Merge pull request #2425 from murrant/master

Fix AD auth with untrusted certificates

AUTHORS.md

@@ -68,4 +68,5 @@ Contributors to LibreNMS:
 - Robert Gornall <roblnm@khobbits.co.uk (KHobbits)
 - Rob Gormley <robert@gormley.me> (rgormley)
 - Richard Kojedzinszky <krichy@nmdps.net> (rkojedzinszky)
+- Tony Murray <murraytony@gmail.com> (murrant)
 [1]: http://observium.org/ "Observium web site"

html/includes/authentication/active_directory.inc.php

@@ -2,6 +2,12 @@
 
 // easier to rewrite for Active Directory than to bash it into existing LDAP implementation
 
+// disable certificate checking before connect if required
+if (isset($config['auth_ad_dont_check_certificates']) &&
+          $config['auth_ad_dont_check_certificates'] > 0) {
+    putenv('LDAPTLS_REQCERT=never');
+};
+
 $ds = @ldap_connect($config['auth_ad_url']);
 
 // disable referrals and force ldap version to 3
@@ -9,13 +15,6 @@ $ds = @ldap_connect($config['auth_ad_url']);
 ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
 
-// disable certificate checking if required
-
-if (isset($config['auth_ad_dont_check_certificates']) &&
-          $config['auth_ad_dont_check_certificates'] > 0) {
-    putenv('LDAPTLS_REQCERT=never');
-};
-
 function authenticate($username, $password) {
     global $config, $ds;