diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index a9f39cf7f..c047b91af 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -204,6 +204,10 @@ public class AuthenticationProviderService { // Attempt bind LdapNetworkConnection ldapConnection = ldapService.bindAs(bindDn, password); + if (ldapConnection == null) + throw new GuacamoleInvalidCredentialsException("Invalid login.", + CredentialsInfo.USERNAME_PASSWORD); + try { // Retrieve group membership of the user that just authenticated @@ -309,8 +313,16 @@ public class AuthenticationProviderService { // Bind using credentials associated with AuthenticatedUser Credentials credentials = authenticatedUser.getCredentials(); if (authenticatedUser instanceof LDAPAuthenticatedUser) { + Dn bindDn = ((LDAPAuthenticatedUser) authenticatedUser).getBindDn(); LdapNetworkConnection ldapConnection = ldapService.bindAs(bindDn, credentials.getPassword()); + if (ldapConnection == null) { + logger.debug("LDAP bind succeeded for \"{}\" during " + + "authentication but failed during data retrieval.", + authenticatedUser.getIdentifier()); + throw new GuacamoleInvalidCredentialsException("Invalid login.", + CredentialsInfo.USERNAME_PASSWORD); + } try { diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java index 7141a79cc..7e88f8abe 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java @@ -144,13 +144,12 @@ public class LDAPConnectionService { bindRequest.setDn(userDN); bindRequest.setCredentials(password); BindResponse bindResponse = ldapConnection.bind(bindRequest); - if (bindResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) - return ldapConnection; - - else - throw new GuacamoleInvalidCredentialsException("Error binding" - + " to server: " + bindResponse.toString(), - CredentialsInfo.USERNAME_PASSWORD); + + if (bindResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) { + ldapConnection.close(); + logger.debug("LDAP bind attempt failed: {}", bindResponse.toString()); + return null; + } } @@ -158,11 +157,11 @@ public class LDAPConnectionService { catch (LdapException e) { ldapConnection.close(); logger.debug("Unable to bind to LDAP server.", e); - throw new GuacamoleInvalidCredentialsException( - "Unable to bind to the LDAP server.", - CredentialsInfo.USERNAME_PASSWORD); + return null; } + return ldapConnection; + } /**