Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 4.4.0-rc2
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2020-04-20
Case:
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Currently customers can create config like the following:

{ 
  ....
   security: { 
     authorization: "enabled", 
     clusterAuthMode: "x509", 
     ldap: { 
       authz: { queryTemplate: "{USER}?memberOf?base" }, 
       bind: { method: "simple", queryPassword: "<password>", queryUser: "ldapuser@intranet.....com" }, 
       servers: "ldapad.....", 
       transportSecurity: "tls", 
       userToDNMapping: ...
ldapQuery:  ...
      sasl: { serviceName: "myKerbService" } }, 
      setParameter: { 
         authenticationMechanisms: "GSSAPI,PLAIN", 
          saslServiceName: "myKerbService", saslauthdPath: "/var/run/saslauthd/mux" }, 
      ...

In the above both saslauthdPath and security.ldap.servers are configured although only one can be used when the application requests LDAP authentication.

There should be:

1. A startup warning that conflicting parameters are specified
2. A log line explicitly stating which LDAP method will be used for authentication

Assignee:: Sara Golemon (Inactive)
Reporter:: Nic Cottrell
Participants:: Githook User, Nic Cottrell, Sara Golemon, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 7 Start watching this issue

Created:: Dec 03 2019 03:22:50 PM UTC
Updated:: Oct 29 2023 10:14:28 PM UTC
Resolved:: Apr 20 2020 01:13:06 PM UTC

Details

Description

Attachments

Forms

Activity

People

Dates