Panu Hämäläinen created ARTEMIS-3140:
----------------------------------------
Summary: Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule
Key: ARTEMIS-3140
URL: https://issues.apache.org/jira/browse/ARTEMIS-3140
Project: ActiveMQ Artemis
Issue Type: Bug
Reporter: Panu Hämäläinen
Microsoft has added the following binding feature to LDAP connections
(AD/Domain Controllers):
[https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e]
To interoperate with this Java has required some changes which are available at
least in a Java 16 release candidate:
[https://bugs.openjdk.java.net/browse/JDK-8245527]
That is, to make Java add the required channel binding information to its LDAP
connection, the JNDI environment property \{{com.sun.jndi.ldap.tls.cbtype}}
must be set to \{{tls-server-end-point}}. However, Artemis LDAPLoginModule
creates an internal environment object which does not support the property.
I would also propose to improve the LDAPLoginModule class in a way that any
future custom/added property could be included to the JNDI environment without
requiring changes to the actual code.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
