Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LDAP auth doesn't handle LDAPS with certificate validation #6450

Closed
calmh opened this issue Mar 24, 2020 · 0 comments
Closed

LDAP auth doesn't handle LDAPS with certificate validation #6450

calmh opened this issue Mar 24, 2020 · 0 comments
Labels
bug
Milestone

Comments

@calmh
Copy link
Member

@calmh calmh commented Mar 24, 2020

With the following config:

<ldap>
    <address>example.com:636</address>
    <bindDN>%s@ad.example.com</bindDN>
    <transport>tls</transport>
</ldap>

and an appropriate certificate for example.com on the host in question, Syncthing errors auth attempts with the following:

[QZV4N] 12:37:18 WARNING: LDAP Dial: LDAP Result Code 200 "Network Error": tls:
   either ServerName or InsecureSkipVerify must be specified in the tls.Config
@calmh calmh added the bug label Mar 24, 2020
calmh added a commit to calmh/syncthing that referenced this issue Mar 24, 2020
tls.Dial needs it for certificate verification.
@calmh calmh closed this in ca89f12 Mar 24, 2020
@calmh calmh added this to the v1.5.0 milestone Mar 24, 2020
calmh added a commit to calmh/syncthing that referenced this issue Mar 30, 2020
* master: (63 commits)
  go.mod: Update jackpal/gateway dependency (fixes syncthing#5288) (syncthing#6469)
  lib/protocol: faster Luhn algorithm and better testing (syncthing#6475)
  lib/protocol: Remove unused channel Connection.preventSends (syncthing#6473)
  lib/weakhash: Fix speed reporting in benchmark (syncthing#6470)
  build: Simplify/correct Windows version tagging (fixes syncthing#6471) (syncthing#6472)
  lib/ur: Use sysctl syscall to get RAM size on Mac (syncthing#6468)
  lib/model: Do Revert/Override synchronously (syncthing#6460)
  lib/syncthing: Save version to db after upgrade ops are done (ref syncthing#6457) (syncthing#6458)
  cmd/ursrv: Minor heatmap tweaks
  lib/model: Remove unused func (syncthing#6456)
  cmd/ursrv: Use OpenStreetMap and Leaflet for heat map (ref syncthing#6150) (syncthing#6454)
  cmd/ursrv: Provide cached locations.json
  authors: Fixup keevBush
  gui, man, authors: Update docs, translations, and contributors
  go.mod: Update quic-go to 0.14.4 (syncthing#6453)
  all: Pass db intervals as args not env vars (syncthing#6448)
  lib/api: Set ServerName on LDAPS connections (fixes syncthing#6450) (syncthing#6451)
  lib/model: Unset local flag on deleted files (fixes syncthing#6436) (syncthing#6449)
  gui: Improve unused device status (fixes syncthing#6416) (syncthing#6445)
  gui, lib/model: Fix for folder stats with r-o and ignoreDel (fixes syncthing#6430) (syncthing#6431)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.