Our OpenLDAP server doesn't accept unencrypted bind requests.
And it only accepts TLS connections.
With this setup I can't manage to let Gitblit connect to this OpenLDAP server, because
Gitblit tries to bind before it establishes the TLS channel.
Why is this LdapUserService behaving this way?
In which scenario is sending username+password unencrypted over the network a good
thing? Especially when immediately after this action an encrypted channel gets established...
I only know OpenLDAP, maybe other LDAP servers require such a behaviour?!
I suggest to create an unbound LDAPConnection object, then add the StartTLSExtendedRequest,
and afterwards do a bind (which then may use the TLS channel).
What version of the product are you using? On what operating system?
I'm using Giblit 1.3.2 for testing, but source code in master branch isn't any different
from that release.
Running on Debian (squeeze) server against an OpenLDAP server (slapd 2.4.23)
Reported by guenter.dressel on 2013-11-21 15:08:38
The text was updated successfully, but these errors were encountered:
Here are the modification of the LdapUserService class as I suggested it:
It compilies, starts and successfully connects agains my OpenLDAP server.
Reported by guenter.dressel on 2013-11-21 17:20:42