ldap: add option for ldap starttls support

2020-03-13 21:07:44 +01:00 · 2020-03-13 21:07:44 +01:00 · df40447616
parent 1ebc53529a
commit df40447616
4 changed files with 8 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -290,6 +290,7 @@ Variable | Description | Example
 `LDAP_TLS_CHECK_PEER` | Require and verify LDAP server certificate | 1
 `LDAP_TLS_CACERT_FILE` | Path to CA cert file. Used when server certificate verify is enabled | /etc/ssl/certs/ca-certificates.crt
 `LDAP_TLS_CACERT_DIR` | Path to CA certs directory. Used when server certificate verify is enabled. | /etc/ssl/certs
+`LDAP_START_TLS` | Enable START_TLS, requires LDAPv3, URL must be ldap:// not ldaps:// | 0

 #### Authentication using JWT tokens

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -69,6 +69,7 @@ services:
            - LDAP_TLS_CHECK_PEER
            - LDAP_TLS_CACERT_FILE
            - LDAP_TLS_CACERT_DIR
+            - LDAP_START_TLS
            - XMPP_DOMAIN
            - XMPP_AUTH_DOMAIN
            - XMPP_GUEST_DOMAIN
--- a/env.example
+++ b/env.example
@ -134,6 +134,9 @@ TZ=Europe/Amsterdam
 # Path to CA certs directory. Used when server sertificate verify is enabled.
 #LDAP_TLS_CACERT_DIR=/etc/ssl/certs

+# Wether to use starttls, implies LDAPv3 and requires ldap:// instead of ldaps://
+# LDAP_START_TLS=1
+

 #
 # Advanced configuration options (you generally don't need to change these)
--- a/prosody/rootfs/defaults/saslauthd.conf
+++ b/prosody/rootfs/defaults/saslauthd.conf
@ -19,3 +19,6 @@ ldap_tls_ciphers: {{ .Env.LDAP_TLS_CIPHERS }}
    {{ end }}
  {{ end }}
 {{ end }}
+{{ if .Env.LDAP_START_TLS | default "0" | toBool }}
+ldap_start_tls: yes
+{{ end }}