fix how the option is set, change handle to NULL

diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
index 04af5b370878dc2f63529f353896295be97cc27b..9e626bbacf4527311a83e1de479aeaff7b128760 100644 (file)
--- a/app/Auth/Access/LdapService.php
+++ b/app/Auth/Access/LdapService.php
@@ -170,13 +170,17 @@ class LdapService
         $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];
         $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;
 
-        $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
-
-        // Check if TLS_INSECURE is set
+        /*
+         * Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
+         * the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not
+         * per handle.
+         */
         if($this->config['tls_insecure']) {
-            $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+            $this->ldap->setOption(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
         }
 
+        $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
+
         if ($ldapConnection === false) {
             throw new LdapException(trans('errors.ldap_cannot_connect'));
         }