Skip to content

Commit

Permalink
Another LDAP connect check: Check bind 3 times against -1 (connect) e…
Browse files Browse the repository at this point in the history 
…rror instead of serviceping
  • Loading branch information
robin.kluth committed Mar 28, 2023
1 parent 6613648 commit d2e9651
Showing 1 changed file with 23 additions and 3 deletions.
26 changes: 23 additions & 3 deletions src/LdapAuth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,24 +233,39 @@ public function login($username, $password, $domainKey = false, $fetchUserDN = f

Yii::debug('Connecting to ' . $hostPrefix . ', Port: ' . $port, __METHOD__);

ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 5);
$l = @ldap_connect($hostPrefix, $port);
if (!$l) {
Yii::warning('Connect failed! ' . ldap_error($l), __METHOD__);
continue;
}

ldap_set_option($l, LDAP_OPT_NETWORK_TIMEOUT, 5);
ldap_set_option($l, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($l, LDAP_OPT_REFERRALS, 0);
ldap_set_option($l, LDAP_OPT_NETWORK_TIMEOUT, 3);

$bind_dn = strpos($username, '@') === false && strpos($username, ',') === false ? $username . '@' . $domainData['name'] : $username;

Yii::debug('Trying to authenticate with DN ' . $bind_dn, __METHOD__);

$b = @ldap_bind($l, $bind_dn, $password);
$connTry = 0;
$connected = false;
do {
$connTry++;
$b = @ldap_bind($l, $bind_dn, $password);
if (!$b && ldap_errno($l) === -1) { // -1 = No TCP connection
Yii::warning("Connect try #$connTry failed!", __METHOD__);
} else {
$connected = true;
}
} while ($connTry < 3 && !$connected);

if ($connTry == 3 && !$connected) {
Yii::error("No answer from LDAP after $connTry tries!", __METHOD__);
}

if (!$b) {
Yii::warning('Bind failed! ' . ldap_error($l), __METHOD__);
Yii::warning('Bind failed! ' . ldap_error($l) . ' - Errno: ' . ldap_errno($l), __METHOD__);
continue;
}

Expand Down Expand Up @@ -554,4 +569,9 @@ public static function handleEntry($entry)
return $newEntry;
}

public function getLastError()
{
return ldap_error($this->_l);
}

}

0 comments on commit d2e9651

Please sign in to comment.