From 947309699dfca7a5db6d8148d46627d502a98d42 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Fri, 6 Oct 2006 20:00:52 +0000
Subject: [PATCH] added ldaphost and tls variable as requested by stefani

---
 ChangeLog             |  1 +
 examples/example.ldap |  6 ++++++
 handlers/ldap         | 20 ++++++++++++++++++--
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a0e21f2..5eab333 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -68,6 +68,7 @@ version 0.9.4 -- unreleased
 	 . Removed warning about vserver not running (thanks anarcat)
 	ldap:
 	 . Compress now happens in-line to save some disk space (Closes: #370778)
+	 . ldaphost and tls options added for ldapsearch method (Closes: #362027)
 	makecd:
 	 . Added nicelevel option (thanks rhatto)
     lib changes
diff --git a/examples/example.ldap b/examples/example.ldap
index adc1fcd..ee7c57d 100644
--- a/examples/example.ldap
+++ b/examples/example.ldap
@@ -43,3 +43,9 @@
 ## to, not needed for slapcat
 # binddn =
 
+## ldaphost (no default): set this to your ldap host if it is not local
+# ldaphost =
+
+## tls (default yes): if set to 'yes' then TLS connection will be
+## attempted to your ldaphost by using the URI base ldaps: otherwise ldap: will be used
+# tls = yes
\ No newline at end of file
diff --git a/handlers/ldap b/handlers/ldap
index ee46831..ba3d78a 100644
--- a/handlers/ldap
+++ b/handlers/ldap
@@ -12,6 +12,14 @@ getconf restart no
 getconf method ldapsearch
 getconf passwordfile
 getconf binddn
+getconf ldaphost
+getconf tls yes
+
+if [ $tls = 'yes' ] 
+   URLBASE="ldaps"
+else
+   URLBASE="ldap"
+fi
 
 status="ok"
 
@@ -54,9 +62,17 @@ if [ "$ldif" == "yes" ]; then
          debug "$execstr"
       else
          if [ "$compress" == "yes" ]; then
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            if [ -n "$ldaphost" ]
+               execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            else
+               execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            fi
          else
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            if [ -n "$ldaphost" ]
+               execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            else
+               execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            fi
          fi
          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
          debug "$execstr"
-- 
2.30.2