Index: auth/ldap/auth.php =================================================================== --- auth/ldap/auth.php (revision 268) +++ auth/ldap/auth.php (working copy) @@ -45,13 +45,13 @@ $this->config->{$key} = $value[$this->config->user_type]; } } + //hack prefix to objectclass if (empty($this->config->objectclass)) { // Can't send empty filter $this->config->objectclass='objectClass=*'; } else if (stripos($this->config->objectclass, 'objectClass=') !== 0) { $this->config->objectclass = 'objectClass='.$this->config->objectclass; } - } /** @@ -1362,6 +1362,10 @@ ldap_set_option($connresult, LDAP_OPT_PROTOCOL_VERSION, $this->config->version); } + if ($this->config->tls) { + ldap_start_tls($connresult); + } + // Fix MDL-10921 if ($this->config->user_type == 'ad') { ldap_set_option($connresult, LDAP_OPT_REFERRALS, 0); @@ -1627,6 +1631,8 @@ // set to defaults if undefined if (!isset($config->host_url)) { $config->host_url = ''; } + if (!isset($config->tls)) + { $config->tls = 0; } if (empty($config->ldapencoding)) { $config->ldapencoding = 'utf-8'; } if (!isset($config->contexts)) @@ -1682,8 +1688,8 @@ // save settings set_config('host_url', $config->host_url, 'auth/ldap'); + set_config('tls', $config->tls, 'auth/ldap'); set_config('ldapencoding', $config->ldapencoding, 'auth/ldap'); - set_config('host_url', $config->host_url, 'auth/ldap'); set_config('contexts', $config->contexts, 'auth/ldap'); set_config('user_type', $config->user_type, 'auth/ldap'); set_config('user_attribute', $config->user_attribute, 'auth/ldap'); Index: auth/ldap/config.html =================================================================== --- auth/ldap/config.html (revision 268) +++ auth/ldap/config.html (working copy) @@ -3,6 +3,8 @@ // set to defaults if undefined if (!isset($config->host_url)) { $config->host_url = ''; } + if (!isset($config->tls)) + { $config->tls = 0; } if (empty($config->ldapencoding)) { $config->ldapencoding = 'utf-8'; } if (!isset($config->contexts)) @@ -83,10 +85,24 @@ + + + get_string('no'), 1 => get_string('yes')); + choose_from_menu($yesno, 'tls', $config->tls, ''); + if (isset($err['tls'])) formerr($err['tls']); + ?> + + + + + + + version, ''); Index: lang/en_utf8/auth.php =================================================================== --- lang/en_utf8/auth.php (revision 268) +++ lang/en_utf8/auth.php (working copy) @@ -161,6 +161,7 @@ $string['auth_ldap_graceattr_desc'] = 'Optional: Overrides gracelogin attribute'; $string['auth_ldap_gracelogins_desc'] = 'Enable LDAP gracelogin support. After password has expired user can login until gracelogin count is 0. Enabling this setting displays grace login message if password is exprired.'; $string['auth_ldap_host_url'] = 'Specify LDAP host in URL-form like \'ldap://ldap.myorg.com/\' or \'ldaps://ldap.myorg.com/\' Separate multipleservers with \';\' to get failover support.'; +$string['auth_ldap_tls'] = 'Encrypt communication'; $string['auth_ldap_ldap_encoding'] = 'Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc.'; $string['auth_ldap_login_settings'] = 'Login settings'; $string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribute, when users belongs to a group. Usually \'member\''; @@ -188,6 +189,7 @@ password are checked.'; $string['auth_ldap_ldap_encoding_key'] = 'LDAP encoding'; $string['auth_ldap_host_url_key'] = 'Host URL'; +$string['auth_ldap_tls_key'] = 'Use TLS'; $string['auth_ldap_version_key'] = 'Version'; $string['auth_ldap_preventpassindb_key'] = 'Hide passwords'; $string['auth_ldap_bind_dn_key'] = 'Distinguished Name';