Any feedback is appreciated.Regards,Jason Smyth
--
You received this message because you are subscribed to the Google Groups "go-cd" group.
To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/4b37a890-f442-4966-a053-0fb985f73e3cn%40googlegroups.com.
Hi Sriram,
Thank you for the feedback.
Do you know how the plugin handles SSL negotiation? We considered DNS round-robin but ruled it a non-starter, under the assumption that LDAPS would require that the hostname and certificate name match.
Regards,
Jason Smyth
--
You received this message because you are subscribed to a topic in the Google Groups "go-cd" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/go-cd/eEHCCj-vOuo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
go-cd+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/go-cd/CANiY96ZECHfCOjUw5f-XS6kvsChV%2B8K%3Dry21%3DW%3DeOuFM011opw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/DM6PR16MB36713451AFA69A524EC80AB6CFEE2%40DM6PR16MB3671.namprd16.prod.outlook.com.
Hi Chad,
Thank you for the feedback.
I ran some tests, and it seems that the LDAP Authorization plugin does not validate that the certificate name matches. At least, I was able to successfully connect using both hostname and IP address.
So, it seems our options are:
Does that seem about right? Is there anything I am mssing?
Regards,
Jason Smyth
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAA1RwH8AuQbTdpa37pBi3TaRGTa%3DKH%2Bq2X2UxKeOE3DazpdRSA%40mail.gmail.com.
Hi Chad,
Thank you for the feedback.
I ran some tests, and it seems that the LDAP Authorization plugin does not validate that the certificate name matches. At least, I was able to successfully connect using both hostname and IP address.
So, it seems our options are:
- Use round-robin DNS or a TCP load balancer and accept the risk that a future update to the plugin may tighten security and break our implementation, or
- Create duplicate LDAP Authorization connectors like we currently have for LDAP Authentication and accept that we would need duplicate role configurations as well.
Does that seem about right? Is there anything I am mssing?
To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/DM6PR16MB36711D531B13495FEDA4CF0ECFEA2%40DM6PR16MB3671.namprd16.prod.outlook.com.