Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73825

[ldap plugin] ldap allows insecure configurations

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Minor Minor
    • ldap-plugin
    • None

      Description

       

      1. Go to Manage Jenkins > Security > Security Realm and select LDAP
      1. Use LDAPS server (e.g. ldaps://ldap.forumsys.com)
        • URL is accepted (it might throw exception connecting, but that’s out of the scope of this ticket) → EXPECTED
      1. Use LDAP server instead (e.g. ldap.forumsys.com:389)
        • There’s no error message and the configuration can be saved although is not secure → UNEXPECTED
      1. Click on Advanced Server Configuration
        • Set a Manager Password shorter than 14 characters
          • There’s no error message and the configuration can be saved although the password is not FIPS compliant → UNEXPECTED

            vwagh Vishal
            vwagh Vishal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: