Skip to content

bug 1639080 clarifying insecure connection override #12631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 30, 2018
Merged

bug 1639080 clarifying insecure connection override #12631

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 10 additions & 5 deletions install_config/syncing_groups_with_ldap.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,12 @@ necessary to retrieve entries for the sync operation. This value may also be
provided in an
xref:../install_config/master_node_configuration.adoc#master-node-configuration-passwords-and-other-data[environment
variable, external file, or encrypted file].
<4> When `true`, no TLS connection is made to the server. When `false`, secure
<4> When `false`, secure
LDAP (`ldaps://`) URLs connect using TLS, and insecure LDAP (`ldap://`) URLs are
upgraded to TLS.
upgraded to TLS. When `true`, no TLS connection is made to the server unless
you specify a `ldaps://` URL, in which case URLs still attempt to connect by
using TLS.

<5> The certificate bundle to use for validating server certificates for the
configured URL. If empty, {product-title} uses system-trusted roots. This only applies
if `insecure` is set to `false`.
Expand Down Expand Up @@ -329,9 +332,11 @@ rfc2307:
----
<1> The IP address and host of the LDAP server where this group's record is
stored.
<2> When `true`, no TLS connection is made to the server. When `false`, secure
<2> When `false`, secure
LDAP (`ldaps://`) URLs connect using TLS, and insecure LDAP (`ldap://`) URLs are
upgraded to TLS.
upgraded to TLS. When `true`, no TLS connection is made to the server unless
you specify a `ldaps://` URL, in which case URLs still attempt to connect by
using TLS.
<3> The attribute that uniquely identifies a group on the LDAP server.
You cannot specify `groupsQuery` filters when using DN for groupUIDAttribute.
For fine-grained filtering, use the
Expand Down Expand Up @@ -1048,7 +1053,7 @@ group sync.
|Optional password to bind with during the search phase. |xref:sync-ldap-v1-stringsource[v1.StringSource]

|`insecure`
|If `true`, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of `ldaps://` If `false`, `ldaps://` URLs connect using TLS, and `ldap://` URLs are upgraded to a TLS connection using StartTLS as specified in link:https://tools.ietf.org/html/rfc2830[].
|If `true`, indicates the connection should not use TLS. If `false`, `ldaps://` URLs connect using TLS, and `ldap://` URLs are upgraded to a TLS connection using StartTLS as specified in link:https://tools.ietf.org/html/rfc2830[]. If you set `insecure` to `true` and use a `ldaps://` URL scheme, URLs still attempt to make a TLS connection using the specified `ca`.
|boolean

|`ca`
Expand Down