From c20574313a9793572e501ef86c81e8b78d907ce4 Mon Sep 17 00:00:00 2001 From: Brayan Pereyra Date: Fri, 26 Sep 2025 21:56:16 +0000 Subject: [PATCH] Fix the conection TLS LDAP in authentication sources --- workflow/engine/classes/LdapSource.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/workflow/engine/classes/LdapSource.php b/workflow/engine/classes/LdapSource.php index 21d06685e..690ecbe9b 100644 --- a/workflow/engine/classes/LdapSource.php +++ b/workflow/engine/classes/LdapSource.php @@ -42,7 +42,6 @@ class LdapSource $ldapcnn = ldap_connect($authSourceData['AUTH_SOURCE_SERVER_NAME'], $authSourceData['AUTH_SOURCE_PORT']); $this->stdLog($ldapcnn, 'ldap_connect', $loggableAuthSource); - $ldapServer = $authSourceData['AUTH_SOURCE_SERVER_NAME'] . ':' . $authSourceData['AUTH_SOURCE_PORT']; ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3); @@ -52,6 +51,7 @@ class LdapSource $resultLDAPStartTLS = true; if (isset($authSourceData['AUTH_SOURCE_ENABLED_TLS']) && $authSourceData['AUTH_SOURCE_ENABLED_TLS']) { + ldap_set_option($ldapcnn, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW); $resultLDAPStartTLS = @ldap_start_tls($ldapcnn); $this->stdLog($ldapcnn, 'ldap_start_tls', $loggableAuthSource); $ldapServer = 'TLS ' . $ldapServer; @@ -59,11 +59,12 @@ class LdapSource if ($authSourceData['AUTH_ANONYMOUS'] == '1') { $bBind = ldap_bind($ldapcnn); - $this->log($ldapcnn, 'bind $ldapServer like anonymous user'); + $this->log($ldapcnn, 'bind ' . $ldapServer . ' like anonymous user'); } else { $bBind = ldap_bind($ldapcnn, $authSourceData['AUTH_SOURCE_SEARCH_USER'], $authSourceData['AUTH_SOURCE_PASSWORD']); - $this->log($ldapcnn, 'bind $ldapServer with user ' . $loggableAuthSource['AUTH_SOURCE_SEARCH_USER']); + $this->log($ldapcnn, 'bind ' . $ldapServer . ' with user ' . $loggableAuthSource['AUTH_SOURCE_SEARCH_USER']); } + $this->stdLog($ldapcnn, 'ldap_bind', $loggableAuthSource); $this->getDiagnosticMessage($ldapcnn); if (!$bBind) {