Update ldap.php

If the password is not provided then set user authorized to false.
2025-12-30 00:53:50 +00:00 · 2016-11-02 00:34:18 -06:00
parent 1633a2730d
commit 3d52bba57d
1 changed files with 12 additions and 3 deletions
--- a/core/authentication/resources/classes/plugins/ldap.php
+++ b/core/authentication/resources/classes/plugins/ldap.php
@@ -51,11 +51,20 @@ class plugin_ldap {
 			//Note: As of 4/16, the call below will fail randomly.  PHP debug reports ldap_bind
 			//called below with all arguments '*uninitialized*'.  However, the debugger
 			//single-stepping just before the failing call correctly displays all the values.
-			$bind = ldap_bind($connect, $bind_dn, $bind_pw);
-			if ($bind) {
-				$user_authorized = true;
+			if (strlen($bind_pw) > 0) {
+				$bind = ldap_bind($connect, $bind_dn, $bind_pw);
+				if ($bind) {
+					//connected and authorized
+					$user_authorized = true;
+					break;
+				}
+				else {
+					//connection failed
+					$user_authorized = false;
+				}
 			}
 			else {
+				//password not provided
 				$user_authorized = false;
 			}