Add option to disable SSL certificate verification for LDAP.

2014-07-03 10:25:25 +02:00 · 2014-07-03 10:25:25 +02:00 · 0a3049c172
parent 98bd694e2b
commit 0a3049c172
3 changed files with 9 additions and 0 deletions
--- a/app/Model/Ldap.php
+++ b/app/Model/Ldap.php
@ -24,6 +24,11 @@ class Ldap extends Base
            die('The PHP LDAP extension is required');
        }

+        if (!LDAP_SSL_VERIFY) {
+            //Skip SSL certificate verification
+            putenv('LDAPTLS_REQCERT=never');
+        }
+
        $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT);

        if (! is_resource($ldap)) {
--- a/app/common.php
+++ b/app/common.php
@ -44,6 +44,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard');
 defined('LDAP_AUTH') or define('LDAP_AUTH', false);
 defined('LDAP_SERVER') or define('LDAP_SERVER', '');
 defined('LDAP_PORT') or define('LDAP_PORT', 389);
+defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true);
 defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname');
 defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');

--- a/config.default.php
+++ b/config.default.php
@ -30,6 +30,9 @@ define('LDAP_SERVER', '');
 // LDAP server port (389 by default)
 define('LDAP_PORT', 389);

+// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification.
+define('LDAP_SSL_VERIFY', true);
+
 // LDAP username to connect with. NULL for anonymous bind (by default).
 define('LDAP_USERNAME', null);