From effd25704033a4efbf8d60756e8fd7329496b543 Mon Sep 17 00:00:00 2001
From: DSP <104141210+dsp-active@users.noreply.github.com>
Date: Thu, 18 Jul 2024 15:04:17 +0200
Subject: [PATCH] feat: fix isPasswordWithLdapEnabled logic in handleBind() for
 redirecting to other LDAP sources (#3059)

* Added parameters to function call in server.go

Added needed parameters for redirection to other LDAP sources to function correctly and not always run into the "wrong credentials" error

* Update server.go

---------

Co-authored-by: Yang Luo <hsluoyz@qq.com>
---
 ldap/server.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ldap/server.go b/ldap/server.go
index cf1aa4ff..edf332b9 100644
--- a/ldap/server.go
+++ b/ldap/server.go
@@ -59,7 +59,15 @@ func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
 		}
 
 		bindPassword := string(r.AuthenticationSimple())
-		bindUser, err := object.CheckUserPassword(bindOrg, bindUsername, bindPassword, "en")
+
+		enableCaptcha := false
+		isSigninViaLdap := false
+		isPasswordWithLdapEnabled := false
+		if bindPassword != "" {
+			isPasswordWithLdapEnabled = true
+		}
+
+		bindUser, err := object.CheckUserPassword(bindOrg, bindUsername, bindPassword, "en", enableCaptcha, isSigninViaLdap, isPasswordWithLdapEnabled)
 		if err != nil {
 			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
 			res.SetResultCode(ldap.LDAPResultInvalidCredentials)