Bug 962639

Summary: LDAP SSL cert checking is globally disabled for the server in model.py
Product: [Retired] Beaker Reporter: Dan Callaghan <dcallagh>
Component: schedulerAssignee: Dan Callaghan <dcallagh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.12CC: aigao, asaha, dcallagh, qwan, rmancy, tools-bugs, xma
Target Milestone: 0.17   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-10 23:27:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Callaghan 2013-05-14 06:26:22 UTC 
http://git.beaker-project.org/cgit/beaker/tree/Server/bkr/server/model.py?h=d66aec4b8896283fb62ccd5306f417b219d0d684#n1516

Contrary to the comment there, it's in production. Affects anything which imports model.py (that is, beakerd and the web application).

Before getting rid of that option we would need to figure out the impact. For example some sites might have Beaker in production without the correct CA certificate configuration for openldap, which (I assume) would then start failing cert checks if this options is removed. We would need to give administrators some instructions on what they need to fix.
Comment 3 Dan Callaghan 2014-04-01 07:38:26 UTC 
On Gerrit: http://gerrit.beaker-project.org/2996
Comment 4 Dan Callaghan 2014-04-01 07:41:01 UTC 
Suggestions for verification:
Using a Beaker site with LDAP integration enabled (identity.ldap.enabled=True), ensure that:
* bkr client password authentication works for LDAP accounts with no Beaker password (tg_user.password = NULL)
* new users can authenticate successfully and a row is added to tg_user with name and e-mail populated from LDAP
Comment 7 Dan Callaghan 2014-06-10 23:27:52 UTC 
Beaker 0.17.0 has been released.