[SERVER-57682] Enhance mongoldap to verify TLS connectivity to LDAP servers Created: 14/Jun/21  Updated: 29/Oct/23  Resolved: 15/Jul/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.1.0-rc0

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Aldo Aguilar
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Backwards Compatibility: Fully Compatible
Sprint: Security 2021-06-28, Security 2021-07-12, Security 2021-07-26
Participants:

 Description   

If MongoLDAP is instructed to use TLS, it should verify TLS connectivity as a separate step before testing LDAP server reachability. This will help isolate issues around certificate validation.

Add a new command line option to ldap_options.idl to use for configuring the CA file.

    "security.ldap.serverCAFile":
        description: 'CA File for validating connection to LDAP server'
        short_name: ldapServerCAFile
        arg_vartype: String



 Comments   
Comment by Vivian Ge (Inactive) [ 06/Oct/21 ]

Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you!

Comment by Githook User [ 15/Jul/21 ]

Author:

{'name': 'aldo-aguilar', 'email': 'aldo.aguilar@mongodb.com'}

Message: SERVER-57682 Mongoldap now checking and reporting TLS connectivity to LDAP servers
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/f87d42a44e18cfc47a43e6f0b9994af0faa7b0a3

Generated at Thu Feb 08 05:42:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.