From adb3c87b954e0ca82dbd1b86021053ca507d0fde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 12 Mar 2008 09:09:27 +0000
Subject: [PATCH] =?UTF-8?q?Adding=20patch=20from=20Bj=C2=BFrn=20Ove=20Gr?=
 =?UTF-8?q?=C2=BFtan=20at=20NTNU=20for=20supportin=20LDAPS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@396 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Auth/LDAP.php | 9 +++++++--
 www/auth/login.php           | 3 ++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php
index 854bace4b..d9216aa96 100644
--- a/lib/SimpleSAML/Auth/LDAP.php
+++ b/lib/SimpleSAML/Auth/LDAP.php
@@ -23,12 +23,17 @@ class SimpleSAML_Auth_LDAP {
 	/**
 	 * private constructor restricts instantiaton to getInstance()
 	 */
-	public function __construct($hostname) {
+	public function __construct($hostname,$enable_tls=true) {
 
 		$this->ldap = @ldap_connect($hostname);
 		if (empty($this->ldap)) 
 			throw new Exception('Could not connect to LDAP server. Please try again, and if the problem persists, please report the error.');
 
+        if (!preg_match("/ldaps:/i",$hostname) and $enable_tls) {
+            if (!ldap_start_tls($this->ldap)) {
+                throw new Exception('Could not force LDAP into TLS-session. Please verify certificates and configuration');
+            }
+        }
 		$this->setV3();
 
 	}
@@ -135,4 +140,4 @@ class SimpleSAML_Auth_LDAP {
 
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/www/auth/login.php b/www/auth/login.php
index c0e7790ac..e40347b45 100644
--- a/www/auth/login.php
+++ b/www/auth/login.php
@@ -61,7 +61,8 @@ if (isset($_POST['username'])) {
 		/*
 		 * Connecting to LDAP.
 		 */
-		$ldap = new SimpleSAML_Auth_LDAP($config->getValue('auth.ldap.hostname'));
+		$ldap = new SimpleSAML_Auth_LDAP($config->getValue('auth.ldap.hostname',
+                                         $config->getValue('auth.ldap.enable_tls')));
 	
 		/* Insert the LDAP username into the pattern configured in the
 		 * 'auth.ldap.dnpattern' option.
-- 
GitLab