chocolatey-licensed-issues icon indicating copy to clipboard operation
chocolatey-licensed-issues copied to clipboard

Published 20 hours ago verified publisher icon chocolatey

Central Management - Add Support For Setting Up CCM LDAP Authentication Using LDAPS

Open ryanrichter94 opened this issue 3 years ago • 4 comments

Enhancement Description

Received a ticket asking if CCM can run over LDAPS as a more secure alternative to the current LDAP in place as of CCM 0.6.3

References:

┆Issue is synchronized with this Gitlab issue by Unito

ryanrichter94 avatar Nov 12 '21 18:11 ryanrichter94

Bumping this another customers request for this feature. Also for context CCM is 0.10.1 as of writing this.

ryanrichter94 avatar Jan 12 '23 16:01 ryanrichter94

Adding ZenDesk Ticket 3 from duplicate issue to this one.

ryanrichter94 avatar Nov 14 '23 14:11 ryanrichter94

Sorry for chiming in here. There are two (2) ways of communicating with LDAP securely.

  • LDAP with StartTLS (Default port 389, like normal)
    • Uses the same protocol but adds an encryption layer using "Extended Operation" (part of LDAP)
  • LDAPS or LDAP over SSL (Default port 636)
    • Basically, the equivalent of HTTP vs HTTPS.

Both are very different and have different implementations. Some configurations support both, and some only the StartTLS version.

I suggest implementing both, increasing the compatibility with different LDAP configurations.

mkevenaar avatar May 06 '24 17:05 mkevenaar

Added ZenDesk Ticket 5 to issue after having support call with organization. They are currently in the process of phasing out legacy LDAP for LDAPS and Okta as their authentication solutions going forward.

ryanrichter94 avatar Aug 15 '24 21:08 ryanrichter94