Add alert for DN logins that dont exist. Might be attempts to use the rootdn which is not supported.

Closes #345

.env.example

@@ -14,3 +14,4 @@ LDAP_HOST=
 LDAP_USERNAME=
 LDAP_PASSWORD=
 LDAP_CACHE=false
+LDAP_ALERT_ROOTDN=true

app/Http/Controllers/Auth/LoginController.php

@@ -8,7 +8,9 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 
+use App\Exceptions\InvalidUsage;
 use App\Http\Controllers\Controller;
+use App\Ldap\Entry;
 
 class LoginController extends Controller
 {
@@ -51,6 +53,30 @@ class LoginController extends Controller
 		];
 	}
 
+	/**
+	 * When attempt to login
+	 *
+	 * @param Request $request
+	 * @return void
+	 * @throws InvalidUsage
+	 */
+	public function attemptLogin(Request $request)
+	{
+		$attempt = $this->guard()->attempt(
+			$this->credentials($request), $request->boolean('remember')
+		);
+
+		// If the login failed, and PLA is set to use DN login, check if the entry exists.
+		// If the entry doesnt exist, it might be the root DN, which cannot be used to login
+		if ((! $attempt) && $request->dn && config('pla.login.alert_rootdn',TRUE)) {
+			$dn = config('server')->fetch($request->dn);
+			$o = new Entry;
+
+			if (! $dn && $o->getConnection()->getLdapConnection()->errNo() === 32)
+				abort(501,'Authentication set to DN, but the DN doesnt exist');
+		}
+	}
+
 	/**
 	 * We need to delete our encrypted username/password cookies
 	 *

config/pla.php

@@ -84,8 +84,12 @@ return [
 	 * setup.
 	 */
 	'login' => [
-		'attr' => [env('LDAP_LOGIN_ATTR','uid') => env('LDAP_LOGIN_ATTR_DESC','User ID')],	// Attribute used to find user for login
-		'objectclass' => explode(',',env('LDAP_LOGIN_OBJECTCLASS', 'posixAccount')),		// Objectclass that users must contain to login
+		// Attribute used to find user for login
+		'attr' => [strtolower(env('LDAP_LOGIN_ATTR','uid')) => env('LDAP_LOGIN_ATTR_DESC','User ID')],
+		// Objectclass that users must contain to login
+		'objectclass' => explode(',',env('LDAP_LOGIN_OBJECTCLASS', 'posixAccount')),
+		// Alert if DN is being used, and the login fails, and the the DN doesnt exist
+		'alert_rootdn' => env('LDAP_ALERT_ROOTDN',TRUE) && strtolower(env('LDAP_LOGIN_ATTR','uid')) === 'dn',
 	],
 
 	'template' => [

resources/views/errors/501.blade.php

@@ -0,0 +1,33 @@
+@extends('architect::layouts.error')
+
+@section('error')
+	501: @lang('LDAP Authentication Error')
+@endsection
+
+@section('content')
+	<table class="table table-sm table-borderless table-condensed">
+		<tr>
+			<th>@lang('Error')</th>
+		</tr>
+
+		<tr>
+			<td colspan="2">{{ $exception->getMessage() }}</td>
+		</tr>
+
+		<tr>
+			<th>@lang('Possible Causes')</th>
+		</tr>
+		<tr>
+			<td>
+				<ul class="ps-3">
+					<li>The DN you used to login actually doesnt exist in the server (DN's must exist in order to login)</li>
+					<li>You are attempting to use the <strong>rootdn</strong> to login (not supported)</li>
+				</ul>
+			</td>
+		</tr>
+	</table>
+
+	<p>To suppress this message, set <strong>LDAP_ALERT_ROOTDN</strong> to <strong>FALSE</strong> before starting PLA.</p>
+	<p>Back to <a href="{{ url('login') }}">login</a>?</p>
+
+@endsection