[Koha-bugs] [Bug 25512] New: Add support for LDAPS

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri May 15 14:59:07 CEST 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25512

            Bug ID: 25512
           Summary: Add support for LDAPS
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: magnus at libriotech.no
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

Salvaging this from bug 8993:

I'm an LDAP noob, but working with a customer I have managed to get LDAPS
working, by changing line 114 of C4/Auth_with_ldap.pm from this:

  my $db = Net::LDAP->new(\@hosts);

to this:

  my $db = Net::LDAP->new(\@hosts, version => 3, scheme => 'ldaps', port =>
123, capath => '/usr/ssl/certs');

Does that look like something that might be useful to others? 

Maybe all the options to Net::LDAP->new should be made configurable? 
https://metacpan.org/pod/Net::LDAP

The comments in C4::Auth_with_ldap describes how to configure LDAP, including
mappings etc. Maybe this configuration could be extended with an "options"
element to something like this:

 <config>
  ...
  <useldapserver>1</useldapserver>
  <!-- LDAP SERVER (optional) -->
  <ldapserver id="ldapserver">
    <hostname>localhost</hostname>
    <base>dc=metavore,dc=com</base>
    <user>cn=Manager,dc=metavore,dc=com</user>             <!-- DN, if not
anonymous -->
    <pass>metavore</pass>          <!-- password, if not anonymous -->
    <options>
      <scheme>...</scheme>
      <keepalive>...</keepalive>
      <timeout>...</timeout>
      etc...
    </options>
    ...
    <mapping>
       ...
    </mapping> 
  </ldapserver> 
 </config>

So that we can iterate over the elements inside <options>, and use them to make
a hash with element names as keys and element content as values, and then pass
this to Net::LDAP->new?

Bug 5406 is similar to this, but was marked CLOSED INVALID, because you can
specify <hostname>ldaps://ldap.example.com</hostname> to get LDAPS. But I still
think you might need to ble able to specify things like cafile or capath? 

Opinions most welcome!

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.

More information about the Koha-bugs mailing list