Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow reva to use safer TLS defaults for LDAP #2492

Merged
merged 1 commit into from
Sep 17, 2021
Merged

Allow reva to use safer TLS defaults for LDAP #2492

merged 1 commit into from
Sep 17, 2021

Conversation

rhafer
Copy link
Contributor

@rhafer rhafer commented Sep 13, 2021

Reva is moving away from the hardcoded "insecure" setting for LDAP (see cs3org/reva#2053)
connections. For this to happend ocis needs some adjustments. In order to avoid an "insecure" by default config in ocis this commit adds the new parameters "insecure" and "cacert" to the LDAP configuration for the auth-, user- and groups-provider. To make the out of the box experience as smooth as possible the default setting for "cacert" points to the certificate that is generated for glauth on startup.

To avoid any hickup with the CI this should ideally be merged together with (or before) the changes from cs3org/reva#2053 reach this repo.

@rhafer rhafer requested review from butonic, C0rby and refs September 13, 2021 16:03
@rhafer rhafer self-assigned this Sep 13, 2021
@update-docs
Copy link

update-docs bot commented Sep 13, 2021

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@ownclouders
Copy link
Contributor

💥 Acceptance tests Core-API-Tests-ocis-storage-9 failed. The build is cancelled...

@rhafer
Allow reva to use safer TLS defaults for LDAP
e932120 
Reva is moving away from the hardcoded "insecure" setting for LDAP
connections. For this to happend ocis needs some adjustments. In order
to avoid an "insecure" by default config in ocis this commit adds the
new parameters "insecure" and "cacert" to the LDAP configuration for the
auth-, user- and groups-provider. To make the out of the box experience
as smooth as possible the default setting for "cacert" points to the
certificate that is generated for glauth on startup.
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

19.3% 19.3% Coverage
6.5% 6.5% Duplication

@C0rby C0rby merged commit febbb17 into owncloud:master Sep 17, 2021
ownclouders pushed a commit that referenced this pull request Sep 17, 2021
commit febbb17
b054cef 
Merge: 1f6d1f3 e932120
Author: David Christofas <[email protected]>
Date:   Fri Sep 17 08:11:16 2021 -0400

    Merge pull request #2492 from rhafer/ldap-tls-config

    Allow reva to use safer TLS defaults for LDAP
@wkloucek wkloucek mentioned this pull request Sep 29, 2021
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@refs refs refs approved these changes

@butonic butonic Awaiting requested review from butonic

@C0rby C0rby Awaiting requested review from C0rby

Assignees

@rhafer rhafer

Labels
Category:Enhancement Add new functionality Topic:Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rhafer @ownclouders @refs @C0rby