From 5c5446b953ec05a2b0279c59ae89996010d66cb5 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Wed, 2 Nov 2016 00:16:30 -0600
Subject: [PATCH] Update ldap.php

If the LDAP password is not provided then set authorized to false.
---
 .../resources/classes/plugins/ldap.php           | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/core/authentication/resources/classes/plugins/ldap.php b/core/authentication/resources/classes/plugins/ldap.php
index 166b024154..bcedd23153 100644
--- a/core/authentication/resources/classes/plugins/ldap.php
+++ b/core/authentication/resources/classes/plugins/ldap.php
@@ -62,12 +62,20 @@ class plugin_ldap {
 				//Note: As of 4/16, the call below will fail randomly. PHP debug reports ldap_bind
 				//called below with all arguments '*uninitialized*'. However, the debugger
 				//single-stepping just before the failing call correctly displays all the values.
-				$bind = ldap_bind($connect, $bind_dn, $bind_pw);
-				if ($bind) {
-					$user_authorized = true;
-					break;
+				if (strlen($bind_pw) > 0) {
+					$bind = ldap_bind($connect, $bind_dn, $bind_pw);
+					if ($bind) {
+						//connected and authorized
+						$user_authorized = true;
+						break;
+					}
+					else {
+						//connection failed
+						$user_authorized = false;
+					}
 				}
 				else {
+					//password not provided
 					$user_authorized = false;
 				}
 			}