summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Auth/Verify/LDAP.pm8
-rw-r--r--Bugzilla/Config/LDAP.pm6
-rw-r--r--template/en/default/admin/params/ldap.html.tmpl3
-rw-r--r--template/en/default/global/code-error.html.tmpl3
4 files changed, 20 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index dccfa0b7c..2ee5247ec 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -164,6 +164,14 @@ sub ldap {
my $conn_string = "$protocol://$server:$port";
$self->{ldap} = new Net::LDAP($conn_string)
|| ThrowCodeError("ldap_connect_failed", { server => $conn_string });
+
+ # try to start TLS if needed
+ if (Param("LDAPstarttls")) {
+ my $mesg = $self->{ldap}->start_tls();
+ ThrowCodeError("ldap_start_tls_failed", { error => $mesg->error() })
+ if $mesg->code();
+ }
+
return $self->{ldap};
}
diff --git a/Bugzilla/Config/LDAP.pm b/Bugzilla/Config/LDAP.pm
index 3f123243b..a9b46382e 100644
--- a/Bugzilla/Config/LDAP.pm
+++ b/Bugzilla/Config/LDAP.pm
@@ -47,6 +47,12 @@ sub get_param_list {
},
{
+ name => 'LDAPstarttls',
+ type => 'b',
+ default => 0
+ },
+
+ {
name => 'LDAPbinddn',
type => 't',
default => ''
diff --git a/template/en/default/admin/params/ldap.html.tmpl b/template/en/default/admin/params/ldap.html.tmpl
index 0490aa675..aef2713b1 100644
--- a/template/en/default/admin/params/ldap.html.tmpl
+++ b/template/en/default/admin/params/ldap.html.tmpl
@@ -29,6 +29,9 @@
"(e.g. ldap.company.com, or ldap.company.com:portnum). " _
"Can be prefixed with ldap:// (default) or ldaps:// (for a secure connection).",
+ LDAPstartls => "Whether to require encrypted communication once normal " _
+ "LDAP connection achieved with the server.",
+
LDAPbinddn => "If your LDAP server requires that you use a binddn and password " _
"instead of binding anonymously, enter it here " _
"(e.g. cn=default,cn=user:password). " _
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index a83629713..0ec46461f 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -270,6 +270,9 @@
[% ELSIF error == "ldap_connect_failed" %]
Could not connect to the LDAP server <code>[% server FILTER html %]</code>.
+ [% ELSIF error == "ldap_start_tls_failed" %]
+ Could not start TLS with LDAP server: <code>[% error FILTER html %]</code>.
+
[% ELSIF error == "ldap_search_error" %]
An error occurred while trying to search LDAP for
&quot;[% username FILTER html %]&quot;: