Let ldap_authenticate module use starttls()

edbo · May 10, 2022, 12:04pm

When upgrading to version 6.4 I stumbled upon the problem that users couldn’t login anymore when using the ldap_authentication module. Comparing the differences I remembered that I had manually changed the module because I needed starttls() to be able to bind to the ldap server.
In my case the ldap server is a Samba Active Directory server which does not allow unencrypted connections.

By adding starttls() in the different places I was able to connect and authenticate users.

What is the best way forward? Should starttls be a configuration option which should be added to the trytond.conf?

ced · May 10, 2022, 12:12pm

It should probably support tls in the URI (like for smtp).

edbo · May 10, 2022, 5:28pm

Just looked at the smtp code and using tls in the uri is just a cosmetic one. So it should be possible to use the same syntax. I will give it a try.

edbo · October 18, 2022, 9:13am

This change is now in the code Issue 11561: Add STARTTLS support for LDAP authentication - Tryton issue tracker

ced · October 31, 2022, 7:00am

This topic was automatically closed after 12 days. New replies are no longer allowed.