Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-5084

Frontend LDAP Error code improvement

    XMLWordPrintable

Details

    • Change Request
    • Resolution: Unresolved
    • Minor
    • None
    • 3.0.25, 4.0.5
    • Frontend (F)
    • None

    Description

      • Enter the wrong username and any password - Login name or password is incorrect
      • Enter correct username and wrong password - Cannot bind to LDAP server.

      In that way, the attacker can identify active usernames.
      Additionally would be nice to provide separate error messages for Expires password as an example.

      public function getError() {
                      $error = parent::getError();
                      $messages = [
                              CLdap::ERR_PHP_EXTENSION => _('PHP LDAP extension missing.'),
                              CLdap::ERR_SERVER_UNAVAILABLE => _('Cannot connect to LDAP server.'),
                              CLdap::ERR_BIND_FAILED => _('Cannot bind to LDAP server.'),
                              CLdap::ERR_BIND_ANON_FAILED => _('Cannot bind anonymously to LDAP server.'),
                              CLdap::ERR_USER_NOT_FOUND => _('Login name or password is incorrect.'),
                              CLdap::ERR_OPT_PROTOCOL_FAILED => _('Setting LDAP protocol failed.'),
                              CLdap::ERR_OPT_TLS_FAILED => _('Starting TLS failed.'),
                              CLdap::ERR_OPT_REFERRALS_FAILED => _('Setting LDAP referrals to "Off" failed.'),
                              CLdap::ERR_OPT_DEREF_FAILED => _('Setting LDAP dereferencing mode failed.')
                   ];
      

      Attachments

        Issue Links

          Activity

            People

              vmurzins Valdis Murzins
              dlamberts Dmitrijs Lamberts
              Votes:
              3 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: