Bug 962639 - LDAP SSL cert checking is globally disabled for the server in model.py
Summary: LDAP SSL cert checking is globally disabled for the server in model.py
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Beaker
Classification: Retired
Component: scheduler
Version: 0.12
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: 0.17
Assignee: Dan Callaghan
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-14 06:26 UTC by Dan Callaghan
Modified: 2018-02-06 00:41 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-06-10 23:27:52 UTC
Embargoed:

Attachments (Terms of Use)

Description Dan Callaghan 2013-05-14 06:26:22 UTC 
http://git.beaker-project.org/cgit/beaker/tree/Server/bkr/server/model.py?h=d66aec4b8896283fb62ccd5306f417b219d0d684#n1516

Contrary to the comment there, it's in production. Affects anything which imports model.py (that is, beakerd and the web application).

Before getting rid of that option we would need to figure out the impact. For example some sites might have Beaker in production without the correct CA certificate configuration for openldap, which (I assume) would then start failing cert checks if this options is removed. We would need to give administrators some instructions on what they need to fix.
Comment 3 Dan Callaghan 2014-04-01 07:38:26 UTC 
On Gerrit: http://gerrit.beaker-project.org/2996
Comment 4 Dan Callaghan 2014-04-01 07:41:01 UTC 
Suggestions for verification:
Using a Beaker site with LDAP integration enabled (identity.ldap.enabled=True), ensure that:
* bkr client password authentication works for LDAP accounts with no Beaker password (tg_user.password = NULL)
* new users can authenticate successfully and a row is added to tg_user with name and e-mail populated from LDAP
Comment 7 Dan Callaghan 2014-06-10 23:27:52 UTC 
Beaker 0.17.0 has been released.
Note You need to log in before you can comment on or make changes to this bug.