[jira] [Commented] (NIFI-2325) Add support for LDAPS in authentication provider

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFI-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15716110#comment-15716110
 ] 

ASF GitHub Bot commented on NIFI-2325:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/1275
  
    I coordinated with @mcgilman this morning and he demoed LDAPS with client 
verify `demand` and LIP `REQUIRED` as working successfully (for TLS 
negotiation, not `SASL EXTERNAL` client authentication for LDAPS). I think it 
may have been a hostname resolution issue on my machine. We also verified 
`START_TLS` still works with these changes, and that ldapsearch worked 
successfully over port 636 when the ldaps protocol was explicitly indicated. 
    
    ```
    root@80da99977283:/# ldapsearch -x -b dc=example,dc=org -D 
"cn=admin,dc=example,dc=org" -w admin -v -H ldaps://localhost:636
    ldap_initialize( ldaps://localhost:636/??base )
    filter: (objectclass=*)
    requesting: All userApplication attributes
    # extended LDIF
    #
    # LDAPv3
    # base <dc=example,dc=org> with scope subtree
    # filter: (objectclass=*)
    # requesting: ALL
    #
    
    # example.org
    dn: dc=example,dc=org
    objectClass: top
    objectClass: dcObject
    objectClass: organization
    o: Example Inc.
    dc: example
    
    # admin, example.org
    dn: cn=admin,dc=example,dc=org
    objectClass: simpleSecurityObject
    objectClass: organizationalRole
    cn: admin
    description: LDAP administrator
    userPassword:: e1NTSEF9dEpQWllaR2NzOGluVmw3QTNVS2VlZndReTRwT01mdWE=
    
    # search result
    search: 2
    result: 0 Success
    
    # numResponses: 3
    # numEntries: 2
    root@80da99977283:/#
    ```
    
    +1, checking `contrib-check`, rebasing if necessary, and merging. 


> Add support for LDAPS in authentication provider
> ------------------------------------------------
>
>                 Key: NIFI-2325
>                 URL: https://issues.apache.org/jira/browse/NIFI-2325
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.0.0
>            Reporter: Joseph Witt
>            Assignee: Matt Gilman
>             Fix For: 1.2.0
>
>
> [~mcgilman] [~alopresto] please add thoughts if you have them.
> I propose we add support for LDAPS despite StartTLS being the now preferred 
> approach.  This offers more flexibility for use with many of the long 
> standing LDAP environments out there.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)