[Freeipa-devel] [PATCH] 953 advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins
Petr Vobornik
pvoborni at redhat.com
Tue Mar 1 09:36:10 UTC 2016
On 02/26/2016 03:29 PM, Petr Spacek wrote:
> On 25.2.2016 18:01, Petr Vobornik wrote:
>> I did not add --enableldapstarttls to config_redhat_nss_ldap because I'm not
>> sure if it is present on el5 (IMO it is not).
>>
>> authconfig in:
>> * config_redhat_nss_ldap got
>> * --enableldaptls
>>
>> * config_redhat_nss_pam_ldapd got
>> * --enableldaptls
>> * --enableldapstarttls
>> options
>
> Shouldn't it get only one of them?
>
> It seems weird to enable both at the same time.
>
> Petr^2 Spacek
>
>> https://fedorahosted.org/freeipa/ticket/5654
>
Updated patch attached. It uses only --enableldaptls in both commands.
--enableldapstarttls is an alias for enableldaptls.
After testing and checking /etc/openldap/ldap.conf, I don't think that
these options have any effect on el6. There is no 'ssl no' or 'ssl
start_tls' in any combination or lack of the options. Maybe they have
effect somewhere else. Anyway it shouldn't do any harm.
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0953-1-advise-configure-TLS-in-redhat_nss_pam_ldapd-and-red.patch
Type: text/x-patch
Size: 3324 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160301/8bce77c3/attachment.bin>
More information about the Freeipa-devel
mailing list