core: LDAP SSL authentication broken

Hi @fabianfrz ,

thanks for your great work on the NGINX plugin and the integration of the Advanced Authentication through the available back-ends. After struggling for hours and debugging I give up now and open this issue so someone with more brain power and knowledge in OPNSense can hopefully do the last steps.

I have an LDAP backend for authentication using SSL. The error message from ldap_bind is error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate) When I test the authentication through diag_authentication.php everything works fine. After digging around in diag_authentication.php I saw some magic:

       // temporary fix, ldap handler doesn't do this init yet
       ldap_setup_caenv($auth_cfg);

I gave my best to incorporate this inside ngx_auth.php but still no luck. The error remains.

function password_auth_test($username, $password, $auth_server)
{
    $auth_cfg = auth_get_authserver($auth_server);
    if ($auth_cfg['type'] == 'ldap' || $auth_cfg['type'] == 'ldap-totp') {
        // temporary fix, ldap handler doesn't do this init yet
        ldap_setup_caenv($auth_cfg);
    }

    $authFactory = new OPNsense\Auth\AuthenticationFactory;
    $authenticator = $authFactory->get($auth_server);

    return $authenticator->authenticate($username, $password);
}

I hope you have a clue how to get this working.

Thanks and best regards Ingo