diff --git a/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php b/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
index b1c5910cb3e77de32295e8cf03b09c628479d7e0..f124ecc8b6ed2c7bfe6cd3303b7c839468f53c66 100644
--- a/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
+++ b/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
@@ -19,14 +19,17 @@
* - Updated the constructor to use the new config method
* - Updated the process method to use the new config variable names
* Updated: 20131119 Yørn de Jong / Jaime Perez
- * - Added support for retrieving multiple values at once from LDAP
- * - Don't crash but fail silently on LDAP errors; the plugin is to complement attributes
+ * - Added support for retrieving multiple values at once from LDAP
+ * - Don't crash but fail silently on LDAP errors; the plugin is to complement attributes
+ * Updated: 20161223 Remy Blom <remy.blom@hku.nl>
+ * - Adjusted the silent fail so it does show a warning in log when $this->getLdap() fails
*
* @author Yørn de Jong
* @author Jaime Perez
* @author Steve Moitozo
* @author JAARS, Inc.
* @author Ryan Panning
+ * @author Remy Blom <remy.blom@hku.nl>
* @package SimpleSAMLphp
*/
class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Process_BaseFilter
@@ -167,9 +170,17 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
return;
}
+ // getLdap
+ try {
+ $ldap = $this->getLdap();
+ } catch (Exception $e) {
+ // Added this warning in case $this->getLdap() fails
+ SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);
+ return;
+ }
// search for matching entries
try {
- $entries = $this->getLdap()->searchformultiple($this->base_dn, $filter,
+ $entries = $ldap->searchformultiple($this->base_dn, $filter,
array_values($this->search_attributes), true, false);
} catch (Exception $e) {
return; // silent fail, error is still logged by LDAP search
diff --git a/modules/ldap/lib/Auth/Process/BaseFilter.php b/modules/ldap/lib/Auth/Process/BaseFilter.php
index 22aa197bf1bbda1f9348f0d8081543d8520730d8..41261d2448b59a68199672daf7e02ae59105cdc6 100644
--- a/modules/ldap/lib/Auth/Process/BaseFilter.php
+++ b/modules/ldap/lib/Auth/Process/BaseFilter.php
@@ -5,7 +5,11 @@
* filter classes direct access to the authsource ldap config
* and connects to the ldap server.
*
+ * Updated: 20161223 Remy Blom
+ * - Wrapped the building of authsource config with issets
+ *
* @author Ryan Panning <panman@traileyes.com>
+ * @author Remy Blom <remy.blom@hku.nl>
* @package SimpleSAMLphp
*/
abstract class sspmod_ldap_Auth_Process_BaseFilter extends SimpleSAML_Auth_ProcessingFilter
@@ -137,21 +141,46 @@ abstract class sspmod_ldap_Auth_Process_BaseFilter extends SimpleSAML_Auth_Proce
// Build the authsource config
$authconfig = array();
- $authconfig['ldap.hostname'] = @$authsource['hostname'];
- $authconfig['ldap.enable_tls'] = @$authsource['enable_tls'];
- $authconfig['ldap.port'] = @$authsource['port'];
- $authconfig['ldap.timeout'] = @$authsource['timeout'];
- $authconfig['ldap.debug'] = @$authsource['debug'];
- $authconfig['ldap.basedn'] = (@$authsource['search.enable'] ? @$authsource['search.base'] : null);
- $authconfig['ldap.username'] = (@$authsource['search.enable'] ? @$authsource['search.username'] : null);
- $authconfig['ldap.password'] = (@$authsource['search.enable'] ? @$authsource['search.password'] : null);
- $authconfig['ldap.username'] = (@$authsource['priv.read'] ? @$authsource['priv.username'] : $authconfig['ldap.username']);
- $authconfig['ldap.password'] = (@$authsource['priv.read'] ? @$authsource['priv.password'] : $authconfig['ldap.password']);
-
- // Only set the username attribute if the authsource specifies one attribute
- if (@$authsource['search.enable'] && is_array(@$authsource['search.attributes'])
- && count($authsource['search.attributes']) == 1) {
- $authconfig['attribute.username'] = reset($authsource['search.attributes']);
+ if (isset($authsource['hostname'])) {
+ $authconfig['ldap.hostname'] = $authsource['hostname'];
+ }
+ if (isset($authsource['enable_tls'])) {
+ $authconfig['ldap.enable_tls'] = $authsource['enable_tls'];
+ }
+ if (isset($authsource['port'])) {
+ $authconfig['ldap.port'] = $authsource['port'];
+ }
+ if (isset($authsource['timeout'])) {
+ $authconfig['ldap.timeout'] = $authsource['timeout'];
+ }
+ if (isset($authsource['debug'])) {
+ $authconfig['ldap.debug'] = $authsource['debug'];
+ }
+ // only set when search.enabled = true
+ if (isset($authsource['search.enable']) && $authsource['search.enable']) {
+ if (isset($authsource['search.base'])) {
+ $authconfig['ldap.basedn'] = $authsource['search.base'];
+ }
+ if (isset($authsource['search.username'])) {
+ $authconfig['ldap.username'] = $authsource['search.username'];
+ }
+ if (isset($authsource['search.password'])) {
+ $authconfig['ldap.password'] = $authsource['search.password'];
+ }
+ // Only set the username attribute if the authsource specifies one attribute
+ if (isset($authsource['search.attributes']) && is_array($authsource['search.attributes'])
+ && count($authsource['search.attributes']) == 1) {
+ $authconfig['attribute.username'] = reset($authsource['search.attributes']);
+ }
+ }
+ // only set when priv.read = true
+ if (isset($authsource['priv.read']) && $authsource['priv.read']) {
+ if (isset($authsource['priv.username'])) {
+ $authconfig['ldap.username'] = $authsource['priv.username'];
+ }
+ if (isset($authsource['priv.password'])) {
+ $authconfig['ldap.password'] = $authsource['priv.password'];
+ }
}
// Merge the authsource config with the filter config,