LdapIgnoreTlsErrors and LdapIgnoreTlsValidation are not Documented

[coofercat]

PassCore Server

• OS: [Linux (Docker)]
• Provider: [LDAP (in a Windows AD)]
• Settings file (without sensitive information):

docker run -e AppSettings__LdapHostnames__0='1.2.3.4' \
-e AppSettings__LdapHostnames__1='2.3.4.5' \
-e AppSettings__LdapUsername='CN=Password Changer,OU=Service Accounts,DC=example,DC=com' \
-e AppSettings__LdapPassword='password' \
-e AppSettings__LdapSearchBase="OU=dev,DC=example,DC=com" \
-e AppSettings__LdapPort='389' -e AppSettings__LdapStartTls=true \
-e AppSettings__LdapIgnoreTlsValidation=true -it -p 80:80 passcore:latest

Describe the bug
LdapIgnoreTlsErrors and LdapIgnoreTlsValidation are not described in any of the READMEs, and nor are they in the default appsettings.json.

Obviously this isn't a show-stopper, but to figure out how to ignore cert issues requires delving into source code (or finding this issue, I guess).

On the subject of finding things... for anyone else trying to make this work with Windows AD, you must have a certificate in Active Directory to provide TLS or SSL on LDAP to be able to change a password (it's a feature of AD, doesn't appear to be changeable). I'm not yet clear how you could convince the Docker image to trust the CA that generated the certs in AD though, so need to ignore cert validation issues for now.

On happier news, this all seems to work great with AWS Microsoft AD - so thanks very much for Passcore!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[geoperez]

WIP

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.