fixup ldap SSL/TLS options, make TLS default in helper, Closes: Trac#13

2024-11-09 12:22:40 +01:00 · 2007-11-24 23:23:08 +00:00 · 2007-11-24 23:23:08 +00:00 · ca62d94c56
commit ca62d94c56
parent 84a6d7fa7a
4 changed files with 21 additions and 5 deletions
--- a/1
+++ b/1
@ -24,3 +24,4 @@ Jamie McClelland -- cstream patches
 ale -- ldap cleanup
 Sami Haahtinen <ressu@ressukka.net>
 Matthew Palmer -- mysql enhancements
+romain.tartiere@healthgrid.org -- ldap fixes
--- a/2
+++ b/2
@ -26,6 +26,8 @@ version 0.9.5 -- unreleased
 	   instead of on/off
 	 . Fixed problem that caused combination of slapcat and compress to not work
 	   together (Closes: Trac#29)
+	 . Applied patch from romain.tartiere@healthgrid.org to fix the SSL/TLS options
+	   to be correct, also set TLS to be the default over SSL (Closes: Trac#13)
 	maildir:
 	 . Added an examples file (Closes: Trac#23)
 	 . Applied patch from Anarcat that fixes the cp/mkdir calls to not use GNU 
--- a/handlers/ldap.helper.in
+++ b/handlers/ldap.helper.in
@ -7,13 +7,17 @@ while true; do
      checkBox "ldap action wizard" "check options (slapcat OR ldapsearch)" \
         "slapcat" "export ldif using slapcat" yes \
         "ldapsearch" "export ldif using ldapsearch" no \
-         "compress" "compress the ldif output files" yes
+         "compress" "compress the ldif output files" yes \
+         "ssl" "use SSL (deprecated)" no \
+         "tls" "use TLS extended operations (RFC2246, RFC2830)" yes
      status=$?
      compress="compress = no"
      method="method = <unset>"
      restart="restart = no"
      binddn=""
      passwordfile=""
+      ssl="ssl = no"
+      tls="tls = no"
      [ $status = 1 ] && return;
      result="$REPLY"
      for opt in $result; do
@ -33,6 +37,8 @@ while true; do
              binddn="binddn = $REPLY"
              require_packages ldap-utils
              ;;
+            '"ssl"') ssl="ssl = yes";;
+            '"tls"') tls="tls = yes";;
         esac
      done
      get_next_filename $configdirectory/30.ldap
@ -42,6 +48,8 @@ $compress
 $restart
 $binddn
 $passwordfile
+$ssl
+$tls
 # backupdir = /var/backups/ldap
 # conf = /etc/ldap/slapd.conf
 # databases = all
--- a/handlers/ldap.in
+++ b/handlers/ldap.in
@ -13,9 +13,10 @@ getconf method ldapsearch
 getconf passwordfile
 getconf binddn
 getconf ldaphost
-getconf tls yes
+getconf ssl yes
+getconf tls no

-if [ $tls = 'yes' ]; then
+if [ $ssl = 'yes' ]; then
   URLBASE="ldaps"
 else
   URLBASE="ldap"
@ -56,10 +57,14 @@ if [ "$ldif" == "yes" ]; then
      if [ "$method" == "slapcat" ]; then
         execstr="$SLAPCAT -f $conf -b $dbsuffix"
      else
+         LDAPARGS=""
+         if [ "$tls" == "yes" ]; then
+            LDAPARGS="-ZZ"
+         fi
         if [ -n "$ldaphost" ]; then
-            execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            execstr="$LDAPSEARCH $LDAPARGS -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
         else
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
         fi
         [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
         debug "$execstr"