diff -rupN mantisbt-1.2.17/config_defaults_inc.php mantisbt-1.2.17-ldap-starttls/config_defaults_inc.php --- mantisbt-1.2.17/config_defaults_inc.php 2014-03-03 14:19:50.000000000 -0500 +++ mantisbt-1.2.17-ldap-starttls/config_defaults_inc.php 2014-09-18 14:37:37.000000000 -0400 @@ -1765,6 +1765,13 @@ $g_ldap_bind_passwd = ''; /** + * Should the connection use STARTTLS (use ldap:// url for server address) + * + * @global string $g_ldap_starttls + */ + $g_ldap_starttls = FALSE; + + /** * Should we send to the LDAP email address or what MySql tells us * @global int $g_use_ldap_email */ diff -rupN mantisbt-1.2.17/core/constant_inc.php mantisbt-1.2.17-ldap-starttls/core/constant_inc.php --- mantisbt-1.2.17/core/constant_inc.php 2014-03-03 14:19:50.000000000 -0500 +++ mantisbt-1.2.17-ldap-starttls/core/constant_inc.php 2014-09-18 14:37:37.000000000 -0400 @@ -312,6 +312,7 @@ define( 'ERROR_LDAP_SERVER_CONNECT_FAILE define( 'ERROR_LDAP_UPDATE_FAILED', 1402 ); define( 'ERROR_LDAP_USER_NOT_FOUND', 1403 ); define( 'ERROR_LDAP_EXTENSION_NOT_LOADED', 1404 ); +define( 'ERROR_LDAP_UNABLE_TO_STARTTLS', 1405 ); # ERROR_CATEGORY_* define( 'ERROR_CATEGORY_DUPLICATE', 1500 ); diff -rupN mantisbt-1.2.17/core/ldap_api.php mantisbt-1.2.17-ldap-starttls/core/ldap_api.php --- mantisbt-1.2.17/core/ldap_api.php 2014-03-03 14:19:50.000000000 -0500 +++ mantisbt-1.2.17-ldap-starttls/core/ldap_api.php 2014-09-18 14:37:37.000000000 -0400 @@ -50,6 +50,13 @@ function ldap_connect_bind( $p_binddn = log_event( LOG_LDAP, "Attempting connection to LDAP URI '{$t_ldap_server}'." ); $t_ds = @ldap_connect( $t_ldap_server ); + $t_ldap_starttls = config_get( 'ldap_starttls'); + if ($t_ldap_starttls) { + if (! @ldap_start_tls($t_ds)){ + log_event( LOG_LDAP, "Error: Cannot initiate STARTTLS on LDAP Server" ); + trigger_error( ERROR_LDAP_UNABLE_TO_STARTTLS, ERROR ); + } + } if ( $t_ds !== false && $t_ds > 0 ) { log_event( LOG_LDAP, "Connection accepted by LDAP server" ); $t_protocol_version = config_get( 'ldap_protocol_version' );