password hash salts, LDAP query auth, LDAPS cert acceptance

Request new features for NConf

password hash salts, LDAP query auth, LDAPS cert acceptance

Postby mbrownnyc » Fri Jul 20, 2012 18:12

Hello,

1) hash salts:
Unless I missed something, I'd like to request the ability to use salts with hashes in the local file based authentication method. [edit: I did miss something]

2) Support non-anonymous LDAP queries:
Since I disable anonymous connections to my LDAP on AD, I need to provide user credentials to authenticate when binding. Currently I receive the bindResponse of:
Code: Select all
LDAPMessage bindResponse(1) invalidCredentials (80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 57, vece)


I may just have a misunderstanding of the proper configuration, as I've left out AD_USER_REPLACEMENT, have my AD_BASE_DN as the root of the domain, have sAMAccountName as AD_USERNAME_ATTRIBUTE. The authenication mechanism seems to send the password I've entered, but not the username I've entered anywhere in the bindRequest.

3) Relax the acceptable certificate integrity:
Also, it appears that NConf "is configured" to only accept LDAPS connections that are secured against certificates that pass a lot of validity tests. Rhodecode is a project that handles this situation by allowing the following "certificate check" modes:
Code: Select all
NEVER: A serve certificate will never be requested or checked.
ALLOW: A server certificate is requested. Failure to provide a certificate or providing a bad certificate will not terminate the session.
TRY: A server certificate is requested. Failure to provide a certificate does not halt the session; providing a bad certificate halts the session.
DEMAND: A server certificate is requested and must be provided and authenticated for the session to proceed.


ALLOW allows a non-trusted certificate to be used to secure the connection.


Thanks,

Matt
mbrownnyc
NConf rookie
NConf rookie
 
Posts: 16
Joined: Fri Jul 20, 2012 17:58

Return to Feature requests

Who is online

Users browsing this forum: No registered users and 1 guest

cron