GUACAMOLE-938: Use STARTTLS for "ldap://..." URLs if main LDAP connection uses STARTTLS.

commit: fe7492292d412ef84d734e5323070542e8f40a6d [log] [tgz]
author: Michael Jumper <mjumper@apache.org> Sun Jan 26 07:46:41 2020 -0800
committer: Michael Jumper <mjumper@apache.org> Sun Jan 26 07:46:41 2020 -0800
tree: 6a2f5c357f88be23c8f0044106d3ca19a89e001d
parent: cb53b17afb30d5cbd1c4f744344dd2f32c6fe1b4 [diff]
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
index c0c1d6b..0da077a 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java

@@ -195,6 +195,15 @@
         if (LdapUrl.LDAPS_SCHEME.equals(ldapUrl.getScheme()))
             encryptionMethod = EncryptionMethod.SSL;
 
+        // Use STARTTLS for otherwise unencrypted ldap:// URLs if the main
+        // LDAP connection requires STARTTLS
+        else if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS) {
+            logger.debug("Using STARTTLS for LDAP URL \"{}\" as the main LDAP "
+                    + "connection described in guacamole.properties is "
+                    + "configured to use STARTTLS.", url);
+            encryptionMethod = EncryptionMethod.STARTTLS;
+        }
+
         // If no post is specified within the URL, use the default port
         // dictated by the encryption method
         int port = ldapUrl.getPort();
commit	fe7492292d412ef84d734e5323070542e8f40a6d	[log] [tgz]
author	Michael Jumper <mjumper@apache.org>	Sun Jan 26 07:46:41 2020 -0800
committer	Michael Jumper <mjumper@apache.org>	Sun Jan 26 07:46:41 2020 -0800
tree	6a2f5c357f88be23c8f0044106d3ca19a89e001d
parent	cb53b17afb30d5cbd1c4f744344dd2f32c6fe1b4 [diff]