From 6c14c09880bc085752a0479c512a47fe08b76aeb Mon Sep 17 00:00:00 2001
From: Christopher Tran <me@christran.in>
Date: Sat, 27 Oct 2018 16:14:19 -0400
Subject: [PATCH] Add ability to disable LDAP certificate validation
---
.env.example | 2 ++
app/Auth/Access/LdapService.php | 6 ++++++
config/services.php | 1 +
3 files changed, 9 insertions(+)
diff --git a/.env.example b/.env.example
index eda20ea26..3ca612f64 100644
--- a/.env.example
+++ b/.env.example
@@ -76,6 +76,8 @@ LDAP_GROUP_ATTRIBUTE="memberOf"
# Would you like to remove users from roles on BookStack if they do not match on LDAP
# If false, the ldap groups-roles sync will only add users to roles
LDAP_REMOVE_FROM_GROUPS=false
+# Set this option to disable LDAPS Certificate Verification
+LDAP_TLS_INSECURE=false
# Mail settings
MAIL_DRIVER=smtp
diff --git a/app/Auth/Access/LdapService.php b/app/Auth/Access/LdapService.php
index d3a177f8e..04af5b370 100644
--- a/app/Auth/Access/LdapService.php
+++ b/app/Auth/Access/LdapService.php
@@ -169,8 +169,14 @@ class LdapService
}
$hostName = $ldapServer[0] . ($hasProtocol?':':'') . $ldapServer[1];
$defaultPort = $ldapServer[0] === 'ldaps' ? 636 : 389;
+
$ldapConnection = $this->ldap->connect($hostName, count($ldapServer) > 2 ? intval($ldapServer[2]) : $defaultPort);
+ // Check if TLS_INSECURE is set
+ if($this->config['tls_insecure']) {
+ $this->ldap->setOption($ldapConnection, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
+ }
+
if ($ldapConnection === false) {
throw new LdapException(trans('errors.ldap_cannot_connect'));
}
diff --git a/config/services.php b/config/services.php
index 711040386..47fd2f2ff 100644
--- a/config/services.php
+++ b/config/services.php
@@ -148,6 +148,7 @@ return [
'user_to_groups' => env('LDAP_USER_TO_GROUPS',false),
'group_attribute' => env('LDAP_GROUP_ATTRIBUTE', 'memberOf'),
'remove_from_groups' => env('LDAP_REMOVE_FROM_GROUPS',false),
+ 'tls_insecure' => env('LDAP_TLS_INSECURE', false),
]
];