🚀 feat: Add support for LDAP STARTTLS in LDAP Auth (#6438)

.env.example

@@ -444,6 +444,7 @@ LDAP_USER_SEARCH_BASE=
 LDAP_SEARCH_FILTER=mail={{username}}
 LDAP_CA_CERT_PATH=
 # LDAP_TLS_REJECT_UNAUTHORIZED=
+# LDAP_STARTTLS=
 # LDAP_LOGIN_USES_USERNAME=true
 # LDAP_ID=
 # LDAP_USERNAME=

api/strategies/ldapStrategy.js

@@ -18,6 +18,7 @@ const {
   LDAP_USERNAME,
   LDAP_EMAIL,
   LDAP_TLS_REJECT_UNAUTHORIZED,
+  LDAP_STARTTLS,
 } = process.env;
 
 // Check required environment variables
@@ -50,6 +51,7 @@ if (LDAP_EMAIL) {
   searchAttributes.push(LDAP_EMAIL);
 }
 const rejectUnauthorized = isEnabled(LDAP_TLS_REJECT_UNAUTHORIZED);
+const startTLS = isEnabled(LDAP_STARTTLS);
 
 const ldapOptions = {
   server: {
@@ -72,6 +74,7 @@ const ldapOptions = {
         })(),
       },
     }),
+    ...(startTLS && { starttls: true }),
   },
   usernameField: 'email',
   passwordField: 'password',