Auth/LDAP: fix handling starttls parameter and add options one

This commit is contained in:
Benjamin Renard 2024-12-12 19:33:38 +01:00
parent 38f66c9971
commit bc11f6784c
Signed by: bn8
GPG key ID: 3E2E1CE1907115BC
3 changed files with 24 additions and 4 deletions

View file

@ -1,5 +1,5 @@
# Public root URL # Public root URL
public_root_url: "http://127.0.0.1/eesyphp" public_root_url: "/"
# Application root data directory # Application root data directory
data_directory: "${root_directory_path}/data" data_directory: "${root_directory_path}/data"
@ -302,6 +302,14 @@ auth:
# LDAP bind password (optional) # LDAP bind password (optional)
#bind_password: 'secret' #bind_password: 'secret'
# LDAP options (optional)
# See https://www.php.net/manual/en/function.ldap-set-option.php for available options.
# Note: Options may defined by using PHP LDAP_OPT_* constant names.
# Default: LDAP_OPT_X_TLS_CERTFILE = /etc/ssl/certs/ca-certificates.crt
#options:
# LDAP_OPT_X_TLS_REQUIRE_CERT: LDAP_OPT_X_TLS_NEVER
# LDAP_OPT_X_TLS_CERTFILE: "/etc/ssl/certs/ca-certificates.crt"
# User search filter by username. The keyword "[username]" will be replace before search by # User search filter by username. The keyword "[username]" will be replace before search by
# the looked username (default: "uid=[username]") # the looked username (default: "uid=[username]")
#user_filter_by_uid: 'uid=[username]' #user_filter_by_uid: 'uid=[username]'

View file

@ -93,8 +93,8 @@ templates:
# Translations # Translations
# #
i18n: i18n:
# Default locale (see locales directory for available languages list) # Default locale (see locales directory for available languages list, default: 'en_US.UTF8')
default_locale: "en_US.UTF8" #default_locale: 'en_US.UTF8'
# #
# Session # Session
@ -302,6 +302,14 @@ auth:
# LDAP bind password (optional) # LDAP bind password (optional)
#bind_password: 'secret' #bind_password: 'secret'
# LDAP options (optional)
# See https://www.php.net/manual/en/function.ldap-set-option.php for available options.
# Note: Options may defined by using PHP LDAP_OPT_* constant names.
# Default: LDAP_OPT_X_TLS_CERTFILE = /etc/ssl/certs/ca-certificates.crt
#options:
# LDAP_OPT_X_TLS_REQUIRE_CERT: LDAP_OPT_X_TLS_NEVER
# LDAP_OPT_X_TLS_CERTFILE: "/etc/ssl/certs/ca-certificates.crt"
# User search filter by username. The keyword "[username]" will be replace before search by # User search filter by username. The keyword "[username]" will be replace before search by
# the looked username (default: "uid=[username]") # the looked username (default: "uid=[username]")
#user_filter_by_uid: 'uid=[username]' #user_filter_by_uid: 'uid=[username]'

View file

@ -43,6 +43,9 @@ class Ldap extends Backend {
'binddn' => null, 'binddn' => null,
'bindpw' => null, 'bindpw' => null,
'starttls' => false, 'starttls' => false,
'options' => [
"LDAP_OPT_X_TLS_CERTFILE" => "/etc/ssl/certs/ca-certificates.crt",
],
'user_filter_by_uid' => 'uid=[username]', 'user_filter_by_uid' => 'uid=[username]',
'user_basedn' => null, 'user_basedn' => null,
'bind_with_username' => false, 'bind_with_username' => false,
@ -88,7 +91,8 @@ class Ldap extends Backend {
'basedn' => App :: get('auth.ldap.basedn', null, 'string'), 'basedn' => App :: get('auth.ldap.basedn', null, 'string'),
'binddn' => App :: get('auth.ldap.bind_dn', null, 'string'), 'binddn' => App :: get('auth.ldap.bind_dn', null, 'string'),
'bindpw' => App :: get('auth.ldap.bind_password', null, 'string'), 'bindpw' => App :: get('auth.ldap.bind_password', null, 'string'),
'starttls' => App :: get('starttls', null, 'bool'), 'starttls' => App :: get('auth.ldap.starttls', null, 'bool'),
'options' => App :: get('auth.ldap.options', null, 'array'),
); );
if ($port = App :: get('auth.ldap.port', null, 'int')) if ($port = App :: get('auth.ldap.port', null, 'int'))
self :: $ldap_config['port'] = $port; self :: $ldap_config['port'] = $port;