Bug 4993 checkpw_ldap - do bind just once

When using auth_by_bind, search was always done as anonymous user.
This is a problem if we want to fetch LDAP values which have ACL
permissions only for users.

This change moves bind from search_method back into checkpw_ldap,
making code cleaner and easier to understand

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

diff --git a/C4/Auth_with_ldap.pm b/C4/Auth_with_ldap.pm
index acbd923..3613acf 100644 (file)
--- a/C4/Auth_with_ldap.pm
+++ b/C4/Auth_with_ldap.pm
@@ -82,11 +82,6 @@ sub search_method {
     my $userid = shift or return;
        my $uid_field = $mapping{userid}->{is} or die ldapserver_error("mapping for 'userid'");
        my $filter = Net::LDAP::Filter->new("$uid_field=$userid") or die "Failed to create new Net::LDAP::Filter";
-    my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
-    if ($res->code) {          # connection refused
-        warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res);
-        return 0;
-    }
        my $search = $db->search(
                  base => $base,
                filter => $filter,
@@ -128,6 +123,11 @@ sub checkpw_ldap {
        $userldapentry = $search->shift_entry;
 
        } else {
+               my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);
+               if ($res->code) {               # connection refused
+                       warn "LDAP bind failed as ldapuser " . ($ldapname || '[ANONYMOUS]') . ": " . description($res);
+                       return 0;
+               }
         my $search = search_method($db, $userid) or return 0;   # warnings are in the sub
         $userldapentry = $search->shift_entry;
                my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password );