my $base = $ldap->{base} or die ldapserver_error('base');
$ldapname = $ldap->{user} ;
$ldappassword = $ldap->{pass} ;
-$ldap->{anonymous_bind} = 1 unless $ldapname && $ldappassword;
our %mapping = %{$ldap->{mapping}}; # FIXME dpavlin -- don't die because of || (); from 6eaf8511c70eb82d797c941ef528f4310a15e9f9
my @mapkeys = keys %mapping;
$debug and print STDERR "Got ", scalar(@mapkeys), " ldap mapkeys ( total ): ", join ' ', @mapkeys, "\n";
}
my %config = (
- anonymous => ($ldapname and $ldappassword) ? 0 : 1,
+ anonymous => defined ($ldap->{anonymous_bind}) ? $ldap->{anonymous_bind} : 1,
replicate => defined($ldap->{replicate}) ? $ldap->{replicate} : 1, # add from LDAP to Koha database for new user
update => defined($ldap->{update} ) ? $ldap->{update} : 1, # update from LDAP to Koha database for existing user
);
# first, LDAP authentication
if ( $ldap->{auth_by_bind} ) {
my $principal_name;
- if ( $ldap->{anonymous_bind} ) {
+ if ( $config{anonymous} ) {
# Perform an anonymous bind
my $res = $db->bind;
# Perform a LDAP bind for the given username using the matched DN
my $res = $db->bind( $principal_name, password => $password );
if ( $res->code ) {
- if ( $ldap->{anonymous_bind} ) {
+ if ( $config{anonymous} ) {
# With anonymous_bind approach we can be sure we have found the correct user
# and that any 'code' response indicates a 'bad' user (be that blocked, banned
# or password changed). We should not fall back to local accounts in this case.
$userldapentry = $search->shift_entry;
}
} else {
- my $res = ($ldap->{anonymous_bind}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
+ my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
if ($res->code) { # connection refused
warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res);
return 0;
my $replicate = 0;
my $auth_by_bind = 1;
my $anonymous_bind = 1;
+my $user = 'cn=Manager,dc=metavore,dc=com';
+my $pass = 'metavore';
# Variables controlling LDAP behaviour
my $desired_authentication_result = 'success';
subtest 'auth_by_bind = 1 tests' => sub {
- plan tests => 9;
+ plan tests => 11;
$auth_by_bind = 1;
'checkpw_ldap prints correct warning if LDAP anonymous bind fails';
is( $ret, 0, 'checkpw_ldap returns 0 if LDAP anonymous bind fails' );
+ $anonymous_bind = 0;
+ $user = undef;
+ $pass = undef;
+ reload_ldap_module();
+
+ warning_like {
+ $ret = C4::Auth_with_ldap::checkpw_ldap( $dbh, 'hola',
+ password => 'hey' );
+ }
+ qr/LDAP bind failed as kohauser hola: LDAP error #1: error_name/,
+ 'checkpw_ldap prints correct warning if LDAP bind_by_auth fails';
+ is( $ret, 0, 'checkpw_ldap returns 0 if LDAP bind_by_auth fails' );
+
$desired_authentication_result = 'success';
$anonymous_bind = 1;
$desired_admin_bind_result = 'success';
# Anonymous bind
$anonymous_bind = 1;
+ $user = 'cn=Manager,dc=metavore,dc=com';
+ $pass = 'metavore';
$desired_admin_bind_result = 'error';
- $desired_bind_result = 'error';
+ $desired_bind_result = 'error';
reload_ldap_module();
warning_like {
base => 'dc=metavore,dc=com',
hostname => 'localhost',
mapping => \%ldap_mapping,
- pass => 'metavore',
+ pass => $pass,
principal_name => '%s@my_domain.com',
replicate => $replicate,
update => $update,
- user => 'cn=Manager,dc=metavore,dc=com',
+ user => $user,
);
return \%ldap_config;
}