From c6c0f8871bf5837f9a685ba7add9ec18a917b6bb Mon Sep 17 00:00:00 2001
From: andi <andi@splitbrain.org>
Date: Wed, 9 Mar 2005 22:01:53 +0100
Subject: TLS support for LDAP #191

darcs-hash:20050309210153-9977f-9f63df016b31e0812db0bbcb20513948900b231c.gz
---
 inc/auth_ldap.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/inc/auth_ldap.php b/inc/auth_ldap.php
index 5ae71a2da..296b4e9c8 100644
--- a/inc/auth_ldap.php
+++ b/inc/auth_ldap.php
@@ -19,7 +19,7 @@ if(!function_exists('ldap_connect'))
  *
  * Holds the connection in global scope for multiple use
  *
- * @author     Andreas Gohr <andi@splitbrain.org>
+ * @author  Andreas Gohr <andi@splitbrain.org>
  */
 function auth_ldap_connect(){
   global $LDAP_CONNECTION;
@@ -32,6 +32,7 @@ function auth_ldap_connect(){
       msg("LDAP: couldn't connect to LDAP server",-1);
       return false;
     }
+    //set protocol version
     if($cnf['version']){
       if(!@ldap_set_option($LDAP_CONNECTION,
                            LDAP_OPT_PROTOCOL_VERSION,
@@ -39,6 +40,15 @@ function auth_ldap_connect(){
         msg('Setting LDAP Protocol version '.$cnf['version'].' failed',-1);
         if($cnf['debug'])
           msg('LDAP errstr: '.htmlspecialchars(ldap_error($LDAP_CONNECTION)),0);
+
+        //use TLS (needs version 3)
+        if ($cnf['starttls']) {
+          if (!@ldap_start_tls($LDAP_CONNECTION)){
+            msg('Starting TLS failed',-1);
+            if($cnf['debug'])
+              msg('LDAP errstr: '.htmlspecialchars(ldap_error($LDAP_CONNECTION)),0);
+          }
+        }
       }
     }
   }
-- 
cgit v1.2.3