From b03330aae00014fd9c9745fbdde76f52b07e095b Mon Sep 17 00:00:00 2001 From: snipe Date: Fri, 22 Jul 2016 16:00:37 -0700 Subject: [PATCH] Added TLS option in settings for LDAP --- app/Http/Controllers/SettingsController.php | 1 + app/Models/Ldap.php | 5 +++ ..._07_22_153432_add_tls_to_ldap_settings.php | 31 +++++++++++++++++++ resources/lang/en/admin/settings/general.php | 2 ++ resources/views/settings/edit.blade.php | 15 +++++++++ 5 files changed, 54 insertions(+) create mode 100644 database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 70f3846a24..183e45c4c4 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -416,6 +416,7 @@ class SettingsController extends Controller $setting->ldap_email = e(Input::get('ldap_email')); $setting->ad_domain = e(Input::get('ad_domain')); $setting->is_ad = e(Input::get('is_ad', '0')); + $setting->ldap_tls = e(Input::get('ldap_tls', '0')); // If validation fails, we'll exit the operation now. if ($setting->save()) { diff --git a/app/Models/Ldap.php b/app/Models/Ldap.php index b36655feda..efa9c522ae 100644 --- a/app/Models/Ldap.php +++ b/app/Models/Ldap.php @@ -27,6 +27,7 @@ class Ldap extends Model $ldap_port = Setting::getSettings()->ldap_port; $ldap_version = Setting::getSettings()->ldap_version; $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore; + $ldap_use_tls = Setting::getSettings()->ldap_tls; // If we are ignoring the SSL cert we need to setup the environment variable @@ -45,6 +46,10 @@ class Ldap extends Model ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version); + if ($ldap_use_tls=='1') { + ldap_start_tls($connection); + } + return $connection; } diff --git a/database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php b/database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php new file mode 100644 index 0000000000..9ea71687c6 --- /dev/null +++ b/database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php @@ -0,0 +1,31 @@ +boolean('ldap_tls')->default(0); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('settings', function ($table) { + $table->dropColumn('ldap_tls'); + }); + } +} diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index b7002c951d..b366cf2df4 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -45,6 +45,8 @@ return array( 'ldap_server_cert' => 'LDAP SSL certificate validation', 'ldap_server_cert_ignore' => 'Allow invalid SSL Certificate', 'ldap_server_cert_help' => 'Select this checkbox if you are using a self signed SSL cert and would like to accept an invalid SSL certificate.', + 'ldap_tls' => 'Use TLS', + 'ldap_tls_help' => 'This should be checked only if you are running STARTTLS on your LDAP server. ', 'ldap_uname' => 'LDAP Bind Username', 'ldap_pword' => 'LDAP Bind Password', 'ldap_port' => 'LDAP Port', diff --git a/resources/views/settings/edit.blade.php b/resources/views/settings/edit.blade.php index 7ab69232d8..8d922cdbd8 100755 --- a/resources/views/settings/edit.blade.php +++ b/resources/views/settings/edit.blade.php @@ -747,6 +747,21 @@ + +
+
+ {{ Form::label('ldap_tls', trans('admin/settings/general.ldap_tls')) }} +
+
+ {{ Form::checkbox('ldap_tls', '1', Input::old('ldap_tls', $setting->ldap_tls),array('class' => 'minimal')) }} + {{ trans('admin/settings/general.ldap_tls_help') }} + {!! $errors->first('ldap_tls', ':message') !!} + +
+
+ + +
{{ Form::label('ldap_server_cert_ignore', trans('admin/settings/general.ldap_server_cert')) }}