Probesys · q-desabre · Nov 7, 2025 · Nov 7, 2025
diff --git a/app/migrations/Version20251107160722_add_ldap_encryption_and_version.php b/app/migrations/Version20251107160722_add_ldap_encryption_and_version.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Add LDAP encryption and version fields
+ */
+// phpcs:disable Squiz.Classes.ValidClassName
+// phpcs:disable Generic.Files.LineLength
+final class Version20251107100000_add_ldap_encryption_and_version extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Add LDAP encryption and version fields to connector table';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE connector ADD ldap_encryption VARCHAR(255) DEFAULT \'none\', ADD ldap_version INT DEFAULT 3');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('ALTER TABLE connector DROP ldap_encryption, DROP ldap_version');
+    }
+}
diff --git a/app/src/Entity/LdapConnector.php b/app/src/Entity/LdapConnector.php
@@ -52,6 +52,12 @@ class LdapConnector extends Connector
     #[ORM\Column(length: 255, nullable: true)]
     private ?string $ldapSharedWithField = null;
 
+    #[ORM\Column(type: 'string', length: 255, nullable: true)]
+    private ?string $ldapEncryption = 'none';
+
+    #[ORM\Column(type: 'integer', nullable: true)]
+    private ?int $ldapVersion = 3;
+
 
     public function getLdapHost(): ?string
     {
@@ -222,4 +228,28 @@ public function setLdapSharedWithField(?string $ldapSharedWithField): static
 
         return $this;
     }
+
+    public function getLdapEncryption(): ?string
+    {
+        return $this->ldapEncryption;
+    }
+
+    public function setLdapEncryption(?string $ldapEncryption): static
+    {
+        $this->ldapEncryption = $ldapEncryption;
+
+        return $this;
+    }
+
+    public function getLdapVersion(): ?int
+    {
+        return $this->ldapVersion;
+    }
+
+    public function setLdapVersion(?int $ldapVersion): static
+    {
+        $this->ldapVersion = $ldapVersion;
+
+        return $this;
+    }
 }
diff --git a/app/src/Form/LdapConnectorType.php b/app/src/Form/LdapConnectorType.php
@@ -6,6 +6,8 @@
 use App\Entity\Groups;
 use App\Repository\GroupsRepository;
 use Symfony\Bridge\Doctrine\Form\Type\EntityType;
+use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
+use Symfony\Component\Form\Extension\Core\Type\IntegerType;
 use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
@@ -28,6 +30,19 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                 'label' => 'Entities.LdapConnector.fields.ldapPort',
                 'attr' => ['pattern' => '[0-9]+']
             ])
+            ->add('ldapEncryption', ChoiceType::class, [
+                'required' => true,
+                'label' => 'Entities.LdapConnector.fields.ldapEncryption',
+                'choices' => [
+                    'None' => 'none',
+                    'SSL' => 'ssl',
+                    'TLS' => 'tls',
+                ],
+            ])
+            ->add('ldapVersion', IntegerType::class, [
+                'required' => true,
+                'label' => 'Entities.LdapConnector.fields.ldapVersion',
+            ])
             ->add('LdapBaseDN', null, [
                 'required' => true,
                 'label' => 'Entities.LdapConnector.fields.LdapBaseDN',

diff --git a/app/src/Service/LdapService.php b/app/src/Service/LdapService.php
@@ -21,6 +21,8 @@ public function bind(LdapConnector $connector): Ldap
         $ldap = Ldap::create('ext_ldap', [
                     'host' => $connector->getLdapHost(),
                     'port' => $connector->getLdapPort(),
+                    'encryption' => $connector->getLdapEncryption(),
+                    'version' => $connector->getLdapVersion(),
         ]);
 
         if ($connector->isAllowAnonymousBind()) {
@@ -67,6 +69,8 @@ public function bindUser(User $user, string $password): bool
         $ldap = Ldap::create('ext_ldap', [
             'host' => $originConnector->getLdapHost(),
             'port' => $originConnector->getLdapPort(),
+            'encryption' => $originConnector->getLdapEncryption(),
+            'version' => $originConnector->getLdapVersion(),
         ]);
 
         try {

diff --git a/app/translations/messages.en.yml b/app/translations/messages.en.yml
@@ -622,6 +622,8 @@ Entities:
       connectionInformation: "Connection information"
       ldapHost: "Host"
       ldapPort: "Port (default 389)"
+      ldapEncryption: "Encryption"
+      ldapVersion: "LDAP version"
       allowAnonymousBind: "Anonymous connection"
       LdapBaseDN: "Base DN"
       ldapBindDn: "Bind DN"

diff --git a/app/translations/messages.fr.yml b/app/translations/messages.fr.yml
@@ -622,6 +622,8 @@ Entities:
       connectionInformation: "Informations de connexion"
       ldapHost: "Hôte"
       ldapPort: "Port (défaut 389)"
+      ldapEncryption: "Chiffrement"
+      ldapVersion: "Version LDAP"
       allowAnonymousBind: "Connexion anonyme"
       LdapBaseDN: "Base DN"
       ldapBindDn: "Bind DN"