Open Bug 1149844 Opened 11 years ago Updated 6 years ago

LDAP: authentication should allow sslversion parameter (or any other parameters for Net::LDAP->new())

Categories

(Bugzilla :: Administration, task)

Product:
Bugzilla
Component:
Administration
Version:
4.4.6
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: dnozay, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36 Steps to reproduce: 1. changed Bugzilla->params->{"LDAPserver"}, from an "ldap://ldap.example.com" uri to "ldaps://ldap.example.com:636" 2. tried to login. Actual results: -------- An unexpected error occurred. This could be a temporary problem, or some code is behaving incorrectly. If this problem persists, please email this page to admin@example.com with details of what you were doing at the time this message appeared. URL: https://bugzilla.example.com/index.cgi Could not connect to the LDAP server(s) ldaps://ldap.example.com:636. Traceback: at Bugzilla/Auth/Verify/LDAP.pm line 165 Bugzilla::Auth::Verify::LDAP::ldap(...) called at Bugzilla/Auth/Verify/LDAP.pm line 143 Bugzilla::Auth::Verify::LDAP::_bind_ldap_for_search(...) called at Bugzilla/Auth/Verify/LDAP.pm line 37 Bugzilla::Auth::Verify::LDAP::check_credentials(...) called at Bugzilla/Auth/Verify/Stack.pm line 53 Bugzilla::Auth::Verify::Stack::check_credentials(...) called at Bugzilla/Auth.pm line 57 Bugzilla::Auth::login(...) called at Bugzilla.pm line 326 Bugzilla::login(...) called at /opt/nginx/bugzilla//index.cgi line 25 -------- Expected results: successful login
in Bugzilla/Auth/Verify/LDAP.pm: -------- foreach (@servers) { $self->{ldap} = new Net::LDAP(trim($_)); last if $self->{ldap}; } ThrowCodeError("ldap_connect_failed", { server => join(", ", @servers) }) unless $self->{ldap}; -------- I found out that for it to work properly in our installation, we need to specify which SSL version to use (and other things). this works: new Net::LDAP(trim($_), verify => 'require', capath => '/etc/openldap/certs/', sslversion => 'tlsv1') It would be great to have these options configurable in the LDAP administration panel.
Assignee: user-accounts → administration
Severity: normal → enhancement
Component: User Accounts → Administration
You need to log in before you can comment on or make changes to this bug.