Bug 282687: LDAP: TLS Support - Patch by guillomovitch@zarb.org r=mkanat a=justdave

Bugzilla/Auth/Verify/LDAP.pm

@@ -164,6 +164,14 @@ sub ldap {
     my $conn_string = "$protocol://$server:$port";
     $self->{ldap} = new Net::LDAP($conn_string) 
         || ThrowCodeError("ldap_connect_failed", { server => $conn_string });
+
+    # try to start TLS if needed
+    if (Param("LDAPstarttls")) {
+        my $mesg = $self->{ldap}->start_tls();
+        ThrowCodeError("ldap_start_tls_failed", { error => $mesg->error() })
+            if $mesg->code();
+    }
+
     return $self->{ldap};
 }
 

Bugzilla/Config/LDAP.pm

@@ -47,6 +47,12 @@ sub get_param_list {
   },
 
   {
+   name => 'LDAPstarttls',
+   type => 'b',
+   default => 0
+  },
+
+  {
    name => 'LDAPbinddn',
    type => 't',
    default => ''

template/en/default/admin/params/ldap.html.tmpl

@@ -29,6 +29,9 @@
                 "(e.g. ldap.company.com, or ldap.company.com:portnum). " _
                 "Can be prefixed with ldap:// (default) or ldaps:// (for a secure connection).",
 
+  LDAPstartls => "Whether to require encrypted communication once normal " _
+                 "LDAP connection achieved with the server.",
+
   LDAPbinddn => "If your LDAP server requires that you use a binddn and password " _
                 "instead of binding anonymously, enter it here " _
                 "(e.g. cn=default,cn=user:password). " _

template/en/default/global/code-error.html.tmpl

@@ -270,6 +270,9 @@
   [% ELSIF error == "ldap_connect_failed" %]
     Could not connect to the LDAP server <code>[% server FILTER html %]</code>.
 
+  [% ELSIF error == "ldap_start_tls_failed" %]
+    Could not start TLS with LDAP server: <code>[% error FILTER html %]</code>.
+
   [% ELSIF error == "ldap_search_error" %]
     An error occurred while trying to search LDAP for 
     &quot;[% username FILTER html %]&quot;: