function checkPassword($username, $password)
{
- $entry = $this->get_user($username);
+ $entry = $this->get_user($username,array('dn' => 'dn'));
if(!$entry){
return false;
}else{
+ if(empty($password)) {
+ //NET_LDAP2 will do an anonymous bind if bindpw is not set / empty string
+ //which causes all login attempts that involve a blank password to appear
+ //to succeed. Which is obviously not good.
+ return false;
+ }
$config = $this->get_ldap_config();
$config['binddn']=$entry->dn();
$config['bindpw']=$password;
//throw new Exception(_('Sorry, changing LDAP passwords is not supported at this time'));
return false;
}
- $entry = $this->get_user($username);
+ $entry = $this->get_user($username,array('dn' => 'dn'));
if(!$entry){
return false;
}else{