summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-11-30 13:11:34 +0000
committeralecpl <alec@alec.pl>2011-11-30 13:11:34 +0000
commit6f98b9100b191e0a74a947a67da9c7575931bd71 (patch)
tree4923c51d7f25879684fb64f717bc55291b485b3c
parent0597586b89e86e8b4e22080d4c453475057b47b5 (diff)
- Applied r5515 from trunk
-rw-r--r--CHANGELOG1
-rw-r--r--config/main.inc.php.dist3
-rw-r--r--program/include/rcube_ldap.php4
3 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 97adf7c9c..f6f8b0253 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Add possibility to do LDAP bind before searching for bind DN
- Fix handling of empty <U> tags in HTML messages (#1488225)
- Add content filter for embedded attachments to protect from XSS on IE (#1487895)
- Use strpos() instead of strstr() when possible (#1488211)
diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist
index e355b2df6..6957577b1 100644
--- a/config/main.inc.php.dist
+++ b/config/main.inc.php.dist
@@ -541,6 +541,9 @@ $rcmail_config['ldap_public']['Verisign'] = array(
// The login name is used to search for the DN to bind with
'search_base_dn' => '',
'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))'
+ // DN and password to bind as before searching for bind DN, if anonymous search is not allowed
+ 'search_bind_dn' => '',
+ 'search_bind_pw' => '',
// Default for %dn variable if search doesn't return DN value
'search_dn_default' => '',
// Optional authentication identifier to be used as SASL authorization proxy
diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php
index 801450452..95377c7cb 100644
--- a/program/include/rcube_ldap.php
+++ b/program/include/rcube_ldap.php
@@ -228,6 +228,10 @@ class rcube_ldap extends rcube_addressbook
$replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
+ if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
+ $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
+ }
+
// Search for the dn to use to authenticate
$this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
$this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);