1) hash salts:
Unless I missed something, I'd like to request the ability to use salts with hashes in the local file based authentication method. [edit: I did miss something]
2) Support non-anonymous LDAP queries:
Since I disable anonymous connections to my LDAP on AD, I need to provide user credentials to authenticate when binding. Currently I receive the bindResponse of:
Code: Select all
LDAPMessage bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 57, vece)
I may just have a misunderstanding of the proper configuration, as I've left out AD_USER_REPLACEMENT, have my AD_BASE_DN as the root of the domain, have sAMAccountName as AD_USERNAME_ATTRIBUTE. The authenication mechanism seems to send the password I've entered, but not the username I've entered anywhere in the bindRequest.
3) Relax the acceptable certificate integrity:
Also, it appears that NConf "is configured" to only accept LDAPS connections that are secured against certificates that pass a lot of validity tests. Rhodecode is a project that handles this situation by allowing the following "certificate check" modes:
Code: Select all
NEVER: A serve certificate will never be requested or checked.
ALLOW: A server certificate is requested. Failure to provide a certificate or providing a bad certificate will not terminate the session.
TRY: A server certificate is requested. Failure to provide a certificate does not halt the session; providing a bad certificate halts the session.
DEMAND: A server certificate is requested and must be provided and authenticated for the session to proceed.
ALLOW allows a non-trusted certificate to be used to secure the connection.