Anonymous Login
2019-07-21 09:56 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001008Pending RequestsCore Infrastructurepublic2014-08-16 18:17
Reportermacavity 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0001008: TLS/SASL support for LDAP connectivity
DescriptionIt's not secure (and against many companies security policies) to interact with LDAP or AD servers using plain text authentication (well, usually it's even disabled on LDAP server, and AD uses Kerberos by default).

This is feature request to enable TLS/SASL support for any LDAP operations, W2P does.
TLS support is simple - just need to use ldap_start_tls, like described here: http://www.php.net/manual/en/function.ldap-start-tls.php

and SASL is little more complicated - http://www.php.net/manual/en/function.ldap-sasl-bind.php

Note: it's recommended to set "TLS_REQCERT" to "never" in ldap.conf file, to avoid issues with self-signed TLS certificates (Or copy CA file so LDAP client will know it).
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0002288

caseydk (administrator)

Could you write a patch to include it in the connection string? I can take care of merging it with core.

I can't do it because I don't have an LDAP that requires TLS/SASL.

Thanks

~0002290

macavity (reporter)

Ok, I will do it, as soon as will have a time. Most likely next week.
+Notes

-Issue History
Date Modified Username Field Change
2011-11-10 11:53 macavity New Issue
2011-11-12 17:06 caseydk Note Added: 0002288
2011-11-13 20:54 macavity Note Added: 0002290
2011-12-11 17:51 caseydk Project v3.0 Release => Pending Requests
2014-08-16 18:17 caseydk Category General => Core Infrastructure
+Issue History