- bugfix: allow anonymous bind for search, then bind with users credentials.

- added explaination how to setup anonymous bind for search to template
- make usage of TLS configurable

diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 8dbd3c0462b7959a40ca60e8ce5987d05d6a2ddb..b922ac99f988617c0ea1f15a3234315a68e5c65b 100644 (file)
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,12 +20,16 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter', 'ldap_tls');
 
 foreach($params as $param){
        if(isset($_POST[$param])){
                OC_Appconfig::setValue('user_ldap', $param, $_POST[$param]);
        }
+       elseif('ldap_tls' == $param) {
+               // unchecked checkboxes are not included in the post paramters
+               OC_Appconfig::setValue('user_ldap', $param, 0);
+       }
 }
 
 // fill template

diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 32e1b29dafb219d6c006ad73aa1eb552dc903067..374f12417416d3da5f52062ac2e2c31a5ca7caab 100644 (file)
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -4,9 +4,11 @@
                <p><label for="ldap_host">Host<input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>"></label>
                <label for="ldap_port">Port</label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
                <p><label for="ldap_dn">Name</label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" />
-               <label for="ldap_password">Password</label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" /></p>
+               <label for="ldap_password">Password</label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" />
+               Leave both empty for anonymous bind for search, then bind with users credentials.</p>
                <p><label for="ldap_base">Base</label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" />
                <label for="ldap_filter">Filter (use %uid placeholder)</label><input type="text" id="ldap_filter" name="ldap_filter" value="<?php echo $_['ldap_filter']; ?>" /></p>
+               <p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
                <input type="submit" value="Save" />
        </fieldset>
 </form>

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 4fb8daf3c4789667b3ff01c0054353eed0560dac..1100be81eb8f307ee97a630045a51d81b09a9665 100644 (file)
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -33,6 +33,7 @@ class OC_USER_LDAP extends OC_User_Backend {
        protected $ldap_password;
        protected $ldap_base;
        protected $ldap_filter;
+       protected $ldap_tls;
 
        function __construct() {
                $this->ldap_host = OC_Appconfig::getValue('user_ldap', 'ldap_host','');
@@ -41,11 +42,11 @@ class OC_USER_LDAP extends OC_User_Backend {
                $this->ldap_password = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
                $this->ldap_base = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
                $this->ldap_filter = OC_Appconfig::getValue('user_ldap', 'ldap_filter','');
+               $this->ldap_tls = OC_Appconfig::getValue('user_tls', 'ldap_tls', 0);
 
                if( !empty($this->ldap_host)
                        && !empty($this->ldap_port)
-                       && !empty($this->ldap_dn)
-                       && !empty($this->ldap_password)
+                       && ((!empty($this->ldap_dn) && !empty($this->ldap_password)) || (empty($this->ldap_dn) && empty($this->ldap_password)))
                        && !empty($this->ldap_base)
                        && !empty($this->ldap_filter)
                )
@@ -63,9 +64,10 @@ class OC_USER_LDAP extends OC_User_Backend {
        private function getDs() {
                if(!$this->ds) {
                        $this->ds = ldap_connect( $this->ldap_host, $this->ldap_port );
-                          if(ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3))
-                                if(ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0))
-                                         @ldap_start_tls($this->ds);
+                               if(ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3))
+                                       if(ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0))
+                                               if($this->ldap_tls)
+                                                       ldap_start_tls($this->ds);
                }
 
                // login
@@ -149,4 +151,4 @@ class OC_USER_LDAP extends OC_User_Backend {
 
 }
 
-?>
\ No newline at end of file
+?>