Page MenuHomePhabricator
Create Task
Maniphest T8014

Add configuration option to ignore invalid TLS certificates for LDAP start_tls
Closed, WontfixPublic
Actions

Description

As far as I could tell it requires a change similar to P1768 (obviously, gated on the configuration option). I could not figure out another way to pass this option.

Related Objects

Event Timeline

eadler created this task.May 1 2015, 2:11 AM
eadler raised the priority of this task from to Needs Triage.
eadler updated the task description. (Show Details)
eadler added projects: LDAP, Auth, Security.
eadler added a subscriber: eadler.
chad closed this task as Wontfix.May 1 2015, 2:14 AM
chad claimed this task.
chad added a subscriber: chad.

We're not likely to add this into the upstream. Mostly, we're very allergic to adding configuration options (and plan to remove many this year). It could easily be maintained in a fork or local patch.

eadler added a comment.May 1 2015, 2:16 AM

I would guess this is not an uncommon setup: many LDAP instances have self-signed certificates. Without this knob many standard LDAP setups would not work.

kokushibyou added a subscriber: kokushibyou.Oct 6 2015, 9:53 PM

Would love to see this as an option. Biggest issue for me is AD servers using non-wildcard certs, and our need to connect to a subdomain with round robin dns to any of our AD servers. Having creds sent in plain text is not very good. Its not great that we have Cert errors but we're limited in our ability to fix that.

Herald added subscribers: cspeckmim, andypuettmann, revi. · View Herald TranscriptOct 6 2015, 9:53 PM
Phabricator · Built by Phacility