From bb32bb6424973c890298a75b21773b114c36fe49 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Thu, 15 Aug 2019 12:48:37 +0200
Subject: [PATCH] set LDAP_OPT_X_TLS_CACERTFILE

---
 lam/lib/account.inc                          | 6 ++++++
 lam/templates/3rdParty/pla/lib/ds_myldap.php | 7 ++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 1c2f1b39..a43076eb 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -703,6 +703,12 @@ function connectToLDAP($serverURL, $startTLS) {
 	if (!$server) {
 		return null;
 	}
+	if (defined('LDAP_OPT_X_TLS_CACERTFILE')) {
+		$cfgMain = new LAMCfgMain();
+		if (!empty($cfgMain->getSSLCaCertificates())) {
+			ldap_set_option($server, LDAP_OPT_X_TLS_CACERTFILE, $cfgMain->getSSLCaCertPath());
+		}
+	}
 	// use LDAPv3
 	ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3);
 	// start TLS if possible
diff --git a/lam/templates/3rdParty/pla/lib/ds_myldap.php b/lam/templates/3rdParty/pla/lib/ds_myldap.php
index a5080766..f04bccbb 100644
--- a/lam/templates/3rdParty/pla/lib/ds_myldap.php
+++ b/lam/templates/3rdParty/pla/lib/ds_myldap.php
@@ -160,7 +160,12 @@ class myldap extends DS {
 			$resource = ldap_connect($this->getValue('server','host'),$this->getValue('server','port'));
 		else
 			$resource = ldap_connect($this->getValue('server','host'));
-
+		if (defined('LDAP_OPT_X_TLS_CACERTFILE')) {
+			$cfgMain = new LAMCfgMain();
+			if (!empty($cfgMain->getSSLCaCertificates())) {
+				ldap_set_option($resource, LDAP_OPT_X_TLS_CACERTFILE, $cfgMain->getSSLCaCertPath());
+			}
+		}
 		$CACHE[$this->index][$method] = $resource;
 
 		if (! is_resource($resource))