From 11294a8f8b2bf91c1005742369b3778b515b7ec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20H=C3=A4rdeman?= Date: Sun, 22 Aug 2021 10:48:33 +0200 Subject: [PATCH] [ldap-contacts-suggestions] Add support for StartTLS The plugin currently supports SSL (by using a ldaps:// URI as the hostname of the LDAP server) and unencrypted LDAP. This patch also adds StartTLS support, which is used by many LDAP servers. --- .../LdapContactsSuggestions.php | 15 ++++++++++++++- plugins/ldap-contacts-suggestions/index.php | 6 +++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/plugins/ldap-contacts-suggestions/LdapContactsSuggestions.php b/plugins/ldap-contacts-suggestions/LdapContactsSuggestions.php index 8f69d425d..c0a21f925 100644 --- a/plugins/ldap-contacts-suggestions/LdapContactsSuggestions.php +++ b/plugins/ldap-contacts-suggestions/LdapContactsSuggestions.php @@ -12,6 +12,11 @@ class LdapContactsSuggestions implements \RainLoop\Providers\Suggestions\ISugges */ private $iHostPort = 389; + /** + * @var bool + */ + private $bUseStartTLS = True; + /** * @var string */ @@ -60,6 +65,7 @@ class LdapContactsSuggestions implements \RainLoop\Providers\Suggestions\ISugges /** * @param string $sHostName * @param int $iHostPort + * @param bool $bUseStartTLS * @param string $sAccessDn * @param string $sAccessPassword * @param string $sUsersDn @@ -70,10 +76,11 @@ class LdapContactsSuggestions implements \RainLoop\Providers\Suggestions\ISugges * * @return \LdapContactsSuggestions */ - public function SetConfig($sHostName, $iHostPort, $sAccessDn, $sAccessPassword, $sUsersDn, $sObjectClass, $sUidField, $sNameField, $sEmailField, $sAllowedEmails) + public function SetConfig($sHostName, $iHostPort, $bUseStartTLS, $sAccessDn, $sAccessPassword, $sUsersDn, $sObjectClass, $sUidField, $sNameField, $sEmailField, $sAllowedEmails) { $this->sHostName = $sHostName; $this->iHostPort = $iHostPort; + $this->bUseStartTLS = $bUseStartTLS; if (0 < \strlen($sAccessDn)) { $this->sAccessDn = $sAccessDn; @@ -190,6 +197,12 @@ class LdapContactsSuggestions implements \RainLoop\Providers\Suggestions\ISugges @\ldap_set_option($oCon, LDAP_OPT_PROTOCOL_VERSION, 3); + if ($this->bUseStartTLS && !@\ldap_start_tls($oCon)) + { + $this->logLdapError($oCon, 'ldap_start_tls'); + return $aResult; + } + if (!@\ldap_bind($oCon, $this->sAccessDn, $this->sAccessPassword)) { if (is_null($this->sAccessDn)) diff --git a/plugins/ldap-contacts-suggestions/index.php b/plugins/ldap-contacts-suggestions/index.php index 7bc36c7c1..8b1178098 100644 --- a/plugins/ldap-contacts-suggestions/index.php +++ b/plugins/ldap-contacts-suggestions/index.php @@ -43,6 +43,7 @@ class LdapContactsSuggestionsPlugin extends \RainLoop\Plugins\AbstractPlugin $sHostName = \trim($this->Config()->Get('plugin', 'hostname', '')); $iHostPort = (int) $this->Config()->Get('plugin', 'port', 389); + $bUseStartTLS = (bool) $this->Config()->Get('plugin', 'use_start_tls', True); $sAccessDn = \trim($this->Config()->Get('plugin', 'access_dn', '')); $sAccessPassword = \trim($this->Config()->Get('plugin', 'access_password', '')); $sUsersDn = \trim($this->Config()->Get('plugin', 'users_dn_format', '')); @@ -57,7 +58,7 @@ class LdapContactsSuggestionsPlugin extends \RainLoop\Plugins\AbstractPlugin include_once __DIR__.'/LdapContactsSuggestions.php'; $oProvider = new LdapContactsSuggestions(); - $oProvider->SetConfig($sHostName, $iHostPort, $sAccessDn, $sAccessPassword, $sUsersDn, $sObjectClass, $sSearchField, $sNameField, $sEmailField, $sAllowedEmails); + $oProvider->SetConfig($sHostName, $iHostPort, $bUseStartTLS, $sAccessDn, $sAccessPassword, $sUsersDn, $sObjectClass, $sSearchField, $sNameField, $sEmailField, $sAllowedEmails); $mResult[] = $oProvider; } @@ -77,6 +78,9 @@ class LdapContactsSuggestionsPlugin extends \RainLoop\Plugins\AbstractPlugin \RainLoop\Plugins\Property::NewInstance('port')->SetLabel('LDAP port') ->SetType(\RainLoop\Enumerations\PluginPropertyType::INT) ->SetDefaultValue(389), + \RainLoop\Plugins\Property::NewInstance('use_start_tls')->SetLabel('Use StartTLS') + ->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL) + ->SetDefaultValue(True), \RainLoop\Plugins\Property::NewInstance('access_dn')->SetLabel('Access dn (login)') ->SetDescription('LDAP bind DN to authentifcate with. If left blank, anonymous bind will be tried and Access password will be ignored') ->SetDefaultValue(''),