[ https://issues.apache.org/jira/browse/ARTEMIS-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clebert Suconic reopened ARTEMIS-3140: -------------------------------------- > Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule > ------------------------------------------------------- > > Key: ARTEMIS-3140 > URL: https://issues.apache.org/jira/browse/ARTEMIS-3140 > Project: ActiveMQ Artemis > Issue Type: Bug > Affects Versions: 2.17.0 > Reporter: Panu Hämäläinen > Priority: Major > Fix For: 2.20.0 > > Time Spent: 40m > Remaining Estimate: 0h > > Microsoft has added the following binding feature to LDAP connections > (AD/Domain Controllers): > [https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e] > > To interoperate with this Java has required some changes which are available > at least in a Java 16 release candidate: > [https://bugs.openjdk.java.net/browse/JDK-8245527] > That is, to make Java add the required channel binding information to its > LDAP connection, the JNDI environment property > \{{com.sun.jndi.ldap.tls.cbtype}} must be set to \{{tls-server-end-point}}. > However, Artemis LDAPLoginModule creates an internal environment object which > does not support the property. > > I would also propose to improve the LDAPLoginModule class in a way that any > future custom/added property could be included to the JNDI environment > without requiring changes to the actual code. -- This message was sent by Atlassian Jira (v8.20.1#820001)