You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@whimsical.apache.org by "Sebb (Jira)" <ji...@apache.org> on 2021/08/06 13:35:00 UTC

[jira] [Updated] (WHIMSY-367) Is ASF::LDAP.configure relevant for Docker builds?

     [ https://issues.apache.org/jira/browse/WHIMSY-367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sebb updated WHIMSY-367:
------------------------
    Description: 
ASF::LDAP.configure currently tries to extract a certificate from the LDAP host using openssl.

This works fine for the existing production LDAP hosts, but I discovered that it does not work for the test LDAP instance. The first cert does not work for the test instance. However the next two do work, and the second cert returned by the production hosts works. So it would be possible to extract the last cert and that should work for both.

However, it would be much simpler to just ignore the certificates by setting TLS_REQCERT=allow, as is suggested for macos.


  was:
ASF::LDAP.configure currently tries to extract a certificate from the LDAP host using openssl.

This works fine for the existing production LDAP hosts, but I discovered that it does not work for the test LDAP instance. The first cert does not work for the test instance. However the next two do work, and the second cert returned by the production hosts works. So it would be possible to extract the last cert and that should work for both.

However, it would be much simpler to just ignore the certificates by setting TLS_REQCERT=allow, as is suggested for macos.
This can even be done without updating ldap.conf; just define the environment variable:
LDAPTLS_REQCERT=allow
Likewise, there is no need to add base or uri to ldap.conf.
These can also be done using environment variables LDAPBASE and LDAPURI



> Is ASF::LDAP.configure relevant for Docker builds?
> --------------------------------------------------
>
>                 Key: WHIMSY-367
>                 URL: https://issues.apache.org/jira/browse/WHIMSY-367
>             Project: Whimsy
>          Issue Type: Improvement
>            Reporter: Sebb
>            Priority: Major
>
> ASF::LDAP.configure currently tries to extract a certificate from the LDAP host using openssl.
> This works fine for the existing production LDAP hosts, but I discovered that it does not work for the test LDAP instance. The first cert does not work for the test instance. However the next two do work, and the second cert returned by the production hosts works. So it would be possible to extract the last cert and that should work for both.
> However, it would be much simpler to just ignore the certificates by setting TLS_REQCERT=allow, as is suggested for macos.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)