You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Stefan Seelmann (Jira)" <ji...@apache.org> on 2021/06/20 10:44:00 UTC
[jira] [Commented] (DIRSTUDIO-1219) Directory Studio doesn't
StartTLS before authenticating
[ https://issues.apache.org/jira/browse/DIRSTUDIO-1219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17366162#comment-17366162 ]
Stefan Seelmann commented on DIRSTUDIO-1219:
--------------------------------------------
Changed usage of {{useTls}} flag in the LDAP API: https://issues.apache.org/jira/browse/DIRAPI-374
https://github.com/apache/directory-ldap-api/commit/bf32f0e902ffb08839defcaf3c1de5164d83e092
Call {{startTls()}} always after connect, verify that the connection is secured. Also add various tests where the server requries confidentiality:
https://github.com/apache/directory-studio/commit/b53667ab3b87afcfcd6f1b1df90d733636cfc888
> Directory Studio doesn't StartTLS before authenticating
> -------------------------------------------------------
>
> Key: DIRSTUDIO-1219
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1219
> Project: Directory Studio
> Issue Type: Bug
> Components: studio-connection
> Affects Versions: 2.0.0-M16
> Environment: Apache Directory Studio is running on Mac OS 10.14 with jdk1.8.0_201.
> Reporter: Hugh Cole-Baker
> Assignee: Stefan Seelmann
> Priority: Blocker
> Fix For: 2.0.0-M17
>
>
> There is an issue connecting to an OpenLDAP server configured with olcSaslSecProps: noplain,noanonymous,minssf=1
> i.e. The server requires some form of transport encryption. I have chosen StartTLS and SASL GSSAPI authentication, but Directory Studio doesn't actually do StartTLS before binding - I can see this by looking at the network traffic using Wireshark. I would have expected it to start TLS before attempting to bind.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org