From ca62d94c56df7ee24a46c0de657930b48a04711d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 24 Nov 2007 23:23:08 +0000 Subject: [PATCH] fixup ldap SSL/TLS options, make TLS default in helper, Closes: Trac#13 --- AUTHORS | 1 + ChangeLog | 2 ++ handlers/ldap.helper.in | 10 +++++++++- handlers/ldap.in | 13 +++++++++---- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/AUTHORS b/AUTHORS index ea31cba..71a032b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -24,3 +24,4 @@ Jamie McClelland -- cstream patches ale -- ldap cleanup Sami Haahtinen Matthew Palmer -- mysql enhancements +romain.tartiere@healthgrid.org -- ldap fixes diff --git a/ChangeLog b/ChangeLog index 6ebf602..34589c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,8 @@ version 0.9.5 -- unreleased instead of on/off . Fixed problem that caused combination of slapcat and compress to not work together (Closes: Trac#29) + . Applied patch from romain.tartiere@healthgrid.org to fix the SSL/TLS options + to be correct, also set TLS to be the default over SSL (Closes: Trac#13) maildir: . Added an examples file (Closes: Trac#23) . Applied patch from Anarcat that fixes the cp/mkdir calls to not use GNU diff --git a/handlers/ldap.helper.in b/handlers/ldap.helper.in index 5ccbe7e..35b47a3 100644 --- a/handlers/ldap.helper.in +++ b/handlers/ldap.helper.in @@ -7,13 +7,17 @@ while true; do checkBox "ldap action wizard" "check options (slapcat OR ldapsearch)" \ "slapcat" "export ldif using slapcat" yes \ "ldapsearch" "export ldif using ldapsearch" no \ - "compress" "compress the ldif output files" yes + "compress" "compress the ldif output files" yes \ + "ssl" "use SSL (deprecated)" no \ + "tls" "use TLS extended operations (RFC2246, RFC2830)" yes status=$? compress="compress = no" method="method = " restart="restart = no" binddn="" passwordfile="" + ssl="ssl = no" + tls="tls = no" [ $status = 1 ] && return; result="$REPLY" for opt in $result; do @@ -33,6 +37,8 @@ while true; do binddn="binddn = $REPLY" require_packages ldap-utils ;; + '"ssl"') ssl="ssl = yes";; + '"tls"') tls="tls = yes";; esac done get_next_filename $configdirectory/30.ldap @@ -42,6 +48,8 @@ $compress $restart $binddn $passwordfile +$ssl +$tls # backupdir = /var/backups/ldap # conf = /etc/ldap/slapd.conf # databases = all diff --git a/handlers/ldap.in b/handlers/ldap.in index f6f87c7..e5e21ba 100644 --- a/handlers/ldap.in +++ b/handlers/ldap.in @@ -13,9 +13,10 @@ getconf method ldapsearch getconf passwordfile getconf binddn getconf ldaphost -getconf tls yes +getconf ssl yes +getconf tls no -if [ $tls = 'yes' ]; then +if [ $ssl = 'yes' ]; then URLBASE="ldaps" else URLBASE="ldap" @@ -56,10 +57,14 @@ if [ "$ldif" == "yes" ]; then if [ "$method" == "slapcat" ]; then execstr="$SLAPCAT -f $conf -b $dbsuffix" else + LDAPARGS="" + if [ "$tls" == "yes" ]; then + LDAPARGS="-ZZ" + fi if [ -n "$ldaphost" ]; then - execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" + execstr="$LDAPSEARCH $LDAPARGS -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" else - execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" + execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile" fi [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file." debug "$execstr" -- 2.30.2