Uploaded image for project: 'Puppet Enterprise'
  1. Puppet Enterprise
  2. ENTERPRISE-72

Add support for LDAP SSL certificate verification in Console auth

    XMLWordPrintable

Details

    Description

      Currently when console-auth is set up for LDAPS authentication there is no way to enforce certification validation against a trusted root CA cert. This is the result of a limitation of the Net::LDAP library, which has no support for certificate validation ("The :simple_tls option is the simplest, easiest way to encrypt communications between Net::LDAP and LDAP servers. It's intended for cases where you have an implicit level of trust in the authenticity of the LDAP server. No validation of the LDAP server's SSL certificate is performed. This means that :simple_tls will not produce errors if the LDAP server's encryption certificate is not signed by a well-known Certification Authority.")

      At least one PE customer has seen fit to patch the Net::LDAP option themselves to add validation since this is required by their organizational security policy. This would probably be a good thing for the Console auth component to support out of the box.

      Attachments

        Activity

          People

            Unassigned Unassigned
            kfj Ken Johnson
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support