Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: 1.5.2, 2.3.2
    • Fix Version/s: 2.5
    • Component/s: Authentication
    • Labels:
    • Environment:
      All
    • Testing Instructions:
      Hide
      1. Configure your LDAP server to use TLS (not LDAP + SSL). Also configure the client libraries (in the server where Moodle runs) to recognize the LDAP server certificate as valid (or to skip the cert validation process completely).
      2. Try to login as a regular user. It should work as expected. Log out.
      3. Run auth/cli/sync_users.php. It should work as expected again.
      4. Log in as admin.
      5. Go to LDAP authentication plugin settings and set TLS to 'No'. Save the settings. Log out.
      6. Try to login as a regular user. It should work as expected again. Log out.
      7. Run auth/cli/sync_users.php. It should work as expected again.
      8. Log in as admin.
      9. Go to LDAP authentication plugin settings and set TLS to 'Yes'. Save the settings. Log out.
      10. Try to login as a regular user. It should work as expected again. Log out.
      11. Run auth/cli/sync_users.php. It should work as expected again.
      Show
      Configure your LDAP server to use TLS ( not LDAP + SSL). Also configure the client libraries (in the server where Moodle runs) to recognize the LDAP server certificate as valid (or to skip the cert validation process completely). Try to login as a regular user. It should work as expected. Log out. Run auth/cli/sync_users.php. It should work as expected again. Log in as admin. Go to LDAP authentication plugin settings and set TLS to 'No'. Save the settings. Log out. Try to login as a regular user. It should work as expected again. Log out. Run auth/cli/sync_users.php. It should work as expected again. Log in as admin. Go to LDAP authentication plugin settings and set TLS to 'Yes'. Save the settings. Log out. Try to login as a regular user. It should work as expected again. Log out. Run auth/cli/sync_users.php. It should work as expected again.
    • Affected Branches:
      MOODLE_15_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      wip_master_mdl-3941_add_support_for_LDAP_TLS
    • Rank:
      6782

      Description

      Hello,

      I realized that the moodle ldap authentification classe doesn't carry on with tls, so I added for my personnal use the query to ldap_start_tls(<ldap_connect_ressource>);

      GG

      1. ldap_tls-1.8.patch
        5 kB
        Chris Bandy
      2. ldap_tls-1.9.patch
        5 kB
        Chris Bandy

        Issue Links

          Activity

          Hide
          Chris Bandy added a comment -

          Patches to add configuration and use of TLS. Two minor cleanups along the way. Language strings could perhaps be better.

          Show
          Chris Bandy added a comment - Patches to add configuration and use of TLS. Two minor cleanups along the way. Language strings could perhaps be better.
          Hide
          Adrian Bridgett added a comment -

          (just reading the patch) - it seems to remove host_url - I wonder if that's intentional

          this also needs similar actions in auth/cas/auth.php and enrol/ldap/enrol.php

          Show
          Adrian Bridgett added a comment - (just reading the patch) - it seems to remove host_url - I wonder if that's intentional this also needs similar actions in auth/cas/auth.php and enrol/ldap/enrol.php
          Hide
          Detlef Anschlag added a comment -

          The ldap_tls-1.9.patch isn't applicable (Hunk #1 FAILED at 57.) to Version 1.9.10+.

          Show
          Detlef Anschlag added a comment - The ldap_tls-1.9.patch isn't applicable (Hunk #1 FAILED at 57.) to Version 1.9.10+.
          Hide
          Dan Poltawski added a comment -

          Integrated to master only, thanks Iñaki!

          Show
          Dan Poltawski added a comment - Integrated to master only, thanks Iñaki!
          Hide
          Dan Poltawski added a comment -

          As we don't have the infrastructure to test this within todays timeframe and the issue only affects master we are deferring the testing to a MDLTEST-354.

          Show
          Dan Poltawski added a comment - As we don't have the infrastructure to test this within todays timeframe and the issue only affects master we are deferring the testing to a MDLTEST-354 .
          Hide
          Eloy Lafuente (stronk7) added a comment -

          And your fantastic code has met core, hope they become good friends for a long period.

          Closing, thanks!

          Show
          Eloy Lafuente (stronk7) added a comment - And your fantastic code has met core, hope they become good friends for a long period. Closing, thanks!
          Hide
          Mary Cooch added a comment -

          (Housekeeping)If anyone thinks this needs to be added to the user docs, please feel free to do so as I don't really understand LDAP enough to do it; otherwise I will remove the docs_required label.

          Show
          Mary Cooch added a comment - (Housekeeping)If anyone thinks this needs to be added to the user docs, please feel free to do so as I don't really understand LDAP enough to do it; otherwise I will remove the docs_required label.
          Hide
          Mary Cooch added a comment -

          Removing docs_required as nobody has expressed strong feelings otherwise.

          Show
          Mary Cooch added a comment - Removing docs_required as nobody has expressed strong feelings otherwise.

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: