Uploaded image for project: 'Hue'
  1. Hue
  2. HUE-8170

[useradmin] Fix LDAP sync (ldap_access.py) certificate validation logic

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.1.0
    • Fix Version/s: 4.3.0
    • Component/s: core.users
    • Labels:
      None

      Description

      Even though admin handn't set ldap_cert (it was null), authentication via ldap would work, but they ldap synchronization would fail.

      It seems we fixed the certificate validation logic in auth/backend.py, but we did not do so in useradmin/ldap_access.py.

      The following uses an insecure option "ALLOW" which allows TLS even if a certificate is invalid.
      Also, the real bug here is that it assumes that the default does not require validation.

          if cert_file is not None:
            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
            ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file)
      

        Attachments

          Activity

            People

            • Assignee:
              yingc Ying Chen
              Reporter:
              yingc Ying Chen
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: