Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

- added TLS enablement checkbox again, might be used

  even with sssd (bnc#775167)
- 2.23.0
  • Loading branch information...
commit 88dd907f27559007c0856c24ad765b1a4590a656 1 parent adef406
@jsuchome jsuchome authored
View
2  VERSION
@@ -1 +1 @@
-2.22.10
+2.23.0
View
7 package/yast2-ldap-client.changes
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri Oct 5 14:51:25 CEST 2012 - jsuchome@suse.cz
+
+- added TLS enablement checkbox again, might be used
+ even with sssd (bnc#775167)
+- 2.23.0
+
+-------------------------------------------------------------------
Mon Sep 10 12:09:07 CEST 2012 - jsuchome@suse.cz
- enable sssd service during autoinstallation (bnc#779261)
View
13 src/Ldap.ycp
@@ -952,6 +952,17 @@ Verify that the Server has StartTLS support enabled."),
sssd_cache_credentials = cache_credentials != nil && tolower (cache_credentials) == "true";
string enumerate = (string)SCR::Read (add (domain, "enumerate"));
sssd_enumerate = enumerate != nil && tolower (enumerate) == "true";
+
+ string id_start_tls = (string)SCR::Read (add (domain, "ldap_id_use_start_tls"));
+ if (id_start_tls != nil)
+ {
+ ldap_tls = tolower (id_start_tls) == "true";
+ }
+ else
+ {
+ // true for SSSD by default, if not overriden by ldap_id_use_start_tls
+ ldap_tls = true;
+ }
}
if (krb5_realm != "" && krb5_kdcip != "")
{
@@ -2241,10 +2252,12 @@ Select another one.
// " Make sure that "filter_groups" and "filter_users" in the "[nss]" section contains "root".
string f_g = (string) SCR::Read (.etc.sssd_conf.v.nss.filter_groups);
+ if (f_g == nil) f_g = "";
list<string> l = (list<string>) union (splitstring (f_g, ","), ["root"]);
SCR::Write (.etc.sssd_conf.v.nss.filter_groups, mergestring (l, ","));
string f_u = (string) SCR::Read (.etc.sssd_conf.v.nss.filter_users);
+ if (f_u == nil) f_u = "";
l = (list<string>) union (splitstring (f_u, ","), ["root"]);
SCR::Write (.etc.sssd_conf.v.nss.filter_users, mergestring (l, ","));
View
18 src/ui.ycp
@@ -186,9 +186,15 @@
string certTmpFile = sformat ("%1/__LDAPcert.crt", Directory::tmpdir);
string tls_cacertdir = Ldap::tls_cacertdir;
string tls_cacertfile = Ldap::tls_cacertfile;
+ boolean ldap_id_use_start_tls = Ldap::ldap_tls;
+
UI::OpenDialog (`opt (`decorated), `HBox (`HSpacing (1), `VBox(
`VSpacing (0.5),
`HSpacing (75),
+ `Left (`CheckBox (`id (`ldap_id_use_start_tls),
+ // checkbox label
+ _("Use TLS for Identity Resolve"), ldap_id_use_start_tls)),
+ `VSpacing (0.4),
`HBox (
`InputField (`id (`tls_cacertdir), `opt (`hstretch),
// inputfield label
@@ -237,7 +243,7 @@
UI::ChangeWidget (`id (`tls_cacertdir), `Value, dir);
}
}
- if (ret == `br_tls_cacertfile)
+ else if (ret == `br_tls_cacertfile)
{
string file = UI::AskForExistingFile (tls_cacertfile, "*.pem *.crt",
// popup label
@@ -248,6 +254,12 @@
UI::ChangeWidget (`id (`tls_cacertfile), `Value, file);
}
}
+ else
+ {
+ tls_cacertdir = (string) UI::QueryWidget (`id (`tls_cacertdir), `Value);
+ tls_cacertfile = (string) UI::QueryWidget (`id (`tls_cacertfile), `Value);
+ ldap_id_use_start_tls = UI::QueryWidget (`id (`ldap_id_use_start_tls), `Value) == true;
+ }
if (ret == `import_cert)
{
string dir = tls_cacertdir;
@@ -300,6 +312,7 @@ has been copied to '%2' directory.
{
Ldap::tls_cacertfile = tls_cacertfile;
Ldap::tls_cacertdir = tls_cacertdir;
+ Ldap::ldap_tls = ldap_id_use_start_tls;
}
return ret == `ok;
@@ -365,7 +378,7 @@ want to use it, it will be installed automatically.</p>
boolean start = Ldap::start || installation;
string base_dn = Ldap::GetBaseDN ();
string server = Ldap::server;
- boolean ldap_tls = Ldap::ldap_tls || Ldap::sssd; // force TLS to true if sssd is used
+ boolean ldap_tls = Ldap::ldap_tls;
string tls_checkpeer = Ldap::tls_checkpeer;
boolean login_enabled = Ldap::login_enabled;
boolean ssl_changed = false;
@@ -497,6 +510,7 @@ Do you want to continue and use SSSD or cancel to keep the old configuration?"))
if (result == `ssl_config)
{
ssl_changed = SSLConfiguration () || ssl_changed;
+ ldap_tls = Ldap::ldap_tls; // re-read after possible change
}
if (result == `slp)
{
View
3  testsuite/tests/Export2.out
@@ -22,5 +22,6 @@ Read .etc.sssd_conf.v."domain/default"."krb5_kdcip" "kdc.suse.cz"
Read .etc.sssd_conf.v."domain/default"."ldap_schema" "rfc2307"
Read .etc.sssd_conf.v."domain/default"."cache_credentials" "true"
Read .etc.sssd_conf.v."domain/default"."enumerate" "true"
+Read .etc.sssd_conf.v."domain/default"."ldap_id_use_start_tls" nil
Return true
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":true, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
View
3  testsuite/tests/Export2.ycp
@@ -64,7 +64,8 @@
"krb5_kdcip" : "kdc.suse.cz",
"ldap_schema" : "rfc2307",
"cache_credentials" : "true",
- "enumerate" : "true"
+ "enumerate" : "true",
+ "ldap_id_use_start_tls" : nil, // will lead to ldap_tls true
],
],
],
View
1  testsuite/tests/Export3.out
@@ -22,5 +22,6 @@ Read .etc.sssd_conf.v."domain/default"."krb5_kdcip" nil
Read .etc.sssd_conf.v."domain/default"."ldap_schema" "rfc2307"
Read .etc.sssd_conf.v."domain/default"."cache_credentials" "true"
Read .etc.sssd_conf.v."domain/default"."enumerate" "true"
+Read .etc.sssd_conf.v."domain/default"."ldap_id_use_start_tls" "False"
Return true
Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_kdcip":"kdc.suse.cz,kdc.suse.de", "krb5_realm":"SUSE.CZ", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
View
3  testsuite/tests/Export3.ycp
@@ -65,7 +65,8 @@
"krb5_kdcip" : nil,
"ldap_schema" : "rfc2307",
"cache_credentials" : "true",
- "enumerate" : "true"
+ "enumerate" : "true",
+ "ldap_id_use_start_tls" : "False",
],
],
],
View
1  testsuite/tests/Read2.out
@@ -19,6 +19,7 @@ Read .etc.sssd_conf.v."domain/default"."krb5_kdcip" "kdc.suse.cz"
Read .etc.sssd_conf.v."domain/default"."ldap_schema" nil
Read .etc.sssd_conf.v."domain/default"."cache_credentials" "True"
Read .etc.sssd_conf.v."domain/default"."enumerate" nil
+Read .etc.sssd_conf.v."domain/default"."ldap_id_use_start_tls" nil
Return true
Dump ldap: -true-
Dump sssd: -true-
View
3  testsuite/tests/Read2.ycp
@@ -65,7 +65,8 @@
"krb5_kdcip" : "kdc.suse.cz",
"ldap_schema" : nil,
"cache_credentials" : "True",
- "enumerate" : nil
+ "enumerate" : nil,
+ "ldap_id_use_start_tls" : nil,
],
],
],
Please sign in to comment.
Something went wrong with that request. Please try again.