New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add STARTTLS/certificate check to ldap machine resolvers #638
Comments
Yes, we do! |
Cornelius Kölbel <notifications@github.com> writes:
Yes, we do!
So you are *the* *guy* who is using the machine resoler? ;-)
:-) Not really - I added the resolver when playing with
yubikey-luks-enroll. But since my laptop is quite stable concerning
usage of the yubikey it doesn't matter, if there is a machine resolver
or not.
For Host-Based-Access-Control I use FreeIPA. I had some older/test user
resolvers which I deleted now, and I tought about deleting the machine
resolver too - but noticed no TLS options there.
And since I move to IPv6 I can't really identify a connection with an
IPv4 machine resolver. I'm unsure how useful that might be - I could
live without it :-)
Tell me more about it. If you have any idea on improving it in regards
to groups etc. Please take a look at #285
I'll have a look, but I use FreeIPA for that locally.
Jochen
|
take a look at the ldap user resolver and #639 |
Looking into this, it seems like the LDAP machine resolver currently does not respect the No anonymous referral chasing option. Analogously to #658, the LDAP machine resolver always disables anonymous referral chasing. But that's an easy fix. :) |
* respect NOREFERRALS parameter * remove unused EDITABLE parameter Working on #638
* respect NOREFERRALS parameter * remove unused EDITABLE parameter Working on #638
Closed by c5c91c4 |
Hello,
now we have added certificate checks to the user resolver - should we have the same
for the ldap machine resolver in privacyidea/lib/machines/ldap.py? I think yes :-)
The text was updated successfully, but these errors were encountered: