Fix LDAPS connection and LDAP login

app/login.py

@@ -69,13 +69,25 @@ def check_in_ldap(user, password):
 	server = sql.get_setting('ldap_server')
 	port = sql.get_setting('ldap_port')
 	ldap_class_search = sql.get_setting('ldap_class_search')
+	root_user = sql.get_setting('ldap_user')
+	root_password = sql.get_setting('ldap_password')
+	ldap_base = sql.get_setting('ldap_base')
+	domain = sql.get_setting('ldap_domain')
+	ldap_search_field = sql.get_setting('ldap_search_field')
+	ldap_user_attribute = sql.get_setting('ldap_user_attribute')
 	
-	l = ldap.initialize("ldap://"+server+':'+port)
+	l = ldap.initialize(server+':'+port)
 	try:
 		l.protocol_version = ldap.VERSION3
 		l.set_option(ldap.OPT_REFERRALS, 0)
 
-		bind = l.simple_bind_s(ldap_class_search+'='+user, password)
+		bind = l.simple_bind_s(root_user, root_password)
+
+		criteria = "(&(objectClass="+ldap_class_search+")("+ldap_user_attribute+"="+user+"))"
+		attributes = [ldap_search_field]
+		result = l.search_s(ldap_base, ldap.SCOPE_SUBTREE, criteria, attributes)
+
+		bind = l.simple_bind_s(result[0][0], password)
 	except ldap.INVALID_CREDENTIALS:
 		print("Content-type: text/html\n")	
 		print('<center><div class="alert alert-danger">Invalid credentials</div><br /><br />')

app/options.py

@@ -893,7 +893,7 @@ if form.getvalue('get_ldap_email'):
 	ldap_class_search = sql.get_setting('ldap_class_search')
 	ldap_user_attribute = sql.get_setting('ldap_user_attribute')
 
-	l = ldap.initialize("ldap://"+server+':'+port)
+	l = ldap.initialize(server+':'+port)
 	try:
 		l.protocol_version = ldap.VERSION3
 		l.set_option(ldap.OPT_REFERRALS, 0)