Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/8.0-staging] Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory #112530

Merged
merged 4 commits into from
Feb 27, 2025
Merged

[release/8.0-staging] Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory #112530

merged 4 commits into from
Feb 27, 2025

Conversation

steveharter
Copy link
Member

@steveharter steveharter commented Feb 13, 2025
edited
Loading

Backport of #111877 to release/8.0-staging
Fixes #104260 for v8.0.x
Backport for v9: #112531

/cc @steveharter @JasonDebug

Customer Impact

  • Customer reported
  • Found internally

Adds two new members to System.DirectoryServices.Protocols.LdapSessionOptions to forward to LDAP APIs on Linux\OSX that help with server certificate validation. On Windows, server certificate validation is supported by setting a callback on LdapSessionOptions.VerifyServerCertificates(), but that is not supported on Linux\OSX.

Regression

  • Yes
  • No

Testing

Several months ago, we provided a package with the proposed fix which was validated by the support engineer and customer requesting this feature. Once it was added to v10, the validation was done again. Also, local validation on Linux Ubuntu was done and verification tests were added.

Automated tests here are not supported with current infrastructure as it requires LDAP server support. Currently this must be manually tested.

Risk

Low - although we normally don't add new APIs in a servicing release, it is safer here since this assembly does not ship inbox with .NET so risk is low for versioning issues.

@steveharter steveharter added this to the 8.0.x milestone Feb 13, 2025
@steveharter steveharter self-assigned this Feb 13, 2025
@Copilot Copilot bot review requested due to automatic review settings February 13, 2025 17:47
@dotnet-issue-labeler dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

1 similar comment
@dotnet-issue-labeler dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014
See info in area-owners.md if you want to be subscribed.

Copilot
Copilot AI reviewed Feb 13, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 5 out of 10 changed files in this pull request and generated no comments.

Files not reviewed (5)
  • src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml: Language not supported
  • src/libraries/System.DirectoryServices.Protocols/src/Resources/Strings.resx: Language not supported
  • src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.cs: Evaluated as low risk
  • src/libraries/Common/src/Interop/Interop.Ldap.cs: Evaluated as low risk
  • src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs: Evaluated as low risk
@steveharter steveharter changed the title Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory [release/8.0-staging] Add support for LDAPTLS_CACERTDIR \ TrustedCertificateDirectory Feb 13, 2025
@steveharter steveharter mentioned this pull request Feb 13, 2025
Merged
4 tasks
@steveharter steveharter added the Servicing-consider Issue for next servicing release review label Feb 13, 2025
@steveharter steveharter requested a review from ericstj February 13, 2025 18:19
@build-analysis build-analysis bot mentioned this pull request Feb 13, 2025
Open
@rbhanda rbhanda modified the milestones: 8.0.x, 8.0.15 Feb 18, 2025
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Feb 18, 2025
This was referenced Feb 19, 2025
Open
Open
Open
@steveharter
Copy link
Member Author

@ericstj can you commit this please; I don't have permission.

@ericstj
Copy link
Member

ericstj commented Feb 27, 2025

@ericstj can you commit this please; I don't have permission.

You do - you just need all the checks to pass. Seems like check-labels is stuck - can happen when GitHub has an issue triggering the workflow, so to fix that I usually toggle a label.

@ericstj ericstj added Servicing-approved Approved for servicing release and removed Servicing-approved Approved for servicing release labels Feb 27, 2025
@steveharter steveharter merged commit be6cf76 into dotnet:release/8.0-staging Feb 27, 2025
111 of 114 checks passed
@steveharter steveharter deleted the backport-pr-1118770-to-release-8.0-staging branch February 27, 2025 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@ericstj ericstj ericstj approved these changes

Assignees

@steveharter steveharter

Labels
area-System.DirectoryServices new-api-needs-documentation Servicing-approved Approved for servicing release
Projects
None yet
Milestone
8.0.15
Development

Successfully merging this pull request may close these issues.
3 participants
@steveharter @ericstj @rbhanda