FEAT #10887 TIME 1:30 Multi Ldap + suffix + connection

sql/data_fr.sql

@@ -65,5 +65,5 @@ INSERT INTO password_rules (label, "value") VALUES ('renewal', 90);
 -----
 TRUNCATE TABLE configurations;
 INSERT INTO configurations (identifier, value) VALUES ('emailServer', '{"type" : "smtp", "host" : "smtp.gmail.com", "port" : 465, "user" : "", "password" : "", "auth" : true, "secure" : "ssl", "from" : "notifications@maarch.org", "charset" : "utf-8"}');
-INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "ssl" : false}]');
-INSERT INTO configurations (identifier, value) VALUES ('connection', '{"standard" : true, "ldap" : false}');
+INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "suffix" : "", "ssl" : false}]');
+INSERT INTO configurations (identifier, value) VALUES ('connection', '"standard"');

src/app/configuration/models/ConfigurationModel.php

@@ -83,13 +83,8 @@ class ConfigurationModel
             return 'standard';
         }
 
-        $connections = json_decode($configuration[0]['value'], true);
-        foreach ($connections as $key => $connection) {
-            if ($connection) {
-                return $key;
-            }
-        }
+        $connection = json_decode($configuration[0]['value']);
 
-        return 'standard';
+        return $connection;
     }
 }

src/core/controllers/AuthenticationController.php

@@ -63,23 +63,28 @@ class AuthenticationController
             $ldapConfigurations = json_decode($ldapConfigurations['value'], true);
             foreach ($ldapConfigurations as $ldapConfiguration) {
                 $uri = ($ldapConfiguration['ssl'] === true ? "LDAPS://{$ldapConfiguration['uri']}" : $ldapConfiguration['uri']);
-                $ldap = ldap_connect($uri);
-                if ($ldap !== false) {
-                    break;
+                $ldap = @ldap_connect($uri);
+                if ($ldap === false) {
+                    $error = 'Ldap connect failed';
+                    continue;
+                }
+                ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+                ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+                ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 10);
+                $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
+                $login = (!empty($ldapConfiguration['suffix']) ? $login . $ldapConfiguration['suffix'] : $login);
+                $authenticated = @ldap_bind($ldap, $login, $body['password']);
+                if (!$authenticated) {
+                    $error = ldap_error($ldap);
                 }
             }
-            if (empty($ldap)) {
-                return $response->withStatus(400)->withJson(['errors' => 'Ldap connection failed']);
+            if (empty($authenticated) && !empty($error) && $error != 'Invalid credentials') {
+                return $response->withStatus(400)->withJson(['errors' => $error]);
             }
-            ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
-            ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
-            $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
-            $authenticated = @ldap_bind($ldap, $login, $body['password']);
         } else {
             $authenticated = AuthenticationModel::authentication(['login' => $body['login'], 'password' => $body['password']]);
         }
-
-        if (!$authenticated) {
+        if (empty($authenticated)) {
             return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
         }