Merge pull request #90 from robert-scheck/improper-certificate-valida…

…tion Reject by default LDAP connections not authorized via CA trust store
wekan · Apr 6, 2022 · c8e2477 · c8e2477
2 parents b104751 + e8f9422
commit c8e2477
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/server/ldap.js b/server/ldap.js
@@ -18,7 +18,7 @@ export default class LDAP {
       idle_timeout: this.constructor.settings_get('LDAP_IDLE_TIMEOUT'),
       encryption: this.constructor.settings_get('LDAP_ENCRYPTION'),
       ca_cert: this.constructor.settings_get('LDAP_CA_CERT'),
-      reject_unauthorized: this.constructor.settings_get('LDAP_REJECT_UNAUTHORIZED') || false,
+      reject_unauthorized: this.constructor.settings_get('LDAP_REJECT_UNAUTHORIZED') || true,
       Authentication: this.constructor.settings_get('LDAP_AUTHENTIFICATION'),
       Authentication_UserDN: this.constructor.settings_get('LDAP_AUTHENTIFICATION_USERDN'),
       Authentication_Password: this.constructor.settings_get('LDAP_AUTHENTIFICATION_PASSWORD'),