From d5824377f153475e5b439221ff68f6f0d2d027aa Mon Sep 17 00:00:00 2001
From: jan Walther <jan.walther@blackbit.de>
Date: Tue, 7 Jul 2020 21:17:48 +0200
Subject: [PATCH] when LDAP binding does not work with given search_dn /
 search_password, the input user credentials get used to connect to LDAP
 adapter

---
 src/Service/Ldap.php | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/src/Service/Ldap.php b/src/Service/Ldap.php
index 548010d..309bc59 100644
--- a/src/Service/Ldap.php
+++ b/src/Service/Ldap.php
@@ -10,6 +10,7 @@
 
 use Alep\LdapBundle\DataMapper\LdapUserMapperInterface;
 use Symfony\Component\Ldap\Entry;
+use Symfony\Component\Ldap\Exception\NotBoundException;
 use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Ldap\Exception\ConnectionException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -104,10 +105,12 @@ public function __construct(
         $this->mapper = $mapper;
         $this->logger = $logger;
 
-        try {
-            $this->ldap->bind($searchDn, $searchPassword);
-        } catch(ConnectionException $e) {
-            $this->logger->alert('Invalid LDAP credentials');
+        if($searchDn) {
+            try {
+                $this->ldap->bind($searchDn, $searchPassword);
+            } catch (ConnectionException $e) {
+                $this->logger->alert('Invalid LDAP credentials');
+            }
         }
     }
 
@@ -206,7 +209,7 @@ public function authenticate($username, $password)
         }
 
         //Get user from ldap
-        $ldapUser = $this->getLdapUser($username);
+        $ldapUser = $this->getLdapUser($username, $password);
 
         if (!($ldapUser instanceof Entry)) {
             $this->logger->error(sprintf("Login failed for user '%s'. The presented username is not valid.", $username));
@@ -259,17 +262,25 @@ protected function getPimcoreUserRoleByName(string $name)
      * @param string $username
      * @return mixed|null|Entry
      */
-    protected function getLdapUser($username)
+    protected function getLdapUser($username, $password)
     {
         //Search for ldap user
         $filter = str_replace('{username}', $username, $this->filter);
 
         $this->logger->debug(sprintf("Searching for ldap user '%s' with the base dn '%s' and the filter '%s'.", $username, $this->baseDn, $filter));
 
-        $queryResults = $this->ldap->query(
-            $this->baseDn,
-            $filter
-        )->execute();
+        try {
+            $queryResults = $this->ldap->query(
+                $this->baseDn,
+                $filter
+            )->execute();
+        } catch(NotBoundException $e) {
+            $this->ldap->bind('uid='.$username.','.$this->baseDn, $password);
+            $queryResults = $this->ldap->query(
+                $this->baseDn,
+                $filter
+            )->execute();
+        }
 
         //Check if ldap user exists
         if ($queryResults->count() === 1) {