[Patch] LDAP TLS/SSL options
Hi!
The TLS option in the trunk seems to refer to SSL in fact. Here is a patch that fixes the problem. These options are also exposed to the user in the helper script.
According to our local ldap expert, SSL is deprecated in favor of TLS, but we have not changed the default configuration from the trunk, that is SSL is checked by default and TLS is not.
Index: trunk/handlers/ldap =================================================================== --- trunk/handlers/ldap (révision 477) +++ trunk/handlers/ldap (copie de travail) @@ -13,9 +13,10 @@ getconf passwordfile getconf binddn getconf ldaphost -getconf tls yes +getconf ssl yes +getconf tls no -if [ $tls = 'yes' ]; then +if [ $ssl = 'yes' ]; then URLBASE="ldaps" else URLBASE="ldap" @@ -57,10 +58,14 @@ execstr="$SLAPCAT -f $conf -b $dbsuffix" debug "$execstr" else + LDAPARGS="" + if [ "$tls" == "yes" ]; then + LDAPARGS="-ZZ" + fi if [ -n "$ldaphost" ]; then - execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" + execstr="$LDAPSEARCH $LDAPARGS -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" else - execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" + execstr="$LDAPSEARCH $LDAPARGS -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" fi [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file." debug "$execstr" Index: trunk/handlers/ldap.helper =================================================================== --- trunk/handlers/ldap.helper (révision 477) +++ trunk/handlers/ldap.helper (copie de travail) @@ -7,13 +7,17 @@ checkBox "ldap action wizard" "check options (slapcat OR ldapsearch)" \ "slapcat" "export ldif using slapcat" on \ "ldapsearch" "export ldif using ldapsearch" off \ - "compress" "compress the ldif output files" on + "compress" "compress the ldif output files" on \ + "ssl" "use SSL (deprecated)" on \ + "tls" "use TLS extended operations (RFC2246, RFC2830)" off status=$? compress="compress = off" method="method = " restart="restart = no" binddn="" passwordfile="" + ssl="ssl = no" + tls="tls = no" [ $status = 1 ] && return; result="$REPLY" for opt in $result; do @@ -33,6 +37,8 @@ binddn="binddn = $REPLY" require_packages ldap-utils ;; + '"ssl"') ssl="ssl = yes";; + '"tls"') tls="tls = yes";; esac done get_next_filename $configdirectory/30.ldap @@ -42,6 +48,8 @@ $restart $binddn $passwordfile +$ssl +$tls # backupdir = /var/backups/ldap # conf = /etc/ldap/slapd.conf # databases = all
(from redmine: created on 2007-08-16, closed on 2009-12-25)