Following an upgrade from 6.4.0 to 6.6.0, we're now getting the following error because of our LDAP integration with our Active Directory servers:
"level":"error","source":"atc","message":"atc.dex.event","data":{"fields":{},"message":"Failed to login user: failed to connect: LDAP Result Code 200 \"Network Error\": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0","session":"15"}}
The error is correct in that our AD certificates do not have a SAN entry that matches the CommonName, and so we depend on the CN alone. Because the AD servers and the PKI that issues certificates to them, are out of our control, we have no easy way to remedy the issue ourselves at the moment.
Could we please introduce an additional env: variable in the bpm.yml file that allows us to override the deprecation in the Go package by setting (or adding to) the following environment variable:
Bug Report
Following an upgrade from 6.4.0 to 6.6.0, we're now getting the following error because of our LDAP integration with our Active Directory servers:
"level":"error","source":"atc","message":"atc.dex.event","data":{"fields":{},"message":"Failed to login user: failed to connect: LDAP Result Code 200 \"Network Error\": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0","session":"15"}}The error is correct in that our AD certificates do not have a SAN entry that matches the CommonName, and so we depend on the CN alone. Because the AD servers and the PKI that issues certificates to them, are out of our control, we have no easy way to remedy the issue ourselves at the moment.
The error is caused by the following breaking chage in Go 1.15: https://golang.org/doc/go1.15#commonname
Could we please introduce an additional
env:variable in thebpm.ymlfile that allows us to override the deprecation in the Go package by setting (or adding to) the following environment variable:GODEBUG='x509ignoreCN=0'