From 0a3049c17293e6b7b416b4264ace1f373bda6728 Mon Sep 17 00:00:00 2001 From: Francois Ferrand Date: Thu, 3 Jul 2014 10:25:25 +0200 Subject: [PATCH] Add option to disable SSL certificate verification for LDAP. --- app/Model/Ldap.php | 5 +++++ app/common.php | 1 + config.default.php | 3 +++ 3 files changed, 9 insertions(+) diff --git a/app/Model/Ldap.php b/app/Model/Ldap.php index 9e7d0445e..4e605eb27 100644 --- a/app/Model/Ldap.php +++ b/app/Model/Ldap.php @@ -24,6 +24,11 @@ class Ldap extends Base die('The PHP LDAP extension is required'); } + if (!LDAP_SSL_VERIFY) { + //Skip SSL certificate verification + putenv('LDAPTLS_REQCERT=never'); + } + $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT); if (! is_resource($ldap)) { diff --git a/app/common.php b/app/common.php index 023494d8a..c5fb34e29 100644 --- a/app/common.php +++ b/app/common.php @@ -44,6 +44,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard'); defined('LDAP_AUTH') or define('LDAP_AUTH', false); defined('LDAP_SERVER') or define('LDAP_SERVER', ''); defined('LDAP_PORT') or define('LDAP_PORT', 389); +defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true); defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname'); defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); diff --git a/config.default.php b/config.default.php index db3b7221b..e35519940 100644 --- a/config.default.php +++ b/config.default.php @@ -30,6 +30,9 @@ define('LDAP_SERVER', ''); // LDAP server port (389 by default) define('LDAP_PORT', 389); +// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. +define('LDAP_SSL_VERIFY', true); + // LDAP username to connect with. NULL for anonymous bind (by default). define('LDAP_USERNAME', null);