Merge pull request #25899 from nextcloud/backport/25860/stable21

[stable21] do not die after LDAP auth failed with expired acc
nextcloud · Mar 3, 2021 · 7c8c890 · 7c8c890
2 parents 2a66d4e + 9d93748
commit 7c8c890
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
@@ -676,9 +676,12 @@ public function bind() {
 				'Bind failed: ' . $errno . ': ' . $this->ldap->error($cr),
 				ILogger::WARN);
 
-			// Set to failure mode, if LDAP error code is not LDAP_SUCCESS or LDAP_INVALID_CREDENTIALS
-			// or (needed for Apple Open Directory:) LDAP_INSUFFICIENT_ACCESS
-			if ($errno !== 0 && $errno !== 49 && $errno !== 50) {
+			// Set to failure mode, if LDAP error code is not one of
+			// - LDAP_SUCCESS (0)
+			// - LDAP_INVALID_CREDENTIALS (49)
+			// - LDAP_INSUFFICIENT_ACCESS (50, spotted Apple Open Directory)
+			// - LDAP_UNWILLING_TO_PERFORM (53, spotted eDirectory)
+			if (!in_array($errno, [0, 49, 50, 53], true)) {
 				$this->ldapConnectionRes = null;
 			}