]> BookStack Code Mirror - bookstack/blobdiff - app/Auth/Access/LdapService.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #1096 from christophert/add-ldaptlsinsecure
[bookstack] / app / Auth / Access / LdapService.php
diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
index b49ecf129fc1d5b606c60ecb668f2e0c6736eea1..1e95ac513a340705d251d394045d39f1d0cdbe93 100644 (file)
--- a/app/Auth/Access/LdapService.php
+++ b/app/Auth/Access/LdapService.php
@@ -170,6 +170,16 @@ class LdapService
         }
         $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];
         $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;
+
+        /*
+         * Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
+         * the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not
+         * per handle.
+         */
+        if($this->config['tls_insecure']) {
+            $this->ldap->setOption(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+        }
+
         $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
 
         if ($ldapConnection === false) {
The core source code for the BookStack project.