diff options
| -rw-r--r-- | config-templates/authsources.php | 4 | ||||
| -rw-r--r-- | lib/SimpleSAML/Auth/LDAP.php | 2 | ||||
| -rw-r--r-- | modules/ldap/lib/ConfigHelper.php | 14 |
3 files changed, 16 insertions, 4 deletions
diff --git a/config-templates/authsources.php b/config-templates/authsources.php index e077d2f..2865d34 100644 --- a/config-templates/authsources.php +++ b/config-templates/authsources.php @@ -276,6 +276,10 @@ $config = array( // The default is 0, which means no timeout. 'timeout' => 0, + // The port used when accessing the LDAP server. + // The default is 389. + 'port' => 389, + // Set whether to follow referrals. AD Controllers may require FALSE to function. 'referrals' => TRUE, diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php index 50cd5da..db95377 100644 --- a/lib/SimpleSAML/Auth/LDAP.php +++ b/lib/SimpleSAML/Auth/LDAP.php @@ -100,7 +100,7 @@ class SimpleSAML_Auth_LDAP { } // Enable TLS, if needed. - if (!preg_match("/ldaps:/i", $hostname) and $enable_tls) + if (stripos($hostname, "ldaps:") === FALSE and $enable_tls) if (!@ldap_start_tls($this->ldap)) throw $this->makeException('Library - LDAP __construct(): Unable to force TLS', ERR_INTERNAL); diff --git a/modules/ldap/lib/ConfigHelper.php b/modules/ldap/lib/ConfigHelper.php index 8f8f4d5..d5d271b 100644 --- a/modules/ldap/lib/ConfigHelper.php +++ b/modules/ldap/lib/ConfigHelper.php @@ -46,6 +46,13 @@ class sspmod_ldap_ConfigHelper { private $timeout; /** + * The port used when accessing the LDAP server. + * + * @var int + */ + private $port; + + /** * Whether to follow referrals */ private $referrals; @@ -130,6 +137,7 @@ class sspmod_ldap_ConfigHelper { $this->enableTLS = $config->getBoolean('enable_tls', FALSE); $this->debug = $config->getBoolean('debug', FALSE); $this->timeout = $config->getInteger('timeout', 0); + $this->port = $config->getInteger('port', 389); $this->referrals = $config->getBoolean('referrals', TRUE); $this->searchEnable = $config->getBoolean('search.enable', FALSE); $this->privRead = $config->getBoolean('priv.read', FALSE); @@ -177,7 +185,7 @@ class sspmod_ldap_ConfigHelper { throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } - $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, 389, $this->referrals); + $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, $this->port, $this->referrals); if (!$this->searchEnable) { $ldapusername = addcslashes($username, ',+"\\<>;*'); @@ -245,7 +253,7 @@ class sspmod_ldap_ConfigHelper { $this->enableTLS, $this->debug, $this->timeout, - 389, + $this->port, $this->referrals); if ($attribute == NULL) @@ -269,7 +277,7 @@ class sspmod_ldap_ConfigHelper { $this->enableTLS, $this->debug, $this->timeout, - 389, + $this->port, $this->referrals); /* Are privs needed to get the attributes? */ |