From a426a6cd90e703479b2f5a57d16b97d5ded495af Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 19 Apr 2013 09:28:22 +0200
Subject: LDAP: do not bind anonymously if superuser is set FS#2607

---
 lib/plugins/authldap/auth.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'lib/plugins/authldap')

diff --git a/lib/plugins/authldap/auth.php b/lib/plugins/authldap/auth.php
index 6e7bde1f0..b49aa4792 100644
--- a/lib/plugins/authldap/auth.php
+++ b/lib/plugins/authldap/auth.php
@@ -465,7 +465,13 @@ class auth_plugin_authldap extends DokuWiki_Auth_Plugin {
             if(defined('LDAP_OPT_NETWORK_TIMEOUT')) {
                 ldap_set_option($this->con, LDAP_OPT_NETWORK_TIMEOUT, 1);
             }
-            $bound = @ldap_bind($this->con);
+
+            if($this->getConf('binddn') && $this->getConf('bindpw')) {
+                $bound = @ldap_bind($this->con, $this->getConf('binddn'), $this->getConf('bindpw'));
+                $this->bound = 2;
+            } else {
+                $bound = @ldap_bind($this->con);
+            }
             if($bound) {
                 break;
             }
-- 
cgit v1.2.3