Add ability to disable LDAP certificate validation

christophert · christophert · commit 6c14c09880bc · 2018-10-27T16:14:19.000-04:00
diff --git a/.env.example b/.env.example
@@ -76,6 +76,8 @@ LDAP_GROUP_ATTRIBUTE="memberOf"
 # Would you like to remove users from roles on BookStack if they do not match on LDAP
 # If false, the ldap groups-roles sync will only add users to roles
 LDAP_REMOVE_FROM_GROUPS=false
+# Set this option to disable LDAPS Certificate Verification
+LDAP_TLS_INSECURE=false
 
 # Mail settings
 MAIL_DRIVER=smtp
diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
@@ -169,8 +169,14 @@ protected function getConnection()
         }
         $hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];
         $defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;
+
         $ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
 
+        // Check if TLS_INSECURE is set
+        if($this->config['tls_insecure']) {
+            $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+        }
+
         if ($ldapConnection === false) {
             throw new LdapException(trans('errors.ldap_cannot_connect'));
         }
diff --git a/config/services.php b/config/services.php
@@ -148,6 +148,7 @@
 		'user_to_groups' => env('LDAP_USER_TO_GROUPS',false),
 		'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
 		'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false),
+        'tls_insecure' => env('LDAP_TLS_INSECURE', false),
 	]
 
 ];

Original file line number	Diff line number	Diff line change
`@@ -169,8 +169,14 @@ protected function getConnection()`
`169`	`169`	`}`
`170`	`170`	`$hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];`
`171`	`171`	`$defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;`
	`172`	`+`
`172`	`173`	`$ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);`
`173`	`174`
	`175`	`+ // Check if TLS_INSECURE is set`
	`176`	`+ if($this->config['tls_insecure']) {`
	`177`	`+ $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);`
	`178`	`+ }`
	`179`	`+`
`174`	`180`	`if ($ldapConnection === false) {`
`175`	`181`	`throw new LdapException(trans('errors.ldap_cannot_connect'));`
`176`	`182`	`}`
Original file line number	Diff line number	Diff line change
`@@ -148,6 +148,7 @@`
`148`	`148`	`'user_to_groups' => env('LDAP_USER_TO_GROUPS',false),`
`149`	`149`	`'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),`
`150`	`150`	`'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false),`
	`151`	`+ 'tls_insecure' => env('LDAP_TLS_INSECURE', false),`
`151`	`152`	`]`
`152`	`153`
`153`	`154`	`];`