Merge pull request #3483 from robert-scheck/improper-certificate-validation

Reject by default LDAP connections not authorized via CA trust store
2025-04-22 04:57:07 -04:00 · 2021-01-26 00:47:56 +02:00 · 2021-01-26 00:47:56 +02:00 · b6b3682d06
commit b6b3682d06
parent 1189b66748 31f89121fe
1 changed files with 1 additions and 1 deletions
--- a/packages/wekan-ldap/server/ldap.js
+++ b/packages/wekan-ldap/server/ldap.js
@ -19,7 +19,7 @@ export default class LDAP {
      idle_timeout                       : this.constructor.settings_get('LDAP_IDLE_TIMEOUT'),
      encryption                         : this.constructor.settings_get('LDAP_ENCRYPTION'),
      ca_cert                            : this.constructor.settings_get('LDAP_CA_CERT'),
-      reject_unauthorized                : this.constructor.settings_get('LDAP_REJECT_UNAUTHORIZED') || false,
+      reject_unauthorized                : this.constructor.settings_get('LDAP_REJECT_UNAUTHORIZED') || true,
      Authentication                     : this.constructor.settings_get('LDAP_AUTHENTIFICATION'),
      Authentication_UserDN              : this.constructor.settings_get('LDAP_AUTHENTIFICATION_USERDN'),
      Authentication_Password            : this.constructor.settings_get('LDAP_AUTHENTIFICATION_PASSWORD'),