diff options
| author | Frédéric Guillot <fred@kanboard.net> | 2014-12-06 13:23:48 -0500 |
|---|---|---|
| committer | Frédéric Guillot <fred@kanboard.net> | 2014-12-06 13:23:48 -0500 |
| commit | 18bba794131e18b6ae81dff897bc196f43ca9d63 (patch) | |
| tree | e7c7aab30e5e386c8cc6addcd24669c27f4aa6b3 | |
| parent | 52c1a3b374d6c34abd9016a102bb73dc5cce895e (diff) | |
Add support for ldap_start_tls()
| -rw-r--r-- | app/Auth/Ldap.php | 6 | ||||
| -rw-r--r-- | app/constants.php | 1 | ||||
| -rw-r--r-- | config.default.php | 3 | ||||
| -rw-r--r-- | docs/ldap-authentication.markdown | 3 |
4 files changed, 13 insertions, 0 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index 5bb60275..82307e8c 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -136,6 +136,12 @@ class Ldap extends Base ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 1); + ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 1); + + if (LDAP_START_TLS && ! @ldap_start_tls($ldap)) { + die('Unable to use ldap_start_tls()'); + } return $ldap; } diff --git a/app/constants.php b/app/constants.php index aa417d88..d6a9fd46 100644 --- a/app/constants.php +++ b/app/constants.php @@ -22,6 +22,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard'); defined('LDAP_AUTH') or define('LDAP_AUTH', false); defined('LDAP_SERVER') or define('LDAP_SERVER', ''); defined('LDAP_PORT') or define('LDAP_PORT', 389); +defined('LDAP_START_TLS') or define('LDAP_START_TLS', false); defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true); defined('LDAP_BIND_TYPE') or define('LDAP_BIND_TYPE', 'anonymous'); defined('LDAP_USERNAME') or define('LDAP_USERNAME', null); diff --git a/config.default.php b/config.default.php index e2b5cdf9..c9bea70a 100644 --- a/config.default.php +++ b/config.default.php @@ -43,6 +43,9 @@ define('LDAP_PORT', 389); // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. define('LDAP_SSL_VERIFY', true); +// Enable LDAP START_TLS +define('LDAP_START_TLS', false); + // LDAP bind type: "anonymous", "user" (use the given user/password from the form) and "proxy" (a specific user to browse the LDAP directory) define('LDAP_BIND_TYPE', 'anonymous'); diff --git a/docs/ldap-authentication.markdown b/docs/ldap-authentication.markdown index 900f3107..0428d8e0 100644 --- a/docs/ldap-authentication.markdown +++ b/docs/ldap-authentication.markdown @@ -49,6 +49,9 @@ define('LDAP_PORT', 389); // By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. define('LDAP_SSL_VERIFY', true); +// Enable LDAP START_TLS +define('LDAP_START_TLS', false); + // LDAP bind type: "anonymous", "user" (use the given user/password from the form) and "proxy" (a specific user to browse the LDAP directory) define('LDAP_BIND_TYPE', 'anonymous'); |