]> git.proxmox.com Git - pmg-api.git/blobdiff - PMG/LDAPCache.pm
projects / pmg-api.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix #1947: implement starttls for ldap
[pmg-api.git] / PMG / LDAPCache.pm
diff --git a/PMG/LDAPCache.pm b/PMG/LDAPCache.pm
index ca4aec98022304842545d3980d3687208a6bc03c..567b5ea75b9ba3575836a8a9b54a7467952a3141 100755 (executable)
--- a/PMG/LDAPCache.pm
+++ b/PMG/LDAPCache.pm
@@ -374,6 +374,20 @@ sub ldap_connect_and_bind {
 
      my $mesg;
 
+     if ($self->{mode} eq 'ldap+starttls') {
+        my $opts = {
+            verify => $self->{verify} ? 'require' : 'none',
+        };
+
+        if ($self->{cafile}) {
+            $opts->{cafile} = $self->{cafile};
+        } else {
+            $opts->{capath} = '/etc/ssl/certs/';
+        }
+
+        $ldap->start_tls(%$opts);
+     }
+
      if ($self->{binddn}) {
         $mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw});
      } else {
PMG API