https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25512 Bug ID: 25512 Summary: Add support for LDAPS Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: magnus@libriotech.no QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Salvaging this from bug 8993: I'm an LDAP noob, but working with a customer I have managed to get LDAPS working, by changing line 114 of C4/Auth_with_ldap.pm from this: my $db = Net::LDAP->new(\@hosts); to this: my $db = Net::LDAP->new(\@hosts, version => 3, scheme => 'ldaps', port => 123, capath => '/usr/ssl/certs'); Does that look like something that might be useful to others? Maybe all the options to Net::LDAP->new should be made configurable? https://metacpan.org/pod/Net::LDAP The comments in C4::Auth_with_ldap describes how to configure LDAP, including mappings etc. Maybe this configuration could be extended with an "options" element to something like this: <config> ... <useldapserver>1</useldapserver> <!-- LDAP SERVER (optional) --> <ldapserver id="ldapserver"> <hostname>localhost</hostname> <base>dc=metavore,dc=com</base> <user>cn=Manager,dc=metavore,dc=com</user> <!-- DN, if not anonymous --> <pass>metavore</pass> <!-- password, if not anonymous --> <options> <scheme>...</scheme> <keepalive>...</keepalive> <timeout>...</timeout> etc... </options> ... <mapping> ... </mapping> </ldapserver> </config> So that we can iterate over the elements inside <options>, and use them to make a hash with element names as keys and element content as values, and then pass this to Net::LDAP->new? Bug 5406 is similar to this, but was marked CLOSED INVALID, because you can specify <hostname>ldaps://ldap.example.com</hostname> to get LDAPS. But I still think you might need to ble able to specify things like cafile or capath? Opinions most welcome! -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.