|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001008||Pending Requests||Core Infrastructure||public||2011-11-10 11:53||2014-08-16 18:17|
|Target Version||Fixed in Version|
|Summary||0001008: TLS/SASL support for LDAP connectivity|
|Description||It's not secure (and against many companies security policies) to interact with LDAP or AD servers using plain text authentication (well, usually it's even disabled on LDAP server, and AD uses Kerberos by default).|
This is feature request to enable TLS/SASL support for any LDAP operations, W2P does.
TLS support is simple - just need to use ldap_start_tls, like described here: http://www.php.net/manual/en/function.ldap-start-tls.php
and SASL is little more complicated - http://www.php.net/manual/en/function.ldap-sasl-bind.php
Note: it's recommended to set "TLS_REQCERT" to "never" in ldap.conf file, to avoid issues with self-signed TLS certificates (Or copy CA file so LDAP client will know it).
|Tags||No tags attached.|
Could you write a patch to include it in the connection string? I can take care of merging it with core.
I can't do it because I don't have an LDAP that requires TLS/SASL.
|Ok, I will do it, as soon as will have a time. Most likely next week.|
|2011-11-10 11:53||macavity||New Issue|
|2011-11-12 17:06||caseydk||Note Added: 0002288|
|2011-11-13 20:54||macavity||Note Added: 0002290|
|2011-12-11 17:51||caseydk||Project||v3.0 Release => Pending Requests|
|2014-08-16 18:17||caseydk||Category||General => Core Infrastructure|