From 7706df99f03fb5e492c92994d8e36620406a7a1a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 24 Jun 2014 06:03:17 -0400
Subject: [PATCH] Allow anonymous LDAP searches

---
 plugins/password/drivers/ldap.php        |   11 +++++++++--
 plugins/password/drivers/ldap_simple.php |   15 +++++++--------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index 739958a..cc62595 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -130,9 +130,10 @@
      */
     function search_userdn($rcmail)
     {
+        $binddn = $rcmail->config->get('password_ldap_searchDN');
+        $bindpw = $rcmail->config->get('password_ldap_searchPW');
+
         $ldapConfig = array (
-            'binddn'    => $rcmail->config->get('password_ldap_searchDN'),
-            'bindpw'    => $rcmail->config->get('password_ldap_searchPW'),
             'basedn'    => $rcmail->config->get('password_ldap_basedn'),
             'host'      => $rcmail->config->get('password_ldap_host'),
             'port'      => $rcmail->config->get('password_ldap_port'),
@@ -140,6 +141,12 @@
             'version'   => $rcmail->config->get('password_ldap_version'),
         );
 
+        // allow anonymous searches
+        if (!empty($binddn)) {
+            $ldapConfig['binddn'] = $binddn;
+            $ldapConfig['bindpw'] = $bindpw;
+        }
+
         $ldap = Net_LDAP2::connect($ldapConfig);
 
         if (PEAR::isError($ldap)) {
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 3e167ea..3c19ccd 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -168,14 +168,16 @@
      */
     function search_userdn($rcmail, $ds)
     {
-        $search_user = $rcmail->config->get('password_ldap_searchDN');
-        $search_pass = $rcmail->config->get('password_ldap_searchPW');
+        $search_user   = $rcmail->config->get('password_ldap_searchDN');
+        $search_pass   = $rcmail->config->get('password_ldap_searchPW');
+        $search_base   = $rcmail->config->get('password_ldap_search_base');
+        $search_filter = $rcmail->config->get('password_ldap_search_filter');
 
-        if (empty($search_user)) {
-            return null;
+        if (empty($search_filter)) {
+            return false;
         }
 
-        $this->_debug("C: Bind $search_user, pass: **** [" . strlen($search_pass) . "]");
+        $this->_debug("C: Bind " . ($search_user ? $search_user : '[anonymous]'));
 
         // Bind
         if (!ldap_bind($ds, $search_user, $search_pass)) {
@@ -184,9 +186,6 @@
         }
 
         $this->_debug("S: OK");
-
-        $search_base   = $rcmail->config->get('password_ldap_search_base');
-        $search_filter = $rcmail->config->get('password_ldap_search_filter');
 
         $search_base   = rcube_ldap_password::substitute_vars($search_base);
         $search_filter = rcube_ldap_password::substitute_vars($search_filter);

--
Gitblit v1.9.1