[Freeipa-devel] [PATCH] 953 advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins
Tomas Babej
tbabej at redhat.com
Tue Mar 1 12:06:09 UTC 2016
On 03/01/2016 10:36 AM, Petr Vobornik wrote:
> On 02/26/2016 03:29 PM, Petr Spacek wrote:
>> On 25.2.2016 18:01, Petr Vobornik wrote:
>>> I did not add --enableldapstarttls to config_redhat_nss_ldap because
>>> I'm not
>>> sure if it is present on el5 (IMO it is not).
>>>
>>> authconfig in:
>>> * config_redhat_nss_ldap got
>>> * --enableldaptls
>>>
>>> * config_redhat_nss_pam_ldapd got
>>> * --enableldaptls
>>> * --enableldapstarttls
>>> options
>>
>> Shouldn't it get only one of them?
>>
>> It seems weird to enable both at the same time.
>>
>> Petr^2 Spacek
>>
>>> https://fedorahosted.org/freeipa/ticket/5654
>>
>
> Updated patch attached. It uses only --enableldaptls in both commands.
>
> --enableldapstarttls is an alias for enableldaptls.
>
> After testing and checking /etc/openldap/ldap.conf, I don't think that
> these options have any effect on el6. There is no 'ssl no' or 'ssl
> start_tls' in any combination or lack of the options. Maybe they have
> effect somewhere else. Anyway it shouldn't do any harm.
>
>
ACK.
Pushed to:
master: 02d3ea106214c7e170cb9bf051e4085ade440134
ipa-4-3: b2c5c32d78f099ecc0fb1f10fbf2acd9e36da3ae
ipa-4-2: 6111a30962db4f4bf095201854f3aaa3493adf7c
More information about the Freeipa-devel
mailing list