Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-10253

Make LDAPDirectory server certificate verification optional for ssl connections

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 5.6
    • Fix Version/s: 5.6.0-HF02, 5.7.1
    • Component/s: Directory
    • Impact type:
      Configuration format change

      Description

      Nuxeo LDAPDirectory should provide an option to disable server certificate verification for SSL connections. The Apache mod_ldap module provides boolean directive LDAPVerifyServerCert for just such a purpose. I propose adding the property "verifyServerCert" with default value "true" to the Nuxeo LDAPServerDescriptor and modifying the LDAPDirectory class such that when "verifyServerCert" is false and isSSL is true, a "BlindTrustManager" will be configured. Would Nuxeo incorporate a patch that implements this feature?

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: