From e8f9422a3e0d703a70a40e4e689dbd8357a249b9 Mon Sep 17 00:00:00 2001
From: Robert Scheck <robert@fedoraproject.org>
Date: Mon, 25 Jan 2021 19:56:28 +0100
Subject: [PATCH] Reject by default LDAP connections not authorized via CA
 trust store

See also: https://github.com/wekan/wekan-ldap/issues/89
---
 server/ldap.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/ldap.js b/server/ldap.js
index 555a30a..54a61fe 100644
--- a/server/ldap.js
+++ b/server/ldap.js
@@ -18,7 +18,7 @@ export default class LDAP {
       idle_timeout: this.constructor.settings_get('LDAP_IDLE_TIMEOUT'),
       encryption: this.constructor.settings_get('LDAP_ENCRYPTION'),
       ca_cert: this.constructor.settings_get('LDAP_CA_CERT'),
-      reject_unauthorized: this.constructor.settings_get('LDAP_REJECT_UNAUTHORIZED') || false,
+      reject_unauthorized: this.constructor.settings_get('LDAP_REJECT_UNAUTHORIZED') || true,
       Authentication: this.constructor.settings_get('LDAP_AUTHENTIFICATION'),
       Authentication_UserDN: this.constructor.settings_get('LDAP_AUTHENTIFICATION_USERDN'),
       Authentication_Password: this.constructor.settings_get('LDAP_AUTHENTIFICATION_PASSWORD'),