[#24115] - Added patch for connecting to AD-server with self-signed certificates.
- Fixed in Code Base
- 23 Apr 2019
- Medium
- Build: staging
- # 24115
- Diff
- rickyosser:self-signed-cert
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success continuous-integration/drone/pr the build was successful Details
- Success continuous-integration/appveyor/pr AppVeyor build succeeded Details
User tests: Successful: Unsuccessful:
Pull Request for Issue # .
Summary of Changes
Added patches for connecting to AD-server with self-signed certificates.
Testing Instructions
Just install and enable the Ignore Certificate option.
Expected result
Working authentication using TLS/LDAPS with servers that are configured with self-signed certificates. For example recent SAMBA4.
Actual result
Working authentication using TLS/LDAPS with servers that are configured with self-signed certificates. For example recent SAMBA4.
Documentation Changes Required
Option:
"Ignore Certificate"
Desc:
When enabled ignore the server certificate, this is useful when running for example Samba 4 with a self-signed certificate.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration Language & Strings External Library Libraries Composer Change Front End Plugins |
| Title |
|
||||||
| Labels |
Added:
?
?
?
|
||
@HLeithner it is very unlikely that we will get 2 testers for this as it is very specialised and not used often. I suspect the only option is to code review
Yeah I have the same feeling
Would you at least test if the plugin screen doesn't break?
Tested and the screen doesnt break. Not sure if debug should be the very first option. But I have never used LDAP authentication so dont know if it is important or not
It's the first? request for this feature ;-) so properly the first position is not perfect....
I would suggest moving debug to the last option and the tls thing before debug.
A Composer dependency is changed without having updated the lock file. That should be a red flag to somebody...
So good that you are here^^
@rickyosser parts of the PR have to be made against https://github.com/joomla-framework/ldap/blob/master/src/LdapClient.php
A Composer dependency is changed without having updated the lock file. That should be a red flag to somebody...
Can you please point to where the composer dependency would change, I'm looking at the diff-file I originally created and it closeley looks like the git PR I'm trying to create. It only touches 3 files and none of them is a Composer control-file.
It is this file libraries/vendor/joomla/ldap/src/LdapClient.php
which should be made against https://github.com/joomla-framework/ldap/blob/master/src/LdapClient.php
So good that you are here^^
@rickyosser parts of the PR have to be made against https://github.com/joomla-framework/ldap/blob/master/src/LdapClient.php
@brianteeman and @HLeithner , I've created a pull request in the LDAP tree for the changes in that file.
Sorry for not knowing the structure of the Joomla development project. I created some patches to solve a real customer case and thought it would be good to add them upstream so future upgrades will be seamless.
Anyway this problem is relatively new as the security hardening of SAMBA4 and the openldap-client library have been made in the last year/years.
My PR joomla-framework/ldap@c7e30ce has been accepted in joomla-framework/ldap, what do you need me to do here now?
Remove the changes in the ldapclient file, I will update the lib after releasing 3.9.4.
| Category | Administration Language & Strings External Library Libraries Composer Change Front End Plugins | ⇒ | Administration Language & Strings Front End Plugins |
Remove the changes in the ldapclient file, I will update the lib after releasing 3.9.4.
@HLeithner, the file is now reverted.
franz-wohlkoenig
- | Category | Administration Language & Strings Front End Plugins | ⇒ | Administration Front End Plugins |
| Title |
|
||||||
| Category | Administration Front End Plugins | ⇒ | Administration Language & Strings Front End Plugins |
| Labels |
Removed:
J3 Issue
|
||
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-04-23 17:00:22 |
| Closed_By | ⇒ | HLeithner |
thx
Now we need 2 testers...