Skip to content

Commit 14570af

Browse files
Merge pull request #55736 from nextcloud/backport/55661/stable32
2 parents ddf53c0 + 6ba452b commit 14570af

File tree

4 files changed

+35
-16
lines changed

4 files changed

+35
-16
lines changed

.github/workflows/integration-sqlite.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,9 +84,10 @@ jobs:
8484
ports:
8585
- 6379:6379/tcp
8686
openldap:
87-
image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-7 # zizmor: ignore[unpinned-images]
87+
image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-8 # zizmor: ignore[unpinned-images]
8888
ports:
8989
- 389:389
90+
- 636:636
9091
env:
9192
SLAPD_DOMAIN: nextcloud.ci
9293
SLAPD_ORGANIZATION: Nextcloud

apps/user_ldap/lib/Connection.php

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -684,6 +684,22 @@ private function doConnect($host, $port): bool {
684684
return false;
685685
}
686686

687+
if ($this->configuration->turnOffCertCheck) {
688+
if ($this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) {
689+
$this->logger->debug(
690+
'Turned off SSL certificate validation successfully.',
691+
['app' => 'user_ldap']
692+
);
693+
} else {
694+
$this->logger->warning(
695+
'Could not turn off SSL certificate validation.',
696+
['app' => 'user_ldap']
697+
);
698+
}
699+
} else {
700+
$this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
701+
}
702+
687703
$this->ldapConnectionRes = $this->ldap->connect($host, $port) ?: null;
688704

689705
if ($this->ldapConnectionRes === null) {
@@ -703,20 +719,6 @@ private function doConnect($host, $port): bool {
703719
}
704720

705721
if ($this->configuration->ldapTLS) {
706-
if ($this->configuration->turnOffCertCheck) {
707-
if ($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) {
708-
$this->logger->debug(
709-
'Turned off SSL certificate validation successfully.',
710-
['app' => 'user_ldap']
711-
);
712-
} else {
713-
$this->logger->warning(
714-
'Could not turn off SSL certificate validation.',
715-
['app' => 'user_ldap']
716-
);
717-
}
718-
}
719-
720722
if (!$this->ldap->startTls($this->ldapConnectionRes)) {
721723
throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
722724
}

apps/user_ldap/lib/ILDAPWrapper.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ public function exopPasswd($link, string $userDN, string $oldPassword, string $p
151151

152152
/**
153153
* Sets the value of the specified option to be $value
154-
* @param \LDAP\Connection $link LDAP link resource
154+
* @param ?\LDAP\Connection $link LDAP link resource
155155
* @param int $option a defined LDAP Server option
156156
* @param mixed $value the new value for the option
157157
* @return bool true on success, false otherwise

build/integration/ldap_features/ldap-openldap.feature

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,22 @@ Feature: LDAP
3434
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
3535
Then the HTTP status code should be "200"
3636

37+
Scenario: Test valid configuration with LDAPS protocol and port by logging in
38+
Given modify LDAP configuration
39+
| ldapHost | ldaps://openldap:636 |
40+
| turnOffCertCheck | 1 |
41+
And cookies are reset
42+
And Logging in using web as "alice"
43+
And Sending a "GET" to "/remote.php/webdav/welcome.txt" with requesttoken
44+
Then the HTTP status code should be "200"
45+
46+
Scenario: Test failing LDAPS connection through TLS verification
47+
Given modify LDAP configuration
48+
| ldapHost | ldaps://openldap:636 |
49+
| turnOffCertCheck | 0 |
50+
And cookies are reset
51+
And Expect ServerException on failed web login as "alice"
52+
3753
Scenario: Look for a known LDAP user
3854
Given As an "admin"
3955
And sending "GET" to "/cloud/users?search=alice"

0 commit comments

Comments
 (0)