[jboss-jira] [JBoss JIRA] (WFCORE-2647) Add an option to always send the client SSL certificate to LDAP server

Darran Lofthouse (JIRA) issues at jboss.org
Mon Apr 10 08:08:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13391402#comment-13391402 ] 

Darran Lofthouse commented on WFCORE-2647:
------------------------------------------

Actually in the older versions using the OperationStepHandler is an absolute requirement.

The system property is only a work around to compensate for being unable to make a management model change.  If system property evaluation were to happen at runtime you then get a difference in behaviour between the correct approach of using the management model and the workaround approach of using the system property.

> Add an option to always send the client SSL certificate to LDAP server
> ----------------------------------------------------------------------
>
>                 Key: WFCORE-2647
>                 URL: https://issues.jboss.org/browse/WFCORE-2647
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management
>            Reporter: Peter Palaga
>            Assignee: Peter Palaga
>
> This is the component issue for https://issues.jboss.org/browse/JBEAP-4439 and https://bugzilla.redhat.com/show_bug.cgi?id=1327758
> The present code in {{LdapConnectionManagerService}} was designed so that the client cert is sent to authenticate the search account but during the username / password verification step, the client cert is not sent.
> The present objective is to add an option (that will default to the old behavior) to send the client password also during the username / password verification.
> This includes (citing [~dlofthouse]):
> * Implement management model based configuration and an implementation for the current version
> * Port back to older versions using a system property.
> * Forward port the system property to the current version for compatibility.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list