diff options
author | Francois Ferrand <thetypz@gmail.com> | 2014-07-03 10:25:25 +0200 |
---|---|---|
committer | Francois Ferrand <thetypz@gmail.com> | 2014-07-03 10:29:21 +0200 |
commit | 0a3049c17293e6b7b416b4264ace1f373bda6728 (patch) | |
tree | 3860b7dd2db87e1aff4db8b0fc5ded0b4582e53e | |
parent | 98bd694e2bd47b0c4ed8247546b1903c762ffdde (diff) |
Add option to disable SSL certificate verification for LDAP.
-rw-r--r-- | app/Model/Ldap.php | 5 | ||||
-rw-r--r-- | app/common.php | 1 | ||||
-rw-r--r-- | config.default.php | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/app/Model/Ldap.php b/app/Model/Ldap.php index 9e7d0445..4e605eb2 100644 --- a/app/Model/Ldap.php +++ b/app/Model/Ldap.php @@ -24,6 +24,11 @@ class Ldap extends Base die('The PHP LDAP extension is required'); } + if (!LDAP_SSL_VERIFY) { + //Skip SSL certificate verification + putenv('LDAPTLS_REQCERT=never'); + } + $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT); if (! is_resource($ldap)) { diff --git a/app/common.php b/app/common.php index 023494d8..c5fb34e2 100644 --- a/app/common.php +++ b/app/common.php @@ -44,6 +44,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard'); defined('LDAP_AUTH') or define('LDAP_AUTH', false); defined('LDAP_SERVER') or define('LDAP_SERVER', ''); defined('LDAP_PORT') or define('LDAP_PORT', 389); +defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true); defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname'); defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); diff --git a/config.default.php b/config.default.php index db3b7221..e3551994 100644 --- a/config.default.php +++ b/config.default.php @@ -30,6 +30,9 @@ define('LDAP_SERVER', ''); // LDAP server port (389 by default) define('LDAP_PORT', 389); +// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. +define('LDAP_SSL_VERIFY', true); + // LDAP username to connect with. NULL for anonymous bind (by default). define('LDAP_USERNAME', null); |