From: Christopher Tran <redacted>
Date: Sat, 27 Oct 2018 20:58:10 +0000 (-0400)
Subject: fix how the option is set, change handle to NULL
X-Git-Tag: v0.25.0~1^2~12^2~1
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/8e7f703af713c7c81bd1399d2f6e2518bee0d328

fix how the option is set, change handle to NULL
---

diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
index 04af5b370..9e626bbac 100644
--- a/app/Auth/Access/LdapService.php
+++ b/app/Auth/Access/LdapService.php
@@ -170,13 +170,17 @@ class LdapService
         $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];
         $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;
 
-        $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
-
-        // Check if TLS_INSECURE is set
+        /*
+         * Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
+         * the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not
+         * per handle.
+         */
         if($this->config['tls_insecure']) {
-            $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+            $this->ldap->setOption(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
         }
 
+        $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
+
         if ($ldapConnection === false) {
             throw new LdapException(trans('errors.ldap_cannot_connect'));
         }