->ldap->getAttributes($user_dn); > SimpleSAML_Logger::debug('got LDAP attributes:' . var_export($attributes, true)); > > $the_time = time(); >@@ -123,6 +125,26 @@ > } > // ldap: locking ldap is done by modifying password > but then ldap bind has failed anyway > >+ return TRUE; >+ } >+ >+ >+ /** >+ * Attempt to log in using the given username and password. >+ * >+ * @param string $username The username the user wrote. >+ * @param string $password The password the user wrote. >+ * param array $sasl_arg Associative array of SASL options >+ * @return array Associative array with the users attributes. >+ */ >+ protected function login($username, $password, array $sasl_args = NULL) { >+ assert('is_string($username)'); >+ assert('is_string($password)'); >+ >+ $this->is_login_possible($username); >+ >+ $attributes = $this->ldapConfig->login($username, $password, $sasl_args); >+ > return $attributes; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8383">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 43384
: 8383 |
8398