Add support for ldap_start_tls()

app/Auth/Ldap.php

@@ -136,6 +136,12 @@ class Ldap extends Base
 
         ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
         ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+        ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 1);
+        ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 1);
+
+        if (LDAP_START_TLS && ! @ldap_start_tls($ldap)) {
+            die('Unable to use ldap_start_tls()');
+        }
 
         return $ldap;
     }

app/constants.php

@@ -22,6 +22,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard');
 defined('LDAP_AUTH') or define('LDAP_AUTH', false);
 defined('LDAP_SERVER') or define('LDAP_SERVER', '');
 defined('LDAP_PORT') or define('LDAP_PORT', 389);
+defined('LDAP_START_TLS') or define('LDAP_START_TLS', false);
 defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true);
 defined('LDAP_BIND_TYPE') or define('LDAP_BIND_TYPE', 'anonymous');
 defined('LDAP_USERNAME') or define('LDAP_USERNAME', null);

config.default.php

@@ -43,6 +43,9 @@ define('LDAP_PORT', 389);
 // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification.
 define('LDAP_SSL_VERIFY', true);
 
+// Enable LDAP START_TLS
+define('LDAP_START_TLS', false);
+
 // LDAP bind type: "anonymous", "user" (use the given user/password from the form) and "proxy" (a specific user to browse the LDAP directory)
 define('LDAP_BIND_TYPE', 'anonymous');
 

docs/ldap-authentication.markdown

@@ -49,6 +49,9 @@ define('LDAP_PORT', 389);
 // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification.
 define('LDAP_SSL_VERIFY', true);
 
+// Enable LDAP START_TLS
+define('LDAP_START_TLS', false);
+
 // LDAP bind type: "anonymous", "user" (use the given user/password from the form) and "proxy" (a specific user to browse the LDAP directory)
 define('LDAP_BIND_TYPE', 'anonymous');