Closed ajibarra closed 1 year ago
Hi @ajibarra!
Do you think I am missing something on this approach? or you see an easier way to achieve the same?
Unfortunately, I'm not sure. I've never authenticated to an LDAP server using this mechanism before. In fact, I didn't even know it existed 😅
Do you find this feature useful? Is it something you would like us to contribute to the plugin?
I welcome all improvements to LdapRecord, as long as we can keep the API clean and easy to use. 🙏
Though due to my inexperience in this regard, you would have to do most of the heavy lifting here unfortunately.
Do you have any documentation you can link that I may read up on to see how this works? I have both an Active Directory and OpenLDAP server running locally on my machine that I can test with, if that helps.
hey @stevebauman,
We are still doing some research about it and setting up a local server to be able to test.
Here is the official openldap docs about SASL: https://www.openldap.org/doc/admin24/sasl.html
@ajibarra Ok sounds good! Thanks for the information 🙏
Hi @stevebauman ,
I am sorry for the delay on this but it has been hard to setup an AD with kerberos support properly and be able to connect.
I am curious because I see this on LdapInterface:
/**
* Binds to the current connection using the specified username and password.
* If sasl is true, the current connection is bound using SASL.
*
* @see http://php.net/manual/en/function.ldap-bind.php
*
* @param string $username
* @param string $password
*
* @return bool
*
* @throws LdapRecordException
*/
public function bind($username, $password);```
So it looks you already had this in mind 😄.
I think the easier way would be to add it there. I will prepare a PR so you can take a look and let me know.
Closing as this should be possible now in LdapRecord v3 🙏 .
Environment:
At Passbolt we want to be able to use a Keytab file to authenticate against the LDAP server. So I have defined the following steps to achieve it:
connection->bind
getConnection()
method we need to pass new Ldap object as second parameter toConnection
object if authentication is set to use Keytab. Otherwise keep current behavior.So my questions are:
Thank you!