URL:
https://github.com/freeipa/freeipa/pull/5993
Author: tiran
Title: #5993: Avoid double encryption of LDAP connections
Action: opened
PR body:
"""
The default settings of FreeIPA and OpenLDAP's libldap result in double
encryption of LDAPS and StartTLS connections. The outer layer is TLS and
the inner layer is SASL data security layer with GSSAPI encryption.
Double encryption is a waste of resources and can impact performance.
libldap does not install the SASL data security layer when a connection
uses a minimum and maximum security strength factor of 0.
Fixes:
https://pagure.io/freeipa/issue/8970
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5993/head:pr5993
git checkout pr5993