Do not interrupt authentication chain on invalid ldap connection infos

Catch LdapExceptions and throw AuthenticationException to not interrupt authentication chain fixes #7497
Icinga · Nov 4, 2014 · f9fee2d · f9fee2d
1 parent 18bd49e
commit f9fee2d
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/library/Icinga/Authentication/Backend/LdapUserBackend.php b/library/Icinga/Authentication/Backend/LdapUserBackend.php
@@ -68,8 +68,16 @@ protected function createQuery($username)
      */
     public function assertAuthenticationPossible()
     {
-        $q = $this->conn->select()->from($this->userClass);
-        $result = $q->fetchRow();
+        try {
+            $q = $this->conn->select()->from($this->userClass);
+            $result = $q->fetchRow();
+        } catch (LdapException $e) {
+            throw new AuthenticationException(
+                'Connection not possible: %s',
+                $e->getMessage()
+            );
+        }
+
         if (! isset($result)) {
             throw new AuthenticationException(
                 'No objects with objectClass="%s" in DN="%s" found.',
@@ -158,7 +166,7 @@ public function authenticate(User $user, $password, $healthCheck = true)
             } catch (AuthenticationException $e) {
                 // Authentication not possible
                 throw new AuthenticationException(
-                    'Authentication against backend "%s" not possible: ',
+                    'Authentication against backend "%s" not possible: %s',
                     $this->getName(),
                     $e
                 );