diff --git a/blueprints.yaml b/blueprints.yaml index 4141bf9..ed95f2f 100644 --- a/blueprints.yaml +++ b/blueprints.yaml @@ -84,6 +84,18 @@ form: validate: type: bool + ignore_ssl_errors: + type: toggle + label: Ignore SSL Errors + help: Ignore errors from self-signed certificates. + default: false + highlight: 0 + options: + 1: PLUGIN_ADMIN.YES + 0: PLUGIN_ADMIN.NO + validate: + type: bool + start_tls: type: toggle label: PLUGIN_LOGIN_LDAP.NEGOTIATE_TLS diff --git a/login-ldap.php b/login-ldap.php index 5ade99e..fcfe0a6 100644 --- a/login-ldap.php +++ b/login-ldap.php @@ -94,6 +94,7 @@ public function userLoginAuthenticate(UserLoginEvent $event) $start_tls = $this->config->get('plugins.login-ldap.start_tls'); $opt_referrals = $this->config->get('plugins.login-ldap.opt_referrals'); $blacklist = $this->config->get('plugins.login-ldap.blacklist_ldap_fields', []); + $ignore_ssl_error = $this->config->get('plugins.login-ldap.ignore_ssl_errors'); if (is_null($host)) { throw new ConnectionException('FATAL: LDAP host entry missing in plugin configuration...'); @@ -108,6 +109,10 @@ public function userLoginAuthenticate(UserLoginEvent $event) $encryption = 'none'; } + if ($ignore_ssl_error) { + putenv('LDAPTLS_REQCERT=never'); + } + try { /** @var Ldap $ldap */ $ldap = Ldap::create('ext_ldap', array( diff --git a/login-ldap.yaml b/login-ldap.yaml index 60f4f14..95fbec5 100644 --- a/login-ldap.yaml +++ b/login-ldap.yaml @@ -3,6 +3,7 @@ host: port: 389 version: 3 ssl: false +ignore_ssl_errors: false start_tls: false opt_referrals: false user_dn: 'uid=[username],dc=company,dc=com'