From 1cc8681b5a0260e4614216d6734a978b8901f874 Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Fri, 21 Feb 2025 21:42:02 +1100
Subject: [PATCH] Add example ldaps configuration, set TLS_REQCERT to never so
 php_ldap does validate ldap server SSL certs

---
 config/ldap.php   | 12 ++++++++++++
 docker/Dockerfile |  9 ++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/config/ldap.php b/config/ldap.php
index 92f64b9..f18a8cb 100644
--- a/config/ldap.php
+++ b/config/ldap.php
@@ -40,6 +40,18 @@ return [
 			'name' => env('LDAP_NAME','LDAP Server'),
 		],
 
+		'openldaps' => [
+			'hosts' => [env('LDAP_HOST', '127.0.0.1')],
+			'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
+			'password' => env('LDAP_PASSWORD', 'secret'),
+			'port' => env('LDAP_PORT', 636),
+			'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
+			'timeout' => env('LDAP_TIMEOUT', 5),
+			'use_ssl' => env('LDAP_SSL', true),
+			'use_tls' => env('LDAP_TLS', true),
+			'name' => env('LDAP_NAME','LDAPS Server'),
+		],
+
 		'opendj' => [
 			'hosts' => ['opendj'],
 			'username' => 'cn=Directory Manager',
diff --git a/docker/Dockerfile b/docker/Dockerfile
index bb54d6f..27f4eac 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -9,9 +9,12 @@ RUN install-php-extensions \
     igbinary msgpack memcached
 
 # Tune PHP
-RUN cp /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
-RUN sed -i -e 's/^memory_limit = 128M/memory_limit = 256M/' /usr/local/etc/php/php.ini
-RUN sed -i -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini
+RUN cp /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini \
+	&& sed -i -e 's/^memory_limit = 128M/memory_limit = 256M/' /usr/local/etc/php/php.ini \
+	&& sed -i -e 's/^expose_php = On/expose_php = Off/' /usr/local/etc/php/php.ini
+
+# Support for LDAPS queries
+RUN echo "TLS_REQCERT never" >> /etc/openldap/ldap.conf
 
 # Add composer
 RUN curl -4 https://getcomposer.org/installer|php -- --install-dir=/usr/local/bin --filename=composer