Merge branch 'b-3.6.1' of ../kivitendo-erp_20220811

[kivitendo-erp.git] / SL / Auth / LDAP.pm

diff --git a/SL/Auth/LDAP.pm b/SL/Auth/LDAP.pm
index 8311c70..2f651b3 100644 (file)
--- a/SL/Auth/LDAP.pm
+++ b/SL/Auth/LDAP.pm
@@ -2,7 +2,6 @@ package SL::Auth::LDAP;
 
 use English '-no_match_vars';
 
-use Scalar::Util qw(weaken);
 use SL::Auth::Constants qw(:all);
 
 use strict;
@@ -12,11 +11,9 @@ sub new {
     die 'The module "Net::LDAP" is not installed.';
   }
 
-  my $type = shift;
-  my $self = {};
-
-  $self->{auth} = shift;
-  weaken $self->{auth};
+  my $type        = shift;
+  my $self        = {};
+  $self->{config} = shift;
 
   bless $self, $type;
 
@@ -31,31 +28,36 @@ sub reset {
 
 sub _connect {
   my $self = shift;
-  my $cfg  = $self->{auth}->{LDAP_config};
+  my $cfg  = $self->{config};
 
   return $self->{ldap} if $self->{ldap};
 
-  my $port      = $cfg->{port} || 389;
-  $self->{ldap} = Net::LDAP->new($cfg->{host}, 'port' => $port);
+  my $port = $cfg->{port} || 389;
+  my $ldap = Net::LDAP->new($cfg->{host}, port => $port, timeout => $cfg->{timeout} || 10);
 
-  if (!$self->{ldap}) {
-    $main::form->error($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/kivitendo.conf.', $cfg->{host}, $port));
+  if (!$ldap) {
+    $::lxdebug->warn($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/kivitendo.conf.', $cfg->{host}, $port));
+    return undef;
   }
 
   if ($cfg->{tls}) {
-    my $mesg = $self->{ldap}->start_tls('verify' => 'none');
+    my $mesg = $ldap->start_tls(verify => $cfg->{verify} // 'require');
     if ($mesg->is_error()) {
-      $main::form->error($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/kivitendo.conf.'));
+      $::lxdebug->warn($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/kivitendo.conf.'));
+      return undef;
     }
   }
 
   if ($cfg->{bind_dn}) {
-    my $mesg = $self->{ldap}->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password});
+    my $mesg = $ldap->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password});
     if ($mesg->is_error()) {
-      $main::form->error($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/kivitendo.conf.', $cfg->{bind_dn}));
+      $::lxdebug->warn($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/kivitendo.conf.', $cfg->{bind_dn}));
+      return undef;
     }
   }
 
+  $self->{ldap} = $ldap;
+
   return $self->{ldap};
 }
 
@@ -65,7 +67,7 @@ sub _get_filter {
 
   my ($cfg, $filter);
 
-  $cfg    =  $self->{auth}->{LDAP_config};
+  $cfg    =  $self->{config};
 
   $filter =  "$cfg->{filter}";
   $filter =~ s|^\s+||;
@@ -104,7 +106,7 @@ sub _get_user_dn {
 
   return $self->{dn_cache}->{$login} if $self->{dn_cache}->{$login};
 
-  my $cfg    = $self->{auth}->{LDAP_config};
+  my $cfg    = $self->{config};
 
   my $filter = $self->_get_filter($login);
 
@@ -160,7 +162,7 @@ sub verify_config {
   my $locale = $main::locale;
 
   my $self = shift;
-  my $cfg  = $self->{auth}->{LDAP_config};
+  my $cfg  = $self->{config};
 
   if (!$cfg) {
     $form->error($locale->text('config/kivitendo.conf: Key "authentication/ldap" is missing.'));