From 939a8d5ea56def06d788b11f9fae9642befbdde6 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Thu, 27 Feb 2025 13:50:17 +0100 Subject: [PATCH] fix(LDAP): use ldap_set_option over putenv to disable cert check the putenv option was not working reliable anymore anyway Signed-off-by: Arthur Schiwon --- apps/user_ldap/lib/Connection.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index 14dfcdb1bc5..a4af0d68bd5 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -627,19 +627,6 @@ class Connection extends LDAPUtility { return false; } - if ($this->configuration->turnOffCertCheck) { - if (putenv('LDAPTLS_REQCERT=never')) { - $this->logger->debug( - 'Turned off SSL certificate validation successfully.', - ['app' => 'user_ldap'] - ); - } else { - $this->logger->warning( - 'Could not turn off SSL certificate validation.', - ['app' => 'user_ldap'] - ); - } - } $hasBackupHost = (trim($this->configuration->ldapBackupHost ?? '') !== ''); $hasBackgroundHost = (trim($this->configuration->ldapBackgroundHost ?? '') !== ''); @@ -718,6 +705,20 @@ class Connection extends LDAPUtility { } if ($this->configuration->ldapTLS) { + if ($this->configuration->turnOffCertCheck) { + if ($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) { + $this->logger->debug( + 'Turned off SSL certificate validation successfully.', + ['app' => 'user_ldap'] + ); + } else { + $this->logger->warning( + 'Could not turn off SSL certificate validation.', + ['app' => 'user_ldap'] + ); + } + } + if (!$this->ldap->startTls($this->ldapConnectionRes)) { throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.'); }