Merge pull request #51096 from nextcloud/fix/noid/ldap-setopt-for-disabling-certcheck

fix(LDAP): use ldap_set_option over putenv to disable cert check

1 files changed, 14 insertions, 13 deletions

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 14dfcdb1bc5..a4af0d68bd5 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -627,19 +627,6 @@ class Connection extends LDAPUtility {
 
 				return false;
 			}
-			if ($this->configuration->turnOffCertCheck) {
-				if (putenv('LDAPTLS_REQCERT=never')) {
-					$this->logger->debug(
-						'Turned off SSL certificate validation successfully.',
-						['app' => 'user_ldap']
-					);
-				} else {
-					$this->logger->warning(
-						'Could not turn off SSL certificate validation.',
-						['app' => 'user_ldap']
-					);
-				}
-			}
 
 			$hasBackupHost = (trim($this->configuration->ldapBackupHost ?? '') !== '');
 			$hasBackgroundHost = (trim($this->configuration->ldapBackgroundHost ?? '') !== '');
@@ -718,6 +705,20 @@ class Connection extends LDAPUtility {
 		}
 
 		if ($this->configuration->ldapTLS) {
+			if ($this->configuration->turnOffCertCheck) {
+				if ($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) {
+					$this->logger->debug(
+						'Turned off SSL certificate validation successfully.',
+						['app' => 'user_ldap']
+					);
+				} else {
+					$this->logger->warning(
+						'Could not turn off SSL certificate validation.',
+						['app' => 'user_ldap']
+					);
+				}
+			}
+
 			if (!$this->ldap->startTls($this->ldapConnectionRes)) {
 				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
 			}