Add option to disable SSL certificate verification for LDAP.

author: Francois Ferrand <thetypz@gmail.com> 2014-07-03 10:25:25 +0200
committer: Francois Ferrand <thetypz@gmail.com> 2014-07-03 10:29:21 +0200
commit: 0a3049c17293e6b7b416b4264ace1f373bda6728 (patch)
tree: 3860b7dd2db87e1aff4db8b0fc5ded0b4582e53e /app
parent: 98bd694e2bd47b0c4ed8247546b1903c762ffdde (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/app/Model/Ldap.php b/app/Model/Ldap.php
index 9e7d0445..4e605eb2 100644
--- a/app/Model/Ldap.php
+++ b/app/Model/Ldap.php
@@ -24,6 +24,11 @@ class Ldap extends Base
             die('The PHP LDAP extension is required');
         }
 
+        if (!LDAP_SSL_VERIFY) {
+            //Skip SSL certificate verification
+            putenv('LDAPTLS_REQCERT=never');
+        }
+
         $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT);
 
         if (! is_resource($ldap)) {
diff --git a/app/common.php b/app/common.php
index 023494d8..c5fb34e2 100644
--- a/app/common.php
+++ b/app/common.php
@@ -44,6 +44,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard');
 defined('LDAP_AUTH') or define('LDAP_AUTH', false);
 defined('LDAP_SERVER') or define('LDAP_SERVER', '');
 defined('LDAP_PORT') or define('LDAP_PORT', 389);
+defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true);
 defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname');
 defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail');
author	Francois Ferrand <thetypz@gmail.com>	2014-07-03 10:25:25 +0200
committer	Francois Ferrand <thetypz@gmail.com>	2014-07-03 10:29:21 +0200
commit	0a3049c17293e6b7b416b4264ace1f373bda6728 (patch)
tree	3860b7dd2db87e1aff4db8b0fc5ded0b4582e53e /app
parent	98bd694e2bd47b0c4ed8247546b1903c762ffdde (diff)