Red Hat Bugzilla – Bug 782617
LDAP SSL support/implementation seems wrong
Last modified: 2012-01-23 11:17:30 EST
The LDAP SSL configuration options provided in JON server seem to be incorrect and/or missing.
Overall LDAP SSL support needs to be reevaluated and implemented in a clean/intuitive manner. There are two types of common SSL use-cases:
Seeing that LDAP SSL configuration prompts the user for the URL, 1) is accomplished using ldaps://. This makes the Use SSL check-box completely confusing and misleading. It appears that if I specify a protocol of ldap:// and also check the Use SSL check-box, my protocol specification is overridden with ldaps://. Although this might be desired, it is very confusing. Most commonly a "Use SSL" option is only provided when a host name is used (i.e. we aren't asking for a URL). So, we should ask for one or the other.
To support 2) we should be asking whether SSL is optional or required.
And in both cases, installation of certificates is not provided. Instead, one must install them in a JVM specified trust store or if using SSL sockets between agent and server, one must figure out where this is configured and how to get the public LDAP cert in the correct key file.
per scrum 1/23/2012 crouch, loleary, mfoley