diff -urN ../2.6.4+0.orig/src/backend/imap/config.php ./src/backend/imap/config.php --- ../2.6.4+0.orig/src/backend/imap/config.php 2021-06-25 11:55:30.000000000 +0300 +++ ./src/backend/imap/config.php 2023-06-18 21:49:00.614076000 +0300 @@ -150,6 +150,7 @@ // FIELDS: columns in the query // FROM: string that will be the from, replacing the field names with the values define('IMAP_FROM_LDAP_SERVER_URI', 'ldap://127.0.0.1:389/'); +//define('IMAP_FROM_LDAP_START_TLS', true); define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org'); define('IMAP_FROM_LDAP_PASSWORD', 'password'); define('IMAP_FROM_LDAP_BASE', 'dc=zpush,dc=org'); diff -urN ../2.6.4+0.orig/src/backend/imap/user_identity.php ./src/backend/imap/user_identity.php --- ../2.6.4+0.orig/src/backend/imap/user_identity.php 2021-06-25 11:55:30.000000000 +0300 +++ ./src/backend/imap/user_identity.php 2023-06-18 21:52:50.037496000 +0300 @@ -138,6 +138,26 @@ ZLog::Write(LOGLEVEL_DEBUG, sprintf("BackendIMAP->getIdentityFromLdap() - Connected to LDAP")); ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0); + + if (defined('IMAP_FROM_LDAP_START_TLS') and (IMAP_FROM_LDAP_START_TLS === true)) { + ZLog::Write(LOGLEVEL_DEBUG, "BackendIMAP->getIdentityFromLdap() - Try to start TLS"); + if (! @ldap_start_tls($ldap_conn)) { + $ldap_errno = ldap_errno($ldap_conn); + $ldap_error = ldap_error($ldap_conn); + $ldap_conn = false; + $message = sprintf( + "BackendIMAP->getIdentityFromLdap() - Could not start TLS session with LDAP server %s (error %d: %s)", + IMAP_FROM_LDAP_SERVER_URI, $ldap_errno, $ldap_error + ); + if (defined('IMAP_FROM_LDAP_SERVICE_UNAVAILABLE_ON_ERROR') and (IMAP_FROM_LDAP_SERVICE_UNAVAILABLE_ON_ERROR === true)) { + ZLog::Write(LOGLEVEL_WARN, $message); + $ret_value = ''; + } else { + ZLog::Write(LOGLEVEL_DEBUG, $message); + } + } + } + $ldap_bind = ldap_bind($ldap_conn, IMAP_FROM_LDAP_USER, IMAP_FROM_LDAP_PASSWORD); if ($ldap_bind) {