We're updating the issue view to help you get more done. 

Clients can't authenticate using LDAP SSL

Description

It appears that the latest change to LDAP SSL pooling mechanism (disabling custom socket) has created issues with authenticating users. The change was for the good cause (improving security and performance). So if possible, it should be retained. But maybe there could be an option in Admin Console to turn off strict certificate checking. Also maybe this change should be reverted until such option is introduced.

Environment

LDAP SSL

Acceptance Test - Entry

None

Activity

Show:
speedy
July 29, 2015, 1:43 AM

Submitted PR #244 for review. PR 244 returns the behavior that was used prior to OF-924. which would allow ssl connections from self signed/expired/non valid ssl certificates when connected to ldap. However, instead of using the custom ssl socket (SimpleSSLSocketFactory) which prevented the use of pooling ssl connection, this update will call XTrustProvider.java. A system property has been added called ldap.disableSslValidation. Default/not configured is set to true. If set to false, then a valid certificate must be used, or imported into the trust store for ssl connections to ldap.

speedy
November 6, 2015, 3:53 PM

submitted pr #364 to replace pr #244 for review.

pr #364 returns the previous behavior and use of the custom socket factory, while still being able to enable to use connection pooling with ssl

Assignee

speedy

Reporter

wroot

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure