You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our OpenLDAP server doesn't accept unencrypted bind requests.
And it only accepts TLS connections.
With this setup I can't manage to let Gitblit connect to this OpenLDAP server, because
Gitblit tries to bind before it establishes the TLS channel.
Why is this LdapUserService behaving this way?
In which scenario is sending username+password unencrypted over the network a good
thing? Especially when immediately after this action an encrypted channel gets established...
I only know OpenLDAP, maybe other LDAP servers require such a behaviour?!
I suggest to create an unbound LDAPConnection object, then add the StartTLSExtendedRequest,
and afterwards do a bind (which then may use the TLS channel).
What version of the product are you using? On what operating system?
I'm using Giblit 1.3.2 for testing, but source code in master branch isn't any different
from that release.
Running on Debian (squeeze) server against an OpenLDAP server (slapd 2.4.23)
Reported by guenter.dressel on 2013-11-21 15:08:38
The text was updated successfully, but these errors were encountered:
Here are the modification of the LdapUserService class as I suggested it:
https://github.com/guedressel/gitblit/commit/6b315824e8f08755cd43797a20976916eb71255a
It compilies, starts and successfully connects agains my OpenLDAP server.
Reported by guenter.dressel on 2013-11-21 17:20:42
Originally reported on Google Code with ID 343
Reported by
guenter.dressel
on 2013-11-21 15:08:38The text was updated successfully, but these errors were encountered: