Merge branch 'erikj/ldap3_auth'

291628d4 · Erik Johnston · 4a9055d4 · 3c09818d · 291628d4 · 291628d4
Commit 291628d4 authored 8 years ago by Erik Johnston
--- a/CHANGES.rst
+++ b/CHANGES.rst
+Changes in synapse v0.18.3 (2016-11-08)
+=======================================
+SECURITY UPDATE
+Explicitly require authentication when using LDAP3. This is the default on
+versions of ``ldap3`` above 1.0, but some distributions will package an older
+version.
+If you are using LDAP3 login and have a version of ``ldap3`` older than 1.0 it
+is **CRITICAL to updgrade**.
 Changes in synapse v0.18.2 (2016-11-01)
 =======================================

--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
-__version__ = "0.18.2"
+__version__ = "0.18.3"
--- a/synapse/util/ldap_auth_provider.py
+++ b/synapse/util/ldap_auth_provider.py
@@ -236,7 +236,8 @@ class LdapAuthProvider(object):
                value=localpart,
                base=self.ldap_base
            )
-            conn = ldap3.Connection(server, bind_dn, password)
+            conn = ldap3.Connection(server, bind_dn, password,
+                                    authentication=ldap3.AUTH_SIMPLE)
            logger.debug(
                "Established LDAP connection in simple bind mode: %s",
                conn