mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix AD auth with untrusted certificates. LDAPTLS_REQCERT=never must be

Browse Source 
set before ldap_connect.
This commit is contained in:
Tony Murray
2015-11-13 11:05:05 -06:00
parent 52c4621095
commit 02d54e9c50
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
html/includes/authentication/active_directory.inc.php
View File

@@ -2,6 +2,12 @@
// easier to rewrite for Active Directory than to bash it into existing LDAP implementation // easier to rewrite for Active Directory than to bash it into existing LDAP implementation
// disable certificate checking before connect if required
if (isset($config['auth_ad_dont_check_certificates']) &&
$config['auth_ad_dont_check_certificates'] > 0) {
putenv('LDAPTLS_REQCERT=never');
};
$ds = @ldap_connect($config['auth_ad_url']); $ds = @ldap_connect($config['auth_ad_url']);
// disable referrals and force ldap version to 3 // disable referrals and force ldap version to 3
@@ -9,13 +15,6 @@ $ds = @ldap_connect($config['auth_ad_url']);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// disable certificate checking if required
if (isset($config['auth_ad_dont_check_certificates']) &&
$config['auth_ad_dont_check_certificates'] > 0) {
putenv('LDAPTLS_REQCERT=never');
};
function authenticate($username, $password) { function authenticate($username, $password) {
global $config, $ds; global $config, $ds;