tvdijen
commented
2 years ago Hi @precurse ! I've just released v2.0.0-rc1 of this module which is a complete rewrite. It's based on symfony/ldap and allows you to pass connection options supported by the symfony package.. I think what you would need is this, am I right? You should now be able to pass them in the options array of the ldap-authsource.
If this is indeed what you're after, I invite you to run a few tests with this module. You have to use SSP v2.0.0-beta.8 + v2.0.0-rc1 of this module. Your feedback is highly appreciated.
precurse
Google announced their LDAP service: https://support.google.com/cloudidentity/answer/9089736 and we wanted to see if we could get it working for our users.
However, it requires a client certificate to authenticate to the server, which SimpleSAMLphp doesn't support: https://simplesamlphp.org/docs/stable/ldap:ldap . It seems to only support username/password for client authentication.
It would be nice to be able to support client cert/key for authentication in addition to username/password. OpenLDAP supports it using TLS_CERT and TLS_KEY.
It seems that support for this may have only come into PHP in version 7.1: http://php.net/manual/en/function.ldap-set-option.php