TLS with python ldap3 and other questions #31
Comments
|
With the existing LDAP library being used, it is very easy to implement STARTTLS |
|
That service is an example. Not meant for production.
See Below
On Mar 24, 2019, at 22:37, fpatterson55 ***@***.***> wrote:
I am a little bit surprised that the CX code isn't using a TLS connection by default for the python ldap calls. I haven't been able to connect over TLS yet, Any example code for connecting in with TLS with the ldap3 package?
Any chance we can update the code base to have secure connectivity for LDAP?
What other hardening pieces should be considered prior to deploying something to production?
Any guidance on deploying to an existing tomcat server that is already hosting a Micro Focus service such as Identity Governance, Identity Application, etc?
>> Works great. Thats where I usually deploy. I normally don’t use docker.
Any thoughts on including an admin based authentication for connectivity, similar to SSPR's administrative console? It would be ideal to have configuration parameters in a central location rather than in the code itself. Something modular where different applications could tie into the administration page. Probably similar to Identity Governance 3.5 look and feel with the top menu items.
> The only thing in the code is clientid and client secret. Neither need to be all that secure because you also need user credentials. You can manage them any way you like.
Any pointers on where we can read up on eDirectory rest APIs, or other APIs that have been released? Identity Governance I can find just fine and will be working with them in the near future.
>Theres not really anything useful for direct REST interfaces in eDir…yet. Coming soon.
Since python is already being utilized, has there been any consideration for a django framework as a deployment option?
>The services implementation is just an example. You can use anything you like. I have a lot of them in Java.
Any docker references to help someone quickly deploy to a given webserver such as django or tomcat?
> If your using the docker containers you don’t need django or tomcat. Content is served by nginx in the container.
Note that this all works without the containers as well. Simply server your HTML,JS,Etc from the server of your choice.
With this framework, could we integrate with Access Manager rather than OSP? What steps would we need to take?
You can integrate with NAM, especially for IG. IDM still requires OSP but OSP can federate with NAM. Direct IDM integration with NAM is on the way.
… —
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#31>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AH25QyD_DIyB6xFrQg-pckPxQQhsWnkbks5vaERvgaJpZM4cGAhm>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am a little bit surprised that the CX code isn't using a TLS connection by default for the python ldap calls. I haven't been able to connect over TLS yet, Any example code for connecting in with TLS with the ldap3 package?
Any chance we can update the code base to have secure connectivity for LDAP?
What other hardening pieces should be considered prior to deploying something to production?
Any guidance on deploying to an existing tomcat server that is already hosting a Micro Focus service such as Identity Governance, Identity Application, etc?
Any thoughts on including an admin based authentication for connectivity, similar to SSPR's administrative console? It would be ideal to have configuration parameters in a central location rather than in the code itself. Something modular where different applications could tie into the administration page. Probably similar to Identity Governance 3.5 look and feel with the top menu items.
Any pointers on where we can read up on eDirectory rest APIs, or other APIs that have been released? Identity Governance I can find just fine and will be working with them in the near future.
Since python is already being utilized, has there been any consideration for a django framework as a deployment option?
Any docker references to help someone quickly deploy to a given webserver such as django or tomcat?
With this framework, could we integrate with Access Manager rather than OSP? What steps would we need to take?
The text was updated successfully, but these errors were encountered: