webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-11-03 02:13:16 +03:00
Code Activity

LDAP: Added TLS support

Browse Source
This commit is contained in:
Boddy4
2020-11-18 01:05:29 +01:00
parent 4824ef2760
commit 20f9a50cee
3 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env.example.complete
View File

@@ -195,6 +195,7 @@ LDAP_DN=false
LDAP_PASS=false LDAP_PASS=false
LDAP_USER_FILTER=false LDAP_USER_FILTER=false
LDAP_VERSION=false LDAP_VERSION=false
LDAP_START_TLS=false
LDAP_TLS_INSECURE=false LDAP_TLS_INSECURE=false
LDAP_ID_ATTRIBUTE=uid LDAP_ID_ATTRIBUTE=uid
LDAP_EMAIL_ATTRIBUTE=mail LDAP_EMAIL_ATTRIBUTE=mail

21
app/Auth/Access/LdapService.php
View File

@@ -187,12 +187,6 @@ class LdapService extends ExternalAuthService
throw new LdapException(trans('errors.ldap_extension_not_installed')); throw new LdapException(trans('errors.ldap_extension_not_installed'));
} }
// Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
// the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not per handle.
if ($this->config['tls_insecure']) {
$this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
}
$serverDetails = $this->parseServerString($this->config['server']); $serverDetails = $this->parseServerString($this->config['server']);
$ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']); $ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']);
@@ -204,6 +198,21 @@ class LdapService extends ExternalAuthService
if ($this->config['version']) { if ($this->config['version']) {
$this->ldap->setVersion($ldapConnection, $this->config['version']); $this->ldap->setVersion($ldapConnection, $this->config['version']);
} }
// Check if TLS_INSECURE is set. The handle is set to NULL due to the nature of
// the LDAP_OPT_X_TLS_REQUIRE_CERT option. It can only be set globally and not per handle.
if ($this->config['tls_insecure']) {
// Setting also ignored?
$this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
}
if ($this->config['start_tls']) {
// "&& $this->config['tls_cacertfile']" this condition was removed because:
// This ldap option is totally ignored by PHP. (bug: https://bugs.php.net/bug.php?id=73558)
// If we set 'TLS_CACERT /config/ca/bundle.pem' into /etc/openldap/ldap.conf and restart php, ldap_start_tls works.
//$this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_CACERTFILE, $this->config['tls_cacertfile']);
ldap_start_tls($ldapConnection);
}
$this->ldapConnection = $ldapConnection; $this->ldapConnection = $ldapConnection;
return $this->ldapConnection; return $this->ldapConnection;

1
app/Config/services.php
View File

@@ -132,6 +132,7 @@ return [
'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'), 'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS', false), 'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS', false),
'tls_insecure' => env('LDAP_TLS_INSECURE', false), 'tls_insecure' => env('LDAP_TLS_INSECURE', false),
'start_tls' => env('LDAP_START_TLS', false),
], ],
]; ];