Red Hat Bugzilla – Bug 962639
LDAP SSL cert checking is globally disabled for the server in model.py
Last modified: 2014-06-10 19:27:52 EDT
Contrary to the comment there, it's in production. Affects anything which imports model.py (that is, beakerd and the web application).
Before getting rid of that option we would need to figure out the impact. For example some sites might have Beaker in production without the correct CA certificate configuration for openldap, which (I assume) would then start failing cert checks if this options is removed. We would need to give administrators some instructions on what they need to fix.
On Gerrit: http://gerrit.beaker-project.org/2996
Suggestions for verification:
Using a Beaker site with LDAP integration enabled (identity.ldap.enabled=True), ensure that:
* bkr client password authentication works for LDAP accounts with no Beaker password (tg_user.password = NULL)
* new users can authenticate successfully and a row is added to tg_user with name and e-mail populated from LDAP
Beaker 0.17.0 has been released.