pkp · jonasraoni · Jan 11, 2022 · Sep 25, 2021
diff --git a/plugins/auth/ldap/LDAPAuthPlugin.inc.php b/plugins/auth/ldap/LDAPAuthPlugin.inc.php
@@ -36,7 +36,7 @@ public function register($category, $path, $mainContextId = null)
     // - managerdn
     // - managerpwd
     // - pwhash
-    // - SASL: sasl, saslmech, saslrealm, saslauthzid, saslprop
+    // - SASL: sasl, saslmech, saslrealm, saslauthcid, saslauthzid, saslprop
 
     /** @var resource the LDAP connection */
     public $conn;
@@ -292,8 +292,8 @@ public function close()
     public function bind($binddn = null, $password = null)
     {
         if (isset($this->settings['sasl'])) {
-            // FIXME ldap_sasl_bind requires PHP5, haven't tested this
-            return @ldap_sasl_bind($this->conn, $binddn, $password, $this->settings['saslmech'], $this->settings['saslrealm'], $this->settings['saslauthzid'], $this->settings['saslprop']);
+            // Not well tested
+            return @ldap_sasl_bind($this->conn, $binddn, $password, $this->settings['saslmech'], $this->settings['saslrealm'], $this->settings['saslauthcid'], $this->settings['saslauthzid'], $this->settings['saslprop']);
         }
         return @ldap_bind($this->conn, $binddn, $password);
     }
@@ -329,7 +329,7 @@ public function userFromAttr(&$user, &$uattr)
         $siteDao = DAORegistry::getDAO('SiteDAO'); /** @var SiteDAO $siteDao */
         $site = $siteDao->getSite();
 
-        $attr = array_change_key_case($uattr, CASE_LOWER); // Note:  array_change_key_case requires PHP >= 4.2.0
+        $attr = array_change_key_case($uattr, CASE_LOWER);
         $givenName = @$attr['givenname'][0];
         $familyName = @$attr['sn'][0];
         if (!isset($familyName)) {
@@ -429,7 +429,7 @@ public function encodePassword($password)
                 $salt = pack('C*', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
                 return '{SMD5}' . base64_encode(pack('H*', md5($password . $salt)) . $salt);
             case 'sha':
-                return '{SHA}' . base64_encode(pack('H*', sha1($password))); // Note: sha1 requres PHP >= 4.3.0
+                return '{SHA}' . base64_encode(pack('H*', sha1($password)));
             case 'ssha':
                 $salt = pack('C*', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
                 return '{SSHA}' . base64_encode(pack('H*', sha1($password . $salt)) . $salt);

diff --git a/plugins/auth/ldap/locale/en_US/locale.po b/plugins/auth/ldap/locale/en_US/locale.po
@@ -77,8 +77,11 @@ msgstr "E.g., \"DIGEST-MD5\""
 msgid "plugins.auth.ldap.settings.saslrealm"
 msgstr "Realm"
 
-msgid "plugins.auth.ldap.settings.saslauthzid"
+msgid "plugins.auth.ldap.settings.saslauthcid"
 msgstr "Requested authorization ID"
 
+msgid "plugins.auth.ldap.settings.saslauthzid"
+msgstr "Requested proxy authorization ID"
+
 msgid "plugins.auth.ldap.settings.saslprop"
 msgstr "SASL security properties"
diff --git a/plugins/auth/ldap/templates/settings.tpl b/plugins/auth/ldap/templates/settings.tpl
@@ -103,6 +103,12 @@
 			<input type="text" id="saslrealm" name="settings[saslrealm]" value="{$settings.saslrealm|escape}" size="30" maxlength="255" class="textField" />
 		</td>
 	</tr>
+	<tr>
+		<td class="label">{fieldLabel name="saslauthcid" key="plugins.auth.ldap.settings.saslauthcid"}</td>
+		<td class="value">
+			<input type="text" id="saslauthcid" name="settings[saslauthcid]" value="{$settings.saslauthcid|escape}" size="30" maxlength="255" class="textField" />
+		</td>
+	</tr>
 	<tr>
 		<td class="label">{fieldLabel name="saslauthzid" key="plugins.auth.ldap.settings.saslauthzid"}</td>
 		<td class="value">