fix(LDAP): use ldap_set_option over putenv to disable cert check

the putenv option was not working reliable anymore anyway Signed-off-by: Arthur Schiwon <[email protected]>
nextcloud · blizzz · Mar 6, 2025 · Feb 27, 2025 · Mar 3, 2025 · 939a8d5ea56def06d788b11f9fae9642befbdde6
commit 939a8d5ea56def06d788b11f9fae9642befbdde6
@@ -627,19 +627,6 @@ private function establishConnection(): ?bool {
 
 				return false;
 			}
-			if ($this->configuration->turnOffCertCheck) {
-				if (putenv('LDAPTLS_REQCERT=never')) {
-					$this->logger->debug(
-						'Turned off SSL certificate validation successfully.',
-						['app' => 'user_ldap']
-					);
-				} else {
-					$this->logger->warning(
-						'Could not turn off SSL certificate validation.',
-						['app' => 'user_ldap']
-					);
-				}
-			}
 
 			$hasBackupHost = (trim($this->configuration->ldapBackupHost ?? '') !== '');
 			$hasBackgroundHost = (trim($this->configuration->ldapBackgroundHost ?? '') !== '');
@@ -718,6 +705,20 @@ private function doConnect($host, $port): bool {
 		}
 
 		if ($this->configuration->ldapTLS) {
+			if ($this->configuration->turnOffCertCheck) {
+				if ($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) {
+					$this->logger->debug(
+						'Turned off SSL certificate validation successfully.',
+						['app' => 'user_ldap']
+					);
+				} else {
+					$this->logger->warning(
+						'Could not turn off SSL certificate validation.',
+						['app' => 'user_ldap']
+					);
+				}
+			}
+
 			if (!$this->ldap->startTls($this->ldapConnectionRes)) {
 				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
 			}