Last active
October 20, 2024 03:22
-
-
Save heiglandreas/8a299a6f47a13ba463c3f2da41c679f7 to your computer and use it in GitHub Desktop.
Disable Certificate-check for LDAPS/ldap_tls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$con = ldap_connect('ldaps://ldap.example.com'); | |
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3); | |
ldap_set_option($con, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER); | |
/* | |
Possible values: | |
LDAP_OPT_X_TLS_NEVER | |
This is the default. slapd will not ask the client for a certificate. | |
LDAP_OPT_X_TLS_ALLOW | |
The client certificate is requested. If no certificate is provided, | |
the session proceeds normally. If a bad certificate is provided, it | |
will be ignored and the session proceeds normally. | |
LDAP_OPT_X_TLS_TRY | |
The client certificate is requested. If no certificate is provided, the | |
session proceeds normally. If a bad certificate is provided, the session | |
is immediately terminated. | |
LDAP_OPT_X_TLS_DEMAND | |
LDAP_OPT_X_TLS_HARD | |
These keywords are all equivalent, for compatibility reasons. The client | |
certificate is requested. If no certificate is provided, or a bad | |
certificate is provided, the session is immediately terminated. | |
Note that a valid client certificate is required in order to use the SASL | |
EXTERNAL authentication mechanism with a TLS session. As such, a non-default | |
TLSVerifyClient setting must be chosen to enable SASL EXTERNAL authentication. | |
More on | |
* https://linux.die.net/man/3/ldap_set_option | |
* http://www.openldap.org/lists/openldap-software/200202/msg00456.html | |
//*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment