From 6c14c09880bc085752a0479c512a47fe08b76aeb Mon Sep 17 00:00:00 2001 From: Christopher Tran Date: Sat, 27 Oct 2018 16:14:19 -0400 Subject: [PATCH] Add ability to disable LDAP certificate validation --- .env.example | 2 ++ app/Auth/Access/LdapService.php | 6 ++++++ config/services.php | 1 + 3 files changed, 9 insertions(+) diff --git a/.env.example b/.env.example index eda20ea26..3ca612f64 100644 --- a/.env.example +++ b/.env.example @@ -76,6 +76,8 @@ LDAP_GROUP_ATTRIBUTE="memberOf" # Would you like to remove users from roles on BookStack if they do not match on LDAP # If false, the ldap groups-roles sync will only add users to roles LDAP_REMOVE_FROM_GROUPS=false +# Set this option to disable LDAPS Certificate Verification +LDAP_TLS_INSECURE=false # Mail settings MAIL_DRIVER=smtp diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php index d3a177f8e..04af5b370 100644 --- a/app/Auth/Access/LdapService.php +++ b/app/Auth/Access/LdapService.php @@ -169,8 +169,14 @@ class LdapService } $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1]; $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389; + $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort); + // Check if TLS_INSECURE is set + if($this->config['tls_insecure']) { + $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); + } + if ($ldapConnection === false) { throw new LdapException(trans('errors.ldap_cannot_connect')); } diff --git a/config/services.php b/config/services.php index 711040386..47fd2f2ff 100644 --- a/config/services.php +++ b/config/services.php @@ -148,6 +148,7 @@ return [ 'user_to_groups' => env('LDAP_USER_TO_GROUPS',false), 'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'), 'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false), + 'tls_insecure' => env('LDAP_TLS_INSECURE', false), ] ];