From 0155effdb75f3c1508ab96a14eb957fb434e51af Mon Sep 17 00:00:00 2001
From: Markus Kalkbrenner <markus.kalkbrenner@bio.logis.de>
Date: Thu, 17 Nov 2011 11:16:56 +0100
Subject: [PATCH] - bugfix: allow anonymous bind for search, then bind with
 users credentials. - added explaination how to setup anonymous bind for
 search to template - make usage of TLS configurable

---
 apps/user_ldap/settings.php           |  6 +++++-
 apps/user_ldap/templates/settings.php |  4 +++-
 apps/user_ldap/user_ldap.php          | 14 ++++++++------
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 8dbd3c0462..b922ac99f9 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,12 +20,16 @@
  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
  *
  */
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter', 'ldap_tls');
 
 foreach($params as $param){
 	if(isset($_POST[$param])){
 		OC_Appconfig::setValue('user_ldap', $param, $_POST[$param]);
 	}
+	elseif('ldap_tls' == $param) {
+		// unchecked checkboxes are not included in the post paramters
+		OC_Appconfig::setValue('user_ldap', $param, 0);
+	}
 }
 
 // fill template
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 32e1b29daf..374f124174 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -4,9 +4,11 @@
 		<p><label for="ldap_host">Host<input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>"></label>
 		<label for="ldap_port">Port</label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
 		<p><label for="ldap_dn">Name</label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" />
-		<label for="ldap_password">Password</label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" /></p>
+		<label for="ldap_password">Password</label><input type="password" id="ldap_password" name="ldap_password" value="<?php echo $_['ldap_password']; ?>" />
+		Leave both empty for anonymous bind for search, then bind with users credentials.</p>
 		<p><label for="ldap_base">Base</label><input type="text" id="ldap_base" name="ldap_base" value="<?php echo $_['ldap_base']; ?>" />
 		<label for="ldap_filter">Filter (use %uid placeholder)</label><input type="text" id="ldap_filter" name="ldap_filter" value="<?php echo $_['ldap_filter']; ?>" /></p>
+		<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
 		<input type="submit" value="Save" />
 	</fieldset>
 </form>
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 4fb8daf3c4..1100be81eb 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -33,6 +33,7 @@ class OC_USER_LDAP extends OC_User_Backend {
 	protected $ldap_password;
 	protected $ldap_base;
 	protected $ldap_filter;
+	protected $ldap_tls;
 
 	function __construct() {
 		$this->ldap_host = OC_Appconfig::getValue('user_ldap', 'ldap_host','');
@@ -41,11 +42,11 @@ class OC_USER_LDAP extends OC_User_Backend {
 		$this->ldap_password = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
 		$this->ldap_base = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
 		$this->ldap_filter = OC_Appconfig::getValue('user_ldap', 'ldap_filter','');
+		$this->ldap_tls = OC_Appconfig::getValue('user_tls', 'ldap_tls', 0);
 
 		if( !empty($this->ldap_host)
 			&& !empty($this->ldap_port)
-			&& !empty($this->ldap_dn)
-			&& !empty($this->ldap_password)
+			&& ((!empty($this->ldap_dn) && !empty($this->ldap_password)) || (empty($this->ldap_dn) && empty($this->ldap_password)))
 			&& !empty($this->ldap_base)
 			&& !empty($this->ldap_filter)
 		)
@@ -63,9 +64,10 @@ class OC_USER_LDAP extends OC_User_Backend {
 	private function getDs() {
 		if(!$this->ds) {
 			$this->ds = ldap_connect( $this->ldap_host, $this->ldap_port );
-			   if(ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3))
-				 if(ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0))
-					  @ldap_start_tls($this->ds);
+				if(ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3))
+					if(ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0))
+						if($this->ldap_tls)
+							ldap_start_tls($this->ds);
 		}
 
 		// login
@@ -149,4 +151,4 @@ class OC_USER_LDAP extends OC_User_Backend {
 
 }
 
-?>
\ No newline at end of file
+?>
-- 
GitLab