From 383e40636bffe22faba373a1a3b4b9e9f5a470f1 Mon Sep 17 00:00:00 2001 From: S-A-L13 Date: Thu, 22 Feb 2024 14:54:55 +0100 Subject: [PATCH 1/2] Added StartTLS functionality Added StartTLS in function Connect(). And also added parameters in config to activate StartTLS. --- plugins/ldap-identities/LdapConfig.php | 3 +++ plugins/ldap-identities/LdapIdentities.php | 9 +++++++++ plugins/ldap-identities/index.php | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/plugins/ldap-identities/LdapConfig.php b/plugins/ldap-identities/LdapConfig.php index d737e73703..8cebd8b2cf 100644 --- a/plugins/ldap-identities/LdapConfig.php +++ b/plugins/ldap-identities/LdapConfig.php @@ -7,6 +7,7 @@ class LdapConfig { public const CONFIG_SERVER = "server"; public const CONFIG_PROTOCOL_VERSION = "server_version"; + public const CONFIG_STARTTLS = "starttls"; public const CONFIG_BIND_USER = "bind_user"; public const CONFIG_BIND_PASSWORD = "bind_password"; @@ -28,6 +29,7 @@ class LdapConfig public $server; public $protocol; + public $starttls; public $bind_user; public $bind_password; public $user_base; @@ -48,6 +50,7 @@ public static function MakeConfig(Plugin $config): LdapConfig $ldap = new self(); $ldap->server = trim($config->Get("plugin", self::CONFIG_SERVER)); $ldap->protocol = (int)trim($config->Get("plugin", self::CONFIG_PROTOCOL_VERSION, 3)); + $ldap->starttls = (bool)trim($config->Get("plugin", self::CONFIG_STARTTLS)); $ldap->bind_user = trim($config->Get("plugin", self::CONFIG_BIND_USER)); $ldap->bind_password = trim($config->Get("plugin", self::CONFIG_BIND_PASSWORD)); $ldap->user_base = trim($config->Get("plugin", self::CONFIG_USER_BASE)); diff --git a/plugins/ldap-identities/LdapIdentities.php b/plugins/ldap-identities/LdapIdentities.php index bbe8a933e7..4f14b1bee2 100644 --- a/plugins/ldap-identities/LdapIdentities.php +++ b/plugins/ldap-identities/LdapIdentities.php @@ -178,6 +178,15 @@ private function Connect(): bool return false; } + // Activate StartTLS + if ($this->config->starttls) { + $starttlsResult = ldap_start_tls($ldap); + if (!$starttlsResult) { + $this->ldapAvailable = false; + return false; + } + } + $this->ldap = $ldap; $this->ldapConnected = true; return true; diff --git a/plugins/ldap-identities/index.php b/plugins/ldap-identities/index.php index fc66b90796..f2cc328235 100644 --- a/plugins/ldap-identities/index.php +++ b/plugins/ldap-identities/index.php @@ -57,6 +57,12 @@ protected function configMapping(): array ->SetLabel("LDAP Protocol Version") ->SetType(PluginPropertyType::SELECTION) ->SetDefaultValue([2, 3]), + + Property::NewInstance(LdapConfig::CONFIG_STARTTLS) + ->SetLabel("Use StartTLS") + ->SetType(PluginPropertyType::BOOL) + ->SetDescription("Whether or not to use TLS encrypted connection") + ->SetDefaultValue(true), Property::NewInstance(LdapConfig::CONFIG_BIND_USER) ->SetLabel("Bind User DN") From 8dac28e1a269b903c262a5d64bebdd1e6f01de69 Mon Sep 17 00:00:00 2001 From: S-A-L13 Date: Thu, 22 Feb 2024 14:56:29 +0100 Subject: [PATCH 2/2] Update index.php --- plugins/ldap-identities/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/ldap-identities/index.php b/plugins/ldap-identities/index.php index f2cc328235..19e7a15036 100644 --- a/plugins/ldap-identities/index.php +++ b/plugins/ldap-identities/index.php @@ -8,10 +8,10 @@ class LdapIdentitiesPlugin extends AbstractPlugin { const NAME = 'LDAP Identities', - VERSION = '2.1', + VERSION = '2.2', AUTHOR = 'FWest98', URL = 'https://github.com/FWest98', - RELEASE = '2022-11-09', + RELEASE = '2024-02-22', REQUIRED = '2.20.0', CATEGORY = 'Accounts', DESCRIPTION = 'Adds functionality to import account identities from LDAP.';