Hi,
It seems that, while dolibarr proposes to use TLS to connect to the LDAP
server (in the LDAP module configuration page), it is not supported
within the php code. I was unable to find any code that handles LDAP
TLS. Therefore assuming that TLS means STARTTLS for dolibarr as for
apache2 for example, I propose the following patch to take care of this.
Best regards,
-- Guillaume Quintin
diff -BNaur '--exclude=CVS' '--exclude=*.patch' '--exclude=.#*' '--exclude=*~' '--exclude=*.rej' '--exclude=*.orig' '--exclude=*.bak' '--exclude=conf.php' '--exclude=documents' dolibarr.old/htdocs/core/class/ldap.class.php dolibarr.new/htdocs/core/class/ldap.class.php
--- dolibarr.old/htdocs/core/class/ldap.class.php 2015-12-09 09:04:04.020654784 +0000
+++ dolibarr.new/htdocs/core/class/ldap.class.php 2015-12-09 10:38:57.736676283 +0000
@@ -149,7 +149,7 @@
*/
function connect_bind()
{
- global $langs;
+ global $langs, $conf;
$connected=0;
$this->bind=0;
@@ -184,6 +184,14 @@
$this->connection = ldap_connect($host,$this->serverPort);
}
+ // Begin TLS if requested by the user's configuration
+ if (is_resource($this->connection) && !strcmp($conf->global->LDAP_SERVER_USE_TLS, "1")) {
+ if (!ldap_start_tls($this->connection)) {
+ $connected = 0;
+ $this->close();
+ }
+ }
+
if (is_resource($this->connection))
{
// Execute the ldap_set_option here (after connect and before bind)
_______________________________________________
Dolibarr-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
