diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2012-08-05 23:00:47 +0200 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2012-08-05 23:00:47 +0200 |
| commit | 95c33e466c19364635afaab8874c1848508442e6 (patch) | |
| tree | 11683a3b52efdbf8a85cbd5d69d8ecb0a436edf5 /apps/user_ldap/lib/connection.php | |
| parent | 6fd48675e6841effaf77830e282e1ea74614c27e (diff) | |
| download | nextcloud-server-95c33e466c19364635afaab8874c1848508442e6.tar.gz nextcloud-server-95c33e466c19364635afaab8874c1848508442e6.zip | |
LDAP: offer option to disable SSL certificate checks. Works around problems with self-signed certificates, for example. However, the best and right way to solve it is always to import the LDAP server cert to the owncloud server, so you it for testing only.
Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
Diffstat (limited to 'apps/user_ldap/lib/connection.php')
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index a84174d1dfd..503245a3390 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -42,6 +42,7 @@ class Connection { 'ldapAgentPassword' => null, 'ldapTLS' => null, 'ldapNoCase' => null, + 'turnOffCertCheck' => null, 'ldapIgnoreNamingRules' => null, 'ldapUserDisplayName' => null, 'ldapUserFilter' => null, @@ -164,6 +165,7 @@ class Connection { $this->config['ldapBaseGroups'] = \OCP\Config::getAppValue($this->configID, 'ldap_base_groups', $this->config['ldapBase']); $this->config['ldapTLS'] = \OCP\Config::getAppValue($this->configID, 'ldap_tls',0); $this->config['ldapNoCase'] = \OCP\Config::getAppValue($this->configID, 'ldap_nocase', 0); + $this->config['turnOffCertCheck'] = \OCP\Config::getAppValue($this->configID, 'ldap_turn_off_cert_check', 0); $this->config['ldapUserDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_display_name', 'uid'), 'UTF-8'); $this->config['ldapUserFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_userlist_filter','objectClass=person'); $this->config['ldapGroupFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_filter','(objectClass=posixGroup)'); @@ -292,6 +294,13 @@ class Connection { return false; } + if($this->config['turnOffCertCheck']) { + if(putenv('LDAPTLS_REQCERT=never')) { + \OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN); + } else { + \OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN); + } + } $this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']); if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) { if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) { |