From 95c33e466c19364635afaab8874c1848508442e6 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Sun, 5 Aug 2012 23:00:47 +0200
Subject: LDAP: offer option to disable SSL certificate checks. Works around
 problems with self-signed certificates, for example. However, the best and
 right way to solve it is always to import the LDAP server cert to the
 owncloud server, so you it for testing only.

Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
---
 apps/user_ldap/lib/connection.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'apps/user_ldap/lib/connection.php')

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index a84174d1dfd..503245a3390 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -42,6 +42,7 @@ class Connection {
 		'ldapAgentPassword' => null,
 		'ldapTLS' => null,
 		'ldapNoCase' => null,
+		'turnOffCertCheck' => null,
 		'ldapIgnoreNamingRules' => null,
 		'ldapUserDisplayName' => null,
 		'ldapUserFilter' => null,
@@ -164,6 +165,7 @@ class Connection {
 			$this->config['ldapBaseGroups']        = \OCP\Config::getAppValue($this->configID, 'ldap_base_groups', $this->config['ldapBase']);
 			$this->config['ldapTLS']               = \OCP\Config::getAppValue($this->configID, 'ldap_tls',0);
 			$this->config['ldapNoCase']            = \OCP\Config::getAppValue($this->configID, 'ldap_nocase', 0);
+			$this->config['turnOffCertCheck']      = \OCP\Config::getAppValue($this->configID, 'ldap_turn_off_cert_check', 0);
 			$this->config['ldapUserDisplayName']   = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_display_name', 'uid'), 'UTF-8');
 			$this->config['ldapUserFilter']        = \OCP\Config::getAppValue($this->configID, 'ldap_userlist_filter','objectClass=person');
 			$this->config['ldapGroupFilter']       = \OCP\Config::getAppValue($this->configID, 'ldap_group_filter','(objectClass=posixGroup)');
@@ -292,6 +294,13 @@ class Connection {
 
 				return false;
 			}
+			if($this->config['turnOffCertCheck']) {
+				if(putenv('LDAPTLS_REQCERT=never')) {
+					\OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN);
+				} else {
+					\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
+				}
+			}
 			$this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
 			if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
 					if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
-- 
cgit v1.2.3