Can we get support for LDAP SSL? It really shouldnt be that hard. Little flag for ldap:// to ldaps:// on the connection string. Little check box or radio button will do on the ui side.

Comments

roball’s picture

roball commented

What about the "Use Start-TLS" checkbox at admin/settings/ldap/ldapauth/edit/1 ?

kwhat’s picture

kwhat commented

"Please note there is a difference between ldaps and start-TLS for ldap. start-TLS uses port 389, while ldaps uses port 636. ldaps has been deprecated in favour of start-TLS for ldap. Both encrypted (start-TLS ldap) and unencrypted ldap (ldap) run on port 389 concurrently."

http://us.php.net/manual/en/function.ldap-start-tls.php

roball’s picture

roball commented

Then just try to set

LDAP Server: ldaps://your.hostname.tld/
LDAP Port: 636

I am using ldapi:// so I don't need neither encryption nor a TCP port.

See http://php.net/manual/en/function.ldap-connect.php

Ariesto’s picture

Ariesto commented

How hard is it to set up LDAP start TLS? Right now we use unencrypted ldap on campus (an IP domain) Would there be a disadvantage to allowing off-campus access through a secure LDAP Start TLS connection? Oh, and does having start TLS enabled affect current systems that use unencrypted connections?

miglius’s picture

miglius commented
Component: Code » Documentation
Category: feature » support
cgmonroe’s picture

cgmonroe commented
Status: Active » Closed (fixed)

Added line to documentation about using ldaps:// format.