[freeipa PR#3217][opened] ipatests: allow to relax security of LDAP connection from controller to IPA host
by wladich
URL: https://github.com/freeipa/freeipa/pull/3217
Author: wladich
Title: #3217: ipatests: allow to relax security of LDAP connection from controller to IPA host
Action: opened
PR body:
"""
The Host.ldap_connect() method uses LDAPClient from ipapython package.
In a3934a21 we started to use secure connection from tests controller to
ipa server. And also 5be9341f changed the LDAPClient.simple_bind method
to forbid password based authentiction over insecure connection.
This makes it imposible to establish ldap connection in some test
configurations where hostnames known to ipa server do not match ones known
to tests controller (i.e. when host.hostname != host.external_hostname)
because TLS certificate is issued for host.hostname and test controller
tries to verify it against host.external_hostname.
A sublass of LDAPClient is provided which allows to skip certificate check.
Fixes: https://pagure.io/freeipa/issue/7960
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3217/head:pr3217
git checkout pr3217
4 years, 10 months