Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LdapUserService binds to LDAP Server before initiating TLS channel #639

Closed
gitblit opened this issue Aug 12, 2015 · 3 comments
Closed

LdapUserService binds to LDAP Server before initiating TLS channel #639

gitblit opened this issue Aug 12, 2015 · 3 comments

Comments

@gitblit
Copy link
Collaborator

gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 343

Our OpenLDAP server doesn't accept unencrypted bind requests.
And it only accepts TLS connections.

With this setup I can't manage to let Gitblit connect to this OpenLDAP server, because
Gitblit tries to bind before it establishes the TLS channel.

Why is this LdapUserService behaving this way?
In which scenario is sending username+password unencrypted over the network a good
thing? Especially when immediately after this action an encrypted channel gets established...
I only know OpenLDAP, maybe other LDAP servers require such a behaviour?!


I suggest to create an unbound LDAPConnection object, then add the StartTLSExtendedRequest,
and afterwards do a bind (which then may use the TLS channel).



What version of the product are you using? On what operating system?
I'm using Giblit 1.3.2 for testing, but source code in master branch isn't any different
from that release.
Running on Debian (squeeze) server against an OpenLDAP server (slapd 2.4.23)




Reported by guenter.dressel on 2013-11-21 15:08:38

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Here are the modification of the LdapUserService class as I suggested it:
https://github.com/guedressel/gitblit/commit/6b315824e8f08755cd43797a20976916eb71255a

It compilies, starts and successfully connects agains my OpenLDAP server.


Reported by guenter.dressel on 2013-11-21 17:20:42

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Hi Guenter,

Thanks for the patch.  I have merged it to master.

-J

Reported by James.Moger on 2013-11-22 15:38:52

  • Status changed: Queued
  • Labels added: Milestone-1.4.0

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

1.4.0 released.

Reported by James.Moger on 2014-03-09 18:06:21

  • Status changed: Done

@gitblit gitblit closed this as completed Aug 12, 2015
@flaix flaix modified the milestone: 1.4.0 Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants