From b227a55a2b9f12ca3b44d73951e5a786ad290967 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sat, 7 Oct 2017 14:45:15 +0200
Subject: [PATCH] central function for LDAP connect

---
 lam/lib/account.inc | 24 ++++++++++++++++++++++++
 lam/lib/ldap.inc    | 17 ++++-------------
 2 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 68e11c72..07366711 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -629,6 +629,30 @@ function escapeDN($dn) {
 	);
 }
 
+/**
+ * Connects to an LDAP server using the given URL.
+ *
+ * @param string $serverURL URL
+ */
+function connectToLDAP($serverURL, $startTLS) {
+	$server = ldap_connect($serverURL);
+	if (!$server) {
+		return null;
+	}
+	// use LDAPv3
+	ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3);
+	// start TLS if possible
+	if ($startTLS) {
+		ldap_start_tls($server);
+		if (ldap_errno($server) != 0) {
+			ldap_close($server);
+			logNewMessage(LOG_ERR, 'Unable to start TLS encryption. Please check if your server certificate is valid and if the LDAP server supports TLS at all.');
+			return null;
+		}
+	}
+	return $server;
+}
+
 /**
  * This will search the given LDAP suffix for all entries which have the given attribute.
  *
diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc
index 8a948809..a73a8ab6 100644
--- a/lam/lib/ldap.inc
+++ b/lam/lib/ldap.inc
@@ -95,22 +95,13 @@ class Ldap{
 		}
 		// save password und username encrypted
 		$this->encrypt_login($user, $passwd);
-		$this->server = @ldap_connect($this->conf->get_ServerURL());
-		if ($this->server) {
-			// use LDAPv3
-			ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3);
+		$startTLS = $this->conf->getUseTLS();
+		$startTLS = ($startTLS === 'yes');
+		$this->server = connectToLDAP($this->conf->get_ServerURL(), $startTLS);
+		if ($this->server != null) {
 			// referral following
 			$followReferrals = ($this->conf->getFollowReferrals() === 'true') ? 1 : 0;
 			ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals);
-			// start TLS if specified
-			$useTLS = $this->conf->getUseTLS();
-			if (isset($useTLS) && ($useTLS == "yes")) {
-				@ldap_start_tls($this->server);
-				if (ldap_errno($this->server) != 0) {
-					logNewMessage(LOG_ERR, 'Unable to start TLS encryption. Please check if your server certificate is valid and if the LDAP server supports TLS at all.');
-					return ldap_errno($this->server);
-				}
-			}
 			$bind = @ldap_bind($this->server, $user, $passwd);
 			if ($bind) {
 				$return = ldap_errno($this->server);