ldaps: support TLS 1.3 as SSL version

[pve-access-control.git] / PVE / Auth / LDAP.pm

diff --git a/PVE/Auth/LDAP.pm b/PVE/Auth/LDAP.pm
index 310234aa2bac6fed984e2ef43e676189452b1531..a94778e3b12da94ce10d102f186996c0b691ef56 100755 (executable)
--- a/PVE/Auth/LDAP.pm
+++ b/PVE/Auth/LDAP.pm
@@ -70,6 +70,7 @@ sub options {
        user_attr => {},
        port => { optional => 1 },
        secure => { optional => 1 },
+       sslversion => { optional => 1 },
        default => { optional => 1 },
        comment => { optional => 1 },
        tfa => { optional => 1 },
@@ -109,6 +110,10 @@ my $authenticate_user_ldap = sub {
        $ldap_args{verify} = 'none';
     }
 
+    if ($config->{secure}) {
+       $ldap_args{sslversion} = $config->{sslversion} || 'tlsv1_2';
+    }
+
     my $ldap = Net::LDAP->new($conn_string, %ldap_args) || die "$@\n";
 
     if (my $bind_dn = $config->{bind_dn}) {
@@ -145,7 +150,7 @@ sub authenticate_user {
     my $err = $@;
     return 1 if !$err;
     die $err if !$config->{server2};
-    &$authenticate_user_ldap($config, $config->{server2}, $username, $password); 
+    &$authenticate_user_ldap($config, $config->{server2}, $username, $password, $realm);
 }
 
 1;