You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Clebert Suconic (Jira)" <ji...@apache.org> on 2021/12/15 13:59:00 UTC
[jira] [Closed] (ARTEMIS-3140) Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule
[ https://issues.apache.org/jira/browse/ARTEMIS-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clebert Suconic closed ARTEMIS-3140.
------------------------------------
> Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule
> -------------------------------------------------------
>
> Key: ARTEMIS-3140
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3140
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.17.0
> Reporter: Panu Hämäläinen
> Priority: Major
> Fix For: 2.20.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Microsoft has added the following binding feature to LDAP connections (AD/Domain Controllers):
> [https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e]
>
> To interoperate with this Java has required some changes which are available at least in a Java 16 release candidate:
> [https://bugs.openjdk.java.net/browse/JDK-8245527]
> That is, to make Java add the required channel binding information to its LDAP connection, the JNDI environment property \{{com.sun.jndi.ldap.tls.cbtype}} must be set to \{{tls-server-end-point}}. However, Artemis LDAPLoginModule creates an internal environment object which does not support the property.
>
> I would also propose to improve the LDAPLoginModule class in a way that any future custom/added property could be included to the JNDI environment without requiring changes to the actual code.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)