Skip to content

Commit d2e9651

Browse files
author
robin.kluth
committed
Another LDAP connect check: Check bind 3 times against -1 (connect) error instead of serviceping
1 parent 6613648 commit d2e9651

File tree

1 file changed

+23
-3
lines changed

1 file changed

+23
-3
lines changed

src/LdapAuth.php

+23-3
Original file line numberDiff line numberDiff line change
@@ -233,24 +233,39 @@ public function login($username, $password, $domainKey = false, $fetchUserDN = f
233233

234234
Yii::debug('Connecting to ' . $hostPrefix . ', Port: ' . $port, __METHOD__);
235235

236+
ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 5);
236237
$l = @ldap_connect($hostPrefix, $port);
237238
if (!$l) {
238239
Yii::warning('Connect failed! ' . ldap_error($l), __METHOD__);
239240
continue;
240241
}
241242

243+
ldap_set_option($l, LDAP_OPT_NETWORK_TIMEOUT, 5);
242244
ldap_set_option($l, LDAP_OPT_PROTOCOL_VERSION, 3);
243245
ldap_set_option($l, LDAP_OPT_REFERRALS, 0);
244-
ldap_set_option($l, LDAP_OPT_NETWORK_TIMEOUT, 3);
245246

246247
$bind_dn = strpos($username, '@') === false && strpos($username, ',') === false ? $username . '@' . $domainData['name'] : $username;
247248

248249
Yii::debug('Trying to authenticate with DN ' . $bind_dn, __METHOD__);
249250

250-
$b = @ldap_bind($l, $bind_dn, $password);
251+
$connTry = 0;
252+
$connected = false;
253+
do {
254+
$connTry++;
255+
$b = @ldap_bind($l, $bind_dn, $password);
256+
if (!$b && ldap_errno($l) === -1) { // -1 = No TCP connection
257+
Yii::warning("Connect try #$connTry failed!", __METHOD__);
258+
} else {
259+
$connected = true;
260+
}
261+
} while ($connTry < 3 && !$connected);
262+
263+
if ($connTry == 3 && !$connected) {
264+
Yii::error("No answer from LDAP after $connTry tries!", __METHOD__);
265+
}
251266

252267
if (!$b) {
253-
Yii::warning('Bind failed! ' . ldap_error($l), __METHOD__);
268+
Yii::warning('Bind failed! ' . ldap_error($l) . ' - Errno: ' . ldap_errno($l), __METHOD__);
254269
continue;
255270
}
256271

@@ -554,4 +569,9 @@ public static function handleEntry($entry)
554569
return $newEntry;
555570
}
556571

572+
public function getLastError()
573+
{
574+
return ldap_error($this->_l);
575+
}
576+
557577
}

0 commit comments

Comments
 (0)