[ARTEMIS-3140] Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.17.0
Fix Version/s: 2.20.0
Component/s: None
Labels:
None

Description

Microsoft has added the following binding feature to LDAP connections (AD/Domain Controllers):

https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e

To interoperate with this Java has required some changes which are available at least in a Java 16 release candidate:

https://bugs.openjdk.java.net/browse/JDK-8245527

That is, to make Java add the required channel binding information to its LDAP connection, the JNDI environment property com.sun.jndi.ldap.tls.cbtype must be set to tls-server-end-point. However, Artemis LDAPLoginModule creates an internal environment object which does not support the property.

I would also propose to improve the LDAPLoginModule class in a way that any future custom/added property could be included to the JNDI environment without requiring changes to the actual code.

Attachments

Issue Links

links to

GitHub Pull Request #3826

Activity

People

Assignee:: Unassigned

Reporter:: Panu Hämäläinen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Feb/21 11:09

Updated:: 14/Jan/22 17:44

Resolved:: 14/Jan/22 17:44

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m