-
Type:
Improvement
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 5.6
-
Fix Version/s: 5.6.0-HF02, 5.7.1
-
Component/s: Directory
-
Impact type:Configuration format change
Nuxeo LDAPDirectory should provide an option to disable server certificate verification for SSL connections. The Apache mod_ldap module provides boolean directive LDAPVerifyServerCert for just such a purpose. I propose adding the property "verifyServerCert" with default value "true" to the Nuxeo LDAPServerDescriptor and modifying the LDAPDirectory class such that when "verifyServerCert" is false and isSSL is true, a "BlindTrustManager" will be configured. Would Nuxeo incorporate a patch that implements this feature?
