diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-11-30 13:10:45 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2011-11-30 13:10:45 +0000 |
| commit | d094b852d13ad643af6eeeeb39c455c726c362fc (patch) | |
| tree | 0d9b83c280082e55db63901e5731fa952d964c0e | |
| parent | c96fbd6314312333919931449e1b4b0eb07d9cf8 (diff) | |
- Add possibility to do LDAP bind before searching for bind DN.
In deployments where anonymous binds to and/or searches on an LDAP tree are not
allowed, and where the LDAP address book(s) have been configured to use the
user-specific bind credentials, rcube_ldap.php needs to bind using service
credentials in order to be able to find the user's bind dn.
git-svn-id: https://svn.roundcube.net/trunk@5515 208e9e7b-5314-0410-a742-e7e81cd9613c
| -rw-r--r-- | roundcubemail/CHANGELOG | 1 | ||||
| -rw-r--r-- | roundcubemail/config/main.inc.php.dist | 3 | ||||
| -rw-r--r-- | roundcubemail/program/include/rcube_ldap.php | 4 |
3 files changed, 8 insertions, 0 deletions
diff --git a/roundcubemail/CHANGELOG b/roundcubemail/CHANGELOG index 2e8123cd2..78ac477c8 100644 --- a/roundcubemail/CHANGELOG +++ b/roundcubemail/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Add possibility to do LDAP bind before searching for bind DN - Fix handling of empty <U> tags in HTML messages (#1488225) - Add content filter for embedded attachments to protect from XSS on IE (#1487895) - Use strpos() instead of strstr() when possible (#1488211) diff --git a/roundcubemail/config/main.inc.php.dist b/roundcubemail/config/main.inc.php.dist index e1d13ee73..16b86c212 100644 --- a/roundcubemail/config/main.inc.php.dist +++ b/roundcubemail/config/main.inc.php.dist @@ -545,6 +545,9 @@ $rcmail_config['ldap_public']['Verisign'] = array( // The login name is used to search for the DN to bind with 'search_base_dn' => '', 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', // Default for %dn variable if search doesn't return DN value 'search_dn_default' => '', // Optional authentication identifier to be used as SASL authorization proxy diff --git a/roundcubemail/program/include/rcube_ldap.php b/roundcubemail/program/include/rcube_ldap.php index 58e2ca921..4d65bfa7a 100644 --- a/roundcubemail/program/include/rcube_ldap.php +++ b/roundcubemail/program/include/rcube_ldap.php @@ -236,6 +236,10 @@ class rcube_ldap extends rcube_addressbook $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); if ($this->prop['search_base_dn'] && $this->prop['search_filter']) { + if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) { + $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']); + } + // Search for the dn to use to authenticate $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces); $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces); |