Potential fix for #1320:

[jacobwod]

• See discussion in Getting map config for restricted map can sometimes fail and return [ERROR] service.auth.v2 - read ECONNRESET #1320
• I made all the new options configurable in .env. This should allow us to have unchanged production environments and only configure the desired parts in .env.
• The new options in .env default to everything (new from this issue) turned off, except for the reconnect flag being set to true. I think it's a sane default for most situations.

Closes #1320

[sweco-semara]

Sensible defaults. New env template contains the most reasonable/recommended settings for LDAPS in production, but backwards compatible if using a current env = expect no impact on any existing working set-up. But the added potential improvement for others, when using the new env template. Useful with log tracing of options, but no security risk due to sensible information leakage since the output is obfuscated first. Looks very good! 👍

[jacobwod]

Thanks @sweco-semara, I'll merge this into develop.

Regarding the problems you're running into @ingvar-uddevalla: are you/your contractors able to create a new build using develop, or do you have to wait until the next release to try this out?

(We could, optionally try to do a hot fix to master too but I won't be able to test it as we have moved on and our production environment requires some new stuff that only exist in develop. That would require someone else's expertise with testing and you still need to be able to create a build from a branch manually, so perhaps there's little to win. But it's an option, should you prefer that.)

[ingvar-uddevalla]

Is this "new" .env file available in the Hajk 3.12 rc2 package? And does this mean that the problems with LDAPS in issue #1320 could be solved? (I can see that this issue #1337 has cooments from May, i.e before we really begun to discuss these problems). However, it would be good to know because we're about to "go sharp" in a month and are not allowed to use our uncrypted "LDAP-solution" then. Our IT-department will require LDAPS. Otherwise we have to reduce the information (i.e not show secret data) or let our IIS handle the securitygroups in some way.

[jacobwod]

@ingvar-uddevalla I'm not sure what's in specific package, but you are probably using a highly customized .env at this point anyway. So the simples way would be adding the new keys to your .env. See changed files for a diff that clearly shows what's added: https://github.com/hajkmap/Hajk/pull/1337/files.