* Increased server check timeout from 3 to 5 seconds.

robin.kluth · robin.kluth · commit 2ce0c01d0321 · 2021-01-15T11:57:36.000+01:00
diff --git a/src/LdapAuth.php b/src/LdapAuth.php
@@ -59,7 +59,7 @@ public function __construct()
     }
 
     // Thanks to: https://www.php.net/manual/de/function.ldap-connect.php#115662
-    private function serviceping($host, $port = 389, $timeout = 3)
+    private function serviceping($host, $port = 389, $timeout = 5)
     {
         if ($port === null) {
             $port = 389;
@@ -70,7 +70,7 @@ private function serviceping($host, $port = 389, $timeout = 3)
         try {
             $op = fsockopen($host, $port, $errno, $errstr, $timeout);
         } catch (ErrorException $e) {
-            Yii::error('fsockopen failure!');
+            Yii::error('fsockopen failure!', __METHOD__);
             return false;
         }
         if (!$op) return false; //DC is N/A
@@ -119,13 +119,13 @@ public function autoDetect($overrideIp = false)
     public function login($username, $password, $domainKey)
     {
 
-        Yii::debug('Hello! :) Trying to log you in via LDAP!');
+        Yii::debug('Hello! :) Trying to log you in via LDAP!', __METHOD__);
 
 
         $domainData = $this->domains[$domainKey];
 
         $ssl = isset($domainData['useSSL']) && $domainData['useSSL'];
-        Yii::debug('Use SSL here? ' . ($ssl ? 'Yes' : 'No'));
+        Yii::debug('Use SSL here? ' . ($ssl ? 'Yes' : 'No'), __METHOD__);
 
         if ($ssl) {
             // When using SSL, we have to set some env variables and create an ldap controlfile - otherwirse a connect with non valid certificat will fail!
@@ -140,22 +140,22 @@ public function login($username, $password, $domainKey)
             if (!file_exists($ldaprcfile)) {
                 // Try to create the file
                 if (!@file_put_contents($ldaprcfile, 'TLS_REQCERT allow')) {
-                    Yii::error('Cannot create required .ldaprc control file!');
+                    Yii::error('Cannot create required .ldaprc control file!', __METHOD__);
                     return false;
                 }
             } else {
-                Yii::debug('.ldaprc file exists!');
+                Yii::debug('.ldaprc file exists!', __METHOD__);
             }
 
             putenv('LDAPCONF=' . $ldaprcfile);
             putenv('LDAPTLS_REQCERT=allow');
             putenv('TLS_REQCERT=allow');
         }
 
-        Yii::debug('Trying to connect to Domain #' . $domainKey . ' (' . $domainData['hostname'] . ')');
+        Yii::debug('Trying to connect to Domain #' . $domainKey . ' (' . $domainData['hostname'] . ')', __METHOD__);
 
         if (!self::serviceping($domainData['hostname'], $ssl ? 636 : null)) {
-            Yii::error('Connection failed!');
+            Yii::error('Connection failed!', __METHOD__);
             return false;
         }
 
@@ -166,7 +166,7 @@ public function login($username, $password, $domainKey)
 
         $l = @ldap_connect($hostPrefix, $port);
         if (!$l) {
-            Yii::warning('Connect failed! ' . ldap_error($l), 'ldapAuth');
+            Yii::warning('Connect failed! ' . ldap_error($l), __METHOD__);
             return false;
         }
 
@@ -176,12 +176,12 @@ public function login($username, $password, $domainKey)
 
         $bind_dn = strpos($username, '@') === false ? $username . '@' . $domainData['name'] : $username;
 
-        Yii::debug('Trying to authenticate with DN ' . $bind_dn);
+        Yii::debug('Trying to authenticate with DN ' . $bind_dn, __METHOD__);
 
         $b = @ldap_bind($l, $bind_dn, $password);
 
         if (!$b) {
-            Yii::warning('Bind failed! ' . ldap_error($l), 'ldapAuth');
+            Yii::warning('Bind failed! ' . ldap_error($l), __METHOD__);
             return false;
         }
 
@@ -261,14 +261,18 @@ public function searchUser($searchFor, $attributes = "", $searchFilter = "", $au
 
         $return = [];
         foreach ($domains as $domain) {
-            Yii::debug($domain, 'ldapAuth');
+            Yii::debug($domain, __METHOD__);
             if (!$this->login($domain['publicSearchUser'], $domain['publicSearchUserPassword'], $i)) {
-                throw new ErrorException('LDAP Connect or Bind error (' . ldap_errno($this->_l) . ' - ' . ldap_error($this->_l) . ') on ' . $domain['hostname']);
+                if (empty($this->_l)) {
+                    throw new ErrorException('LDAP Connect or Bind error on ' . $domain['hostname']);
+                } else {
+                    throw new ErrorException('LDAP Connect or Bind error (' . ldap_errno($this->_l) . ' - ' . ldap_error($this->_l) . ') on ' . $domain['hostname']);
+                }
             }
 
             $searchFilter = str_replace("%searchFor%", addslashes($searchFor), $searchFilter);
 
-            Yii::debug('Search-Filter: ' . $searchFilter);
+            Yii::debug('Search-Filter: ' . $searchFilter, __METHOD__);
 
             $result = ldap_search($this->_l, $this->_ldapBaseDn, $searchFilter, $attributes);
 
@@ -279,7 +283,7 @@ public function searchUser($searchFor, $attributes = "", $searchFilter = "", $au
                         continue;
                     }
                     if (!isset($entry['objectsid'])) {
-                        Yii::warning('No objectsid! ignoring!');
+                        Yii::warning('No objectsid! ignoring!', __METHOD__);
                         continue;
                     }
                     $sid = self::SIDtoString($entry['objectsid'])[0];
@@ -290,15 +294,15 @@ public function searchUser($searchFor, $attributes = "", $searchFilter = "", $au
                         // Check if this user is maybe already listed in the results - ifo so, determine which one is newer
                         foreach ($return as $_sid => $_data) {
                             if (!empty($_data['sidhistory']) && in_array($sid, $_data['sidhistory'])) {
-                                Yii::debug('This user is listed in another users history - skipping');
+                                Yii::debug('This user is listed in another users history - skipping', __METHOD__);
                                 continue 2;
                             }
                         }
 
                         if ($sidHistory) {
                             foreach ($sidHistory as $item) {
                                 if (array_key_exists($item, $return)) {
-                                    Yii::debug('User already exists with its sidhistory in results! Unsetting the old entry...');
+                                    Yii::debug('User already exists with its sidhistory in results! Unsetting the old entry...', __METHOD__);
                                     unset($return[$item]);
                                 }
                             }
@@ -315,6 +319,10 @@ public function searchUser($searchFor, $attributes = "", $searchFilter = "", $au
                 }
             }
             $i++;
+
+            // Reset LDAP Link
+            ldap_close($this->_l);
+            $this->_l = null;
         }
 
         return empty($return) ? [] : $return;
