diff --git a/include/class_ldap.inc b/include/class_ldap.inc
index 996faed910df5ddfa1ff82a548acd752bbd607b9..f5c8aae2cd8525f0b7f2de6a6dd32ceb97f340de 100644
--- a/include/class_ldap.inc
+++ b/include/class_ldap.inc
@@ -196,73 +196,57 @@ class LDAP
}
$this->error = 'No Error';
- if (function_exists('ldap_bind_ext')) {
- /* PHP>=7.3 */
- // phpcs:disable PHPCompatibility.Constants.NewConstants, PHPCompatibility.FunctionUse.NewFunctionParameters, PHPCompatibility.FunctionUse.NewFunctions
- $serverctrls = [];
- if (class_available('ppolicyAccount')) {
- $serverctrls = [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]];
- }
- $result = @ldap_bind_ext($this->cid, $this->binddn, $this->bindpw, $serverctrls);
- if (@ldap_parse_result($this->cid, $result, $errcode, $matcheddn, $errmsg, $referrals, $ctrls)) {
- if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error'])) {
- $this->hascon = FALSE;
- switch ($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error']) {
- case 0:
- /* passwordExpired - password has expired and must be reset */
- $this->error = _('It seems your user password has expired. Please use <a href="recovery.php">password recovery</a> to change it.');
- break;
- case 1:
- /* accountLocked */
- $this->error = _('Account locked. Please contact your system administrator!');
- break;
- case 2:
- /* changeAfterReset - password must be changed before the user will be allowed to perform any other operation */
- $this->error = 'changeAfterReset';
- break;
- case 3:
- /* passwordModNotAllowed */
- case 4:
- /* mustSupplyOldPassword */
- case 5:
- /* insufficientPasswordQuality */
- case 6:
- /* passwordTooShort */
- case 7:
- /* passwordTooYoung */
- case 8:
- /* passwordInHistory */
- default:
- $this->error = sprintf(_('Unexpected ppolicy error "%s", please contact the administrator'), $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error']);
- break;
- }
- // Note: Also available: expire, grace
- } else {
- $this->hascon = ($errcode == 0);
- if ($errcode == 49) {
- $this->error = static::invalidCredentialsError();
- } elseif (empty($errmsg)) {
- $this->error = ldap_err2str($errcode);
- } else {
- $this->error = $errmsg;
- }
+ $serverctrls = [];
+ if (class_available('ppolicyAccount')) {
+ $serverctrls = [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]];
+ }
+ $result = @ldap_bind_ext($this->cid, $this->binddn, $this->bindpw, $serverctrls);
+ if (@ldap_parse_result($this->cid, $result, $errcode, $matcheddn, $errmsg, $referrals, $ctrls)) {
+ if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error'])) {
+ $this->hascon = FALSE;
+ switch ($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error']) {
+ case 0:
+ /* passwordExpired - password has expired and must be reset */
+ $this->error = _('It seems your user password has expired. Please use <a href="recovery.php">password recovery</a> to change it.');
+ break;
+ case 1:
+ /* accountLocked */
+ $this->error = _('Account locked. Please contact your system administrator!');
+ break;
+ case 2:
+ /* changeAfterReset - password must be changed before the user will be allowed to perform any other operation */
+ $this->error = 'changeAfterReset';
+ break;
+ case 3:
+ /* passwordModNotAllowed */
+ case 4:
+ /* mustSupplyOldPassword */
+ case 5:
+ /* insufficientPasswordQuality */
+ case 6:
+ /* passwordTooShort */
+ case 7:
+ /* passwordTooYoung */
+ case 8:
+ /* passwordInHistory */
+ default:
+ $this->error = sprintf(_('Unexpected ppolicy error "%s", please contact the administrator'), $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error']);
+ break;
}
+ // Note: Also available: expire, grace
} else {
- $this->error = 'Parsing of LDAP result from bind failed';
- $this->hascon = FALSE;
- }
- // phpcs:enable
- } elseif (@ldap_bind($this->cid, $this->binddn, $this->bindpw)) {
- $this->error = 'Success';
- $this->hascon = TRUE;
- } else {
- if ($this->reconnect) {
- if ($this->error != 'Success') {
+ $this->hascon = ($errcode == 0);
+ if ($errcode == 49) {
$this->error = static::invalidCredentialsError();
+ } elseif (empty($errmsg)) {
+ $this->error = ldap_err2str($errcode);
+ } else {
+ $this->error = $errmsg;
}
- } else {
- $this->error = static::invalidCredentialsError();
}
+ } else {
+ $this->error = 'Parsing of LDAP result from bind failed';
+ $this->hascon = FALSE;
}
} else {
$this->error = 'Could not connect to LDAP server';
@@ -374,32 +358,23 @@ class LDAP
$this->clearResult($srp);
switch (strtolower($scope)) {
case 'base':
- if (isset($controls) && version_compare(PHP_VERSION, '7.3.0', '>=')) {
- /* 7.3 and newer */
- // phpcs:disable PHPCompatibility.FunctionUse.NewFunctionParameters
+ if (isset($controls)) {
$this->sr[$srp] = @ldap_read($this->cid, $this->basedn, $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER, $controls);
- // phpcs:enable
} else {
$this->sr[$srp] = @ldap_read($this->cid, $this->basedn, $filter, $attrs);
}
break;
case 'one':
- if (isset($controls) && version_compare(PHP_VERSION, '7.3.0', '>=')) {
- /* 7.3 and newer */
- // phpcs:disable PHPCompatibility.FunctionUse.NewFunctionParameters
+ if (isset($controls)) {
$this->sr[$srp] = @ldap_list($this->cid, $this->basedn, $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER, $controls);
- // phpcs:enable
} else {
$this->sr[$srp] = @ldap_list($this->cid, $this->basedn, $filter, $attrs);
}
break;
case 'subtree':
default:
- if (isset($controls) && version_compare(PHP_VERSION, '7.3.0', '>=')) {
- /* 7.3 and newer */
- // phpcs:disable PHPCompatibility.FunctionUse.NewFunctionParameters
+ if (isset($controls)) {
$this->sr[$srp] = @ldap_search($this->cid, $this->basedn, $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER, $controls);
- // phpcs:enable
} else {
$this->sr[$srp] = @ldap_search($this->cid, $this->basedn, $filter, $attrs);
}
@@ -435,18 +410,8 @@ class LDAP
function parse_result ($srp): array
{
if ($this->hascon && $this->hasres[$srp]) {
- if (version_compare(PHP_VERSION, '7.3.0', '>=')) {
- /* 7.3 and newer */
- // phpcs:disable PHPCompatibility.FunctionUse.NewFunctionParameters
- if (ldap_parse_result($this->cid, $this->sr[$srp], $errcode, $matcheddn, $errmsg, $referrals, $controls)) {
- return [$errcode, $matcheddn, $errmsg, $referrals, $controls];
- }
- // phpcs:enable
- } else {
- /* PHP <= 7.2 */
- if (ldap_parse_result($this->cid, $this->sr[$srp], $errcode, $matcheddn, $errmsg, $referrals)) {
- return [$errcode, $matcheddn, $errmsg, $referrals];
- }
+ if (ldap_parse_result($this->cid, $this->sr[$srp], $errcode, $matcheddn, $errmsg, $referrals, $controls)) {
+ return [$errcode, $matcheddn, $errmsg, $referrals, $controls];
}
throw new FusionDirectoryException(_('Parsing LDAP result failed'));
} else {
diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index 583612c459f27ae4a96e380a89d731b28a2fc0df..084ca5897033cab071d512c603c07e3874faaad1 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -1125,14 +1125,6 @@ class userinfo
}
}
- if (class_available('ppolicyAccount') && !function_exists('ldap_bind_ext')) {
- $ldap->cd($config->current['BASE']);
- $ldap->search('(objectClass=*)', [], 'one');
- if (!$ldap->success()) {
- $ui->forcePasswordChange = TRUE;
- }
- }
-
/* Username is set, load ACLs now */
$ui->loadACL();
diff --git a/include/variables_common.inc b/include/variables_common.inc
index 3621e95267b1155552c7cb7078f03709016a87bc..066d28d600ed82e83fe4eb1ee95c0e42b0b55b06 100644
--- a/include/variables_common.inc
+++ b/include/variables_common.inc
@@ -73,7 +73,7 @@ define("CONFIGRDN", "cn=config,ou=fusiondirectory,"); /*! Define FusionDirectory
/*!
* \brief Minimum PHPÂ version
*/
-define('PHP_MIN_VERSION', '7.0.0');
+define('PHP_MIN_VERSION', '7.3.0');
/*!
* \brief Toggle crashing on PHP error, used for test suites
diff --git a/setup/class_setupStepMigrate.inc b/setup/class_setupStepMigrate.inc
index 68fc78576faf960f64a452f569547eb32f9f2bcf..2c7626569a4c1b55250605a78ba322787d29c4dc 100644
--- a/setup/class_setupStepMigrate.inc
+++ b/setup/class_setupStepMigrate.inc
@@ -1056,55 +1056,34 @@ class setupStepMigrate extends setupStep
$count = 0;
do {
- if (version_compare(PHP_VERSION, '7.3.0') >= 0) {
- /* 7.3 and newer, use pagination control */
- // phpcs:disable PHPCompatibility.Constants.NewConstants
- $res = $ldap->search($filter, ['dn','objectClass'], 'subtree',
- [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => 500, 'cookie' => $cookie]]]
+ $res = $ldap->search($filter, ['dn','objectClass'], 'subtree',
+ [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => 500, 'cookie' => $cookie]]]
+ );
+ if (!$res) {
+ throw new CheckFailedException(
+ _('LDAP query failed'),
+ _('Possibly the "root object" is missing.')
);
- if (!$res) {
- throw new CheckFailedException(
- _('LDAP query failed'),
- _('Possibly the "root object" is missing.')
- );
- }
- try {
- list($errcode, $matcheddn, $errmsg, $referrals, $controls) = $ldap->parse_result();
- } catch (FusionDirectoryException $e) {
- throw new CheckFailedException(
- _('LDAP result parsing failed'),
- $e->getMessage()
- );
- }
- if ($errcode !== 0) {
- throw new CheckFailedException(
- _('LDAP error'),
- $errcode.' - '.ldap_err2str($errcode).(!empty($errmsg) ? ' ('.$errmsg.')' : '')
- );
- }
- if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
- // You need to pass the cookie from the last call to the next one
- $cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
- } else {
- $cookie = '';
- }
- // phpcs:enable
+ }
+ try {
+ list($errcode, $matcheddn, $errmsg, $referrals, $controls) = $ldap->parse_result();
+ } catch (FusionDirectoryException $e) {
+ throw new CheckFailedException(
+ _('LDAP result parsing failed'),
+ $e->getMessage()
+ );
+ }
+ if ($errcode !== 0) {
+ throw new CheckFailedException(
+ _('LDAP error'),
+ $errcode.' - '.ldap_err2str($errcode).(!empty($errmsg) ? ' ('.$errmsg.')' : '')
+ );
+ }
+ if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
+ // You need to pass the cookie from the last call to the next one
+ $cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
} else {
- /* fallback to search without pagination */
- $ldap->set_size_limit(static::$objectNumberLimit);
- $res = $ldap->search($filter, ['dn','objectClass']);
- if (!$res) {
- throw new CheckFailedException(
- _('LDAP query failed'),
- _('Possibly the "root object" is missing.')
- );
- }
- if ($ldap->hitSizeLimit()) {
- throw new CheckFailedException(
- _('Sizelimit hit'),
- sprintf(_('Sizelimit of %d hit. Please check this manually'), static::$objectNumberLimit)
- );
- }
+ $cookie = '';
}
while ($attrs = $ldap->fetch(TRUE)) {