LDAP: Cleanup unused parameters #1329
Conversation
Signed-off-by: Silvio Gissi <silvio@gissilabs.com>
|
Hi @b90g, good point about documentation, I noticed that in #1319. LDAP is listed as "Beta" in the documentation. Once Marcel and team considers it stable, I'll be happy to propose a PR for the docs. The unused parameters ended up like that as LDAP implementation changed over time:
The idea behind the cleanup was exactly to avoid luring users into setting things that have no effect. Please let me know if you caught any issues as a result of the clean-up and I will propose a fix. |
|
Thanks for the quick reply. I see. My understanding of LDAP is very little and i was relying on the concept of a bind authentication user to much. (nextcloud, zammad, wekan..) I will try to understand the config where in the user authenticates against ldap directly. |
|
No worries, I spent quite some time in the code to figure them out. The only call to ldap_bind comes from the LDAP Service class, in the bind function. The two places that I have found calls the LDAP Service bind function are:
I hope I didn't miss anything in the search! |
|
UTC+1 and tired: I notice the default ldap client config requires valid certificates. Maybe an option to override the invalid certificate would help? not sure if this applies |
|
That is a great catch @b90g. Actually the way we use ldap_connect is passing host and port, that ends up with only unencrypted connections and is deprecated. The correct way is to pass the URL (ldap://host:port or ldaps://host:port). Besides that, if you are using a self-signed certificate, you will have to point to a copy of the public CA file (https://www.php.net/manual/en/ldap.constants.php#constant.ldap-opt-x-tls-cacertfile). Do you mind opening a new issue to track that feature request? This PR is closed and will not have the right visibility. |
Removes LDAP parameters from configuration that are unused and could mislead users.
Signed-off-by: Silvio Gissi silvio@gissilabs.com