[
https://issues.apache.org/jira/browse/ARTEMIS-3140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17290063#comment-17290063
]
Justin Bertram commented on ARTEMIS-3140:
-----------------------------------------
The changes here should be pretty straight-forward, and there's no test to add
since we don't have any AD-specific tests. Would you be willing to submit a PR?
> Support com.sun.jndi.ldap.tls.cbtype in LDAPLoginModule
> -------------------------------------------------------
>
> Key: ARTEMIS-3140
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3140
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Affects Versions: 2.17.0
> Reporter: Panu Hämäläinen
> Priority: Major
>
> Microsoft has added the following binding feature to LDAP connections
> (AD/Domain Controllers):
> [https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e]
>
> To interoperate with this Java has required some changes which are available
> at least in a Java 16 release candidate:
> [https://bugs.openjdk.java.net/browse/JDK-8245527]
> That is, to make Java add the required channel binding information to its
> LDAP connection, the JNDI environment property
> \{{com.sun.jndi.ldap.tls.cbtype}} must be set to \{{tls-server-end-point}}.
> However, Artemis LDAPLoginModule creates an internal environment object which
> does not support the property.
>
> I would also propose to improve the LDAPLoginModule class in a way that any
> future custom/added property could be included to the JNDI environment
> without requiring changes to the actual code.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
