diff --git a/src/authorizer/class-authentication.php b/src/authorizer/class-authentication.php index 3736bd59..8bce26a8 100644 --- a/src/authorizer/class-authentication.php +++ b/src/authorizer/class-authentication.php @@ -575,10 +575,12 @@ protected function custom_authenticate_ldap( $auth_settings, $username, $passwor // the form ldap://hostname:port or ldaps://hostname:port. $ldap_port = intval( $auth_settings['ldap_port'] ); $parsed_host = wp_parse_url( $ldap_host ); - // Fail (fall back to WordPress auth) if invalid host is specified. - if ( false === $parsed_host || ! Helper::is_valid_domain_name( $ldap_host ) ) { + + // Fail if invalid host is specified. + if ( false === $parsed_host ) { continue; } + // If a scheme is in the LDAP host, use full LDAP URI instead of just hostname. if ( array_key_exists( 'scheme', $parsed_host ) ) { // If the port isn't in the LDAP URI, use the one in the LDAP port field. @@ -588,11 +590,18 @@ protected function custom_authenticate_ldap( $auth_settings, $username, $passwor $ldap_host = Helper::build_url( $parsed_host ); } - // Establish LDAP connection. + // Create LDAP connection. $ldap = ldap_connect( $ldap_host, $ldap_port ); ldap_set_option( $ldap, LDAP_OPT_PROTOCOL_VERSION, 3 ); - if ( 1 === intval( $auth_settings['ldap_tls'] ) ) { - if ( ! ldap_start_tls( $ldap ) ) { + + // Fail if we don't have a plausible LDAP URI. + if ( false === $ldap ) { + continue; + } + + // Attempt to start TLS if that setting is checked and we're not using ldaps protocol. + if ( 1 === intval( $auth_settings['ldap_tls'] ) && false === strpos( $ldap_host, 'ldaps://' ) ) { + if ( ! @ldap_start_tls( $ldap ) ) { continue; } } diff --git a/src/authorizer/class-helper.php b/src/authorizer/class-helper.php index a0ceaf69..01d57b28 100644 --- a/src/authorizer/class-helper.php +++ b/src/authorizer/class-helper.php @@ -381,24 +381,6 @@ public static function build_url( $parts = array() ) { } - /** - * Determine whether a domain name is valid. - * - * @param string $domain_name Name to test. - * @return boolean Whether the domain is valid. - */ - public static function is_valid_domain_name($domain_name) { - return ( - // Valid characters check. - preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name) && - // Overall length check. - preg_match("/^.{1,253}$/", $domain_name) && - // Length of each label check. - preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name) - ); - } - - /** * Helper function to get a single user info array from one of the access * control lists (pending, approved, or blocked).