deon/phpldapadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add alert for DN logins that dont exist. Might be attempts to use the rootdn which is not supported.

Browse Source 
Closes #345
This commit is contained in:
Deon George 2025-06-19 10:30:16 +10:00
parent c4b1d9ec51
commit 59cf0d337e
4 changed files with 66 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example
View File

@ -14,3 +14,4 @@ LDAP_HOST=
LDAP_USERNAME= LDAP_USERNAME=
LDAP_PASSWORD= LDAP_PASSWORD=
LDAP_CACHE=false LDAP_CACHE=false
LDAP_ALERT_ROOTDN=true

26
app/Http/Controllers/Auth/LoginController.php
View File

@ -8,7 +8,9 @@ use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use App\Exceptions\InvalidUsage;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Ldap\Entry;
class LoginController extends Controller class LoginController extends Controller
{ {
@ -51,6 +53,30 @@ class LoginController extends Controller
]; ];
} }
/**
* When attempt to login
*
* @param Request $request
* @return void
* @throws InvalidUsage
*/
public function attemptLogin(Request $request)
{
$attempt = $this->guard()->attempt(
$this->credentials($request), $request->boolean('remember')
);
// If the login failed, and PLA is set to use DN login, check if the entry exists.
// If the entry doesnt exist, it might be the root DN, which cannot be used to login
if ((! $attempt) && $request->dn && config('pla.login.alert_rootdn',TRUE)) {
$dn = config('server')->fetch($request->dn);
$o = new Entry;
if (! $dn && $o->getConnection()->getLdapConnection()->errNo() === 32)
abort(501,'Authentication set to DN, but the DN doesnt exist');
}
}
/** /**
* We need to delete our encrypted username/password cookies * We need to delete our encrypted username/password cookies
* *

8
config/pla.php
View File

@ -84,8 +84,12 @@ return [
* setup. * setup.
*/ */
'login' => [ 'login' => [
'attr' => [env('LDAP_LOGIN_ATTR','uid') => env('LDAP_LOGIN_ATTR_DESC','User ID')], // Attribute used to find user for login // Attribute used to find user for login
'objectclass' => explode(',',env('LDAP_LOGIN_OBJECTCLASS', 'posixAccount')), // Objectclass that users must contain to login 'attr' => [strtolower(env('LDAP_LOGIN_ATTR','uid')) => env('LDAP_LOGIN_ATTR_DESC','User ID')],
// Objectclass that users must contain to login
'objectclass' => explode(',',env('LDAP_LOGIN_OBJECTCLASS', 'posixAccount')),
// Alert if DN is being used, and the login fails, and the the DN doesnt exist
'alert_rootdn' => env('LDAP_ALERT_ROOTDN',TRUE) && strtolower(env('LDAP_LOGIN_ATTR','uid')) === 'dn',
], ],
'template' => [ 'template' => [

33
resources/views/errors/501.blade.php Normal file
View File

@ -0,0 +1,33 @@
@extends('architect::layouts.error')
@section('error')
501: @lang('LDAP Authentication Error')
@endsection
@section('content')
<table class="table table-sm table-borderless table-condensed">
<tr>
<th>@lang('Error')</th>
</tr>
<tr>
<td colspan="2">{{ $exception->getMessage() }}</td>
</tr>
<tr>
<th>@lang('Possible Causes')</th>
</tr>
<tr>
<td>
<ul class="ps-3">
<li>The DN you used to login actually doesnt exist in the server (DN's must exist in order to login)</li>
<li>You are attempting to use the <strong>rootdn</strong> to login (not supported)</li>
</ul>
</td>
</tr>
</table>
<p>To suppress this message, set <strong>LDAP_ALERT_ROOTDN</strong> to <strong>FALSE</strong> before starting PLA.</p>
<p>Back to <a href="{{ url('login') }}">login</a>?</p>
@endsection