feat(ldap): Allow to use global default_certificates_bundle_path for ldap

Signed-off-by: Simon L. <[email protected]>

Author: szaimen

apps/user_ldap/lib/Connection.php

@@ -686,6 +686,24 @@ private function doConnect($host, $port): bool {
 			$this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_DEMAND);
 		}
 
+		$absoluteBundlePath = \OCP\ICertificateManager::getAbsoluteBundlePath;
+		$defaultCertificatePath = \OCP\ICertificateManager::getDefaultCertificatesBundlePath;
+		// We check if default certificate path is actually set to a custom value. 
+		// Otherwise this would be a breaking change and cannot be backported.
+		if (!empty($defaultCertificatePath) && $defaultCertificatePath !== \OC::$SERVERROOT . '/resources/config/ca-bundle.crt') {
+			if ($this->ldap->setOption(null, LDAP_OPT_X_TLS_CACERTFILE, $absoluteBundlePath)) {
+				$this->logger->debug(
+					'Adjusted the tls certificate file path to ' . $absoluteBundlePath,
+					['app' => 'user_ldap']
+				);
+			} else {
+				$this->logger->warning(
+					'Could not change the tls certificate file path.',
+					['app' => 'user_ldap']
+				);
+			}
+		}
+
 		$this->ldapConnectionRes = $this->ldap->connect($host, $port) ?: null;
 
 		if ($this->ldapConnectionRes === null) {