Ticket #433 (new enhancement)

Opened 7 years ago

Last modified 6 years ago

LDAP improvements

Reported by: dmorton Owned by: dmorton
Priority: normal Milestone: 1.1.0
Component: PHP scripts Version:
Severity: normal Keywords:
Cc:

Description (last modified by dmorton) (diff)

Craig Thompson writes:

Future Enhancements for LDAP authentication: I don't know the proper forum for requesting enhancements, but I have a few ideas:

  1. LDAP port specification - so as to require connection on an SSL/TLS port for encryption between Maia & LDAP server. Could also be accomplished with Apache style config for LDAP string specifying "LDAPS" as connection protocol:

AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one

  1. Alternative LDAP container - search primary container first, and if that fails, search alternative container. Great for organizations where the LDAP tree might be separated, or when your internal users & external users live in different areas of the tree.
  1. Specify scope of search (none, one, sub) - Especially if you are able to add an alternative container to search, then you may want to limit how deep in the tree you search. By default (at least in 1.0.1) Maia will search sub containers. This *could* be a bad thing, depending on LDAP tree design, and could potentially lead to poor performance.

Change History

Changed 6 years ago by dmorton

  • description modified (diff)
  • milestone set to 1.1.0

All of this should be possible with the new per-domain and fallthrough capablities in 1.1

Changed 6 years ago by dmorton

  • milestone changed from 1.1.0 to 1.0.3

TLS needs to be added in both 1.0 and 1.1, Novel has some instructions

(Switch milestone to 1.1 when added to 1.0 branch)

Changed 6 years ago by dmorton

  • milestone changed from 1.0.3 to 1.1.0

[1226] added TLS to 1.0 branch.

Note: See TracTickets for help on using tickets.