Closed (fixed)
Project:
LDAP integration
Version:
6.x-1.x-dev
Component:
Documentation
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
26 Feb 2009 at 01:00 UTC
Updated:
30 Mar 2012 at 17:39 UTC
Can we get support for LDAP SSL? It really shouldnt be that hard. Little flag for ldap:// to ldaps:// on the connection string. Little check box or radio button will do on the ui side.
Comments
Comment #1
roball commentedWhat about the "Use Start-TLS" checkbox at admin/settings/ldap/ldapauth/edit/1 ?
Comment #2
kwhat commented"Please note there is a difference between ldaps and start-TLS for ldap. start-TLS uses port 389, while ldaps uses port 636. ldaps has been deprecated in favour of start-TLS for ldap. Both encrypted (start-TLS ldap) and unencrypted ldap (ldap) run on port 389 concurrently."
http://us.php.net/manual/en/function.ldap-start-tls.php
Comment #3
roball commentedThen just try to set
I am using ldapi:// so I don't need neither encryption nor a TCP port.
See http://php.net/manual/en/function.ldap-connect.php
Comment #4
Ariesto commentedHow hard is it to set up LDAP start TLS? Right now we use unencrypted ldap on campus (an IP domain) Would there be a disadvantage to allowing off-campus access through a secure LDAP Start TLS connection? Oh, and does having start TLS enabled affect current systems that use unencrypted connections?
Comment #5
miglius commentedComment #6
cgmonroe commentedAdded line to documentation about using ldaps:// format.