Make ldap optional (#4208)

ildyria · web-flow · commit 85dfb6fee394 · 2026-03-20T22:26:30.000+01:00
diff --git a/app/DTO/LdapConfiguration.php b/app/DTO/LdapConfiguration.php
@@ -35,10 +35,14 @@ final class LdapConfiguration
 	public readonly int $connection_timeout;
 
 	/**
-	 * @throws LdapConfigurationException if required LDAP config missing
+	 * @throws LdapConfigurationException if required LDAP config missing or ext-ldap absent
 	 */
 	public function __construct()
 	{
+		if (!extension_loaded('ldap')) {
+			throw new LdapConfigurationException('LDAP configuration error: the PHP ldap extension is not installed');
+		}
+
 		// Validate required connection settings
 		$this->host = $this->requireString(config('ldap.connections.default.hosts')[0], 'LDAP_HOST', 'ldap.example.com');
 		$this->port = $this->requireInt(config('ldap.connections.default.port'), 'LDAP_PORT');
diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
@@ -122,7 +122,10 @@ public function getConfig(): AuthConfig
 	 */
 	protected function isLdapEnabled(Request $request): bool
 	{
-		return $request->verify()->is_supporter() && config('ldap.auth.enabled', false) === true;
+		return $request->verify()->is_supporter() &&
+			config('ldap.auth.enabled', false) === true &&
+			extension_loaded('ldap') &&
+			class_exists(\LdapRecord\Connection::class);
 	}
 
 	/**
diff --git a/composer.json b/composer.json
@@ -167,6 +167,9 @@
             "php-http/discovery": false
         }
     },
+    "suggest": {
+        "ext-ldap": "Required to enable LDAP authentication (LDAP_ENABLED=true)"
+    },
     "minimum-stability": "dev",
     "prefer-stable": true
 }
diff --git a/config/ldap.php b/config/ldap.php
@@ -28,12 +28,12 @@
 			'use_ssl' => env('LDAP_PORT', 389) === 636, // Auto-detect LDAPS from port
 
 			// Additional connection options
-			'options' => [
-				// TLS certificate verification
+			// LDAP constants require ext-ldap; skip when the extension is absent
+			'options' => extension_loaded('ldap') ? [
 				LDAP_OPT_X_TLS_REQUIRE_CERT => ((bool) env('LDAP_TLS_VERIFY_PEER', true))
 					? LDAP_OPT_X_TLS_DEMAND
 					: LDAP_OPT_X_TLS_ALLOW,
-			],
+			] : [],
 		],
 	],
 
diff --git a/public/index.php b/public/index.php
@@ -18,15 +18,6 @@
  */
 require_once __DIR__ . '/../bootstrap/PanicAttack.php';
 
-/**
- * Check if the required extensions are loaded and if not, display a nice error page.
- * This is a sanity check to prevent the user from seeing a blank page with an error in the top left corner.
- */
-if (!extension_loaded('ldap')) {
-	$panic_attack = new PanicAttack();
-	$panic_attack->ldap();
-}
-
 /*
  |--------------------------------------------------------------------------
  | Initialize before loading composer

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,10 @@ public function getConfig(): AuthConfig`
`122`	`122`	`*/`
`123`	`123`	`protected function isLdapEnabled(Request $request): bool`
`124`	`124`	`{`
`125`		`- return $request->verify()->is_supporter() && config('ldap.auth.enabled', false) === true;`
	`125`	`+ return $request->verify()->is_supporter() &&`
	`126`	`+ config('ldap.auth.enabled', false) === true &&`
	`127`	`+ extension_loaded('ldap') &&`
	`128`	`+ class_exists(\LdapRecord\Connection::class);`
`126`	`129`	`}`
`127`	`130`
`128`	`131`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -167,6 +167,9 @@`
`167`	`167`	`"php-http/discovery": false`
`168`	`168`	`}`
`169`	`169`	`},`
	`170`	`+ "suggest": {`
	`171`	`+ "ext-ldap": "Required to enable LDAP authentication (LDAP_ENABLED=true)"`
	`172`	`+ },`
`170`	`173`	`"minimum-stability": "dev",`
`171`	`174`	`"prefer-stable": true`
`172`	`175`	`}`