-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenLDAP - Adding support for Active Directory Auth with Start TLS #20124
Conversation
- Added docs changes. _ Added RN.
- Added known words.
- Added the use of Auto Bind parameter.
- Added logs. - Improved docs.
@JudahSchwartz Doc review completed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Amazing
- Added the TPBs to the integrations yml
Link to the unit tests coverage report: |
@ShahafBenYakir - Please force merge the PR, the reasons are:
|
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: CIAC-2478.
Description
Support Active Directory Auth with STARTTLS as part of OpenLDAP auth integration:
Added support for AD Auth (you can now login to XSOAR using active directory users).
Added support for Start TLS connection.
Enlarged the 'Allowed ciphers list' for SSL/TLS - In python 3.10 they hardened the SSL protocol by reducing the list of ciphers, which caused an LDAP server that did not have the ciphers in the reduced list to fail when establishing the connection. In this PR I returned the list of ciphers to the original list (before the hardening) if the user chose Trust any certificate = True (as done in this PR for Active Directory Query V2 Integration).
Added a new TPB - LDAP Authentication - Test:
A recommendation to use this integration for Active directory with STARTTLS was added to the detailed description of the 'Active Directory Authentication' (golang) integration - in this MR.
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have