From cb98d74ccdfee6a1036c4fac769ba754f9c72ffc Mon Sep 17 00:00:00 2001 From: "Harry G. Coin" Date: Mon, 25 Apr 2016 22:22:03 -0500 Subject: [PATCH] add tls, support ldaps --- resources/check_auth.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/resources/check_auth.php b/resources/check_auth.php index 9619898116..f5d1647193 100644 --- a/resources/check_auth.php +++ b/resources/check_auth.php @@ -110,12 +110,27 @@ require_once "resources/require.php"; if (strlen(check_str($_REQUEST["domain_name"])) > 0) { $domain_name = check_str($_REQUEST["domain_name"]); } - $connect = ldap_connect($_SESSION["ldap"]["server_host"]["text"], $_SESSION["ldap"]["server_port"]["numeric"]) + if (isset($_SESSION["ldap"]["certpath"])) { + $s="LDAPTLS_CERT=" . $_SESSION["ldap"]["certpath"]["text"]; + putenv($s); + } + if (isset($_SESSION["ldap"]["certkey"])) { + $s="LDAPTLS_KEY=" . $_SESSION["ldap"]["certkey"]["text"]; + putenv($s); + } + $host=$_SESSION["ldap"]["server_host"]["text"]; + $port=$_SESSION["ldap"]["server_port"]["numeric"]; + $connect = ldap_connect($host) or die("Could not connect to the LDAP server."); - ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10); + //ldap_set_option($connect, LDAP_OPT_NETWORK_TIMEOUT, 10); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); + //ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); $bind_dn = $_SESSION["ldap"]["user_attribute"]["text"]."=".$username.",".$_SESSION["ldap"]["user_dn"]["text"]; - $bind = ldap_bind($connect, $bind_dn, $_REQUEST["password"]); + $bind_pw = $_REQUEST["password"]; + //Note: As of 4/16, the call below will fail randomly. Php debug reports ldap_bind + //called below with all arguments '*uninitialized*'. However, the debugger + //single-stepping just before the failing call correctly displays all the values. + $bind = ldap_bind($connect, $bind_dn, $bind_pw ); if ($bind) { $_SESSION['username'] = $username; }