From 9ba60234f46f8f5a291983111951c6158671f7d7 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Fri, 2 Jun 2006 18:52:48 +0000
Subject: Bug 282687: LDAP: TLS Support - Patch by guillomovitch@zarb.org
r=mkanat a=justdave
---
Bugzilla/Auth/Verify/LDAP.pm | 8 ++++++++
Bugzilla/Config/LDAP.pm | 6 ++++++
template/en/default/admin/params/ldap.html.tmpl | 3 +++
template/en/default/global/code-error.html.tmpl | 3 +++
4 files changed, 20 insertions(+)
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index dccfa0b7c..2ee5247ec 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -164,6 +164,14 @@ sub ldap {
my $conn_string = "$protocol://$server:$port";
$self->{ldap} = new Net::LDAP($conn_string)
|| ThrowCodeError("ldap_connect_failed", { server => $conn_string });
+
+ # try to start TLS if needed
+ if (Param("LDAPstarttls")) {
+ my $mesg = $self->{ldap}->start_tls();
+ ThrowCodeError("ldap_start_tls_failed", { error => $mesg->error() })
+ if $mesg->code();
+ }
+
return $self->{ldap};
}
diff --git a/Bugzilla/Config/LDAP.pm b/Bugzilla/Config/LDAP.pm
index 3f123243b..a9b46382e 100644
--- a/Bugzilla/Config/LDAP.pm
+++ b/Bugzilla/Config/LDAP.pm
@@ -46,6 +46,12 @@ sub get_param_list {
default => ''
},
+ {
+ name => 'LDAPstarttls',
+ type => 'b',
+ default => 0
+ },
+
{
name => 'LDAPbinddn',
type => 't',
diff --git a/template/en/default/admin/params/ldap.html.tmpl b/template/en/default/admin/params/ldap.html.tmpl
index 0490aa675..aef2713b1 100644
--- a/template/en/default/admin/params/ldap.html.tmpl
+++ b/template/en/default/admin/params/ldap.html.tmpl
@@ -29,6 +29,9 @@
"(e.g. ldap.company.com, or ldap.company.com:portnum). " _
"Can be prefixed with ldap:// (default) or ldaps:// (for a secure connection).",
+ LDAPstartls => "Whether to require encrypted communication once normal " _
+ "LDAP connection achieved with the server.",
+
LDAPbinddn => "If your LDAP server requires that you use a binddn and password " _
"instead of binding anonymously, enter it here " _
"(e.g. cn=default,cn=user:password). " _
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index a83629713..0ec46461f 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -270,6 +270,9 @@
[% ELSIF error == "ldap_connect_failed" %]
Could not connect to the LDAP server [% server FILTER html %]
.
+ [% ELSIF error == "ldap_start_tls_failed" %]
+ Could not start TLS with LDAP server: [% error FILTER html %]
.
+
[% ELSIF error == "ldap_search_error" %]
An error occurred while trying to search LDAP for
"[% username FILTER html %]":
--
cgit v1.2.3-24-g4f1b