From 6745378bc3c111269ec5bb9fe635c43339b62d73 Mon Sep 17 00:00:00 2001
From: nuxsmin <nuxsmin@syspass.org>
Date: Sun, 18 May 2014 14:15:13 +0200
Subject: [PATCH] * Fixes LDAP authentication for ADS

---
 inc/auth.class.php | 12 ++++++------
 inc/ldap.class.php |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/inc/auth.class.php b/inc/auth.class.php
index 8806bba6..4e10d096 100644
--- a/inc/auth.class.php
+++ b/inc/auth.class.php
@@ -61,12 +61,12 @@ class SP_Auth
         $userDN = SP_LDAP::$ldapSearchData[0]['dn'];
         // Mapeo de los atributos
         $attribsMap = array(
-            'groupmembership' => 'group',
-            'memberof' => 'group',
+            'groupMembership' => 'group',
+            'memberOf' => 'group',
             'displayname' => 'name',
             'fullname' => 'name',
             'mail' => 'mail',
-            'lockouttime' => 'expire');
+            'lockoutTime' => 'expire');
 
         // Realizamos la conexión con el usuario real y obtenemos los atributos
         try {
@@ -109,7 +109,7 @@ class SP_Auth
             SP_Log::wrLogInfo($message);
         }
 
-        self::$userName = $attribs['name'];
+        self::$userName = ($attribs['name']) ? $attribs['name'] : $userLogin;
         self::$userEmail = $attribs['mail'];
 
         return $ldapAccess;
@@ -122,12 +122,12 @@ class SP_Auth
      */
     private static function checkLDAPGroup($group)
     {
-        $ldapgroup = SP_Config::getValue('ldap_group');
+        $ldapGroup = strtolower(SP_Config::getValue('ldap_group'));
         $groupName = array();
 
         preg_match('/^cn=([\w\s-]+),.*/i', $group, $groupName);
 
-        if ($groupName[1] == $ldapgroup || $group == $ldapgroup) {
+        if (strtolower($groupName[1]) == $ldapGroup || strtolower($group) == $ldapGroup) {
             return true;
         }
 
diff --git a/inc/ldap.class.php b/inc/ldap.class.php
index af4b38e9..9c6bf939 100644
--- a/inc/ldap.class.php
+++ b/inc/ldap.class.php
@@ -341,7 +341,7 @@ class SP_LDAP
             return false;
         }
 
-        $filter = '(&(cn=' . $groupDN . ')(|(member=' . $userDN . ')(uniqueMember=' . $userDN . '))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)))';
+        $filter = '(&(cn=' . $groupDN . ')(|(member=' . $userDN . ')(uniqueMember=' . $userDN . '))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=group)))';
         $filterAttr = array("member", "uniqueMember");
 
         $searchRes = @ldap_search(self::$ldapConn, self::$searchBase, $filter, $filterAttr);