CPPS · SquarePlayn · May 17, 2019 · May 17, 2019 · May 17, 2019
diff --git a/config/initializers/ldap_authenticatable.rb b/config/initializers/ldap_authenticatable.rb
@@ -9,7 +9,16 @@ module Strategies
 		# have never used K2 before.
 		class LdapAuthenticatable < Authenticatable
 			def authenticate!
-				ldap = Net::LDAP.new
+				ldap = Net::LDAP.new(
+					# Enable LDAP signature verification
+					encryption: {
+  						method:      :simple_tls,
+						tls_options: { 
+							ca_file:     cfg[:ldap_cert_path],
+               						ssl_version: 'TLSv1_1' 
+						}
+    					}
+				)
 				ldap.host = cfg[:host]
 				ldap.port = cfg[:port] || 389
 				ldap.auth "#{cfg[:domain]}\\#{login}", password

diff --git a/config/secrets.yml.example b/config/secrets.yml.example
@@ -28,7 +28,9 @@ production:
   # The domain is used to determine which domain your user falls under.
   # The host is used to connect to and try to bind to using the provided details
   # The treebase is used when searching for the user in the LDAP directory.
+	# The ldap_cert_path should point to a .pem certificate of the used LDAP server
   # ldap:
   #   domain: YOUR_DOMAIN_HERE
   #   host: ldap_server.example.org
   #   treebase: OU=Users,DC=example,DC=org
+  #   ldap_cert_path: /opt/k2/shared/config/certificate_name.pem