[jira] [Updated] (WHIMSY-367) Is ASF::LDAP.configure relevant for Docker builds?

Fri, 06 Aug 2021 06:35:04 -0700 


     [ 
https://issues.apache.org/jira/browse/WHIMSY-367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sebb updated WHIMSY-367:
------------------------
    Description: 
ASF::LDAP.configure currently tries to extract a certificate from the LDAP host 
using openssl.

This works fine for the existing production LDAP hosts, but I discovered that 
it does not work for the test LDAP instance. The first cert does not work for 
the test instance. However the next two do work, and the second cert returned 
by the production hosts works. So it would be possible to extract the last cert 
and that should work for both.

However, it would be much simpler to just ignore the certificates by setting 
TLS_REQCERT=allow, as is suggested for macos.


  was:
ASF::LDAP.configure currently tries to extract a certificate from the LDAP host 
using openssl.

This works fine for the existing production LDAP hosts, but I discovered that 
it does not work for the test LDAP instance. The first cert does not work for 
the test instance. However the next two do work, and the second cert returned 
by the production hosts works. So it would be possible to extract the last cert 
and that should work for both.

However, it would be much simpler to just ignore the certificates by setting 
TLS_REQCERT=allow, as is suggested for macos.
This can even be done without updating ldap.conf; just define the environment 
variable:
LDAPTLS_REQCERT=allow
Likewise, there is no need to add base or uri to ldap.conf.
These can also be done using environment variables LDAPBASE and LDAPURI



> Is ASF::LDAP.configure relevant for Docker builds?
> --------------------------------------------------
>
>                 Key: WHIMSY-367
>                 URL: https://issues.apache.org/jira/browse/WHIMSY-367
>             Project: Whimsy
>          Issue Type: Improvement
>            Reporter: Sebb
>            Priority: Major
>
> ASF::LDAP.configure currently tries to extract a certificate from the LDAP 
> host using openssl.
> This works fine for the existing production LDAP hosts, but I discovered that 
> it does not work for the test LDAP instance. The first cert does not work for 
> the test instance. However the next two do work, and the second cert returned 
> by the production hosts works. So it would be possible to extract the last 
> cert and that should work for both.
> However, it would be much simpler to just ignore the certificates by setting 
> TLS_REQCERT=allow, as is suggested for macos.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to