[icinga-checkins] icinga.org: icinga-web/master: * LDAP TLS feature (fixes #1980), thanks to lensen!

git at icinga.org git at icinga.org
Wed Jan 25 11:21:34 CET 2012


Module: icinga-web
Branch: master
Commit: ec770dc91518d3130a90cb4df1d5beb5e4dc120a
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=ec770dc91518d3130a90cb4df1d5beb5e4dc120a

Author: Marius Hein <marius.hein at netways.de>
Date:   Wed Jan 25 11:10:31 2012 +0100

* LDAP TLS feature (fixes #1980), thanks to lensen!

---

 app/modules/AppKit/config/auth.xml.in              |    2 ++
 .../models/Auth/Provider/LDAPModel.class.php       |    9 ++++++++-
 doc/THANKS                                         |    1 +
 etc/sitecfg/auth.xml                               |    1 +
 4 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/app/modules/AppKit/config/auth.xml.in b/app/modules/AppKit/config/auth.xml.in
index 250a518..c664555 100644
--- a/app/modules/AppKit/config/auth.xml.in
+++ b/app/modules/AppKit/config/auth.xml.in
@@ -150,6 +150,7 @@
 			</ae:parameter>
 																					
 			<ae:parameter name="ldap_dsn">ldap://ad.icinga.foo</ae:parameter>
+			<ae:parameter name="ldap_start_tls">false</ae:parameter>
 			<ae:parameter name="ldap_basedn">DC=ad,DC=icinga,DC=foo</ae:parameter>
 			<ae:parameter name="ldap_binddn">serviceuser at AD.ICINGA.FOO</ae:parameter>
 			<ae:parameter name="ldap_bindpw"><![CDATA[XXXXXXXX]]></ae:parameter>
@@ -179,6 +180,7 @@
 			</ae:parameter>
 			
 			<ae:parameter name="ldap_dsn">ldap://ldap.myopenldap.foo/</ae:parameter>
+			<ae:parameter name="ldap_start_tls">false</ae:parameter>
 			<ae:parameter name="ldap_basedn">dc=myopenldap,dc=foo</ae:parameter>
 			<ae:parameter name="ldap_binddn">cn=user,ou=authusers,dc=myopenldap,dc=foo</ae:parameter>
 			<ae:parameter name="ldap_bindpw"><![CDATA[XXXXXXXXX]]></ae:parameter>
diff --git a/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php b/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php
index a25a1f5..d950d8d 100644
--- a/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php
+++ b/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php
@@ -118,7 +118,7 @@ class AppKit_Auth_Provider_LDAPModel extends AppKitAuthProviderBaseModel impleme
                     }
                     $items['dn'] = ldap_get_dn($ldap, $eid);
                 }
-
+                
                 ldap_free_result($res);
             } else {
                 $this->log('Auth.Provider.LDAP/getLdaprecord Filter returns no result (base=%s, filter=%s)', $basedn, $filter, AgaviLogger::DEBUG);
@@ -169,6 +169,13 @@ class AppKit_Auth_Provider_LDAPModel extends AppKitAuthProviderBaseModel impleme
         ldap_set_option($res, LDAP_OPT_REFERRALS, 0);
         ldap_set_option($res, LDAP_OPT_PROTOCOL_VERSION, 3);
 
+        if ($this->getParameter('ldap_start_tls', false) == true) {
+            $this->log('Auth.Provider.LDAP: Starting TLS', AgaviLogger::DEBUG);
+            $tls = @ldap_start_tls($res);
+            $this->log('Auth.Provider.LDAP: Using TLS on connection %s.', ($tls==true && !$this->isLdapError($res, true) ? 'succeeded' : 'failed'), AgaviLogger::INFO);
+        }
+
+        
         if ($bind === true) {
 
             $binddn = $this->getParameter('ldap_binddn');
diff --git a/doc/THANKS b/doc/THANKS
index ebd2abc..d23453c 100644
--- a/doc/THANKS
+++ b/doc/THANKS
@@ -21,6 +21,7 @@ name, please let us know.
     * Markus Kösters
     * Klaus Pfennig
     * gpduck
+    * lensen
 
 * Design stuff
     * Karolina Hein
diff --git a/etc/sitecfg/auth.xml b/etc/sitecfg/auth.xml
index f33a62b..71f03a1 100644
--- a/etc/sitecfg/auth.xml
+++ b/etc/sitecfg/auth.xml
@@ -36,6 +36,7 @@
 				<ae:parameter name="user_email">mail</ae:parameter> 
 			</ae:parameter>
 			<ae:parameter name="ldap_dsn">ldap://ldap.myopenldap.foo/</ae:parameter>
+            <ae:parameter name="ldap_start_tls">false</ae:parameter>
 			<ae:parameter name="ldap_basedn">dc=myopenldap,dc=foo</ae:parameter>
 			<ae:parameter name="ldap_binddn">cn=user,ou=authusers,dc=myopenldap,dc=foo</ae:parameter>
 			<ae:parameter name="ldap_bindpw"><![CDATA[XXXXXXXXX]]></ae:parameter>





More information about the icinga-checkins mailing list