AUTH_LDAP_USE_TLS is named ambiguously

[a-gerhard]

(Removing issue template as nothing here really fits into that template anyways)

I recently opened Pull Request #1988

One thing that the docs couldn't really fix is the ambiguous naming of the AUTH_LDAP_USE_TLS setting. LDAP has two ways of doing TLS: Either open an unencrypted TCP connection (default Port 389) and protect it by negotiating STARTTLS, or directly connect through TLS (default port 636). The setting's name doesn't provide any hint on what is actually used – and that made it quite hard to debug, especially without any documentation around it.

I would suggest to rename the setting to AUTH_LDAP_USE_STARTTLS for clarity.

[dpgaspar]

@a-gerhard thank you for the PR, it will help everyone!

Makes sense.

Since it's a breaking change, we can create a new config key AUTH_LDAP_USE_STARTTLS with the same effect has AUTH_LDAP_USE_TLS. Issue a deprecation warning, when security manager detects that AUTH_LDAP_USE_TLS is set on the config. Change docs and all examples

would be great If your willing to make the PR

[a-gerhard]

I don't know anything about the code of Flask-AppBuilder. I just ran across these issues while trying to wire Apache Airflow to an LDAP Server that only supports ldaps and thought I'd give you some feedback, and update my findings in the docs.

I really don't see any reason to spend the time onboarding myself into this project for this small change, and since we're not directly working with Flask-Appbuilder, I won't be paid for it by my customer or my employer for this.

So, I gotta say no here.

[dpgaspar]

ok, no problem. Thank you once more for taking the time to report the issue. I'll make the docs updates