diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 9f6639c0db0175947de2303fe2faf3952137d09c..9e93ef2ecaa3ea610b937f33931726ab36dca5f7 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -965,10 +965,6 @@ class Access extends LDAPUtility implements IUserTools {
$sr = $this->ldap->search($linkResources, $base, $filter, $attr);
$error = $this->ldap->errno($cr);
if(!is_array($sr) || $error !== 0) {
- \OCP\Util::writeLog('user_ldap',
- 'Error when searching: '.$this->ldap->error($cr).
- ' code '.$this->ldap->errno($cr),
- \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap', 'Attempt for Paging? '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
return false;
}
diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php
index cac09f259939e17471ae9c5b5c6adf0e64d90d01..ebee078413069148e64fc3d0ee2fda7ccbd65b23 100644
--- a/apps/user_ldap/lib/LDAP.php
+++ b/apps/user_ldap/lib/LDAP.php
@@ -257,6 +257,31 @@ class LDAP implements ILDAPWrapper {
return is_resource($resource);
}
+ /**
+ * Checks whether the return value from LDAP is wrong or not.
+ *
+ * When using ldap_search we provide an array, in case multiple bases are
+ * configured. Thus, we need to check the array elements.
+ *
+ * @param $result
+ * @return bool
+ */
+ protected function isResultFalse($result) {
+ if($result === false) {
+ return true;
+ }
+
+ if($this->curFunc === 'ldap_search' && is_array($result)) {
+ foreach ($result as $singleResult) {
+ if($singleResult === false) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
/**
* @return mixed
*/
@@ -266,7 +291,7 @@ class LDAP implements ILDAPWrapper {
if(function_exists($func)) {
$this->preFunctionCall($func, $arguments);
$result = call_user_func_array($func, $arguments);
- if ($result === FALSE) {
+ if ($this->isResultFalse($result)) {
$this->postFunctionCall();
}
return $result;
@@ -283,37 +308,66 @@ class LDAP implements ILDAPWrapper {
$this->curArgs = $args;
}
+ /**
+ * Analyzes the returned LDAP error and acts accordingly if not 0
+ *
+ * @param resource $resource the LDAP Connection resource
+ * @throws ConstraintViolationException
+ * @throws ServerNotAvailableException
+ * @throws \Exception
+ */
+ private function processLDAPError($resource) {
+ $errorCode = ldap_errno($resource);
+ if($errorCode === 0) {
+ return;
+ }
+ $errorMsg = ldap_error($resource);
+
+ if($this->curFunc === 'ldap_get_entries'
+ && $errorCode === -4) {
+ } else if ($errorCode === 32) {
+ //for now
+ } else if ($errorCode === 10) {
+ //referrals, we switch them off, but then there is AD :)
+ } else if ($errorCode === -1) {
+ throw new ServerNotAvailableException('Lost connection to LDAP server.');
+ } else if ($errorCode === 48) {
+ throw new \Exception('LDAP authentication method rejected', $errorCode);
+ } else if ($errorCode === 1) {
+ throw new \Exception('LDAP Operations error', $errorCode);
+ } else if ($errorCode === 19) {
+ ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error);
+ throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode);
+ } else {
+ \OCP\Util::writeLog('user_ldap',
+ 'LDAP error '.$errorMsg.' (' .
+ $errorCode.') after calling '.
+ $this->curFunc,
+ \OCP\Util::DEBUG);
+ }
+ }
+
+ /**
+ * Called after an ldap method is run to act on LDAP error if necessary
+ */
private function postFunctionCall() {
if($this->isResource($this->curArgs[0])) {
- $errorCode = ldap_errno($this->curArgs[0]);
- $errorMsg = ldap_error($this->curArgs[0]);
- if($errorCode !== 0) {
- if($this->curFunc === 'ldap_get_entries'
- && $errorCode === -4) {
- } else if ($errorCode === 32) {
- //for now
- } else if ($errorCode === 10) {
- //referrals, we switch them off, but then there is AD :)
- } else if ($errorCode === -1) {
- throw new ServerNotAvailableException('Lost connection to LDAP server.');
- } else if ($errorCode === 48) {
- throw new \Exception('LDAP authentication method rejected', $errorCode);
- } else if ($errorCode === 1) {
- throw new \Exception('LDAP Operations error', $errorCode);
- } else if ($errorCode === 19) {
- ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error);
- throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode);
- } else {
- \OCP\Util::writeLog('user_ldap',
- 'LDAP error '.$errorMsg.' (' .
- $errorCode.') after calling '.
- $this->curFunc,
- \OCP\Util::DEBUG);
- }
- }
+ $resource = $this->curArgs[0];
+ } else if(
+ $this->curFunc === 'ldap_search'
+ && is_array($this->curArgs[0])
+ && $this->isResource($this->curArgs[0][0])
+ ) {
+ // we use always the same LDAP connection resource, is enough to
+ // take the first one.
+ $resource = $this->curArgs[0][0];
+ } else {
+ return;
}
+ $this->processLDAPError($resource);
+
$this->curFunc = '';
- $this->curArgs = array();
+ $this->curArgs = [];
}
}
diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php
index 448b34524f5980e06956235c80081ccc7214f7d7..cfd2450a1227eb79346b9e9333f5531d7037a890 100644
--- a/apps/user_ldap/lib/User_LDAP.php
+++ b/apps/user_ldap/lib/User_LDAP.php
@@ -136,17 +136,16 @@ class User_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
}
/**
- * Check if the password is correct
+ * Check if the password is correct without logging in the user
+ *
* @param string $uid The username
* @param string $password The password
* @return false|string
- *
- * Check if the password is correct without logging in the user
*/
public function checkPassword($uid, $password) {
try {
$ldapRecord = $this->getLDAPUserByLoginName($uid);
- } catch(\Exception $e) {
+ } catch(NotOnLDAP $e) {
if($this->ocConfig->getSystemValue('loglevel', Util::WARN) === Util::DEBUG) {
\OC::$server->getLogger()->logException($e, ['app' => 'user_ldap']);
}