diff --git a/changelog/unreleased/ldap-tls-insecure.md b/changelog/unreleased/ldap-tls-insecure.md new file mode 100644 index 00000000000..86b74ab2eb8 --- /dev/null +++ b/changelog/unreleased/ldap-tls-insecure.md @@ -0,0 +1,8 @@ +Enhancement: Safer defaults for TLS verification on LDAP connections + +The LDAP client connections where hardcoded to ignore certificate validation +errors. Now verification is enabled by default and a new config parameter 'insecure' +is introduced to override that default. It is also possible to add trusted Certificates +by using the new 'cacert' config paramter. + +https://github.com/cs3org/reva/pull/2053