Bind via Kerberos

[luandrea]

As stated in the documentation:
For Kerberos authentication (GSSAPI) comment out comment out $ldap_bind*

I think it should be more correct to put them as null, otherwise you do not enter in the correct if in the bind class (Ldap.php).

I'm testing it with docker and I have to put it like this:
$ldap_binddn = null; $ldap_bindpw = null;

[luandrea]

I'm referring to this documentation:
https://self-service-password.readthedocs.io/en/stable/config_ldap.html

It's about self-service-password application, but the source code is here.

[davidcoutadeur]

Yes, this is because $ldap_binddn and $ldap_bindpw are declared as default variables in config.inc.php:

$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_bindpw = 'secret';

We should indeed update the doc to explain how to nullify these variables.

Thanks for the report.

[davidcoutadeur]

After verification, there is already a tip in ssp doc:

You can leave these parameters empty to bind anonymously or using GSSAPI (see below). In this case, the password modification must be done with user’s credentials. But this will not work for password reset.

I'll add more details.

[davidcoutadeur]

Done in ltb-project/self-service-password@f6ea74a

[davidcoutadeur]

The fix is insufficient, as when:

$ldap_binddn = "";
$ldap_bindpw = "";

the authentication is still tried with ldap bind.

[luandrea]

For me the correct setup was to put like this:

$ldap_binddn = null; 
$ldap_bindpw = null;