search

xperseguers / t3ext-ig_ldap_sso_auth

TYPO3 Extension ig_ldap_sso_auth. This extension provides LDAP and SSO support for TYPO3.
https://extensions.typo3.org/extension/ig_ldap_sso_auth
27 stars 64 forks source link

[FEATURE] Add configuration option for LDAPTLS_REQCERT #75

Closed sbusemann closed 4 years ago

felixbuenemann commented 4 years ago

@xperseguers @sbusemann I think using putenv is suboptimal, since it modifies process global state and could effect other PHP code or shell commands that use OpenLDAP.

What about using ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); instead (requires PHP 7.1+)?

That way it would also be possible to make this setting per connection instead of global.

I'm also thinking about proposing a similar feature with ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "/path/to/ad-ca.pem");, which I'm currently setting via putenv('LDAPTLS_CACERT=/path/to/ad-ca.pem'); from AdditionalConfiguration.php, but also should be a per connection setting.

felixbuenemann commented 4 years ago

Small correction, LDAP_OPT_X_TLS_REQUIRE_CERT is php 7.0.5+, while LDAP_OPT_X_TLS_CACERTFILE is php 7.1.0+. See: ldap_set_option reference

xperseguers commented 4 years ago

We require PHP 7.2 anyway...