Anonymous Login
2021-05-14 03:32 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001008Pending RequestsCore Infrastructurepublic2014-08-16 18:17
Assigned To 
Product Version 
Target VersionFixed in Version 
Summary0001008: TLS/SASL support for LDAP connectivity
DescriptionIt's not secure (and against many companies security policies) to interact with LDAP or AD servers using plain text authentication (well, usually it's even disabled on LDAP server, and AD uses Kerberos by default).

This is feature request to enable TLS/SASL support for any LDAP operations, W2P does.
TLS support is simple - just need to use ldap_start_tls, like described here:

and SASL is little more complicated -

Note: it's recommended to set "TLS_REQCERT" to "never" in ldap.conf file, to avoid issues with self-signed TLS certificates (Or copy CA file so LDAP client will know it).
TagsNo tags attached.
Attached Files




caseydk (administrator)

Could you write a patch to include it in the connection string? I can take care of merging it with core.

I can't do it because I don't have an LDAP that requires TLS/SASL.



macavity (reporter)

Ok, I will do it, as soon as will have a time. Most likely next week.

-Issue History
Date Modified Username Field Change
2011-11-10 11:53 macavity New Issue
2011-11-12 17:06 caseydk Note Added: 0002288
2011-11-13 20:54 macavity Note Added: 0002290
2011-12-11 17:51 caseydk Project v3.0 Release => Pending Requests
2014-08-16 18:17 caseydk Category General => Core Infrastructure
+Issue History