[SERVER-25710] mongoldap should warn on weak LDAP bind mechansisms are used without TLS Created: 19/Aug/16 Updated: 27/Jun/22 Resolved: 10/Jul/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.5.10 |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Ben Shteinfeld | Assignee: | Ben Shteinfeld |
| Resolution: | Done | Votes: | 0 |
| Labels: | neweng, platforms-interns-2017 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Platforms 2017-06-19, Platforms 2017-07-10 |
| Participants: |
| Description |
|
The mongoldap verification tool should print a warning when a weak LDAP bind mechanism is used without TLS. For example, neither the simple bind mechanism or the PLAIN SASL mechanism should be used without TLS. |
| Comments |
| Comment by Githook User [ 07/Jul/17 ] |
|
Author: {u'username': u'bshteinfeld', u'name': u'Ben Shteinfeld', u'email': u'ben.shteinfeld@mongodb.com'}Message: |