clones/librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-09-21 10:28:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle ad/ldap authorizer search error (#16139)

Browse Source 
* Handle ldap authorizer search error

* Update LdapAuthorizationAuthorizer.php

* More ldap failure checks
This commit is contained in:
Tony Murray 2024-06-24 19:49:34 -05:00 committed by GitHub
parent 6bd55dce25
commit 473cbcc508
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
LibreNMS/Authentication/ADAuthorizationAuthorizer.php
View File

@ -78,6 +78,9 @@ class ADAuthorizationAuthorizer extends MysqlAuthorizer
$this->userFilter($username),
['samaccountname']
);
if ($search === false) {
throw new AuthenticationException('User search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search);
if ($entries['count']) {
@ -151,6 +154,9 @@ class ADAuthorizationAuthorizer extends MysqlAuthorizer
$this->userFilter($username),
$attributes
);
if ($search === false) {
throw new AuthenticationException('Role search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search);
if ($entries['count']) {

6
LibreNMS/Authentication/LdapAuthorizationAuthorizer.php
View File

@ -95,6 +95,9 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
$filter = '(' . Config::get('auth_ldap_prefix') . $username . ')';
$search = ldap_search($this->ldap_connection, trim(Config::get('auth_ldap_suffix'), ','), $filter);
if ($search === false) {
throw new AuthenticationException('User search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search);
if ($entries['count']) {
/*
@ -125,6 +128,9 @@ class LdapAuthorizationAuthorizer extends AuthorizerBase
// Find all defined groups $username is in
$filter = '(&(|(cn=' . implode(')(cn=', array_keys(Config::get('auth_ldap_groups'))) . '))(' . Config::get('auth_ldap_groupmemberattr') . '=' . $this->getMembername($username) . '))';
$search = ldap_search($this->ldap_connection, Config::get('auth_ldap_groupbase'), $filter);
if ($search === false) {
throw new AuthenticationException('Role search failed: ' . ldap_error($this->ldap_connection));
}
$entries = ldap_get_entries($this->ldap_connection, $search);
$authLdapGroups = Config::get('auth_ldap_groups');