From bb32bb6424973c890298a75b21773b114c36fe49 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Thu, 15 Aug 2019 12:48:37 +0200 Subject: [PATCH] set LDAP_OPT_X_TLS_CACERTFILE --- lam/lib/account.inc | 6 ++++++ lam/templates/3rdParty/pla/lib/ds_myldap.php | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 1c2f1b39..a43076eb 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -703,6 +703,12 @@ function connectToLDAP($serverURL, $startTLS) { if (!$server) { return null; } + if (defined('LDAP_OPT_X_TLS_CACERTFILE')) { + $cfgMain = new LAMCfgMain(); + if (!empty($cfgMain->getSSLCaCertificates())) { + ldap_set_option($server, LDAP_OPT_X_TLS_CACERTFILE, $cfgMain->getSSLCaCertPath()); + } + } // use LDAPv3 ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3); // start TLS if possible diff --git a/lam/templates/3rdParty/pla/lib/ds_myldap.php b/lam/templates/3rdParty/pla/lib/ds_myldap.php index a5080766..f04bccbb 100644 --- a/lam/templates/3rdParty/pla/lib/ds_myldap.php +++ b/lam/templates/3rdParty/pla/lib/ds_myldap.php @@ -160,7 +160,12 @@ class myldap extends DS { $resource = ldap_connect($this->getValue('server','host'),$this->getValue('server','port')); else $resource = ldap_connect($this->getValue('server','host')); - + if (defined('LDAP_OPT_X_TLS_CACERTFILE')) { + $cfgMain = new LAMCfgMain(); + if (!empty($cfgMain->getSSLCaCertificates())) { + ldap_set_option($resource, LDAP_OPT_X_TLS_CACERTFILE, $cfgMain->getSSLCaCertPath()); + } + } $CACHE[$this->index][$method] = $resource; if (! is_resource($resource))