From 0cc183bedda74e1eec08d5dff24f564d5c0c1a2b Mon Sep 17 00:00:00 2001
From: David Beitey <david@davidjb.com>
Date: Wed, 19 Mar 2014 15:44:20 +1000
Subject: [PATCH] Fix authentication for user/group validations

This fixes issue #40.  User passwords should *always* be checked during authentication (except when a user fails to satisfy given requirements).  Previously, the PHASE_CHECK_BIND step of authentication would not check passwords in any LDAP configuration where ``require valid_user`` was not specified (eg using ``require user`` or ``require group``).
---
 ngx_http_auth_ldap_module.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/ngx_http_auth_ldap_module.c b/ngx_http_auth_ldap_module.c
index 3ed2049..d703f4f 100644
--- a/ngx_http_auth_ldap_module.c
+++ b/ngx_http_auth_ldap_module.c
@@ -1708,11 +1708,6 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
                     }
                 }
 
-                if (ctx->server->require_valid_user == 0) {
-                    ctx->phase = PHASE_NEXT;
-                    break;
-                }
-
                 /* Initiate bind using the found DN and request password */
                 rc = ngx_http_auth_ldap_check_bind(r, ctx);
                 if (rc == NGX_AGAIN) {