diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2017-07-05 13:04:04 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-07-21 14:55:11 +0200 |
commit | 9b2f171cbd9423222757584135a9fb17f051cf12 (patch) | |
tree | 748d9a24ae0ca597350b6a0d9da8812b3a76bf34 /apps | |
parent | 4c637a428ea9516b8e8c78a8ac8221669e20c082 (diff) | |
download | nextcloud-server-9b2f171cbd9423222757584135a9fb17f051cf12.tar.gz nextcloud-server-9b2f171cbd9423222757584135a9fb17f051cf12.zip |
do not attempt to recognise cert issue by using LDAPTLS_REQCERT
first, it does not work (at least not everywhere/reliably), second if it
did it was not reset properly. Removes a bit of complexity.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/user_ldap/lib/Wizard.php | 19 |
1 files changed, 3 insertions, 16 deletions
diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index dfbde31314e..0383dc61b17 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -1019,21 +1019,14 @@ class Wizard extends LDAPUtility { /** * Connects and Binds to an LDAP Server + * * @param int $port the port to connect with * @param bool $tls whether startTLS is to be used - * @param bool $ncc * @return bool * @throws \Exception */ - private function connectAndBind($port = 389, $tls = false, $ncc = false) { - if($ncc) { - //No certificate check - //FIXME: undo afterwards - putenv('LDAPTLS_REQCERT=never'); - } - + private function connectAndBind($port, $tls) { //connect, does not really trigger any server communication - \OCP\Util::writeLog('user_ldap', 'Wiz: Checking Host Info ', \OCP\Util::DEBUG); $host = $this->configuration->ldapHost; $hostInfo = parse_url($host); if(!$hostInfo) { @@ -1045,7 +1038,6 @@ class Wizard extends LDAPUtility { throw new \Exception(self::$l->t('Invalid Host')); } - \OCP\Util::writeLog('user_ldap', 'Wiz: Setting LDAP Options ', \OCP\Util::DEBUG); //set LDAP options $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3); $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0); @@ -1074,18 +1066,13 @@ class Wizard extends LDAPUtility { if($login === true) { $this->ldap->unbind($cr); - if($ncc) { - throw new \Exception('Certificate cannot be validated.'); - } \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG); return true; } - if($errNo === -1 || ($errNo === 2 && $ncc)) { + if($errNo === -1) { //host, port or TLS wrong return false; - } else if ($errNo === 2) { - return $this->connectAndBind($port, $tls, true); } throw new \Exception($error, $errNo); } |