colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change to allow override of CA CERT for LDAPS 

Using the env LDAP_TLS_CACERTFILE to set a file to use to override
the CA CERT used to verify LDAPS connections. This is to make this
process easier for docker use.
This commit is contained in:
Matt Moore 2024-03-26 16:30:04 +00:00
parent 6c063f424c
commit 06ef95dc5f
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Access/LdapService.php
View File

@ -209,6 +209,12 @@ class LdapService
$this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); $this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
} }
// Specify CA Cert file for LDAP.
// This option works globally and must be set before a connection is created.
if ($this->config['tls_cacertfile']) {
$this->ldap->setOption(null, LDAP_OPT_X_TLS_CACERTFILE, $this->config['tls_cacertfile']);
}
$ldapHost = $this->parseServerString($this->config['server']); $ldapHost = $this->parseServerString($this->config['server']);
$ldapConnection = $this->ldap->connect($ldapHost); $ldapConnection = $this->ldap->connect($ldapHost);

1
app/Config/services.php
View File

@ -133,6 +133,7 @@ return [
'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'), 'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS', false), 'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS', false),
'tls_insecure' => env('LDAP_TLS_INSECURE', false), 'tls_insecure' => env('LDAP_TLS_INSECURE', false),
'tls_cacertfile' => env('LDAP_TLS_CACERTFILE', false),
'start_tls' => env('LDAP_START_TLS', false), 'start_tls' => env('LDAP_START_TLS', false),
'thumbnail_attribute' => env('LDAP_THUMBNAIL_ATTRIBUTE', null), 'thumbnail_attribute' => env('LDAP_THUMBNAIL_ATTRIBUTE', null),
], ],