Feature request: LDAP enhancements (bind, recursive, SSL)

laf · 27 February 2017 18:14

Hi,

The LDAP authentication module should get support for binddn (i…e not binding as the user logging in), recursive lookups (nested groups) and SSL.

auth_ldap_binddn and auth_ldap_bindpw should be used if present. Relevant for when you have a LDAP setup where users can’t bind as themselves to check the password.
auth_ldap_recursive and auth_ldap_recursive_maxdepth should be used if present. Useful if a user is a member of a group that is a member of a group that you’re doing the lookup in. auth_ldap_objectclass should also probably be included in this.
SSL should be an option. Currently it assumes ldap:// when doing the bind, and the next-best thing is to use StartTLS (with auth_ldap_starttls = ‘require’), but that isn’t really secure.

github.com/librenms/librenms

LDAP enhancements (bind, recursive, SSL)

opened 10:48PM - 29 Nov 16 UTC

closed 06:14PM - 27 Feb 17 UTC

joachimtingvold

Feature

Hi, The LDAP authentication module should get support for binddn (i..e not bi…nding as the user logging in), recursive lookups (nested groups) and SSL. 1. `auth_ldap_binddn` and `auth_ldap_bindpw` should be used if present. Relevant for when you have a LDAP setup where users can't bind as themselves to check the password. 2. `auth_ldap_recursive` and `auth_ldap_recursive_maxdepth` should be used if present. Useful if a user is a member of a group that is a member of a group that you're doing the lookup in. `auth_ldap_objectclass` should also probably be included in this. 3. SSL should be an option. Currently it assumes `ldap://` when doing the bind, and the next-best thing is to use StartTLS (with `auth_ldap_starttls = 'require'`), but that isn't really secure.

mrina_lini · 8 November 2017 16:28

LDAP Bind User works same way as ldap authorization php or should we modify the logic specific to bind?