Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-5084

Frontend LDAP Error code improvement

XMLWordPrintable

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 3.0.25, 4.0.5
    • Frontend (F)
    • None

      • Enter the wrong username and any password - Login name or password is incorrect
      • Enter correct username and wrong password - Cannot bind to LDAP server.

      In that way, the attacker can identify active usernames.
      Additionally would be nice to provide separate error messages for Expires password as an example.

      public function getError() {
                $error = parent::getError();
                $messages = [
                        CLdap::ERR_PHP_EXTENSION => _('PHP LDAP extension missing.'),
                        CLdap::ERR_SERVER_UNAVAILABLE => _('Cannot connect to LDAP server.'),
                        CLdap::ERR_BIND_FAILED => _('Cannot bind to LDAP server.'),
                        CLdap::ERR_BIND_ANON_FAILED => _('Cannot bind anonymously to LDAP server.'),
                        CLdap::ERR_USER_NOT_FOUND => _('Login name or password is incorrect.'),
                        CLdap::ERR_OPT_PROTOCOL_FAILED => _('Setting LDAP protocol failed.'),
                        CLdap::ERR_OPT_TLS_FAILED => _('Starting TLS failed.'),
                        CLdap::ERR_OPT_REFERRALS_FAILED => _('Setting LDAP referrals to "Off" failed.'),
                        CLdap::ERR_OPT_DEREF_FAILED => _('Setting LDAP dereferencing mode failed.')
             ];

            vmurzins Valdis Murzins
            dlamberts Dmitrijs Lamberts
            Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: