Change Details

Currently `PhutilLDAPAuthAdapter` first binds as the AnonymousUser to determine the LoginUser DN and then tries to rebind as that user (src/auth/PhutilLDAPAuthAdapter.php:251). Would it be possible to allow not rebinding if no LoginPassword is set, so it becomes possible to fetch the LoginUser's data using the AnonymousUser? I use the following patch locally: ```lang=diff diff --git a/src/auth/PhutilLDAPAuthAdapter.php b/src/auth/PhutilLDAPAuthAdapter.php index 16847fd..609a832 100644 --- a/src/auth/PhutilLDAPAuthAdapter.php +++ b/src/auth/PhutilLDAPAuthAdapter.php @@ -248,7 +248,9 @@ final class PhutilLDAPAuthAdapter extends PhutilAuthAdapter { } } - $this->bindLDAP($conn, $distinguished_name, $login_pass); + if ($login_pass) { + $this->bindLDAP($conn, $distinguished_name, $login_pass); + } $result = $this->searchLDAPForRecord($search_query); if (!$result) { ```

Currently `PhutilLDAPAuthAdapter` first binds as the AnonymousUser to determine the LoginUser DN and then tries to rebind as that user (src/auth/PhutilLDAPAuthAdapter.php:251). Would it be possible to allow not rebinding if no LoginPassword is set, so it becomes possible to fetch the LoginUser's data using the AnonymousUser? I use the following patch locally: ```lang=diff diff --git a/src/auth/PhutilLDAPAuthAdapter.php b/src/auth/PhutilLDAPAuthAdapter.php index 16847fd..609a832 100644 --- a/src/auth/PhutilLDAPAuthAdapter.php +++ b/src/auth/PhutilLDAPAuthAdapter.php @@ -248,7 +248,9 @@ final class PhutilLDAPAuthAdapter extends PhutilAuthAdapter { } } - $this->bindLDAP($conn, $distinguished_name, $login_pass); + if ($login_pass) { + $this->bindLDAP($conn, $distinguished_name, $login_pass); + } $result = $this->searchLDAPForRecord($search_query); if (!$result) { ``` See-Also: T7641

Currently `PhutilLDAPAuthAdapter` first binds as the AnonymousUser to determine the LoginUser DN and then tries to rebind as that user (src/auth/PhutilLDAPAuthAdapter.php:251). Would it be possible to allow not rebinding if no LoginPassword is set, so it becomes possible to fetch the LoginUser's data using the AnonymousUser? I use the following patch locally: ```lang=diff diff --git a/src/auth/PhutilLDAPAuthAdapter.php b/src/auth/PhutilLDAPAuthAdapter.php index 16847fd..609a832 100644 --- a/src/auth/PhutilLDAPAuthAdapter.php +++ b/src/auth/PhutilLDAPAuthAdapter.php @@ -248,7 +248,9 @@ final class PhutilLDAPAuthAdapter extends PhutilAuthAdapter { } } - $this->bindLDAP($conn, $distinguished_name, $login_pass); + if ($login_pass) { + $this->bindLDAP($conn, $distinguished_name, $login_pass); + } $result = $this->searchLDAPForRecord($search_query); if (!$result) { ``` See-Also: T7641