LDAP: Added TLS support

app/Auth/Access/LdapService.php

@@ -187,12 +187,6 @@ class LdapService extends ExternalAuthService
             throw new LdapException(trans('errors.ldap_extension_not_installed'));
         }
 
-         // Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
-         // the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not per handle.
-        if ($this->config['tls_insecure']) {
-            $this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
-        }
-
         $serverDetails = $this->parseServerString($this->config['server']);
         $ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']);
 
@@ -204,6 +198,21 @@ class LdapService extends ExternalAuthService
         if ($this->config['version']) {
             $this->ldap->setVersion($ldapConnection, $this->config['version']);
         }
+	
+	// Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
+        // the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not per handle.
+	if ($this->config['tls_insecure']) {
+	    // Setting also ignored?
+            $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+	}
+
+	if ($this->config['start_tls']) {
+	    // "&& $this->config['tls_cacertfile']" this condition was removed because:
+	    // This ldap option is totally ignored by PHP. (bug: https://bugs.php.net/bug.php?id=73558)
+	    // If we set 'TLS_CACERT /config/ca/bundle.pem' into /etc/openldap/ldap.conf and restart php, ldap_start_tls works. 
+	    //$this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_CACERTFILE, $this->config['tls_cacertfile']);
+	    ldap_start_tls($ldapConnection);
+	}
 
         $this->ldapConnection = $ldapConnection;
         return $this->ldapConnection;