Added server cert verification for LDAP requests (#3010)

app/controllers/sessions_controller.rb

@@ -142,12 +142,7 @@ flash: { alert: I18n.t("registration.insecure_password") } unless user.secure_pa
     ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
     ldap_config[:password] = ENV['LDAP_PASSWORD']
     ldap_config[:auth_method] = ENV['LDAP_AUTH']
-    ldap_config[:encryption] = case ENV['LDAP_METHOD']
-                               when 'ssl'
-                                    'simple_tls'
-                                when 'tls'
-                                    'start_tls'
-                                end
+    ldap_config[:encryption] = ldap_encryption
     ldap_config[:base] = ENV['LDAP_BASE']
     ldap_config[:filter] = ENV['LDAP_FILTER']
     ldap_config[:uid] = ENV['LDAP_UID']
@@ -277,4 +272,18 @@ flash: { alert: I18n.t("registration.insecure_password") } unless user.secure_pa
     # Set the user's social id to the one being returned from auth
     user.update_attribute(:social_uid, @auth['uid'])
   end
+
+  def ldap_encryption
+    encryption_method = case ENV['LDAP_METHOD']
+      when 'ssl'
+        'simple_tls'
+      when 'tls'
+        'start_tls'
+      end
+
+    {
+      method: encryption_method,
+      tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS
+    }
+  end
 end