From 3d52bba57d7bfdcf28cafcc65a171e15abe3cb67 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Wed, 2 Nov 2016 00:34:18 -0600
Subject: [PATCH] Update ldap.php

If the password is not provided then set user authorized to false.
---
 .../resources/classes/plugins/ldap.php            | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/core/authentication/resources/classes/plugins/ldap.php b/core/authentication/resources/classes/plugins/ldap.php
index 327e2429f3..ac4f5f7973 100644
--- a/core/authentication/resources/classes/plugins/ldap.php
+++ b/core/authentication/resources/classes/plugins/ldap.php
@@ -51,11 +51,20 @@ class plugin_ldap {
 			//Note: As of 4/16, the call below will fail randomly.  PHP debug reports ldap_bind
 			//called below with all arguments '*uninitialized*'.  However, the debugger
 			//single-stepping just before the failing call correctly displays all the values.
-			$bind = ldap_bind($connect, $bind_dn, $bind_pw);
-			if ($bind) {
-				$user_authorized = true;
+			if (strlen($bind_pw) > 0) {
+				$bind = ldap_bind($connect, $bind_dn, $bind_pw);
+				if ($bind) {
+					//connected and authorized
+					$user_authorized = true;
+					break;
+				}
+				else {
+					//connection failed
+					$user_authorized = false;
+				}
 			}
 			else {
+				//password not provided
 				$user_authorized = false;
 			}