diff options
-rw-r--r-- | Bugzilla/Auth/Verify/LDAP.pm | 8 | ||||
-rw-r--r-- | Bugzilla/Config/LDAP.pm | 6 | ||||
-rw-r--r-- | template/en/default/admin/params/ldap.html.tmpl | 3 | ||||
-rw-r--r-- | template/en/default/global/code-error.html.tmpl | 3 |
4 files changed, 20 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm index dccfa0b7c..2ee5247ec 100644 --- a/Bugzilla/Auth/Verify/LDAP.pm +++ b/Bugzilla/Auth/Verify/LDAP.pm @@ -164,6 +164,14 @@ sub ldap { my $conn_string = "$protocol://$server:$port"; $self->{ldap} = new Net::LDAP($conn_string) || ThrowCodeError("ldap_connect_failed", { server => $conn_string }); + + # try to start TLS if needed + if (Param("LDAPstarttls")) { + my $mesg = $self->{ldap}->start_tls(); + ThrowCodeError("ldap_start_tls_failed", { error => $mesg->error() }) + if $mesg->code(); + } + return $self->{ldap}; } diff --git a/Bugzilla/Config/LDAP.pm b/Bugzilla/Config/LDAP.pm index 3f123243b..a9b46382e 100644 --- a/Bugzilla/Config/LDAP.pm +++ b/Bugzilla/Config/LDAP.pm @@ -47,6 +47,12 @@ sub get_param_list { }, { + name => 'LDAPstarttls', + type => 'b', + default => 0 + }, + + { name => 'LDAPbinddn', type => 't', default => '' diff --git a/template/en/default/admin/params/ldap.html.tmpl b/template/en/default/admin/params/ldap.html.tmpl index 0490aa675..aef2713b1 100644 --- a/template/en/default/admin/params/ldap.html.tmpl +++ b/template/en/default/admin/params/ldap.html.tmpl @@ -29,6 +29,9 @@ "(e.g. ldap.company.com, or ldap.company.com:portnum). " _ "Can be prefixed with ldap:// (default) or ldaps:// (for a secure connection).", + LDAPstartls => "Whether to require encrypted communication once normal " _ + "LDAP connection achieved with the server.", + LDAPbinddn => "If your LDAP server requires that you use a binddn and password " _ "instead of binding anonymously, enter it here " _ "(e.g. cn=default,cn=user:password). " _ diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index a83629713..0ec46461f 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -270,6 +270,9 @@ [% ELSIF error == "ldap_connect_failed" %] Could not connect to the LDAP server <code>[% server FILTER html %]</code>. + [% ELSIF error == "ldap_start_tls_failed" %] + Could not start TLS with LDAP server: <code>[% error FILTER html %]</code>. + [% ELSIF error == "ldap_search_error" %] An error occurred while trying to search LDAP for "[% username FILTER html %]": |