Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Clients can't authenticate using LDAP SSL

Description

It appears that the latest change to LDAP SSL pooling mechanism (disabling custom socket) has created issues with authenticating users. The change was for the good cause (improving security and performance). So if possible, it should be retained. But maybe there could be an option in Admin Console to turn off strict certificate checking. Also maybe this change should be reverted until such option is introduced.

Environment

LDAP SSL

Activity

Show:

speedy November 6, 2015 at 3:53 PM

submitted pr #364 to replace pr #244 for review.

pr #364 returns the previous behavior and use of the custom socket factory, while still being able to enable to use connection pooling with ssl

speedy July 29, 2015 at 1:43 AM

Submitted PR #244 for review. PR 244 returns the behavior that was used prior to OF-924. which would allow ssl connections from self signed/expired/non valid ssl certificates when connected to ldap. However, instead of using the custom ssl socket (SimpleSSLSocketFactory) which prevented the use of pooling ssl connection, this update will call XTrustProvider.java. A system property has been added called ldap.disableSslValidation. Default/not configured is set to true. If set to false, then a valid certificate must be used, or imported into the trust store for ssl connections to ldap.

Fixed

Details

Assignee

Reporter

Labels

Components

Fix versions

Affects versions

Priority

Created June 27, 2015 at 10:17 AM
Updated July 22, 2019 at 9:02 AM
Resolved November 10, 2015 at 9:55 PM