From 56b16757fe9d4365f0c9fbf065f225c91174aaad Mon Sep 17 00:00:00 2001
From: Man Math <manmath@web-essentials.asia>
Date: Fri, 1 Sep 2017 09:24:45 +0700
Subject: [PATCH] [BUGFIX] Fix Ldap bind failed if login from different
 location

---
 Classes/Service/BindProvider/LdapBind.php | 18 +++++++++---------
 Classes/Service/DirectoryService.php      |  2 ++
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/Classes/Service/BindProvider/LdapBind.php b/Classes/Service/BindProvider/LdapBind.php
index 5009312..a51bb14 100644
--- a/Classes/Service/BindProvider/LdapBind.php
+++ b/Classes/Service/BindProvider/LdapBind.php
@@ -49,20 +49,20 @@ class LdapBind extends AbstractBindProvider
     public function bind($username, $password)
     {
         $bindDn = Arrays::getValueByPath($this->options, 'bind.dn');
+        $bindPassword = Arrays::getValueByPath($this->options, 'bind.password');
         if (!empty($username) && !empty($password)) {
-            // if credentials are given, use them to authenticate
-            $this->bindWithDn(sprintf($bindDn, $username), $password);
+            if (empty($bindPassword)) {
+                // if credentials are given, use them to authenticate
+                $this->bindWithDn(sprintf($bindDn, $username), $password);
+            } else {
+                // if the settings specify a bind password, we are safe to assume no anonymous authentication is needed
+                $this->bindWithDn($bindDn, $bindPassword);
+            }
             return;
         }
 
-        $bindPassword = Arrays::getValueByPath($this->options, 'bind.password');
-        if (!empty($bindPassword)) {
-            // if the settings specify a bind password, we are safe to assume no anonymous authentication is needed
-            $this->bindWithDn($bindDn, $bindPassword);
-        }
-
         $anonymousBind = Arrays::getValueByPath($this->options, 'bind.anonymous');
-        if ($anonymousBind === true) {
+        if ($anonymousBind) {
             // if allowed, bind without username or password
             $this->bindAnonymously();
         }
diff --git a/Classes/Service/DirectoryService.php b/Classes/Service/DirectoryService.php
index 4348197..164562d 100644
--- a/Classes/Service/DirectoryService.php
+++ b/Classes/Service/DirectoryService.php
@@ -142,6 +142,8 @@ public function authenticate($username, $password)
             throw new Exception('Error while authenticating: authenticated user could not be fetched from the directory', 1488289104);
         }
 
+        $this->bindProvider->verifyCredentials($entries[0]['dn'], $password);
+
         return $entries[0];
     }