Bug #9926
closed
LdapError: unsupported encryption method with LDAP auth source
Description
I've juste upgraded from 1.8.0 RC1 to 1.8.0 RC2, when i want to login using an ldap account, i get the following error :
Started POST "/users/login" for 192.168.0.1 at 2015-03-27 14:42:32 +0100
2015-03-27 14:42:32 [I] Processing by UsersController#login as HTML
2015-03-27 14:42:32 [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"ZOnsMh5ABcz6MEzjE4wRrcLEvnMeYm6hHk+1hnxsUg8=", "login"=>{"login"=>"alexandre.barth", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2015-03-27 14:42:32 [W] Operation FAILED: LdapError: unsupported encryption method
2015-03-27 14:42:32 [I] Rendered common/500.html.erb within layouts/application (3.7ms)
2015-03-27 14:42:32 [I] Rendered layouts/base.html.erb (1.3ms)
2015-03-27 14:42:32 [I] Completed 500 Internal Server Error in 15ms (Views: 6.4ms | ActiveRecord: 1.7ms)
This was working in 1.8.0 RC1 and all previous versions.
Updated by Dominic Cleal over 9 years ago
- Subject changed from no more Ldap connection to LdapError: unsupported encryption method with LDAP auth source
- Category set to Authentication
Is your LDAP auth source in Foreman configured with SSL?
Updated by Dominic Cleal over 9 years ago
- Related to Bug #9885: CVE-2015-1816 - LDAP server SSL certificate not verified added
Updated by
Updated by Dominic Cleal over 9 years ago
Ah, I wonder if we're constructing this badly then and all of :encryption should be nil rather than just :method here: https://github.com/theforeman/foreman/blob/1.8.0-RC2/app/models/auth_sources/auth_source_ldap.rb#L83
Updated by Alex Derr over 9 years ago
Dominic Cleal wrote:
The work around that I am using is to just comment out the encryption_config for now:Ah, I wonder if we're constructing this badly then and all of :encryption should be nil rather than just :method here: https://github.com/theforeman/foreman/blob/1.8.0-RC2/app/models/auth_sources/auth_source_ldap.rb#L83
- method = tls ? :simple_tls : nil
- { :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
end
def encryption_configMy LDAP w/o SSL is working again.
Updated by Alex Derr over 9 years ago
def encryption_config
# method = tls ? :simple_tls : nil
# { :method => method, :tls_options => { :verify_mode => OpenSSL::SSL::VERIFY_PEER } }
end
Updated by The Foreman Bot over 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2271 added
- Pull request deleted (
)
Updated by Marek Hulán over 9 years ago
Oh, the hash is used only for simple_tls and start_tls, otherwise encryption is set to nil, I missed this. Alex, could you please test the patch in https://github.com/theforeman/foreman/pull/2271? It should fix it for you but keep SSL working.
Updated by Alex Derr over 9 years ago
Marek Hulán wrote:
Oh, the hash is used only for simple_tls and start_tls, otherwise encryption is set to nil, I missed this. Alex, could you please test the patch in https://github.com/theforeman/foreman/pull/2271? It should fix it for you but keep SSL working.
That seems to be working. Also note, I use LDAP with out SSL. So I can't test if LDAPS is working still or not.
Updated by Marek Hulán over 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 5d5e0bb601ad75a514168a263a6a360c496cb2af.