From 2d08ec91ca8fb429da389b3107f3982565e8ca3b Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Wed, 30 Nov 2011 08:10:45 -0500
Subject: [PATCH] - Add possibility to do LDAP bind before searching for bind DN.   In deployments where anonymous binds to and/or searches on an LDAP tree are not   allowed, and where the LDAP address book(s) have been configured to use the   user-specific bind credentials, rcube_ldap.php needs to bind using service   credentials in order to be able to find the user's bind dn.

---
 CHANGELOG                      |    1 +
 program/include/rcube_ldap.php |    4 ++++
 config/main.inc.php.dist       |    3 +++
 3 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 2e8123c..78ac477 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Add possibility to do LDAP bind before searching for bind DN
 - Fix handling of empty <U> tags in HTML messages (#1488225)
 - Add content filter for embedded attachments to protect from XSS on IE (#1487895)
 - Use strpos() instead of strstr() when possible (#1488211)
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index e1d13ee..16b86c2 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -545,6 +545,9 @@
   // The login name is used to search for the DN to bind with
   'search_base_dn' => '',
   'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
+  // DN and password to bind as before searching for bind DN, if anonymous search is not allowed
+  'search_bind_dn' => '',
+  'search_bind_pw' => '',
   // Default for %dn variable if search doesn't return DN value
   'search_dn_default' => '',
   // Optional authentication identifier to be used as SASL authorization proxy
diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php
index 58e2ca9..4d65bfa 100644
--- a/program/include/rcube_ldap.php
+++ b/program/include/rcube_ldap.php
@@ -236,6 +236,10 @@
             $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
 
             if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
+                if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
+                    $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
+                }
+
                 // Search for the dn to use to authenticate
                 $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
                 $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);

--
Gitblit v1.9.1