Re: [go-cd] How to Configure Redundant LDAP Authorization?

Minor correction, it's possible the LDAP authz plugin is validating the certs in a way that the authentication plugin does not, despite both being on old LDAP client API versions. Would need to dig deeper to validate.

Re: [go-cd] How to Configure Redundant LDAP Authorization?

I discovered recently that the plugins are on an ancient version of the Apache LDAP library that means they don't actually seem to validate the server certs fully by default (e.g on expiry), so may not validate the hostname either. But that's probably a bug, not a feature? Your call if you want to

RE: [go-cd] How to Configure Redundant LDAP Authorization?

Hi Sriram, Thank you for the feedback. Do you know how the plugin handles SSL negotiation? We considered DNS round-robin but ruled it a non-starter, under the assumption that LDAPS would require that the hostname and certificate name match. Regards, Jason Smyth From: go-cd@googlegroups.com

Re: [go-cd] How to Configure Redundant LDAP Authorization?

On Fri, 17 May 2024 at 10:53 PM, Jason Smyth wrote: > Hi everyone, > > We are looking to move from the bundled LDAP authentication plugin to the LDAP > authorization plugin > . > > For redundancy, our current setup uses 2 LDAP connectors,

[go-cd] How to Configure Redundant LDAP Authorization?

Hi everyone, We are looking to move from the bundled LDAP authentication plugin to the LDAP authorization plugin . For redundancy, our current setup uses 2 LDAP connectors, each pointing to a different Active Directory domain controller