From 772c3eb43ab784f9154bd57cab7b180a89dc2148 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Mon, 1 Nov 2021 11:13:44 +0100
Subject: [PATCH] Works on ldap password hash type

---
 htdocs/admin/ldap.php            | 15 ++++++++++++---
 htdocs/core/class/ldap.class.php | 13 +++++--------
 htdocs/langs/en_US/ldap.lang     |  2 ++
 3 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/htdocs/admin/ldap.php b/htdocs/admin/ldap.php
index 4010d724c1a..1b93ada1119 100644
--- a/htdocs/admin/ldap.php
+++ b/htdocs/admin/ldap.php
@@ -2,7 +2,7 @@
 /* Copyright (C) 2004       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
  * Copyright (C) 2004       Sebastien Di Cintio     <sdicintio@ressource-toi.org>
  * Copyright (C) 2004       Benoit Mortier          <benoit.mortier@opensides.be>
- * Copyright (C) 2005-2017  Regis Houssin           <regis.houssin@inodbox.com>
+ * Copyright (C) 2005-2021  Regis Houssin           <regis.houssin@inodbox.com>
  * Copyright (C) 2006-2020  Laurent Destailleur     <eldy@users.sourceforge.net>
  * Copyright (C) 2011-2013  Juanjo Menent           <jmenent@2byte.es>
  *
@@ -29,10 +29,11 @@
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formldap.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php';
 
 // Load translation files required by the page
-$langs->load("admin");
+$langs->loadLangs(array("admin", "ldap"));
 
 if (!$user->admin) {
 	accessforbidden();
@@ -99,6 +100,9 @@ if (empty($reshook)) {
 		if (!dolibarr_set_const($db, 'LDAP_MEMBER_TYPE_ACTIVE', GETPOST("activememberstypes", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
 			$error++;
 		}
+		if (!dolibarr_set_const($db, 'LDAP_PASSWORD_HASH_TYPE', GETPOST("'LDAP_PASSWORD_HASH_TYPE'", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
+			$error++;
+		}
 
 		if (!$error) {
 			$db->commit();
@@ -129,7 +133,7 @@ if (!function_exists("ldap_connect")) {
 
 
 $form = new Form($db);
-
+$formldap = new FormLdap($db);
 
 print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue&token='.newToken().'">';
 print '<input type="hidden" name="token" value="'.newToken().'">';
@@ -251,6 +255,11 @@ $arraylist['1'] = $langs->trans("Yes");
 print $form->selectarray('usetls', $arraylist, $conf->global->LDAP_SERVER_USE_TLS);
 print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerUseTLSExample").'</span></td></tr>';
 
+// Password hash type
+print '<tr class="oddeven"><td>'.$langs->trans("LDAPPasswordHashType").'</td><td>';
+print $formldap->selectLdapPasswordHashType(getDolGlobalString('LDAP_PASSWORD_HASH_TYPE'), 'LDAP_PASSWORD_HASH_TYPE');
+print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPPasswordHashTypeExample").'</span></td></tr>';
+
 print '<tr class="liste_titre">';
 print '<td colspan="3">'.$langs->trans("ForANonAnonymousAccess").'</td>';
 print "</tr>\n";
diff --git a/htdocs/core/class/ldap.class.php b/htdocs/core/class/ldap.class.php
index e2ce33cc45f..0815874d71c 100644
--- a/htdocs/core/class/ldap.class.php
+++ b/htdocs/core/class/ldap.class.php
@@ -159,8 +159,6 @@ class Ldap
 		$this->attr_mobile     = $conf->global->LDAP_FIELD_MOBILE;
 	}
 
-
-
 	// Connection handling methods -------------------------------------------
 
 	// phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
@@ -218,8 +216,9 @@ class Ldap
 					// Upgrade connexion to TLS, if requested by the configuration
 					if (!empty($conf->global->LDAP_SERVER_USE_TLS)) {
 						// For test/debug
-						//ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
-						//ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
+						ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
+						ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
+						ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
 
 						$resulttls = ldap_start_tls($this->connection);
 						if (!$resulttls) {
@@ -291,8 +290,6 @@ class Ldap
 		return $return;
 	}
 
-
-
 	/**
 	 * Simply closes the connection set up earlier.
 	 * Returns true if OK, false if there was an error.
@@ -906,10 +903,10 @@ class Ldap
 			return -3;
 		}
 
-		$search = ldap_search($this->connection, $dn, $filter);
+		$search = @ldap_search($this->connection, $dn, $filter);
 
 		// Only one entry should ever be returned
-		$entry = ldap_first_entry($this->connection, $search);
+		$entry = @ldap_first_entry($this->connection, $search);
 
 		if (!$entry) {
 			$this->ldapErrorCode = -1;
diff --git a/htdocs/langs/en_US/ldap.lang b/htdocs/langs/en_US/ldap.lang
index 8b6f0864215..b13e454159d 100644
--- a/htdocs/langs/en_US/ldap.lang
+++ b/htdocs/langs/en_US/ldap.lang
@@ -25,3 +25,5 @@ ContactSynchronized=Contact synchronized
 ForceSynchronize=Force synchronizing Dolibarr -> LDAP
 ErrorFailedToReadLDAP=Failed to read LDAP database. Check LDAP module setup and database accessibility.
 PasswordOfUserInLDAP=Password of user in LDAP
+LDAPPasswordHashType=Password hash type
+LDAPPasswordHashTypeExample=Type of password hash used on the server
\ No newline at end of file