tlater-famedly
commented
3 months ago Some preliminary work is on: https://github.com/famedly/ldap-sync/tree/tlater/ldaps
This depends on famedly/ldap-poller#33, as rustls doesn't seem to support enough certificate types for our purposes. Given we need to deploy this in client infrastructure, we probably want very wide support.
The remaining issue is that ldap-poller doesn't seem to properly support propagating connection errors since native-tls was enabled, but instead simply silently ignores all LDAP updates. The certificates used to test the current implementation, and the way we hook everything up just isn't correct either.
Debugging and proper implementation is in progress.
We need support for LDAPS, including both client and server certificate validation.