Merge pull request #1524 from owncloud/fix_ldaps_tls_setting
LDAP: don't try to put TLS on top of already secure connection (will fail).
This commit is contained in:
blizzz
commit
6cff5418a7
|
|
@ -409,6 +409,11 @@ class Connection {
|
|||
$this->config[$key] = array();
|
||||
}
|
||||
}
|
||||
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
|
||||
&& $this->config['ldapTLS']) {
|
||||
$this->config['ldapTLS'] = false;
|
||||
\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
@ -523,7 +528,7 @@ class Connection {
|
|||
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
|
||||
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
|
||||
$bindStatus = $this->bind();
|
||||
$error = ldap_errno($this->ldapConnectionRes);
|
||||
$error = is_resource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1;
|
||||
} else {
|
||||
$bindStatus = false;
|
||||
$error = null;
|
||||
|
|
@ -547,6 +552,9 @@ class Connection {
|
|||
}
|
||||
|
||||
private function doConnect($host, $port) {
|
||||
if(empty($host)) {
|
||||
return false;
|
||||
}
|
||||
$this->ldapConnectionRes = ldap_connect($host, $port);
|
||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
||||
|
|
@ -564,9 +572,13 @@ class Connection {
|
|||
if(!$this->config['ldapConfigurationActive']) {
|
||||
return false;
|
||||
}
|
||||
$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
|
||||
$cr = $this->getConnectionResource();
|
||||
if(!is_resource($cr)) {
|
||||
return false;
|
||||
}
|
||||
$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
|
||||
if(!$ldapLogin) {
|
||||
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
|
||||
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR);
|
||||
$this->ldapConnectionRes = null;
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@
|
|||
<p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php echo $_['ldap_backup_host_default']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
|
||||
<p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php echo $_['ldap_backup_port_default']; ?>" /></p>
|
||||
<p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php echo $_['ldap_override_main_server_default']; ?>" title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
|
||||
<p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p>
|
||||
<p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it additionally for LDAPS connections, it will fail.');?>" /></p>
|
||||
<p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php echo $_['ldap_nocase_default']; ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
|
||||
<p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" data-default="<?php echo $_['ldap_turn_off_cert_check_default']; ?>" value="1"><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
|
||||
<p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" data-default="<?php echo $_['ldap_cache_ttl_default']; ?>" /></p>
|
||||
|
|
|
|||
Loading…
Reference in New Issue