Auth/LDAP: fix handling starttls parameter and add options one

example/includes/config.yml

@@ -1,5 +1,5 @@
 # Public root URL
-public_root_url: "http://127.0.0.1/eesyphp"
+public_root_url: "/"
 
 # Application root data directory
 data_directory: "${root_directory_path}/data"
@@ -302,6 +302,14 @@ auth:
     # LDAP bind password (optional)
     #bind_password: 'secret'
 
+    # LDAP options (optional)
+    # See https://www.php.net/manual/en/function.ldap-set-option.php for available options.
+    # Note: Options may defined by using PHP LDAP_OPT_* constant names.
+    # Default: LDAP_OPT_X_TLS_CERTFILE = /etc/ssl/certs/ca-certificates.crt
+    #options:
+    #  LDAP_OPT_X_TLS_REQUIRE_CERT: LDAP_OPT_X_TLS_NEVER
+    #  LDAP_OPT_X_TLS_CERTFILE: "/etc/ssl/certs/ca-certificates.crt"
+
     # User search filter by username. The keyword "[username]" will be replace before search by
     # the looked username (default: "uid=[username]")
     #user_filter_by_uid: 'uid=[username]'

skel/config.yml

@@ -93,8 +93,8 @@ templates:
 # Translations
 #
 i18n:
-  # Default locale (see locales directory for available languages list)
+  # Default locale (see locales directory for available languages list, default: 'en_US.UTF8')
-  default_locale: "en_US.UTF8"
+  #default_locale: 'en_US.UTF8'
 
 #
 # Session
@@ -302,6 +302,14 @@ auth:
     # LDAP bind password (optional)
     #bind_password: 'secret'
 
+    # LDAP options (optional)
+    # See https://www.php.net/manual/en/function.ldap-set-option.php for available options.
+    # Note: Options may defined by using PHP LDAP_OPT_* constant names.
+    # Default: LDAP_OPT_X_TLS_CERTFILE = /etc/ssl/certs/ca-certificates.crt
+    #options:
+    #  LDAP_OPT_X_TLS_REQUIRE_CERT: LDAP_OPT_X_TLS_NEVER
+    #  LDAP_OPT_X_TLS_CERTFILE: "/etc/ssl/certs/ca-certificates.crt"
+
     # User search filter by username. The keyword "[username]" will be replace before search by
     # the looked username (default: "uid=[username]")
     #user_filter_by_uid: 'uid=[username]'

src/Auth/Ldap.php

@@ -43,6 +43,9 @@ class Ldap extends Backend {
         'binddn' => null,
         'bindpw' => null,
         'starttls' => false,
+        'options' => [
+          "LDAP_OPT_X_TLS_CERTFILE" => "/etc/ssl/certs/ca-certificates.crt",
+        ],
         'user_filter_by_uid' => 'uid=[username]',
         'user_basedn' => null,
         'bind_with_username' => false,
@@ -88,7 +91,8 @@ class Ldap extends Backend {
       'basedn' => App :: get('auth.ldap.basedn', null, 'string'),
       'binddn' => App :: get('auth.ldap.bind_dn', null, 'string'),
       'bindpw' => App :: get('auth.ldap.bind_password', null, 'string'),
-      'starttls' => App :: get('starttls', null, 'bool'),
+      'starttls' => App :: get('auth.ldap.starttls', null, 'bool'),
+      'options' => App :: get('auth.ldap.options', null, 'array'),
     );
     if ($port = App :: get('auth.ldap.port', null, 'int'))
       self :: $ldap_config['port'] = $port;