Bug 962639 - LDAP SSL cert checking is globally disabled for the server in model.py
LDAP SSL cert checking is globally disabled for the server in model.py
Product: Beaker
Classification: Community
Component: scheduler (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified (vote)
: 0.17
: ---
Assigned To: Dan Callaghan
Depends On:
  Show dependency treegraph
Reported: 2013-05-14 02:26 EDT by Dan Callaghan
Modified: 2014-06-10 19:27 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-10 19:27:52 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dan Callaghan 2013-05-14 02:26:22 EDT

Contrary to the comment there, it's in production. Affects anything which imports model.py (that is, beakerd and the web application).

Before getting rid of that option we would need to figure out the impact. For example some sites might have Beaker in production without the correct CA certificate configuration for openldap, which (I assume) would then start failing cert checks if this options is removed. We would need to give administrators some instructions on what they need to fix.
Comment 3 Dan Callaghan 2014-04-01 03:38:26 EDT
On Gerrit: http://gerrit.beaker-project.org/2996
Comment 4 Dan Callaghan 2014-04-01 03:41:01 EDT
Suggestions for verification:
Using a Beaker site with LDAP integration enabled (identity.ldap.enabled=True), ensure that:
* bkr client password authentication works for LDAP accounts with no Beaker password (tg_user.password = NULL)
* new users can authenticate successfully and a row is added to tg_user with name and e-mail populated from LDAP
Comment 7 Dan Callaghan 2014-06-10 19:27:52 EDT
Beaker 0.17.0 has been released.

Note You need to log in before you can comment on or make changes to this bug.