From d51a719f2fdbe9a21fb02f2aa3ab4f36087a9c46 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 8 Dec 2015 16:08:27 -0800
Subject: [PATCH] GUAC-1406: Explicitly call startTLS() if STARTTLS is enabled.

---
 .../guacamole/auth/ldap/LDAPConnectionService.java        | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/LDAPConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/LDAPConnectionService.java
index 18b06b749..27f3edd3d 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/LDAPConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/LDAPConnectionService.java
@@ -116,12 +116,18 @@ public class LDAPConnectionService {
         // Obtain appropriately-configured LDAPConnection instance
         LDAPConnection ldapConnection = createLDAPConnection();
 
-        // Connect to LDAP server
         try {
+
+            // Connect to LDAP server
             ldapConnection.connect(
                 confService.getServerHostname(),
                 confService.getServerPort()
             );
+
+            // Explicitly start TLS if requested
+            if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS)
+                ldapConnection.startTLS();
+
         }
         catch (LDAPException e) {
             logger.error("Unable to connect to LDAP server: {}", e.getMessage());