From 3f696ff0ed4be5791edd38cf7b2a98a364b95676 Mon Sep 17 00:00:00 2001
From: Jeffery To <jeffery.to@gmail.com>
Date: Fri, 5 Mar 2010 17:54:53 +0800
Subject: [PATCH] ldap_get_connection() to return null when passed a config
 with bad user/pw.

This mainly affects login; before if the user enters a valid username
but invalid password, ldap_get_connection() throws an
LDAP_INVALID_CREDENTIALS error. Now the user sees the regular
"Incorrect username of password" error message.
---
 plugins/LdapAuthentication/LdapAuthenticationPlugin.php | 5 +++++
 plugins/LdapAuthorization/LdapAuthorizationPlugin.php   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
index e0fd615dda..4832096765 100644
--- a/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
+++ b/plugins/LdapAuthentication/LdapAuthenticationPlugin.php
@@ -224,6 +224,11 @@ class LdapAuthenticationPlugin extends AuthenticationPlugin
         $ldap->setErrorHandling(PEAR_ERROR_RETURN);
         $err=$ldap->bind();
         if (Net_LDAP2::isError($err)) {
+            // if we were called with a config, assume caller will handle
+            // incorrect username/password (LDAP_INVALID_CREDENTIALS)
+            if (isset($config) && $err->getCode() == 0x31) {
+                return null;
+            }
             throw new Exception('Could not connect to LDAP server: '.$err->getMessage());
         }
         if($config == null) $this->default_ldap=$ldap;
diff --git a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
index 19aff42b8b..2608025ddc 100644
--- a/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
+++ b/plugins/LdapAuthorization/LdapAuthorizationPlugin.php
@@ -167,6 +167,11 @@ class LdapAuthorizationPlugin extends AuthorizationPlugin
         $ldap->setErrorHandling(PEAR_ERROR_RETURN);
         $err=$ldap->bind();
         if (Net_LDAP2::isError($err)) {
+            // if we were called with a config, assume caller will handle
+            // incorrect username/password (LDAP_INVALID_CREDENTIALS)
+            if (isset($config) && $err->getCode() == 0x31) {
+                return null;
+            }
             throw new Exception('Could not connect to LDAP server: '.$err->getMessage());
             return false;
         }