From 256cbc2de59f09e9da6a2c1ff147ff75f7bb99e8 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Tue, 7 Oct 2025 20:20:54 +0200
Subject: [PATCH] Revert "fix(LDAP): use ldap_set_option over putenv to disable
 cert check"

---
 apps/user_ldap/lib/Connection.php | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index 336179ac34163..f265c74fe62f8 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -625,6 +625,19 @@ private function establishConnection(): ?bool {
 
 				return false;
 			}
+			if ($this->configuration->turnOffCertCheck) {
+				if (putenv('LDAPTLS_REQCERT=never')) {
+					$this->logger->debug(
+						'Turned off SSL certificate validation successfully.',
+						['app' => 'user_ldap']
+					);
+				} else {
+					$this->logger->warning(
+						'Could not turn off SSL certificate validation.',
+						['app' => 'user_ldap']
+					);
+				}
+			}
 
 			$hasBackupHost = (trim($this->configuration->ldapBackupHost ?? '') !== '');
 			$hasBackgroundHost = (trim($this->configuration->ldapBackgroundHost ?? '') !== '');
@@ -703,20 +716,6 @@ private function doConnect($host, $port): bool {
 		}
 
 		if ($this->configuration->ldapTLS) {
-			if ($this->configuration->turnOffCertCheck) {
-				if ($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER)) {
-					$this->logger->debug(
-						'Turned off SSL certificate validation successfully.',
-						['app' => 'user_ldap']
-					);
-				} else {
-					$this->logger->warning(
-						'Could not turn off SSL certificate validation.',
-						['app' => 'user_ldap']
-					);
-				}
-			}
-
 			if (!$this->ldap->startTls($this->ldapConnectionRes)) {
 				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');
 			}