From 9ba60234f46f8f5a291983111951c6158671f7d7 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Fri, 2 Jun 2006 18:52:48 +0000
Subject: Bug 282687: LDAP: TLS Support - Patch by guillomovitch@zarb.org
 r=mkanat a=justdave

---
 Bugzilla/Auth/Verify/LDAP.pm                    | 8 ++++++++
 Bugzilla/Config/LDAP.pm                         | 6 ++++++
 template/en/default/admin/params/ldap.html.tmpl | 3 +++
 template/en/default/global/code-error.html.tmpl | 3 +++
 4 files changed, 20 insertions(+)

diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index dccfa0b7c..2ee5247ec 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -164,6 +164,14 @@ sub ldap {
     my $conn_string = "$protocol://$server:$port";
     $self->{ldap} = new Net::LDAP($conn_string) 
         || ThrowCodeError("ldap_connect_failed", { server => $conn_string });
+
+    # try to start TLS if needed
+    if (Param("LDAPstarttls")) {
+        my $mesg = $self->{ldap}->start_tls();
+        ThrowCodeError("ldap_start_tls_failed", { error => $mesg->error() })
+            if $mesg->code();
+    }
+
     return $self->{ldap};
 }
 
diff --git a/Bugzilla/Config/LDAP.pm b/Bugzilla/Config/LDAP.pm
index 3f123243b..a9b46382e 100644
--- a/Bugzilla/Config/LDAP.pm
+++ b/Bugzilla/Config/LDAP.pm
@@ -46,6 +46,12 @@ sub get_param_list {
    default => ''
   },
 
+  {
+   name => 'LDAPstarttls',
+   type => 'b',
+   default => 0
+  },
+
   {
    name => 'LDAPbinddn',
    type => 't',
diff --git a/template/en/default/admin/params/ldap.html.tmpl b/template/en/default/admin/params/ldap.html.tmpl
index 0490aa675..aef2713b1 100644
--- a/template/en/default/admin/params/ldap.html.tmpl
+++ b/template/en/default/admin/params/ldap.html.tmpl
@@ -29,6 +29,9 @@
                 "(e.g. ldap.company.com, or ldap.company.com:portnum). " _
                 "Can be prefixed with ldap:// (default) or ldaps:// (for a secure connection).",
 
+  LDAPstartls => "Whether to require encrypted communication once normal " _
+                 "LDAP connection achieved with the server.",
+
   LDAPbinddn => "If your LDAP server requires that you use a binddn and password " _
                 "instead of binding anonymously, enter it here " _
                 "(e.g. cn=default,cn=user:password). " _
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index a83629713..0ec46461f 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -270,6 +270,9 @@
   [% ELSIF error == "ldap_connect_failed" %]
     Could not connect to the LDAP server <code>[% server FILTER html %]</code>.
 
+  [% ELSIF error == "ldap_start_tls_failed" %]
+    Could not start TLS with LDAP server: <code>[% error FILTER html %]</code>.
+
   [% ELSIF error == "ldap_search_error" %]
     An error occurred while trying to search LDAP for 
     &quot;[% username FILTER html %]&quot;: 
-- 
cgit v1.2.3-24-g4f1b