lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auth/LDAP, move tls options https://github.com/opnsense/core/issues/3206

Browse Source
This commit is contained in:
Ad Schellevis 2019-02-11 19:27:27 +01:00
parent cac40cfd95
commit 3acb8c4d90
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
View File

@ -318,15 +318,16 @@ class LDAP extends Base implements IAuthConnector
);
$this->closeLDAPHandle();
$this->ldapHandle = @ldap_connect($bind_url);
// Note: All TLS options must be set before ldap_connect is called
if (!empty($this->ldapCAcert)) {
putenv('LDAPTLS_REQCERT=hard');
ldap_set_option($this->ldapHandle, LDAP_OPT_X_TLS_CACERTDIR, '/var/run/certs');
ldap_set_option($this->ldapHandle, LDAP_OPT_X_TLS_CACERTFILE, "/var/run/certs/{$this->ldapCAcert}.ca");
ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_HARD);
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, '/var/run/certs');
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "/var/run/certs/{$this->ldapCAcert}.ca");
} else {
putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
}
$this->ldapHandle = @ldap_connect($bind_url);
if ($this->useStartTLS) {
ldap_set_option($this->ldapHandle, LDAP_OPT_PROTOCOL_VERSION, 3);