From 0e6bb7c2e4d9658551a6a78077374547067f2803 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Wed, 10 Sep 2014 18:42:09 -0400
Subject: [PATCH] Made some more progress on AD authentication

---
 admin/index.php | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/admin/index.php b/admin/index.php
index 17584fe5..c3e01bf0 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -202,9 +202,36 @@ function do_login()
         //TODO LDAP escape the $user string!
         $dnQuery = "(&(uid=" . $user . ")(objectClass=person))";
         $search_base = $nuMods_settings['ldap_search_base'];
-        $search_status = ldap_search(
+        $search = ldap_search(
             $connection, $search_base, $dnQuery, array('dn')
         );
+        if ($search == false) {
+            die("Search failed.");
+        }
+
+        $search_result = ldap_get_entries($connection, $search);
+        if ($search_result == false) {
+            die("Couldn't pull information from LDAP/AD server");
+        }
+        $userdn = '';
+        if ((int) @$search_result['count'] > 0) {
+            // Definitely pulled something, we don't check here
+            //     for this example if it's more results than 1,
+            //     although you should.
+            $userdn = $result[0]['dn'];
+        }
+
+        if (trim((string) $userdn) == '') {
+            die("Empty DN. Something is wrong.");
+        }
+
+        // Authenticate with the newly found DN and user-provided password
+        $auth_status = ldap_bind($connection, $userdn, $pass);
+        if ($auth_status === FALSE) {
+            //-- Login failed!
+            $_SESSION['a_iserror'] = array('pass');
+            hesk_process_messages($hesklang['wrong_pass'],'NOREDIRECT');
+        }
 
     }