- Applied r5515 from trunk

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Add possibility to do LDAP bind before searching for bind DN
 - Fix handling of empty <U> tags in HTML messages (#1488225)
 - Add content filter for embedded attachments to protect from XSS on IE (#1487895)
 - Use strpos() instead of strstr() when possible (#1488211)

config/main.inc.php.dist

@@ -541,6 +541,9 @@ $rcmail_config['ldap_public']['Verisign'] = array(
   // The login name is used to search for the DN to bind with
   'search_base_dn' => '',
   'search_filter'  => '',   // e.g. '(&(objectClass=posixAccount)(uid=%u))'
+  // DN and password to bind as before searching for bind DN, if anonymous search is not allowed
+  'search_bind_dn' => '',
+  'search_bind_pw' => '',
   // Default for %dn variable if search doesn't return DN value
   'search_dn_default' => '',
   // Optional authentication identifier to be used as SASL authorization proxy

program/include/rcube_ldap.php

@@ -228,6 +228,10 @@ class rcube_ldap extends rcube_addressbook
             $replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
 
             if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
+                if (!empty$this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
+                    $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
+                }
+
                 // Search for the dn to use to authenticate
                 $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
                 $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);