Uploaded image for project: 'OpenICF'
  1. OpenICF
  2. OPENICF-665

Check LDAP Server DNS Name against the SSL Certificate's subject/alternative name

    Details

      Description

      Update the LDAP connector to check if the configured DNS Name of LDAP Server is either in Subject of the Server Certificate or in Subject 'Alternative Name' field:

      RFC5280 - https://www.ietf.org/rfc/rfc5280.txt https://en.wikipedia.org/wiki/Subject_Alternative_Name

      The intention here would be to prevent the ability for a 3rd party to manipulate DNS entries or spoof the LDAP Server IP in order to obtain passwords (if LDAP-Connector sets passwords).

        Attachments

          Activity

            People

            • Assignee:
              gael Gael Allioux
              Reporter:
              tom.wood Tom Wood
              QA Assignee:
              Michal Orlik
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: