Mirror
/
RoundcubeMail
mirror of https://github.com/roundcube/roundcubemail.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

- Add possibility to do LDAP bind before searching for bind DN. 

In deployments where anonymous binds to and/or searches on an LDAP tree are not
  allowed, and where the LDAP address book(s) have been configured to use the
  user-specific bind credentials, rcube_ldap.php needs to bind using service
  credentials in order to be able to find the user's bind dn.
pull/1/head
alecpl 14 years ago
parent
5587b34cfa
commit
2d08ec91ca
3 changed files with 8 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      CHANGELOG
  2. 3
      config/main.inc.php.dist
  3. 4
      program/include/rcube_ldap.php

1
CHANGELOG
View File

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
- Add possibility to do LDAP bind before searching for bind DN
- Fix handling of empty <U> tags in HTML messages (#1488225)
- Add content filter for embedded attachments to protect from XSS on IE (#1487895)
- Use strpos() instead of strstr() when possible (#1488211)

3
config/main.inc.php.dist
View File

@ -545,6 +545,9 @@ $rcmail_config['ldap_public']['Verisign'] = array(
// The login name is used to search for the DN to bind with
'search_base_dn' => '',
'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))'
// DN and password to bind as before searching for bind DN, if anonymous search is not allowed
'search_bind_dn' => '',
'search_bind_pw' => '',
// Default for %dn variable if search doesn't return DN value
'search_dn_default' => '',
// Optional authentication identifier to be used as SASL authorization proxy

4
program/include/rcube_ldap.php
View File

@ -236,6 +236,10 @@ class rcube_ldap extends rcube_addressbook
$replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
$this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
}
// Search for the dn to use to authenticate
$this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
$this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);

Write Preview
Loading…
Cancel
Save