diff options
-rw-r--r-- | app/Model/Ldap.php | 5 | ||||
-rw-r--r-- | app/common.php | 1 | ||||
-rw-r--r-- | config.default.php | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/app/Model/Ldap.php b/app/Model/Ldap.php index 9e7d0445..4e605eb2 100644 --- a/app/Model/Ldap.php +++ b/app/Model/Ldap.php @@ -24,6 +24,11 @@ class Ldap extends Base die('The PHP LDAP extension is required'); } + if (!LDAP_SSL_VERIFY) { + //Skip SSL certificate verification + putenv('LDAPTLS_REQCERT=never'); + } + $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT); if (! is_resource($ldap)) { diff --git a/app/common.php b/app/common.php index 023494d8..c5fb34e2 100644 --- a/app/common.php +++ b/app/common.php @@ -44,6 +44,7 @@ defined('DB_NAME') or define('DB_NAME', 'kanboard'); defined('LDAP_AUTH') or define('LDAP_AUTH', false); defined('LDAP_SERVER') or define('LDAP_SERVER', ''); defined('LDAP_PORT') or define('LDAP_PORT', 389); +defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true); defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname'); defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); diff --git a/config.default.php b/config.default.php index db3b7221..e3551994 100644 --- a/config.default.php +++ b/config.default.php @@ -30,6 +30,9 @@ define('LDAP_SERVER', ''); // LDAP server port (389 by default) define('LDAP_PORT', 389); +// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification. +define('LDAP_SSL_VERIFY', true); + // LDAP username to connect with. NULL for anonymous bind (by default). define('LDAP_USERNAME', null); |