From de9a9bc00433a8793e9586cb3fbf6256104d6103 Mon Sep 17 00:00:00 2001
From: Jarkko Lehtoranta <devel@jlranta.com>
Date: Tue, 13 Jun 2017 21:30:41 +0300
Subject: [PATCH] LDAP: Throw an exception if Start TLS fails

This ensures that only a secure connection to the LDAP server will be used,
if Start TLS has been enabled.

Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
---
 apps/user_ldap/lib/Connection.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 66dfd80adc..f286a2450c 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -586,7 +586,9 @@ class Connection extends LDAPUtility {
 		if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
 			if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
 				if($this->configuration->ldapTLS) {
-					$this->ldap->startTls($this->ldapConnectionRes);
+					if(!$this->ldap->startTls($this->ldapConnectionRes)) {
+						throw new \OC\ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
+					}
 				}
 			}
 		} else {