From fa3d894df381d8299f82e3e206cf88038a107fc0 Mon Sep 17 00:00:00 2001
From: Conrad Vermeulen <conrad@knowledgetree.com>
Date: Tue, 30 Sep 2008 10:07:43 +0000
Subject: [PATCH] KTS-3752 "CLONE -Authentication problem: (many) users can login without a correct password (SUP-1086)" Fixed.

---
 plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php b/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
index 07b7f25..1d22c77 100644
--- a/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
+++ b/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
@@ -741,6 +741,10 @@ class KTLDAPBaseAuthenticator extends Authenticator {
      */
     function checkPassword($oUser, $sPassword) {
         $dn = $oUser->getAuthenticationDetails();
+        if (is_null($dn))
+        {
+            return new PEAR_Error(_kt('Please consult your system administrator. The authentication parameters are corrupt. (authentication_detail_s1 is null)'));
+        }
         $config = array(
             'host' => $this->sLdapServer,
             'base' => $this->sBaseDN,
@@ -796,11 +800,15 @@ class KTLDAPBaseAuthenticator extends Authenticator {
             return $aResults;
         }
         foreach($aResults as $aEntry){
-            if($aEntry['sAMAccountName'] == $sName){
+            if (strcasecmp($aEntry['sAMAccountName'], $sName) == 0) {
                 $newDn = $aEntry['dn'];
                 break;
             }
         }
+        if (empty($newDn))
+        {
+            return false;
+        }
 
         $res = $this->oLdap->reBind($newDn, $sPassword);
 
--
libgit2 0.21.4