Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1275
I coordinated with @mcgilman this morning and he demoed LDAPS with client
verify `demand` and LIP `REQUIRED` as working successfully (for TLS
negotiation, not `SASL EXTERNAL` client authentication for LDAPS). I think it
may have been a hostname resolution issue on my machine. We also verified
`START_TLS` still works with these changes, and that ldapsearch worked
successfully over port 636 when the ldaps protocol was explicitly indicated.
```
root@80da99977283:/# ldapsearch -x -b dc=example,dc=org -D
"cn=admin,dc=example,dc=org" -w admin -v -H ldaps://localhost:636
ldap_initialize( ldaps://localhost:636/??base )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example
# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9dEpQWllaR2NzOGluVmw3QTNVS2VlZndReTRwT01mdWE=
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
root@80da99977283:/#
```
+1, checking `contrib-check`, rebasing if necessary, and merging.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
