Added TLS client certificate support

Adds configuration for TLS client certificates to secure TLS connection
(requires PHP 7.1+ to use).
Updates use of ldap_set_option to report errors if settings fail.
Modifies connection logic to fail if connection preparation fails
(eg. to avoid connections over insecure links if requested TLS fails).
This commit is contained in:
Scott Shambarger
2019-11-04 18:02:13 +00:00
committed by Deon George
parent da69ebf06a
commit 00683b3ea7
2 changed files with 115 additions and 17 deletions

View File

@@ -339,6 +339,22 @@ $servers->setValue('server','name','My LDAP Server');
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
// $servers->setValue('server','tls',false);
/* TLS Certificate Authority file (overrides ldap.conf, PHP 7.1+) */
// $servers->setValue('server','tls_cacert',null);
# $servers->setValue('server','tls_cacert','/etc/openldap/certs/ca.crt');
/* TLS Certificate Authority hashed directory (overrides ldap.conf, PHP 7.1+) */
// $servers->setValue('server','tls_cacertdir',null);
# $servers->setValue('server','tls_cacertdir','/etc/openldap/certs');
/* TLS Client Certificate file (PHP 7.1+) */
// $servers->setValue('server','tls_cert',null);
# $servers->setValue('server','tls_cert','/etc/pki/tls/certs/ldap_user.crt');
/* TLS Client Certificate Key file (PHP 7.1+) */
// $servers->setValue('server','tls_key',null);
# $servers->setValue('server','tls_key','/etc/pki/tls/private/ldap_user.key');
/************************************
* SASL Authentication *
************************************/