Update LDAP driver to support SASL binds
Add a new 'sasl' option to the LDAP driver, which invokes
ldap_sasl_bind()
instead of ldap_bind()
.
This allows authenticating to LDAP using the GSSAPI (kerberos) or EXTERNAL mechanisms, rather than a bindDN and password.
Note that for GSSAPI binds, PHP needs access to valid kerberos credentials (for example, by setting the KRB5CCNAME environment variable for the PHP process).
Tested with OpenLDAP/Heimdal kerberos, but should also work with Active Directory.
Fixes #316 (closed)
Edited by stonewall