Package: cpu / 1.4.3-12

06_manpage.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Description: -x not documented, no way to set TLS from config file 
Author: Alexander Zangerl <az@debian.org>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=312601

--- a/doc/man/cpu-ldap.8
+++ b/doc/man/cpu-ldap.8
@@ -100,6 +100,8 @@
 can be omitted by specifying the password in the configuration file with the
 option BIND_PASS. If a value is specified at the command line, the switch
 should have no whitespace following it.
+.IP "-x, --tls"
+Try to starttls before talking with the ldap server.
 
 .IP "The following options can be used for populating LDAP attributes."
 
--- a/src/plugins/ldap/commandline.c
+++ b/src/plugins/ldap/commandline.c
@@ -512,6 +512,13 @@
 
   /* end of required fields */
 
+  /* enable tls if not on but don't disable it */
+  if (globalLdap->usetls == 0
+          && NULL != cfg_get_str("LDAP","USE_TLS"))
+    {
+      globalLdap->usetls = cfg_get_int("LDAP","USE_TLS");
+    }
+
   if (operation == USERADD && globalLdap->password_file != NULL)
     {
       struct cpass *p = NULL;
--- a/doc/cpu.conf
+++ b/doc/cpu.conf
@@ -7,6 +7,7 @@
 [LDAP]
 #LDAP_HOST	= 127.0.0.1
 #LDAP_PORT	= 389
+#USE_TLS	= 1
 # Can also use LDAP_URI = ldaps://localhost:389 for TLS support
 LDAP_URI	= ldap://127.0.0.1
 BIND_DN		= cn=Manager,dc=mydomain,dc=com