Make LDAP over TLS optional #8
Comments
|
Created #9 for this. It's still probably not a good idea to do this but our ldap config could be more flexible, so we might spend some time on it in the future. |
|
Agreed that it's not a great idea in general, but I think your approach of putting "insecure" prominently in the name helps alleviate some of the concerns around accidental use. I'm less concerned about the network attacks that TLS guards against in an AWS environment, though. |
|
Even if you don't merge the PR (thanks for making it, by the way), I'd still suggest clarifying the documentation, since I tried giving it a :389 endpoint and it just says "connection reset by peer" 😄 |
|
#9 has been merged. Also docs has been updated. Thanks for reporting! |
|
Thank you!
|
https://github.com/AdRoll/hologram/blob/master/server/bin/main.go#L133
I spent some time trying to figure out why the server would just die trying to talk to my LDAP server over port 389 before realizing that it was just trying to speak TLS to it. The readme doesn't mention it, and it doesn't seem fundamental. I realize that it's a sensible default to require TLS, but some LDAP servers (e.g., Amazon's Simple AD) don't support it.
The text was updated successfully, but these errors were encountered: