[ldap plugin] ldap allows insecure configurations

XMLWordPrintable

    • Type: Task
    • Resolution: Fixed
    • Priority: Minor
    • Component/s: ldap-plugin
    • None

      Description

       

      1. Go to Manage Jenkins > Security > Security Realm and select LDAP
      1. Use LDAPS server (e.g. ldaps://ldap.forumsys.com)
        • URL is accepted (it might throw exception connecting, but that’s out of the scope of this ticket) → EXPECTED
      1. Use LDAP server instead (e.g. ldap.forumsys.com:389)
        • There’s no error message and the configuration can be saved although is not secure → UNEXPECTED
      1. Click on Advanced Server Configuration
        • Set a Manager Password shorter than 14 characters
          • There’s no error message and the configuration can be saved although the password is not FIPS compliant → UNEXPECTED

            Assignee:
            Vishal
            Reporter:
            Vishal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: