Something I failed to notice when merging the LDAP TLS updates:
We currently bind directly to the file /config/ldap/ldap_ca_cert.pem in sssd and sodar-web. This is wrong, as both primary and secondary LDAP servers may have TLS enabled and require a cert. This assumes only one cert can ever exist.
This is a breaking change so it should be done for the release for SODAR v1.0.0, unless needs arise to get it in sooner.
mikkonie
commented
2 days ago
Something I failed to notice when merging the LDAP TLS updates:
We currently bind directly to the file
/config/ldap/ldap_ca_cert.peminsssdandsodar-web. This is wrong, as both primary and secondary LDAP servers may have TLS enabled and require a cert. This assumes only one cert can ever exist.This is a breaking change so it should be done for the release for SODAR v1.0.0, unless needs arise to get it in sooner.