@xperseguers @sbusemann I think using putenv is suboptimal, since it modifies process global state and could effect other PHP code or shell commands that use OpenLDAP.
What about using ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); instead (requires PHP 7.1+)?
That way it would also be possible to make this setting per connection instead of global.
I'm also thinking about proposing a similar feature with ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "/path/to/ad-ca.pem");, which I'm currently setting via putenv('LDAPTLS_CACERT=/path/to/ad-ca.pem'); from AdditionalConfiguration.php, but also should be a per connection setting.
@xperseguers @sbusemann I think using putenv is suboptimal, since it modifies process global state and could effect other PHP code or shell commands that use OpenLDAP.
What about using
ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
instead (requires PHP 7.1+)?That way it would also be possible to make this setting per connection instead of global.
I'm also thinking about proposing a similar feature with
ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, "/path/to/ad-ca.pem");
, which I'm currently setting viaputenv('LDAPTLS_CACERT=/path/to/ad-ca.pem');
fromAdditionalConfiguration.php
, but also should be a per connection setting.