(ldap) disable anonymous binds

74108220 · Ad Schellevis · 77f3cfa8 · 74108220
Commit 74108220 authored Feb 23, 2017 by Ad Schellevis
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

LDAP.php src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php +4 -1

No files found.
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
@@ -369,7 +369,10 @@ class LDAP extends Base implements IAuthConnector
    {
        // todo: implement SSL parts (legacy : ldap_setup_caenv)
        // authenticate user
-        if (array_key_exists($username, $this->userDNmap)) {
+        if (empty($password)) {
+            // prevent anonymous bind
+            return false;
+        } elseif (array_key_exists($username, $this->userDNmap)) {
            // we can map $username to distinguished name, just feed to connect
            $ldap_is_connected = $this->connect($this->ldapBindURL, $this->userDNmap[$username], $password);
            return $ldap_is_connected;