diff --git a/sql/data_fr.sql b/sql/data_fr.sql
index d5c2d7aaad844afbaa1eefd062313130f75d6bb2..b26b5cf1a3cf9be5c60d227045c65a36ffe60ffa 100755
--- a/sql/data_fr.sql
+++ b/sql/data_fr.sql
@@ -65,5 +65,5 @@ INSERT INTO password_rules (label, "value") VALUES ('renewal', 90);
-----
TRUNCATE TABLE configurations;
INSERT INTO configurations (identifier, value) VALUES ('emailServer', '{"type" : "smtp", "host" : "smtp.gmail.com", "port" : 465, "user" : "", "password" : "", "auth" : true, "secure" : "ssl", "from" : "notifications@maarch.org", "charset" : "utf-8"}');
-INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "ssl" : false}]');
-INSERT INTO configurations (identifier, value) VALUES ('connection', '{"standard" : true, "ldap" : false}');
+INSERT INTO configurations (identifier, value) VALUES ('ldapServer', '[{"uri" : "10.2.95.60", "prefix" : "MAARCH", "suffix" : "", "ssl" : false}]');
+INSERT INTO configurations (identifier, value) VALUES ('connection', '"standard"');
diff --git a/src/app/configuration/models/ConfigurationModel.php b/src/app/configuration/models/ConfigurationModel.php
index ea2fafc7caf4d57f715651a2fbcbc95f6d714972..51876f97f32ed5046e5ab808d95d4311b1bc5744 100755
--- a/src/app/configuration/models/ConfigurationModel.php
+++ b/src/app/configuration/models/ConfigurationModel.php
@@ -83,13 +83,8 @@ class ConfigurationModel
return 'standard';
}
- $connections = json_decode($configuration[0]['value'], true);
- foreach ($connections as $key => $connection) {
- if ($connection) {
- return $key;
- }
- }
+ $connection = json_decode($configuration[0]['value']);
- return 'standard';
+ return $connection;
}
}
diff --git a/src/core/controllers/AuthenticationController.php b/src/core/controllers/AuthenticationController.php
index 8bb4906328821aabd4e417bbed54061d39c38439..c312bcd772be983526754d6f97a29f90f4b10069 100755
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -63,23 +63,28 @@ class AuthenticationController
$ldapConfigurations = json_decode($ldapConfigurations['value'], true);
foreach ($ldapConfigurations as $ldapConfiguration) {
$uri = ($ldapConfiguration['ssl'] === true ? "LDAPS://{$ldapConfiguration['uri']}" : $ldapConfiguration['uri']);
- $ldap = ldap_connect($uri);
- if ($ldap !== false) {
- break;
+ $ldap = @ldap_connect($uri);
+ if ($ldap === false) {
+ $error = 'Ldap connect failed';
+ continue;
+ }
+ ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 10);
+ $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
+ $login = (!empty($ldapConfiguration['suffix']) ? $login . $ldapConfiguration['suffix'] : $login);
+ $authenticated = @ldap_bind($ldap, $login, $body['password']);
+ if (!$authenticated) {
+ $error = ldap_error($ldap);
}
}
- if (empty($ldap)) {
- return $response->withStatus(400)->withJson(['errors' => 'Ldap connection failed']);
+ if (empty($authenticated) && !empty($error) && $error != 'Invalid credentials') {
+ return $response->withStatus(400)->withJson(['errors' => $error]);
}
- ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
- $login = (!empty($ldapConfiguration['prefix']) ? $ldapConfiguration['prefix'] . '\\' . $body['login'] : $body['login']);
- $authenticated = @ldap_bind($ldap, $login, $body['password']);
} else {
$authenticated = AuthenticationModel::authentication(['login' => $body['login'], 'password' => $body['password']]);
}
-
- if (!$authenticated) {
+ if (empty($authenticated)) {
return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
}