[SERVER-49476] Disable ldap_authz_bind on Ubuntu 18.04 and 20.04 Created: 13/Jul/20 Updated: 29/Oct/23 Resolved: 20/Jul/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.1, 4.7.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v4.4
|
||||||||
| Sprint: | Security 2020-07-27 | ||||||||
| Participants: | |||||||||
| Linked BF Score: | 129 | ||||||||
| Description |
|
Ubunutu 20.04 machines cannot talk to the ldaptest machine since Ubuntu 20.04 disables TLS 1.0 and 1.1 Ubuntu 18.04 does not support SHA-1 signed certificates which the ldaptest server uses. |
| Comments |
| Comment by Githook User [ 04/Aug/20 ] | ||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit 8c3a205a5d31502f663432732a36731f8373fe9a) | ||||||||||||||||||||||||||||||||||||||||
| Comment by Githook User [ 17/Jul/20 ] | ||||||||||||||||||||||||||||||||||||||||
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: | ||||||||||||||||||||||||||||||||||||||||
| Comment by Mark Benvenuto [ 14/Jul/20 ] | ||||||||||||||||||||||||||||||||||||||||
|
On Ubuntu 18.04+, openldap is compiled against gnutls. GnuTLS does not support SHA-1 signed certificates.
From the libgnutls30 change log:
|