ldap auth: add sslversion option

[pve-access-control.git] / PVE / Auth / LDAP.pm

diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
index 9f08504a0997a9839670c3f5840d019d48585910..d6c26eb0f0bf9d5da58dc195e9bbef453ccc6320 100755 (executable)
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@@ -70,6 +70,7 @@ sub options {
        user_attr => {},
        port => { optional => 1 },
        secure => { optional => 1 },
+       sslversion => { optional => 1 },
        default => { optional => 1 },
        comment => { optional => 1 },
        tfa => { optional => 1 },
@@ -109,6 +110,10 @@ my $authenticate_user_ldap = sub {
        $ldap_args{verify} = 'none';
     }
 
+    if ($config->{secure}) {
+       $ldap_args{sslversion} = $config->{sslversion} ? $config->{sslversion} : 'tlsv1_2';
+    }
+
     my $ldap = Net::LDAP->new($conn_string, %ldap_args) || die "$@\n";
 
     if (my $bind_dn = $config->{bind_dn}) {