42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
Description: -x not documented, no way to set TLS from config file
|
|
Author: Alexander Zangerl <az@debian.org>
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=312601
|
|
|
|
--- a/doc/man/cpu-ldap.8
|
|
+++ b/doc/man/cpu-ldap.8
|
|
@@ -100,6 +100,8 @@
|
|
can be omitted by specifying the password in the configuration file with the
|
|
option BIND_PASS. If a value is specified at the command line, the switch
|
|
should have no whitespace following it.
|
|
+.IP "-x, --tls"
|
|
+Try to starttls before talking with the ldap server.
|
|
|
|
.IP "The following options can be used for populating LDAP attributes."
|
|
|
|
--- a/src/plugins/ldap/commandline.c
|
|
+++ b/src/plugins/ldap/commandline.c
|
|
@@ -512,6 +512,13 @@
|
|
|
|
/* end of required fields */
|
|
|
|
+ /* enable tls if not on but don't disable it */
|
|
+ if (globalLdap->usetls == 0
|
|
+ && NULL != cfg_get_str("LDAP","USE_TLS"))
|
|
+ {
|
|
+ globalLdap->usetls = cfg_get_int("LDAP","USE_TLS");
|
|
+ }
|
|
+
|
|
if (operation == USERADD && globalLdap->password_file != NULL)
|
|
{
|
|
struct cpass *p = NULL;
|
|
--- a/doc/cpu.conf
|
|
+++ b/doc/cpu.conf
|
|
@@ -7,6 +7,7 @@
|
|
[LDAP]
|
|
#LDAP_HOST = 127.0.0.1
|
|
#LDAP_PORT = 389
|
|
+#USE_TLS = 1
|
|
# Can also use LDAP_URI = ldaps://localhost:389 for TLS support
|
|
LDAP_URI = ldap://127.0.0.1
|
|
BIND_DN = cn=Manager,dc=mydomain,dc=com
|