don't attempt to read a user's ldap password

diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
index 2e01738ec37501b7e47e91045a28c563aa5b2bd5..0dfc4c63be15437841b6705871da3af637088eca 100644 (file)
--- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
+++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
@@ -96,7 +96,12 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
         if($entry){
             $registration_data = array();
             foreach($this->attributes as $sn_attribute=>$ldap_attribute){
-                $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
+                //ldap won't let us read a user's password,
+                //and we're going to set the password to a random string later anyways,
+                //so don't bother trying to read it.
+                if($sn_attribute != 'password'){
+                    $registration_data[$sn_attribute]=$entry->getValue($ldap_attribute,'single');
+                }
             }
             if(isset($registration_data['email']) && !empty($registration_data['email'])){
                 $registration_data['email_confirmed']=true;