From d382e2e4bed8d4535925ac1ea8cc1f49ed7e7018 Mon Sep 17 00:00:00 2001
From: operateur404 <78365753+operateur404@users.noreply.github.com>
Date: Thu, 4 Feb 2021 03:49:50 +0100
Subject: [PATCH] LDAP protocol/host/port configuration by URL; make BASE_DN
 optional

PHP ldap_connect($host, $port) function signature is deprecated: https://www.php.net/manual/en/function.ldap-connect.php

Querying an AD Global Catalog across an entire forest requires an empty base DN
---
 app/Core/Ldap/Client.php               | 11 ++++++++---
 app/Core/Ldap/User.php                 |  4 ----
 config.default.php                     |  5 +----
 tests/units/Core/Ldap/LdapUserTest.php |  8 --------
 4 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/app/Core/Ldap/Client.php b/app/Core/Ldap/Client.php
index 7df744aaa..64252fa59 100644
--- a/app/Core/Ldap/Client.php
+++ b/app/Core/Ldap/Client.php
@@ -70,8 +70,8 @@ class Client
      *
      * @access public
      *
-     * @param  string $server LDAP server hostname or IP
-     * @param  int    $port   LDAP port
+     * @param  string $server LDAP server URI (ldap[s]://hostname:port) or hostname (deprecated) 
+     * @param  int    $port   LDAP port (deprecated)
      * @param  bool   $tls    Start TLS
      * @param  bool   $verify Skip SSL certificate verification
      * @return Client
@@ -88,7 +88,12 @@ class Client
             putenv('LDAPTLS_REQCERT=never');
         }
 
-        $this->ldap = @ldap_connect($server, $port);
+        if (filter_var($server, FILTER_VALIDATE_URL) !== false) {
+            $this->ldap = @ldap_connect($server);
+        }
+        else {
+            $this->ldap = @ldap_connect($server, $port);
+        }
 
         if ($this->ldap === false) {
             throw new ConnectionException('Malformed LDAP server hostname or LDAP server port');
diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php
index 1f22fbec4..34019df0d 100644
--- a/app/Core/Ldap/User.php
+++ b/app/Core/Ldap/User.php
@@ -342,10 +342,6 @@ class User
      */
     public function getBaseDn()
     {
-        if (! LDAP_USER_BASE_DN) {
-            throw new LogicException('LDAP user base DN empty, check the parameter LDAP_USER_BASE_DN');
-        }
-
         return LDAP_USER_BASE_DN;
     }
 
diff --git a/config.default.php b/config.default.php
index 4a6f3809b..9ed83f617 100644
--- a/config.default.php
+++ b/config.default.php
@@ -102,12 +102,9 @@ define('DB_TIMEOUT', null);
 // Enable LDAP authentication (false by default)
 define('LDAP_AUTH', false);
 
-// LDAP server hostname
+// LDAP server protocol, hostname and port URL (ldap[s]://hostname:port)
 define('LDAP_SERVER', '');
 
-// LDAP server port (389 by default)
-define('LDAP_PORT', 389);
-
 // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
 define('LDAP_SSL_VERIFY', true);
 
diff --git a/tests/units/Core/Ldap/LdapUserTest.php b/tests/units/Core/Ldap/LdapUserTest.php
index bafa018a4..6f476da3a 100644
--- a/tests/units/Core/Ldap/LdapUserTest.php
+++ b/tests/units/Core/Ldap/LdapUserTest.php
@@ -785,14 +785,6 @@ class LdapUserTest extends Base
         $this->assertEquals(array('is_ldap_user' => 1), $user->getExtraAttributes());
     }
 
-    public function testGetBaseDnNotConfigured()
-    {
-        $this->expectException('\LogicException');
-
-        $user = new User($this->query);
-        $user->getBaseDn();
-    }
-
     public function testGetLdapUserPatternNotConfigured()
     {
         $this->expectException('\LogicException');