# Would you like to remove users from roles on BookStack if they do not match on LDAP
# If false, the ldap groups-roles sync will only add users to roles
LDAP_REMOVE_FROM_GROUPS=false
+# Set this option to disable LDAPS Certificate Verification
+LDAP_TLS_INSECURE=false
# Mail settings
MAIL_DRIVER=smtp
}
$hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];
$defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;
+
+ /*
+ * Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
+ * the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not
+ * per handle.
+ */
+ if($this->config['tls_insecure']) {
+ $this->ldap->setOption(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+ }
+
$ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
if ($ldapConnection === false) {
'user_to_groups' => env('LDAP_USER_TO_GROUPS',false),
'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false),
+ 'tls_insecure' => env('LDAP_TLS_INSECURE', false),
]
];
projects / bookstack / commitdiff