Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[release/8.0-staging] Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory #112530

Open
wants to merge 4 commits into
base: release/8.0-staging
Choose a base branch
from
Open

[release/8.0-staging] Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory #112530

wants to merge 4 commits into from

Conversation

steveharter
Copy link
Member

@steveharter steveharter commented Feb 13, 2025
edited
Loading

Backport of #111877 to release/8.0-staging
Fixes #104260 for v8.0.x
Backport for v9: #112531

/cc @steveharter @JasonDebug

Customer Impact

  • Customer reported
  • Found internally

Adds two new members to System.DirectoryServices.Protocols.LdapSessionOptions to forward to LDAP APIs on Linux\OSX that help with server certificate validation. On Windows, server certificate validation is supported by setting a callback on LdapSessionOptions.VerifyServerCertificates(), but that is not supported on Linux\OSX.

Regression

  • Yes
  • No

Testing

Several months ago, we provided a package with the proposed fix which was validated by the support engineer and customer requesting this feature. Once it was added to v10, the validation was done again. Also, local validation on Linux Ubuntu was done and verification tests were added.

Automated tests here are not supported with current infrastructure as it requires LDAP server support. Currently this must be manually tested.

Risk

Low - although we normally don't add new APIs in a servicing release, it is safer here since this assembly does not ship inbox with .NET so risk is low for versioning issues.

@steveharter steveharter added this to the 8.0.x milestone Feb 13, 2025
@steveharter steveharter self-assigned this Feb 13, 2025
@Copilot Copilot bot review requested due to automatic review settings February 13, 2025 17:47
@dotnet-issue-labeler dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

1 similar comment
@dotnet-issue-labeler dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014
See info in area-owners.md if you want to be subscribed.

Copilot
Copilot AI reviewed Feb 13, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 5 out of 10 changed files in this pull request and generated no comments.

Files not reviewed (5)
  • src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml: Language not supported
  • src/libraries/System.DirectoryServices.Protocols/src/Resources/Strings.resx: Language not supported
  • src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.cs: Evaluated as low risk
  • src/libraries/Common/src/Interop/Interop.Ldap.cs: Evaluated as low risk
  • src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs: Evaluated as low risk
@steveharter steveharter changed the title Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory [release/8.0-staging] Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory Feb 13, 2025
@steveharter steveharter mentioned this pull request Feb 13, 2025
Open
4 tasks
@steveharter steveharter added the Servicing-consider Issue for next servicing release review label Feb 13, 2025
@steveharter steveharter requested a review from ericstj February 13, 2025 18:19
@build-analysis build-analysis bot mentioned this pull request Feb 13, 2025
Open
@rbhanda rbhanda modified the milestones: 8.0.x, 8.0.15 Feb 18, 2025
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Feb 18, 2025
This was referenced Feb 19, 2025
Open
Open
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@ericstj ericstj Awaiting requested review from ericstj

At least 1 approving review is required to merge this pull request.

Assignees

@steveharter steveharter

Labels
area-System.DirectoryServices new-api-needs-documentation Servicing-approved Approved for servicing release
Projects
None yet
Milestone
8.0.15
Development

Successfully merging this pull request may close these issues.
2 participants
@steveharter @rbhanda