Index: core/src/main/java/com/xpn/xwiki/user/impl/LDAP/LDAPAuthServiceImpl.java
===================================================================
--- core/src/main/java/com/xpn/xwiki/user/impl/LDAP/LDAPAuthServiceImpl.java	(révision 2024)
+++ core/src/main/java/com/xpn/xwiki/user/impl/LDAP/LDAPAuthServiceImpl.java	(copie de travail)
@@ -36,6 +36,7 @@
 
 import java.io.UnsupportedEncodingException;
 import java.security.Principal;
+import java.security.Security;
 import java.text.MessageFormat;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -271,11 +272,18 @@
     }
 
     protected boolean checkUserPassword(String username, String password, HashMap attributes, XWikiContext context) throws XWikiException {
-        LDAPConnection lc = new LDAPConnection();
         boolean result = false;
         boolean notinLDAP = false;
         String foundDN = null;
 
+        if ("1".equals(getParam("ldap_ssl", context))) {
+        	Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+        	LDAPSocketFactory ssf;
+        	ssf = new LDAPJSSESecureSocketFactory();
+        	LDAPConnection.setSocketFactory(ssf);
+        }
+        LDAPConnection lc = new LDAPConnection();
+        
         try {
             if (log.isDebugEnabled())
                 log.debug("LDAP Password check for user " + username);
@@ -299,7 +307,6 @@
 
             String baseDN = getParam("ldap_base_DN", context);
 
-
             lc.connect(ldapHost, ldapPort);
 
             if (log.isDebugEnabled())
@@ -458,9 +465,17 @@
     }
 
     protected boolean checkDNPassword(String DN, String username, String password, XWikiContext context) throws XWikiException {
-        LDAPConnection lc = new LDAPConnection();
         boolean result = false;
         boolean notinLDAP = false;
+
+        if ("1".equals(getParam("ldap_ssl", context))) {
+        	Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+        	LDAPSocketFactory ssf;
+        	ssf = new LDAPJSSESecureSocketFactory();
+        	LDAPConnection.setSocketFactory(ssf);
+        }
+        LDAPConnection lc = new LDAPConnection();
+        
         try {
 
             int ldapPort = getLDAPPort(context);
@@ -515,6 +530,7 @@
 
         if (bindDN != null && bindDN.length() > 0 && bindPassword != null) {
             try {
+            	
                 lc.bind(ldapVersion, bindDN, bindPassword.getBytes("UTF8"));
                 bound = true;
 
Index: web/standard/src/main/webapp/WEB-INF/xwiki.cfg
===================================================================
--- web/standard/src/main/webapp/WEB-INF/xwiki.cfg	(révision 2024)
+++ web/standard/src/main/webapp/WEB-INF/xwiki.cfg	(copie de travail)
@@ -71,6 +71,7 @@
 xwiki.authentication.ldap.bind_pass={1}
 xwiki.authentication.ldap.UID_attr=sAMAccountName
 xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn
+xwiki.authentication.ldap.ssl=0
 
 xwiki.authentication.unauthorized_code=200