mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Handle ad/ldap authorizer search error (#16139)

Browse Source 
* Handle ldap authorizer search error

* Update LdapAuthorizationAuthorizer.php

* More ldap failure checks
This commit is contained in:
Tony Murray
2024-06-24 19:49:34 -05:00
committed by GitHub
parent 6bd55dce25
commit 473cbcc508
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
LibreNMS/Authentication/ADAuthorizationAuthorizer.php
View File

@@ -78,6 +78,9 @@ class ADAuthorizationAuthorizer extends MysqlAuthorizer
$this->userFilter($username), $this->userFilter($username),
['samaccountname'] ['samaccountname']
); );
if ($search === false) {
throw new AuthenticationException('User search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search); $entries = ldap_get_entries($this->ldap_connection, $search);
if ($entries['count']) { if ($entries['count']) {
@@ -151,6 +154,9 @@ class ADAuthorizationAuthorizer extends MysqlAuthorizer
$this->userFilter($username), $this->userFilter($username),
$attributes $attributes
); );
if ($search === false) {
throw new AuthenticationException('Role search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search); $entries = ldap_get_entries($this->ldap_connection, $search);
if ($entries['count']) { if ($entries['count']) {

6
LibreNMS/Authentication/LdapAuthorizationAuthorizer.php
View File

@@ -95,6 +95,9 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
$filter = '(' . Config::get('auth_ldap_prefix') . $username . ')'; $filter = '(' . Config::get('auth_ldap_prefix') . $username . ')';
$search = ldap_search($this->ldap_connection, trim(Config::get('auth_ldap_suffix'), ','), $filter); $search = ldap_search($this->ldap_connection, trim(Config::get('auth_ldap_suffix'), ','), $filter);
if ($search === false) {
throw new AuthenticationException('User search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search); $entries = ldap_get_entries($this->ldap_connection, $search);
if ($entries['count']) { if ($entries['count']) {
/* /*
@@ -125,6 +128,9 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
// Find all defined groups $username is in // Find all defined groups $username is in
$filter = '(&(|(cn=' . implode(')(cn=', array_keys(Config::get('auth_ldap_groups'))) . '))(' . Config::get('auth_ldap_groupmemberattr') . '=' . $this->getMembername($username) . '))'; $filter = '(&(|(cn=' . implode(')(cn=', array_keys(Config::get('auth_ldap_groups'))) . '))(' . Config::get('auth_ldap_groupmemberattr') . '=' . $this->getMembername($username) . '))';
$search = ldap_search($this->ldap_connection, Config::get('auth_ldap_groupbase'), $filter); $search = ldap_search($this->ldap_connection, Config::get('auth_ldap_groupbase'), $filter);
if ($search === false) {
throw new AuthenticationException('Role search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search); $entries = ldap_get_entries($this->ldap_connection, $search);
$authLdapGroups = Config::get('auth_ldap_groups'); $authLdapGroups = Config::get('auth_ldap_groups');