From d9771a3f7dbe4b9d5bdbbe53573445fda6600faa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Stein?= <j.stein@textechno.com>
Date: Fri, 9 Jul 2021 14:54:17 +0200
Subject: [PATCH] Use LDAP over StartTLS if option LDAP_USE_START_TLS is set.

---
 config.php.in                  | 1 +
 webui/system/database/ldap.php | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/config.php.in b/config.php.in
index 79bf439f..49bd0b66 100644
--- a/config.php.in
+++ b/config.php.in
@@ -88,6 +88,7 @@ $config['LDAP_MAIL_ATTR'] = 'mail';
 $config['LDAP_AUDITOR_MEMBER_DN'] = '';
 $config['LDAP_ADMIN_MEMBER_DN'] = '';
 $config['LDAP_BASE_DN'] = '';
+$config['LDAP_USE_START_TLS'] = 0;
 
 // AD specific settings
 //
diff --git a/webui/system/database/ldap.php b/webui/system/database/ldap.php
index 49f30ff6..cbca32f2 100644
--- a/webui/system/database/ldap.php
+++ b/webui/system/database/ldap.php
@@ -12,6 +12,10 @@ class LDAP {
       ldap_set_option($this->link, LDAP_OPT_PROTOCOL_VERSION, 3);
       ldap_set_option($this->link, LDAP_OPT_REFERRALS, 0);
 
+      if (LDAP_USE_START_TLS == 1) {
+         ldap_start_tls($this->link);
+      }
+
       if(@ldap_bind($this->link, $binddn, $bindpw)) {
          $this->bind = 1;
       }