Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-16175

TLS Support Samba4 Active Directory User Authentification

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Won't Fix
    • None
    • None
    • None
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      As quoted by official Samba4 sources (https://wiki.samba.org/index.php/Updating_Samba#New_Default_for_LDAP_Connections_Requires_Strong_Authentication) TLS encryption is enforced by now for binding. Since most admins do not open more ports than neccessary it is quite common to open only 389 and enforce TLS. Unfortunately JIRA offers only SSL (port 636) for AD user management. Me and my admin colleagues consider this as quite limiting and since security overules functionality this is quite a severe disadvantage. Is there any change of nearby implementation???

       

      New Default for LDAP Connections Requires Strong Authentication
4.4.1 or later / 4.3.7 or later / 4.2.10 or later
The security updates 4.4.1, 4.3.7 and 4.2.10 introduced a new smb.conf option for the Active Directory (AD) LDAP server to enforce strong authentication. The default for this new option ldap server require strong auth is yes and allows only simple binds over TLS encrypted connections. In consequence, external applications that connect to AD using LDAP, cannot establish a connection if they do not use or support TLS encrypted connections.
Applications connecting to Samba AD using the LDAP protocol without encryption, will display the error message:
ldap_bind: Strong(er) authentication required (8) additional info: BindSimple: Transport encryption required.
For further information, see the 4.4.1, 4.3.7, or the 4.2.10 release notes.

      Kind regards

       

       

          Form Name

            [JSWSERVER-16175] TLS Support Samba4 Active Directory User Authentification

            Gosia Kowalska added a comment -
            Atlassian Update – 27 September 2019

            Hi,

            Thank you for raising this suggestion. We regret to inform you that due to limited demand, we have no plans to implement it in the foreseeable future. In order to set expectations, we're closing this request.

            This is an automated update triggered by low user engagement with this suggestion (number of votes, number of watchers).

            We hope you will appreciate our candid and transparent communication and our attempts to become more transparent about our priorities. Making tradeoffs and saying no is never an easy task to perform. You can read more about our approach to highly voted server suggestions here.

            To learn more about our recent investments in Jira Server and Data Center, please check our two new dashboards containing Recently resolved issues and Current work and future plans.

            Regards,
            Jira Server and Data Center Product Management

            Gosia Kowalska added a comment - Atlassian Update – 27 September 2019 Hi, Thank you for raising this suggestion. We regret to inform you that due to limited demand, we have no plans to implement it in the foreseeable future. In order to set expectations, we're closing this request. This is an automated update triggered by low user engagement with this suggestion (number of votes, number of watchers). We hope you will appreciate our candid and transparent communication and our attempts to become more transparent about our priorities. Making tradeoffs and saying no is never an easy task to perform. You can read more about our approach to highly voted server suggestions here . To learn more about our recent investments in Jira Server and Data Center, please check our two new dashboards containing Recently resolved issues and Current work and future plans . Regards, Jira Server and Data Center Product Management

              Unassigned Unassigned
              271b2bc68071 Hanno
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: