Merge branch 'erikj/ldap3_auth' v0.18.3

3 files changed, 16 insertions, 2 deletions

diff --git a/CHANGES.rst b/CHANGES.rst
index 371f26eb6e..1ce58632b8 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,3 +1,16 @@
+Changes in synapse v0.18.3 (2016-11-08)
+=======================================
+
+SECURITY UPDATE
+
+Explicitly require authentication when using LDAP3. This is the default on
+versions of ``ldap3`` above 1.0, but some distributions will package an older
+version.
+
+If you are using LDAP3 login and have a version of ``ldap3`` older than 1.0 it
+is **CRITICAL to updgrade**.
+
+
 Changes in synapse v0.18.2 (2016-11-01)
 =======================================
 
diff --git a/synapse/__init__.py b/synapse/__init__.py
index 4e2a592d3d..d366b69dab 100644
--- a/synapse/__init__.py
+++ b/synapse/__init__.py
@@ -16,4 +16,4 @@
 """ This is a reference implementation of a Matrix home server.
 """
 
-__version__ = "0.18.2"
+__version__ = "0.18.3"
diff --git a/synapse/util/ldap_auth_provider.py b/synapse/util/ldap_auth_provider.py
index f852e9b037..1b989248fb 100644
--- a/synapse/util/ldap_auth_provider.py
+++ b/synapse/util/ldap_auth_provider.py
@@ -236,7 +236,8 @@ class LdapAuthProvider(object):
                 value=localpart,
                 base=self.ldap_base
             )
-            conn = ldap3.Connection(server, bind_dn, password)
+            conn = ldap3.Connection(server, bind_dn, password,
+                                    authentication=ldap3.AUTH_SIMPLE)
             logger.debug(
                 "Established LDAP connection in simple bind mode: %s",
                 conn