Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add ldapVerify option for SSL cert validation
  • Loading branch information
maxbes committed Jul 30, 2020
1 parent 8c77d48 commit fdf3932
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions lib/Apache/Session/Browseable/Store/LDAP.pm
Expand Up @@ -154,10 +154,18 @@ sub ldap {
push @servers, $server;
}

# Compatibility
my $caFile = $self->{args}->{ldapCAFile} || $self->{args}->{caFile};
my $caPath = $self->{args}->{ldapCAPath} || $self->{args}->{caPath};

# Connect
my $ldap = Net::LDAP->new(
\@servers,
onerror => undef,
verify => $self->{args}->{ldapVerify} || "require",
( $caFile ? ( cafile => $caFile ) : () ),
( $caPath ? ( capath => $caPath ) : () ),

(
$self->{args}->{ldapRaw} ? ( raw => $self->{args}->{ldapRaw} )
: ()
Expand All @@ -169,10 +177,12 @@ sub ldap {
) or die( 'Unable to connect to ' . join( ' ', @servers ) );

# Start TLS if needed

if ($useTls) {
my %h = split( /[&=]/, $tlsParam );
$h{cafile} = $self->{args}->{caFile} if ( $self->{args}->{caFile} );
$h{capath} = $self->{args}->{caPath} if ( $self->{args}->{caPath} );
$h{verify} = $self->{args}->{ldapVerify} || "require";
$h{cafile} = $caFile if ( $caFile );
$h{capath} = $caPath if ( $caPath );
my $start_tls = $ldap->start_tls(%h);
if ( $start_tls->code ) {
$self->logError($start_tls);
Expand Down

0 comments on commit fdf3932

Please sign in to comment.