Grahamco

**Name of the Vulnerable Software and Affected Versions** NixOS versions 17.03 and earlier **Description** The issue concerns an unintended default absence of SSL Certificate Validation for LDAP in NixOS. Specifically, the users.ldap NixOS module, which implements user authentication against LDAP servers via a PAM module, unconditionally disables peer verification in /etc/ldap.conf when TLS is enabled to connect to the LDAP server with users.ldap.useTLS. **Recommendations** For NixOS versions 17.03 and earlier, ensure that SSL Certificate Validation for LDAP is properly configured to prevent unintended disabling of peer verification. As a temporary workaround, consider manually enabling peer verification in /etc/ldap.conf until a proper fix is applied.