Add option to allow ignoring SSL Cert verification.

2015-12-24 02:15:30 -05:00
parent 90b00b02cc
commit 96a5f437f2
6 changed files with 65 additions and 1 deletions
--- a/app/controllers/AuthController.php
+++ b/app/controllers/AuthController.php
@@ -37,6 +37,13 @@ class AuthController extends BaseController
        $baseDn      = Setting::getSettings()->ldap_basedn;
        $filterQuery = Setting::getSettings()->ldap_auth_filter_query . $username;
        $ldapversion = Setting::getSettings()->ldap_version;
+        $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
+
+        // If we are ignoring the SSL cert we need to setup the environment variable
+        // before we create the connection
+        if($ldap_server_cert_ignore) {
+            putenv('LDAPTLS_REQCERT=never');
+        }

 	    // Connecting to LDAP
        $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
--- a/app/controllers/admin/SettingsController.php
+++ b/app/controllers/admin/SettingsController.php
@@ -158,6 +158,7 @@ class SettingsController extends AdminController
            $setting->slack_botname = e(Input::get('slack_botname'));
            $setting->ldap_enabled = Input::get('ldap_enabled', '0');
            $setting->ldap_server = Input::get('ldap_server');
+            $setting->ldap_server_cert_ignore = Input::get('ldap_server_cert_ignore', false);
            $setting->ldap_uname = Input::get('ldap_uname');
            $setting->ldap_pword = Crypt::encrypt(Input::get('ldap_pword'));
            $setting->ldap_basedn = Input::get('ldap_basedn');
--- a/app/controllers/admin/UsersController.php
+++ b/app/controllers/admin/UsersController.php
@@ -1196,6 +1196,13 @@ class UsersController extends AdminController {
        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag_field;
        $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num_field;
        $ldap_result_email = Setting::getSettings()->ldap_email_field;
+        $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
+
+        // If we are ignoring the SSL cert we need to setup the environment variable
+        // before we create the connection
+        if($ldap_server_cert_ignore) {
+            putenv('LDAPTLS_REQCERT=never');
+        }

        // Connect to LDAP server
        $ldapconn = @ldap_connect($url);
@@ -1215,6 +1222,8 @@ class UsersController extends AdminController {

        // Binding to ldap server
        $ldapbind = @ldap_bind($ldapconn, $username, $password);
+
+        Log::error(ldap_errno($ldapconn));
        if (!$ldapbind) {
            return Redirect::route('users')->with('error', Lang::get('admin/users/message.error.ldap_could_not_bind').ldap_error($ldapconn));
        }
--- a/app/database/migrations/2015_12_21_193006_add_ldap_server_cert_ignore_to_settings_table.php
+++ b/app/database/migrations/2015_12_21_193006_add_ldap_server_cert_ignore_to_settings_table.php
@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddLdapServerCertIgnoreToSettingsTable extends Migration {
+
+	/**
+	 * Run the migrations.
+	 *
+	 * @return void
+	 */
+	public function up()
+	{
+		Schema::table('settings', function(Blueprint $table)
+		{
+			$table->boolean('ldap_server_cert_ignore')->default(FALSE);
+		});
+	}
+
+	/**
+	 * Reverse the migrations.
+	 *
+	 * @return void
+	 */
+	public function down()
+	{
+		Schema::table('settings', function(Blueprint $table)
+		{
+			$table->dropColumn('ldap_server_cert_ignore');
+		});
+	}
+
+}
--- a/app/lang/en/admin/settings/general.php
+++ b/app/lang/en/admin/settings/general.php
@@ -30,6 +30,9 @@ return array(
    'ldap_integration'          => 'LDAP Integration',
    'ldap_settings'             => 'LDAP Settings',
    'ldap_server'               => 'LDAP Server',
+	'ldap_server_cert'			=> 'LDAP SSL certificate validation',
+	'ldap_server_cert_ignore'	=> 'Allow invalid SSL Certificate',
+	'ldap_server_cert_help'		=> 'Select this checkbox if you are using a self signed SSL cert and would like to accept an invalid SSL certificate.',
    'ldap_uname'                => 'LDAP Bind Username',
    'ldap_pword'                => 'LDAP Bind Password',
    'ldap_basedn'               => 'Base Bind DN',
--- a/app/views/backend/settings/edit.blade.php
+++ b/app/views/backend/settings/edit.blade.php
@@ -315,9 +315,19 @@

                {{ $errors->first('ldap_server', '<br><span class="alert-msg">:message</span>') }}
              </div>
+          </div><!-- LDAP Server -->
+          <div class="form-group {{ $errors->has('ldap_server_cert_ignore') ? 'error' : '' }}">
+              <div class="col-md-3">
+                 {{ Form::label('ldap_server_cert_ignore', Lang::get('admin/settings/general.ldap_server_cert')) }}
+              </div>
+              <div class="col-md-9">
+                {{ Form::checkbox('ldap_server_cert_ignore', '1', Input::old('ldap_server_cert_ignore', $setting->ldap_server_cert_ignore)) }}
+                @Lang('admin/settings/general.ldap_server_cert_ignore')
+                {{ $errors->first('ldap_server_cert_ignore', '<br><span class="alert-msg">:message</span>') }}
+                <p class="help-inline">@Lang('admin/settings/general.ldap_server_cert_help')</p>
+              </div>
          </div>

-
          <!-- LDAP Username -->
          <div class="form-group {{ $errors->has('ldap_uname') ? 'error' : '' }}">
              <div class="col-md-3">