diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | config/main.inc.php.dist | 3 | ||||
-rw-r--r-- | program/include/rcube_ldap.php | 4 |
3 files changed, 8 insertions, 0 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Add possibility to do LDAP bind before searching for bind DN - Fix handling of empty <U> tags in HTML messages (#1488225) - Add content filter for embedded attachments to protect from XSS on IE (#1487895) - Use strpos() instead of strstr() when possible (#1488211) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index e355b2df6..6957577b1 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -541,6 +541,9 @@ $rcmail_config['ldap_public']['Verisign'] = array( // The login name is used to search for the DN to bind with 'search_base_dn' => '', 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', // Default for %dn variable if search doesn't return DN value 'search_dn_default' => '', // Optional authentication identifier to be used as SASL authorization proxy diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index 801450452..95377c7cb 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -228,6 +228,10 @@ class rcube_ldap extends rcube_addressbook $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); if ($this->prop['search_base_dn'] && $this->prop['search_filter']) { + if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) { + $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']); + } + // Search for the dn to use to authenticate $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces); $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces); |