Added TLS option in settings for LDAP

snipe · Jul 22, 2016 · b03330a · b03330a
1 parent 7f5ea72
commit b03330a
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 0 deletions.
diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -416,6 +416,7 @@ public function postEdit()
  $setting->ldap_email = e(Input::get('ldap_email'));
  $setting->ad_domain = e(Input::get('ad_domain'));
  $setting->is_ad = e(Input::get('is_ad', '0'));
+ $setting->ldap_tls = e(Input::get('ldap_tls', '0'));
 
  // If validation fails, we'll exit the operation now.
  if ($setting->save()) {

diff --git a/app/Models/Ldap.php b/app/Models/Ldap.php
@@ -27,6 +27,7 @@ public static function connectToLdap()
  $ldap_port = Setting::getSettings()->ldap_port;
  $ldap_version = Setting::getSettings()->ldap_version;
  $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
+ $ldap_use_tls = Setting::getSettings()->ldap_tls;
 
 
  // If we are ignoring the SSL cert we need to setup the environment variable
@@ -45,6 +46,10 @@ public static function connectToLdap()
  ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
  ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version);
 
+ if ($ldap_use_tls=='1') {
+ ldap_start_tls($connection);
+ }
+
  return $connection;
  }
 

diff --git a/database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php b/database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php
@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddTlsToLdapSettings extends Migration
+{
+ /**
+ * Run the migrations.
+ *
+ * @return void
+ */
+ public function up()
+ {
+ Schema::table('settings', function (Blueprint $table) {
+ $table->boolean('ldap_tls')->default(0);
+ });
+ }
+
+ /**
+ * Reverse the migrations.
+ *
+ * @return void
+ */
+ public function down()
+ {
+ Schema::table('settings', function ($table) {
+ $table->dropColumn('ldap_tls');
+ });
+ }
+}
diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
@@ -45,6 +45,8 @@
  'ldap_server_cert' => 'LDAP SSL certificate validation',
  'ldap_server_cert_ignore' => 'Allow invalid SSL Certificate',
  'ldap_server_cert_help' => 'Select this checkbox if you are using a self signed SSL cert and would like to accept an invalid SSL certificate.',
+ 'ldap_tls' => 'Use TLS',
+ 'ldap_tls_help' => 'This should be checked only if you are running STARTTLS on your LDAP server. ',
  'ldap_uname' => 'LDAP Bind Username',
  'ldap_pword' => 'LDAP Bind Password',
  'ldap_port' => 'LDAP Port',

diff --git a/resources/views/settings/edit.blade.php b/resources/views/settings/edit.blade.php
@@ -747,6 +747,21 @@
  </div><!-- LDAP Server -->
 
 
+ <!-- Start TLS -->
+ <div class="form-group">
+ <div class="col-md-3">
+ {{ Form::label('ldap_tls', trans('admin/settings/general.ldap_tls')) }}
+ </div>
+ <div class="col-md-9">
+ {{ Form::checkbox('ldap_tls', '1', Input::old('ldap_tls', $setting->ldap_tls),array('class' => 'minimal')) }}
+ {{ trans('admin/settings/general.ldap_tls_help') }}
+ {!! $errors->first('ldap_tls', '<span class="alert-msg">:message</span>') !!}
+
+ </div>
+ </div>
+ <!-- /.form-group -->
+
+
  <div class="form-group {{ $errors->has('ldap_server_cert_ignore') ? 'error' : '' }}">
  <div class="col-md-3">
  {{ Form::label('ldap_server_cert_ignore', trans('admin/settings/general.ldap_server_cert')) }}