Update LDAP driver to support SASL binds (!128) · Merge requests · DAViCal Project / DAViCal

stonewall requested to merge stonewall01/davical:ldap-sasl-bind-support into master Feb 27, 2024

Add a new 'sasl' option to the LDAP driver, which invokes ldap_sasl_bind() instead of ldap_bind().

This allows authenticating to LDAP using the GSSAPI (kerberos) or EXTERNAL mechanisms, rather than a bindDN and password.

Note that for GSSAPI binds, PHP needs access to valid kerberos credentials (for example, by setting the KRB5CCNAME environment variable for the PHP process).

Tested with OpenLDAP/Heimdal kerberos, but should also work with Active Directory.

Fixes #316 (closed)

Edited Feb 27, 2024 by stonewall

Update LDAP driver to support SASL binds

Merge request reports