From 2a700d7c00e20815602dc0e20c9c71b436abfce0 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 24 Jun 2014 12:03:17 +0200
Subject: Allow anonymous LDAP searches

---
 plugins/password/drivers/ldap.php        | 11 +++++++++--
 plugins/password/drivers/ldap_simple.php | 15 +++++++--------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php
index 739958ad7..cc62595b5 100644
--- a/plugins/password/drivers/ldap.php
+++ b/plugins/password/drivers/ldap.php
@@ -130,9 +130,10 @@ class rcube_ldap_password
      */
     function search_userdn($rcmail)
     {
+        $binddn = $rcmail->config->get('password_ldap_searchDN');
+        $bindpw = $rcmail->config->get('password_ldap_searchPW');
+
         $ldapConfig = array (
-            'binddn'    => $rcmail->config->get('password_ldap_searchDN'),
-            'bindpw'    => $rcmail->config->get('password_ldap_searchPW'),
             'basedn'    => $rcmail->config->get('password_ldap_basedn'),
             'host'      => $rcmail->config->get('password_ldap_host'),
             'port'      => $rcmail->config->get('password_ldap_port'),
@@ -140,6 +141,12 @@ class rcube_ldap_password
             'version'   => $rcmail->config->get('password_ldap_version'),
         );
 
+        // allow anonymous searches
+        if (!empty($binddn)) {
+            $ldapConfig['binddn'] = $binddn;
+            $ldapConfig['bindpw'] = $bindpw;
+        }
+
         $ldap = Net_LDAP2::connect($ldapConfig);
 
         if (PEAR::isError($ldap)) {
diff --git a/plugins/password/drivers/ldap_simple.php b/plugins/password/drivers/ldap_simple.php
index 3e167ea5b..3c19ccde5 100644
--- a/plugins/password/drivers/ldap_simple.php
+++ b/plugins/password/drivers/ldap_simple.php
@@ -168,14 +168,16 @@ class rcube_ldap_simple_password
      */
     function search_userdn($rcmail, $ds)
     {
-        $search_user = $rcmail->config->get('password_ldap_searchDN');
-        $search_pass = $rcmail->config->get('password_ldap_searchPW');
+        $search_user   = $rcmail->config->get('password_ldap_searchDN');
+        $search_pass   = $rcmail->config->get('password_ldap_searchPW');
+        $search_base   = $rcmail->config->get('password_ldap_search_base');
+        $search_filter = $rcmail->config->get('password_ldap_search_filter');
 
-        if (empty($search_user)) {
-            return null;
+        if (empty($search_filter)) {
+            return false;
         }
 
-        $this->_debug("C: Bind $search_user, pass: **** [" . strlen($search_pass) . "]");
+        $this->_debug("C: Bind " . ($search_user ? $search_user : '[anonymous]'));
 
         // Bind
         if (!ldap_bind($ds, $search_user, $search_pass)) {
@@ -185,9 +187,6 @@ class rcube_ldap_simple_password
 
         $this->_debug("S: OK");
 
-        $search_base   = $rcmail->config->get('password_ldap_search_base');
-        $search_filter = $rcmail->config->get('password_ldap_search_filter');
-
         $search_base   = rcube_ldap_password::substitute_vars($search_base);
         $search_filter = rcube_ldap_password::substitute_vars($search_filter);
 
-- 
cgit v1.2.3