fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix the conection TLS LDAP in authentication sources

Browse Source
This commit is contained in:
Brayan Pereyra
2025-09-26 21:56:16 +00:00
parent 44d8dfb025
commit c20574313a
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
workflow/engine/classes/LdapSource.php
View File

@@ -42,7 +42,6 @@ class LdapSource
$ldapcnn = ldap_connect($authSourceData['AUTH_SOURCE_SERVER_NAME'], $authSourceData['AUTH_SOURCE_PORT']); $ldapcnn = ldap_connect($authSourceData['AUTH_SOURCE_SERVER_NAME'], $authSourceData['AUTH_SOURCE_PORT']);
$this->stdLog($ldapcnn, 'ldap_connect', $loggableAuthSource); $this->stdLog($ldapcnn, 'ldap_connect', $loggableAuthSource);
$ldapServer = $authSourceData['AUTH_SOURCE_SERVER_NAME'] . ':' . $authSourceData['AUTH_SOURCE_PORT']; $ldapServer = $authSourceData['AUTH_SOURCE_SERVER_NAME'] . ':' . $authSourceData['AUTH_SOURCE_PORT'];
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
@@ -52,6 +51,7 @@ class LdapSource
$resultLDAPStartTLS = true; $resultLDAPStartTLS = true;
if (isset($authSourceData['AUTH_SOURCE_ENABLED_TLS']) && $authSourceData['AUTH_SOURCE_ENABLED_TLS']) { if (isset($authSourceData['AUTH_SOURCE_ENABLED_TLS']) && $authSourceData['AUTH_SOURCE_ENABLED_TLS']) {
ldap_set_option($ldapcnn, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_ALLOW);
$resultLDAPStartTLS = @ldap_start_tls($ldapcnn); $resultLDAPStartTLS = @ldap_start_tls($ldapcnn);
$this->stdLog($ldapcnn, 'ldap_start_tls', $loggableAuthSource); $this->stdLog($ldapcnn, 'ldap_start_tls', $loggableAuthSource);
$ldapServer = 'TLS ' . $ldapServer; $ldapServer = 'TLS ' . $ldapServer;
@@ -59,11 +59,12 @@ class LdapSource
if ($authSourceData['AUTH_ANONYMOUS'] == '1') { if ($authSourceData['AUTH_ANONYMOUS'] == '1') {
$bBind = ldap_bind($ldapcnn); $bBind = ldap_bind($ldapcnn);
$this->log($ldapcnn, 'bind $ldapServer like anonymous user'); $this->log($ldapcnn, 'bind ' . $ldapServer . ' like anonymous user');
} else { } else {
$bBind = ldap_bind($ldapcnn, $authSourceData['AUTH_SOURCE_SEARCH_USER'], $authSourceData['AUTH_SOURCE_PASSWORD']); $bBind = ldap_bind($ldapcnn, $authSourceData['AUTH_SOURCE_SEARCH_USER'], $authSourceData['AUTH_SOURCE_PASSWORD']);
$this->log($ldapcnn, 'bind $ldapServer with user ' . $loggableAuthSource['AUTH_SOURCE_SEARCH_USER']); $this->log($ldapcnn, 'bind ' . $ldapServer . ' with user ' . $loggableAuthSource['AUTH_SOURCE_SEARCH_USER']);
} }
$this->stdLog($ldapcnn, 'ldap_bind', $loggableAuthSource); $this->stdLog($ldapcnn, 'ldap_bind', $loggableAuthSource);
$this->getDiagnosticMessage($ldapcnn); $this->getDiagnosticMessage($ldapcnn);
if (!$bBind) { if (!$bBind) {