GUACAMOLE-938: Use STARTTLS for "ldap://..." URLs if main LDAP connection uses STARTTLS.
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
index c0c1d6b..0da077a 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
@@ -195,6 +195,15 @@
if (LdapUrl.LDAPS_SCHEME.equals(ldapUrl.getScheme()))
encryptionMethod = EncryptionMethod.SSL;
+ // Use STARTTLS for otherwise unencrypted ldap:// URLs if the main
+ // LDAP connection requires STARTTLS
+ else if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS) {
+ logger.debug("Using STARTTLS for LDAP URL \"{}\" as the main LDAP "
+ + "connection described in guacamole.properties is "
+ + "configured to use STARTTLS.", url);
+ encryptionMethod = EncryptionMethod.STARTTLS;
+ }
+
// If no post is specified within the URL, use the default port
// dictated by the encryption method
int port = ldapUrl.getPort();