Auth/LDAP: fix handling starttls parameter and add options one

2024-12-12 19:33:38 +01:00 · 2024-12-12 19:33:38 +01:00 · bc11f6784c
commit bc11f6784c
parent 38f66c9971
3 changed files with 24 additions and 4 deletions
--- a/example/includes/config.yml
+++ b/example/includes/config.yml
@ -1,5 +1,5 @@
 # Public root URL
-public_root_url: "http://127.0.0.1/eesyphp"
+public_root_url: "/"

 # Application root data directory
 data_directory: "${root_directory_path}/data"
@ -302,6 +302,14 @@ auth:
    # LDAP bind password (optional)
    #bind_password: 'secret'

+    # LDAP options (optional)
+    # See https://www.php.net/manual/en/function.ldap-set-option.php for available options.
+    # Note: Options may defined by using PHP LDAP_OPT_* constant names.
+    # Default: LDAP_OPT_X_TLS_CERTFILE = /etc/ssl/certs/ca-certificates.crt
+    #options:
+    #  LDAP_OPT_X_TLS_REQUIRE_CERT: LDAP_OPT_X_TLS_NEVER
+    #  LDAP_OPT_X_TLS_CERTFILE: "/etc/ssl/certs/ca-certificates.crt"
+
    # User search filter by username. The keyword "[username]" will be replace before search by
    # the looked username (default: "uid=[username]")
    #user_filter_by_uid: 'uid=[username]'
--- a/skel/config.yml
+++ b/skel/config.yml
@ -93,8 +93,8 @@ templates:
 # Translations
 #
 i18n:
-  # Default locale (see locales directory for available languages list)
-  default_locale: "en_US.UTF8"
+  # Default locale (see locales directory for available languages list, default: 'en_US.UTF8')
+  #default_locale: 'en_US.UTF8'

 #
 # Session
@ -302,6 +302,14 @@ auth:
    # LDAP bind password (optional)
    #bind_password: 'secret'

+    # LDAP options (optional)
+    # See https://www.php.net/manual/en/function.ldap-set-option.php for available options.
+    # Note: Options may defined by using PHP LDAP_OPT_* constant names.
+    # Default: LDAP_OPT_X_TLS_CERTFILE = /etc/ssl/certs/ca-certificates.crt
+    #options:
+    #  LDAP_OPT_X_TLS_REQUIRE_CERT: LDAP_OPT_X_TLS_NEVER
+    #  LDAP_OPT_X_TLS_CERTFILE: "/etc/ssl/certs/ca-certificates.crt"
+
    # User search filter by username. The keyword "[username]" will be replace before search by
    # the looked username (default: "uid=[username]")
    #user_filter_by_uid: 'uid=[username]'
--- a/src/Auth/Ldap.php
+++ b/src/Auth/Ldap.php
@ -43,6 +43,9 @@ class Ldap extends Backend {
        'binddn' => null,
        'bindpw' => null,
        'starttls' => false,
+        'options' => [
+          "LDAP_OPT_X_TLS_CERTFILE" => "/etc/ssl/certs/ca-certificates.crt",
+        ],
        'user_filter_by_uid' => 'uid=[username]',
        'user_basedn' => null,
        'bind_with_username' => false,
@ -88,7 +91,8 @@ class Ldap extends Backend {
      'basedn' => App :: get('auth.ldap.basedn', null, 'string'),
      'binddn' => App :: get('auth.ldap.bind_dn', null, 'string'),
      'bindpw' => App :: get('auth.ldap.bind_password', null, 'string'),
-      'starttls' => App :: get('starttls', null, 'bool'),
+      'starttls' => App :: get('auth.ldap.starttls', null, 'bool'),
+      'options' => App :: get('auth.ldap.options', null, 'array'),
    );
    if ($port = App :: get('auth.ldap.port', null, 'int'))
      self :: $ldap_config['port'] = $port;