Just received this email from Jamf about forthcoming changes to LDAPS in
10.11. We have serious concerns about how this change would impact our
Jamf Pro cloud instance: Additionally, any LDAP server connections using
LDAPS will require that the hostn...
Aaron, I appreciate the response on this. I agree with the reasons you
are doing this. My reaction was because the initial customer
communication did not mention SAN would be supported in addition to CN,
nor did it mention the upgrade schedule and ho...
Thinking further on this, a much better way to do this would be to give
the customer the option on how to harden LDAPS. For example a rule
builder to define how it validates:- must be issued by my Root CA and
match [regex].mydomain.local OR- must be ...
alexjdale, They are saying the Common Name (CN) will have to match. So
if you are pointing to mysecuredcproxy.mydomain.com and that is not the
CN on the certificate that it connects to, the connection will fail.
Taking CN to strictly mean CN, that me...
I sense some security audit told them they should do this, and while it
is admirable, it shows no understanding of typical customer
infrastructure. This needs considerable advance notice, testing and
acceptance on a per-customer basis. It absolutely ...