diff --git a/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php b/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php index 49e465d3f791c..77be43ba9b84e 100644 --- a/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php +++ b/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php @@ -29,6 +29,12 @@ class Connection extends AbstractConnection private const LDAP_INVALID_CREDENTIALS = 0x31; private const LDAP_TIMEOUT = 0x55; private const LDAP_ALREADY_EXISTS = 0x44; + private const PRECONNECT_OPTIONS = [ + ConnectionOptions::DEBUG_LEVEL, + ConnectionOptions::X_TLS_CACERTDIR, + ConnectionOptions::X_TLS_CACERTFILE, + ConnectionOptions::X_TLS_REQUIRE_CERT, + ]; /** @var bool */ private $bound = false; @@ -147,10 +153,18 @@ private function connect() return; } + foreach ($this->config['options'] as $name => $value) { + if (\in_array(ConnectionOptions::getOption($name), self::PRECONNECT_OPTIONS, true)) { + $this->setOption($name, $value); + } + } + $this->connection = ldap_connect($this->config['connection_string']); foreach ($this->config['options'] as $name => $value) { - $this->setOption($name, $value); + if (!\in_array(ConnectionOptions::getOption($name), self::PRECONNECT_OPTIONS, true)) { + $this->setOption($name, $value); + } } if (false === $this->connection) { diff --git a/src/Symfony/Component/Ldap/Adapter/ExtLdap/ConnectionOptions.php b/src/Symfony/Component/Ldap/Adapter/ExtLdap/ConnectionOptions.php index 50061bd80959e..58094fad5b8ea 100644 --- a/src/Symfony/Component/Ldap/Adapter/ExtLdap/ConnectionOptions.php +++ b/src/Symfony/Component/Ldap/Adapter/ExtLdap/ConnectionOptions.php @@ -40,6 +40,7 @@ final class ConnectionOptions public const DEBUG_LEVEL = 0x5001; public const TIMEOUT = 0x5002; public const NETWORK_TIMEOUT = 0x5005; + public const X_TLS_CACERTFILE = 0x6002; public const X_TLS_CACERTDIR = 0x6003; public const X_TLS_CERTFILE = 0x6004; public const X_TLS_CRL_ALL = 0x02;