Roundcubemail devel
parent: 5587b34c | patch | commit | ignore whitespace
alecpl
2011-11-30 2d08ec91ca8fb429da389b3107f3982565e8ca3b 
- Add possibility to do LDAP bind before searching for bind DN.
  In deployments where anonymous binds to and/or searches on an LDAP tree are not
  allowed, and where the LDAP address book(s) have been configured to use the
  user-specific bind credentials, rcube_ldap.php needs to bind using service
  credentials in order to be able to find the user's bind dn.


3 files modified
8 ■■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
config/main.inc.php.dist 3 ●●●●● patch | view | raw | blame | history
program/include/rcube_ldap.php 4 ●●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -1,6 +1,7 @@


CHANGELOG Roundcube Webmail


===========================




- Add possibility to do LDAP bind before searching for bind DN


- Fix handling of empty <U> tags in HTML messages (#1488225)


- Add content filter for embedded attachments to protect from XSS on IE (#1487895)


- Use strpos() instead of strstr() when possible (#1488211)




 config/main.inc.php.dist


@@ -545,6 +545,9 @@


  // The login name is used to search for the DN to bind with


  'search_base_dn' => '',


  'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'


  // DN and password to bind as before searching for bind DN, if anonymous search is not allowed


  'search_bind_dn' => '',


  'search_bind_pw' => '',


  // Default for %dn variable if search doesn't return DN value


  'search_dn_default' => '',


  // Optional authentication identifier to be used as SASL authorization proxy




 program/include/rcube_ldap.php


@@ -236,6 +236,10 @@


            $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);




            if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {


                if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {


                    $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);


                }




                // Search for the dn to use to authenticate


                $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);


                $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);