Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: 1.5.2, 2.3.2
    • Fix Version/s: 2.5
    • Component/s: Authentication
    • Labels:
    • Environment:
      All
    • Testing Instructions:
      Hide
      1. Configure your LDAP server to use TLS (not LDAP + SSL). Also configure the client libraries (in the server where Moodle runs) to recognize the LDAP server certificate as valid (or to skip the cert validation process completely).
      2. Try to login as a regular user. It should work as expected. Log out.
      3. Run auth/cli/sync_users.php. It should work as expected again.
      4. Log in as admin.
      5. Go to LDAP authentication plugin settings and set TLS to 'No'. Save the settings. Log out.
      6. Try to login as a regular user. It should work as expected again. Log out.
      7. Run auth/cli/sync_users.php. It should work as expected again.
      8. Log in as admin.
      9. Go to LDAP authentication plugin settings and set TLS to 'Yes'. Save the settings. Log out.
      10. Try to login as a regular user. It should work as expected again. Log out.
      11. Run auth/cli/sync_users.php. It should work as expected again.
      Show
      Configure your LDAP server to use TLS ( not LDAP + SSL). Also configure the client libraries (in the server where Moodle runs) to recognize the LDAP server certificate as valid (or to skip the cert validation process completely). Try to login as a regular user. It should work as expected. Log out. Run auth/cli/sync_users.php. It should work as expected again. Log in as admin. Go to LDAP authentication plugin settings and set TLS to 'No'. Save the settings. Log out. Try to login as a regular user. It should work as expected again. Log out. Run auth/cli/sync_users.php. It should work as expected again. Log in as admin. Go to LDAP authentication plugin settings and set TLS to 'Yes'. Save the settings. Log out. Try to login as a regular user. It should work as expected again. Log out. Run auth/cli/sync_users.php. It should work as expected again.
    • Affected Branches:
      MOODLE_15_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE
    • Pull Master Branch:
      wip_master_mdl-3941_add_support_for_LDAP_TLS

      Description

      Hello,

      I realized that the moodle ldap authentification classe doesn't carry on with tls, so I added for my personnal use the query to ldap_start_tls(<ldap_connect_ressource>);

      GG

        Gliffy Diagrams

        1. ldap_tls-1.8.patch
          5 kB
          Chris Bandy
        2. ldap_tls-1.9.patch
          5 kB
          Chris Bandy

          Issue Links

            Activity

            Hide
            Chris Bandy added a comment -

            Patches to add configuration and use of TLS. Two minor cleanups along the way. Language strings could perhaps be better.

            Show
            Chris Bandy added a comment - Patches to add configuration and use of TLS. Two minor cleanups along the way. Language strings could perhaps be better.
            Hide
            Adrian Bridgett added a comment -

            (just reading the patch) - it seems to remove host_url - I wonder if that's intentional

            this also needs similar actions in auth/cas/auth.php and enrol/ldap/enrol.php

            Show
            Adrian Bridgett added a comment - (just reading the patch) - it seems to remove host_url - I wonder if that's intentional this also needs similar actions in auth/cas/auth.php and enrol/ldap/enrol.php
            Hide
            Detlef Anschlag added a comment -

            The ldap_tls-1.9.patch isn't applicable (Hunk #1 FAILED at 57.) to Version 1.9.10+.

            Show
            Detlef Anschlag added a comment - The ldap_tls-1.9.patch isn't applicable (Hunk #1 FAILED at 57.) to Version 1.9.10+.
            Hide
            Dan Poltawski added a comment -

            Integrated to master only, thanks Iñaki!

            Show
            Dan Poltawski added a comment - Integrated to master only, thanks Iñaki!
            Hide
            Dan Poltawski added a comment -

            As we don't have the infrastructure to test this within todays timeframe and the issue only affects master we are deferring the testing to a MDLTEST-354.

            Show
            Dan Poltawski added a comment - As we don't have the infrastructure to test this within todays timeframe and the issue only affects master we are deferring the testing to a MDLTEST-354 .
            Hide
            Eloy Lafuente (stronk7) added a comment -

            And your fantastic code has met core, hope they become good friends for a long period.

            Closing, thanks!

            Show
            Eloy Lafuente (stronk7) added a comment - And your fantastic code has met core, hope they become good friends for a long period. Closing, thanks!
            Hide
            Mary Cooch added a comment -

            (Housekeeping)If anyone thinks this needs to be added to the user docs, please feel free to do so as I don't really understand LDAP enough to do it; otherwise I will remove the docs_required label.

            Show
            Mary Cooch added a comment - (Housekeeping)If anyone thinks this needs to be added to the user docs, please feel free to do so as I don't really understand LDAP enough to do it; otherwise I will remove the docs_required label.
            Hide
            Mary Cooch added a comment -

            Removing docs_required as nobody has expressed strong feelings otherwise.

            Show
            Mary Cooch added a comment - Removing docs_required as nobody has expressed strong feelings otherwise.

              People

              • Votes:
                3 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: