upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 00:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 35

Merge pull request #51096 from nextcloud/fix/noid/ldap-setopt-for-disabling-certcheck

Browse source 
fix(LDAP): use ldap_set_option over putenv to disable cert check
This commit is contained in:
Arthur Schiwon 2025-03-06 13:00:08 +01:00 committed by GitHub
commit 4fe518a57b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
apps/user_ldap/lib/Connection.php
View file

@ -627,19 +627,6 @@ class Connection extends LDAPUtility {
return false;
}
if ($this->configuration->turnOffCertCheck) {
if (putenv('LDAPTLS_REQCERT=never')) {
$this->logger->debug(
'Turned off SSL certificate validation successfully.',
['app' => 'user_ldap']
);
} else {
$this->logger->warning(
'Could not turn off SSL certificate validation.',
['app' => 'user_ldap']
);
}
}
$hasBackupHost = (trim($this->configuration->ldapBackupHost ?? '') !== '');
$hasBackgroundHost = (trim($this->configuration->ldapBackgroundHost ?? '') !== '');
@ -718,6 +705,20 @@ class Connection extends LDAPUtility {
}
if ($this->configuration->ldapTLS) {
if ($this->configuration->turnOffCertCheck) {
if ($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) {
$this->logger->debug(
'Turned off SSL certificate validation successfully.',
['app' => 'user_ldap']
);
} else {
$this->logger->warning(
'Could not turn off SSL certificate validation.',
['app' => 'user_ldap']
);
}
}
if (!$this->ldap->startTls($this->ldapConnectionRes)) {
throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
}