• Eric Chiang's avatar
    Documentation: clarify difference between LDAP ports and security guarantees · 8b8c076e
    Eric Chiang authored
    Now that LDAP supports an `insecureSkipVerify` option, clarify that
    `insecureNoTLS` is an extremely bad choice and as such we may drop
    support for 389 in the future.
    
    However, since we send plain text passwords from our frontend to our
    backend, this probably gets us into a bigger conversation about dex's
    TLS story. For example when terminiation is approporate. cc'ing
    @dghubble for thoughts on how that might apply to our internal uses.
    
    We probably want an overaching security doc at some point, but that
    can be another PR.
    8b8c076e
ldap-connector.md 5.38 KB