chaoos
commented
3 years ago Hi Soeren
I will look into this, but if you want to enable LDAP with SSL, please refer to the documentation https://glados-doc.readthedocs.io/en/latest/howtos/ldap-ssl.html. Following the manual will integrate a "full" tls connection, not as with start tls, where the initial handshake is plain text as of my mind. Yes, the drawback is that you have to manually put certificates into some directory of the glados server, but this should be doable I think. The configuration effort on the AD/Samba-side I don't know. However, I highly recommend that you use SSL.
Kind Regards Roman
The LDAP/AD authentication provider should support starttls for easier integration in domain controllers using Samba Active Directory. Using samba you have to manually enable tls with certificates in the configuration and plain text authentication using "ldap" is justifiably disabled by default. For this use case starttls should be supported.
It's enough to set
ldap_start_tls($this->connection)here when a checkbox is checked in the frontend: https://github.com/imedias/glados/blob/master/components/AuthGenericLdap.php#L859