[Koha-bugs] [Bug 25512] New: Add support for LDAPS
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri May 15 14:59:07 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25512
Bug ID: 25512
Summary: Add support for LDAPS
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: magnus at libriotech.no
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
Salvaging this from bug 8993:
I'm an LDAP noob, but working with a customer I have managed to get LDAPS
working, by changing line 114 of C4/Auth_with_ldap.pm from this:
my $db = Net::LDAP->new(\@hosts);
to this:
my $db = Net::LDAP->new(\@hosts, version => 3, scheme => 'ldaps', port =>
123, capath => '/usr/ssl/certs');
Does that look like something that might be useful to others?
Maybe all the options to Net::LDAP->new should be made configurable?
https://metacpan.org/pod/Net::LDAP
The comments in C4::Auth_with_ldap describes how to configure LDAP, including
mappings etc. Maybe this configuration could be extended with an "options"
element to something like this:
<config>
...
<useldapserver>1</useldapserver>
<!-- LDAP SERVER (optional) -->
<ldapserver id="ldapserver">
<hostname>localhost</hostname>
<base>dc=metavore,dc=com</base>
<user>cn=Manager,dc=metavore,dc=com</user> <!-- DN, if not
anonymous -->
<pass>metavore</pass> <!-- password, if not anonymous -->
<options>
<scheme>...</scheme>
<keepalive>...</keepalive>
<timeout>...</timeout>
etc...
</options>
...
<mapping>
...
</mapping>
</ldapserver>
</config>
So that we can iterate over the elements inside <options>, and use them to make
a hash with element names as keys and element content as values, and then pass
this to Net::LDAP->new?
Bug 5406 is similar to this, but was marked CLOSED INVALID, because you can
specify <hostname>ldaps://ldap.example.com</hostname> to get LDAPS. But I still
think you might need to ble able to specify things like cafile or capath?
Opinions most welcome!
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list