Skip to content
Browse files

MDL-3941 auth/cas auth/ldap enrol/ldap Add support for LDAP-TLS.

Credit goes to Chris Bandy for proposing the initial patch.
  • Loading branch information...
1 parent 0395306 commit 326929d54a4d65f84933c6c26f42cbe7c4b79b0f Iñaki Arenaza committed with iarenaza Aug 24, 2010
View
4 auth/cas/auth.php
@@ -280,6 +280,9 @@ function process_config($config) {
if (!isset($config->host_url)) {
$config->host_url = '';
}
+ if (!isset($config->start_tls)) {
+ $config->start_tls = false;
+ }
if (empty($config->ldapencoding)) {
$config->ldapencoding = 'utf-8';
}
@@ -345,6 +348,7 @@ function process_config($config) {
// save LDAP settings
set_config('host_url', trim($config->host_url), $this->pluginconfig);
+ set_config('start_tls', $config->start_tls, $this->pluginconfig);
set_config('ldapencoding', trim($config->ldapencoding), $this->pluginconfig);
set_config('pagesize', (int)trim($config->pagesize), $this->pluginconfig);
set_config('contexts', trim($config->contexts), $this->pluginconfig);
View
16 auth/cas/config.html
@@ -41,6 +41,9 @@
if (!isset($config->host_url)) {
$config->host_url = '';
}
+if (!isset($config->start_tls)) {
+ $config->start_tls = false;
+}
if (empty($config->ldapencoding)) {
$config->ldapencoding = 'utf-8';
}
@@ -235,7 +238,7 @@
</td>
</tr>
<tr valign="top" class="required">
- <td align="right"><label for="menuldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label></td>
+ <td align="right"><label for="ldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label></td>
<td>
<?php
$versions = array();
@@ -249,6 +252,17 @@
<?php print_string('auth_ldap_version', 'auth_ldap') ?>
</td>
</tr>
+<tr valign="top">
+ <td align="right">
+ <label for="start_tls"><?php print_string('start_tls_key', 'auth_ldap') ?></label>
+ </td>
+ <td>
+ <?php echo html_writer::select($yesno, 'start_tls', $config->start_tls, false); ?>
+ </td>
+ <td>
+ <?php print_string('start_tls', 'auth_ldap') ?>
+ </td>
+</tr>
<tr valign="top" class="required">
<td align="right">
<label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
View
2 auth/cas/version.php
@@ -21,7 +21,7 @@
* @subpackage cas
* @author Martin Dougiamas
* @author Jerome GUTIERREZ
- * @author Iñaky Arenaza
+ * @author Iñaki Arenaza
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
View
6 auth/ldap/auth.php
@@ -1726,6 +1726,9 @@ function process_config($config) {
if (!isset($config->host_url)) {
$config->host_url = '';
}
+ if (!isset($config->start_tls)) {
+ $config->start_tls = false;
+ }
if (empty($config->ldapencoding)) {
$config->ldapencoding = 'utf-8';
}
@@ -1831,6 +1834,7 @@ function process_config($config) {
// Save settings
set_config('host_url', trim($config->host_url), $this->pluginconfig);
+ set_config('start_tls', $config->start_tls, $this->pluginconfig);
set_config('ldapencoding', trim($config->ldapencoding), $this->pluginconfig);
set_config('pagesize', (int)trim($config->pagesize), $this->pluginconfig);
set_config('contexts', $config->contexts, $this->pluginconfig);
@@ -2023,7 +2027,7 @@ function ldap_connect() {
if($ldapconnection = ldap_connect_moodle($this->config->host_url, $this->config->ldap_version,
$this->config->user_type, $this->config->bind_dn,
$this->config->bind_pw, $this->config->opt_deref,
- $debuginfo)) {
+ $debuginfo, $this->config->start_tls)) {
$this->ldapconns = 1;
$this->ldapconnection = $ldapconnection;
return $ldapconnection;
View
16 auth/ldap/config.html
@@ -4,6 +4,9 @@
if (!isset($config->host_url)) {
$config->host_url = '';
}
+if (!isset($config->start_tls)) {
+ $config->start_tls = false;
+}
if (empty($config->ldapencoding)) {
$config->ldapencoding = 'utf-8';
}
@@ -124,7 +127,7 @@
</tr>
<tr valign="top" class="required">
<td align="right">
- <label for="menuldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label>
+ <label for="ldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label>
</td>
<td>
<?php
@@ -139,6 +142,17 @@
<?php print_string('auth_ldap_version', 'auth_ldap') ?>
</td>
</tr>
+<tr valign="top">
+ <td align="right">
+ <label for="start_tls"><?php print_string('start_tls_key', 'auth_ldap') ?></label>
+ </td>
+ <td>
+ <?php echo html_writer::select($yesno, 'start_tls', $config->start_tls, false); ?>
+ </td>
+ <td>
+ <?php print_string('start_tls', 'auth_ldap') ?>
+ </td>
+</tr>
<tr valign="top" class="required">
<td align="right">
<label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
View
2 auth/ldap/lang/en/auth_ldap.php
@@ -135,6 +135,8 @@
$string['pluginnotenabled'] = 'Plugin not enabled!';
$string['renamingnotallowed'] = 'User renaming not allowed in LDAP';
$string['rootdseerror'] = 'Error querying rootDSE for Active Directory';
+$string['start_tls'] = 'Use regular LDAP service (port 389) with TLS encryption';
+$string['start_tls_key'] = 'Use TLS';
$string['updateremfail'] = 'Error updating LDAP record. Error code: {$a->errno}; Error string: {$a->errstring}<br/>Key ({$a->key}) - old moodle value: \'{$a->ouvalue}\' new value: \'{$a->nuvalue}\'';
$string['updateremfailamb'] = 'Failed to update LDAP with ambiguous field {$a->key}; old moodle value: \'{$a->ouvalue}\', new value: \'{$a->nuvalue}\'';
$string['updatepasserror'] = 'Error in user_update_password(). Error code: {$a->errno}; Error string: {$a->errstring}';
View
2 auth/ldap/version.php
@@ -20,7 +20,7 @@
* @package auth
* @subpackage ldap
* @author Martin Dougiamas
- * @author Iñaky Arenaza
+ * @author Iñaki Arenaza
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
View
2 enrol/ldap/lib.php
@@ -618,7 +618,7 @@ protected function ldap_connect() {
if ($ldapconnection = ldap_connect_moodle($this->get_config('host_url'), $this->get_config('ldap_version'),
$this->get_config('user_type'), $this->get_config('bind_dn'),
$this->get_config('bind_pw'), $this->get_config('opt_deref'),
- $debuginfo)) {
+ $debuginfo, $this->get_config('start_tls'))) {
$this->ldapconns = 1;
$this->ldapconnection = $ldapconnection;
return $ldapconnection;
View
1 enrol/ldap/settings.php
@@ -43,6 +43,7 @@
//--- connection settings ---
$settings->add(new admin_setting_heading('enrol_ldap_server_settings', get_string('server_settings', 'enrol_ldap'), ''));
$settings->add(new admin_setting_configtext_trim_lower('enrol_ldap/host_url', get_string('host_url_key', 'enrol_ldap'), get_string('host_url', 'enrol_ldap'), ''));
+ $settings->add(new admin_setting_configselect('enrol_ldap/start_tls', get_string('start_tls_key', 'auth_ldap'), get_string('start_tls', 'auth_ldap'), 0, $yesno));
// Set LDAPv3 as the default. Nowadays all the servers support it and it gives us some real benefits.
$options = array(3=>'3', 2=>'2');
$settings->add(new admin_setting_configselect('enrol_ldap/ldap_version', get_string('version_key', 'enrol_ldap'), get_string('version', 'enrol_ldap'), 3, $options));
View
8 lib/ldaplib.php
@@ -163,9 +163,10 @@ function ldap_isgroupmember($ldapconnection, $userid, $group_dns, $member_attrib
* @param string $bind_pw the password for the binding user. Ignored for anonymous bindings.
* @param boolean $opt_deref whether to set LDAP_OPT_DEREF on this connection or not.
* @param string &$debuginfo the debugging information in case the connection fails.
+ * @param boolean $start_tls whether to use LDAP with TLS (not to be confused with LDAP+SSL)
* @return mixed connection result or false.
*/
-function ldap_connect_moodle($host_url, $ldap_version, $user_type, $bind_dn, $bind_pw, $opt_deref, &$debuginfo) {
+function ldap_connect_moodle($host_url, $ldap_version, $user_type, $bind_dn, $bind_pw, $opt_deref, &$debuginfo, $start_tls=false) {
if (empty($host_url) || empty($ldap_version) || empty($user_type)) {
$debuginfo = 'No LDAP Host URL, Version or User Type specified in your LDAP settings';
return false;
@@ -194,6 +195,11 @@ function ldap_connect_moodle($host_url, $ldap_version, $user_type, $bind_dn, $bi
ldap_set_option($connresult, LDAP_OPT_DEREF, $opt_deref);
}
+ if ($start_tls && (!ldap_start_tls($connresult))) {
+ $debuginfo .= "Server: '$server', Connection: '$connresult', STARTTLS failed.\n";
+ continue;
+ }
+
if (!empty($bind_dn)) {
$bindresult = @ldap_bind($connresult, $bind_dn, $bind_pw);
} else {

0 comments on commit 326929d

Please sign in to comment.
Something went wrong with that request. Please try again.