MantisBT - Pending Requests
View Issue Details
0001008Pending RequestsCore Infrastructurepublic2011-11-10 11:532014-08-16 18:17
Reportermacavity 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001008: TLS/SASL support for LDAP connectivity
DescriptionIt's not secure (and against many companies security policies) to interact with LDAP or AD servers using plain text authentication (well, usually it's even disabled on LDAP server, and AD uses Kerberos by default).

This is feature request to enable TLS/SASL support for any LDAP operations, W2P does.
TLS support is simple - just need to use ldap_start_tls, like described here: http://www.php.net/manual/en/function.ldap-start-tls.php

and SASL is little more complicated - http://www.php.net/manual/en/function.ldap-sasl-bind.php

Note: it's recommended to set "TLS_REQCERT" to "never" in ldap.conf file, to avoid issues with self-signed TLS certificates (Or copy CA file so LDAP client will know it).
TagsNo tags attached.
Attached Files

Notes
(0002288)
caseydk   
2011-11-12 17:06   
Could you write a patch to include it in the connection string? I can take care of merging it with core.

I can't do it because I don't have an LDAP that requires TLS/SASL.

Thanks
(0002290)
macavity   
2011-11-13 20:54   
Ok, I will do it, as soon as will have a time. Most likely next week.

Issue History
2011-11-10 11:53macavityNew Issue
2011-11-12 17:06caseydkNote Added: 0002288
2011-11-13 20:54macavityNote Added: 0002290
2011-12-11 17:51caseydkProjectv3.0 Release => Pending Requests
2014-08-16 18:17caseydkCategoryGeneral => Core Infrastructure