diff --git a/CHANGELOG b/CHANGELOG index 2e8123cd2..78ac477c8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Add possibility to do LDAP bind before searching for bind DN - Fix handling of empty tags in HTML messages (#1488225) - Add content filter for embedded attachments to protect from XSS on IE (#1487895) - Use strpos() instead of strstr() when possible (#1488211) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index e1d13ee73..16b86c212 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -545,6 +545,9 @@ $rcmail_config['ldap_public']['Verisign'] = array( // The login name is used to search for the DN to bind with 'search_base_dn' => '', 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', // Default for %dn variable if search doesn't return DN value 'search_dn_default' => '', // Optional authentication identifier to be used as SASL authorization proxy diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index 58e2ca921..4d65bfa7a 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -236,6 +236,10 @@ class rcube_ldap extends rcube_addressbook $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); if ($this->prop['search_base_dn'] && $this->prop['search_filter']) { + if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) { + $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']); + } + // Search for the dn to use to authenticate $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces); $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);