Added TLS option in settings for LDAP

app/Http/Controllers/SettingsController.php

@@ -416,6 +416,7 @@ class SettingsController extends Controller
         $setting->ldap_email = e(Input::get('ldap_email'));
         $setting->ad_domain = e(Input::get('ad_domain'));
         $setting->is_ad = e(Input::get('is_ad', '0'));
+        $setting->ldap_tls = e(Input::get('ldap_tls', '0'));
 
         // If validation fails, we'll exit the operation now.
         if ($setting->save()) {

app/Models/Ldap.php

@@ -27,6 +27,7 @@ class Ldap extends Model
         $ldap_port    = Setting::getSettings()->ldap_port;
         $ldap_version = Setting::getSettings()->ldap_version;
         $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
+        $ldap_use_tls = Setting::getSettings()->ldap_tls;
 
 
         // If we are ignoring the SSL cert we need to setup the environment variable
@@ -45,6 +46,10 @@ class Ldap extends Model
         ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
         ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version);
 
+        if ($ldap_use_tls=='1') {
+            ldap_start_tls($connection);
+        }
+
         return $connection;
     }
 

database/migrations/2016_07_22_153432_add_tls_to_ldap_settings.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddTlsToLdapSettings extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('settings', function (Blueprint $table) {
+            $table->boolean('ldap_tls')->default(0);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('settings', function ($table) {
+            $table->dropColumn('ldap_tls');
+        });
+    }
+}

resources/lang/en/admin/settings/general.php

@@ -45,6 +45,8 @@ return array(
 	'ldap_server_cert'			=> 'LDAP SSL certificate validation',
 	'ldap_server_cert_ignore'	=> 'Allow invalid SSL Certificate',
 	'ldap_server_cert_help'		=> 'Select this checkbox if you are using a self signed SSL cert and would like to accept an invalid SSL certificate.',
+    'ldap_tls'                  => 'Use TLS',
+    'ldap_tls_help'             => 'This should be checked only if you are running STARTTLS on your LDAP server. ',
     'ldap_uname'                => 'LDAP Bind Username',
     'ldap_pword'                => 'LDAP Bind Password',
     'ldap_port'                 => 'LDAP Port',

resources/views/settings/edit.blade.php

@@ -747,6 +747,21 @@
                 </div><!-- LDAP Server -->
 
 
+                <!-- Start TLS -->
+                <div class="form-group">
+                    <div class="col-md-3">
+                        {{ Form::label('ldap_tls', trans('admin/settings/general.ldap_tls')) }}
+                    </div>
+                    <div class="col-md-9">
+                        {{ Form::checkbox('ldap_tls', '1', Input::old('ldap_tls', $setting->ldap_tls),array('class' => 'minimal')) }}
+                        {{ trans('admin/settings/general.ldap_tls_help') }}
+                        {!! $errors->first('ldap_tls', '<span class="alert-msg">:message</span>') !!}
+
+                    </div>
+                </div>
+                <!-- /.form-group -->
+
+
               <div class="form-group {{ $errors->has('ldap_server_cert_ignore') ? 'error' : '' }}">
                   <div class="col-md-3">
                      {{ Form::label('ldap_server_cert_ignore', trans('admin/settings/general.ldap_server_cert')) }}