maxLength => 256,
},
secure => {
- description => "Use secure LDAPS protocol.",
+ description => "Use secure LDAPS protocol. DEPRECATED: use 'mode' instead.",
type => 'boolean',
optional => 1,
},
group_filter => { optional => 1 },
group_classes => { optional => 1 },
'sync-defaults-options' => { optional => 1 },
+ mode => { optional => 1 },
};
}
my $servers = [$config->{server1}];
push @$servers, $config->{server2} if $config->{server2};
- my $default_port = $config->{secure} ? 636: 389;
- my $port = $config->{port} // $default_port;
- my $scheme = $config->{secure} ? 'ldaps' : 'ldap';
+ my ($scheme, $port) = $class->get_scheme_and_port($config);
my %ad_args;
if ($config->{verify}) {
$ad_args{verify} = 'none';
}
- if ($config->{secure}) {
+ if ($scheme ne 'ldap') {
$ad_args{sslversion} = $config->{sslversion} // 'tlsv1_2';
}
format => 'realm-sync-options',
optional => 1,
},
+ mode => {
+ description => "LDAP protocol mode.",
+ type => 'string',
+ enum => [ 'ldap', 'ldaps', 'ldap+starttls'],
+ optional => 1,
+ default => 'ldap',
+ },
};
}
group_filter => { optional => 1 },
group_classes => { optional => 1 },
'sync-defaults-options' => { optional => 1 },
+ mode => { optional => 1 },
};
}
+sub get_scheme_and_port {
+ my ($class, $config) = @_;
+
+ my $scheme = $config->{mode} // ($config->{secure} ? 'ldaps' : 'ldap');
+
+ my $default_port = $scheme eq 'ldaps' ? 636 : 389;
+ my $port = $config->{port} // $default_port;
+
+ return ($scheme, $port);
+}
+
sub connect_and_bind {
my ($class, $config, $realm) = @_;
my $servers = [$config->{server1}];
push @$servers, $config->{server2} if $config->{server2};
- my $default_port = $config->{secure} ? 636: 389;
- my $port = $config->{port} // $default_port;
- my $scheme = $config->{secure} ? 'ldaps' : 'ldap';
+ my ($scheme, $port) = $class->get_scheme_and_port($config);
my %ldap_args;
if ($config->{verify}) {
$ldap_args{verify} = 'none';
}
- if ($config->{secure}) {
+ if ($scheme ne 'ldap') {
$ldap_args{sslversion} = $config->{sslversion} || 'tlsv1_2';
}