Flip LDAP `verify_certificates` default to true
The issue GitLab LDAP integration vulnerable to MITM attack was fixed in this MR but due to the potential to break customer installations (if they are using LDAP over SSL but their configuration would fail certificate verification), we added the option but decided to default it to disabled until GitLab 9.5.
To do for 9.5 10.0
-
Flip verify_certificatesdefault to true -
Remove startup warning LDAP SSL certificate verification is disabled for backwards-compatibility... -
Update config/gitlab.yml.examplecommentDefaults to false for backward-compatibility -
Update doc/administration/auth/ldap.mdcommentDefaults to false for backward-compatibility -
Ensure this change is announced in 9.510.0 blog post https://gitlab.com/gitlab-org/gitlab-ce/issues/30420#note_32264418 -
Change the 9.4 blog post to say this will be enabled by default in 10.0 instead of 9.5
Edited by Michael Kozono