Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).

2 files changed, 3 insertions, 4 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 9c448be..13ca678 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -936,7 +936,7 @@ function ldap_backed($username, $passwd, $authcfg) {
 		else
 			$ldapfunc = "ldap_search";
 		/* Support legacy auth container specification. */
-		if (stristr($ldac_split, "DC="))
+		if (stristr($ldac_split, "DC=") || empty($ldapbasedn))
 			$search	 = @$ldapfunc($ldap,$ldac_split,$ldapfilter);
 		else
 			$search  = @$ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter);
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
index fc7cef0..8a18ed6 100644
--- a/usr/local/www/system_authservers.php
+++ b/usr/local/www/system_authservers.php
@@ -147,7 +147,7 @@ if ($_POST) {
 
 	if ($pconfig['type'] == "ldap") {
 		$reqdfields = explode(" ", "name type ldap_host ldap_port ".
-						"ldap_urltype ldap_protver ldap_scope ldap_basedn ".
+						"ldap_urltype ldap_protver ldap_scope ".
 						"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
 		$reqdfieldsn = array(
 			gettext("Descriptive name"),
@@ -157,7 +157,6 @@ if ($_POST) {
 			gettext("Transport"),
 			gettext("Protocol version"),
 			gettext("Search level"),
-			gettext("Search Base DN"),
 			gettext("User naming Attribute"),
 			gettext("Group naming Attribute"),
 			gettext("Group member attribute"),
@@ -507,7 +506,7 @@ function select_clicked() {
 							</td>
 						</tr>
 						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Search scope");?></td>
+							<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
 							<td width="78%" class="vtable">
 								<table border="0" cellspacing="0" cellpadding="2">
 									<tr>