1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
Some LDAP configurations require STARTTLS, like the Gentoo infrastructure one.
Add a new configuration file to do it.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
diff -Nuar nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py nsscache-0.8.3/nss_cache/sources/ldapsource.py
--- nsscache-0.8.3.orig/nss_cache/sources/ldapsource.py 2008-09-08 18:31:58.000000000 -0700
+++ nsscache-0.8.3/nss_cache/sources/ldapsource.py 2009-05-24 16:50:59.579112740 -0700
@@ -76,6 +76,8 @@
self.conn = rlo(uri=conf['uri'],
retry_max=conf['retry_max'],
retry_delay=conf['retry_delay'])
+ if conf['tls_starttls'] == 1:
+ self.conn.start_tls_s()
else:
self.conn = conn
@@ -107,6 +109,8 @@
configuration['tls_cacertdir'] = self.TLS_CACERTDIR
if not 'tls_cacertfile' in configuration:
configuration['tls_cacertfile'] = self.TLS_CACERTFILE
+ if not 'tls_starttls' in configuration:
+ configuration['tls_starttls'] = 0
# Translate tls_require into appropriate constant, if necessary.
if configuration['tls_require_cert'] == 'never':
@@ -120,6 +124,13 @@
elif configuration['tls_require_cert'] == 'try':
configuration['tls_require_cert'] = ldap.OPT_X_TLS_TRY
+ # Should we issue STARTTLS?
+ if configuration['tls_starttls'] in (1, '1', 'on', 'yes', 'true'):
+ configuration['tls_starttls'] = 1
+ #if not configuration['tls_starttls']:
+ else:
+ configuration['tls_starttls'] = 0
+
# Setting global ldap defaults.
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
configuration['tls_require_cert'])
diff -Nuar nsscache-0.8.3.orig/nsscache.conf nsscache-0.8.3/nsscache.conf
--- nsscache-0.8.3.orig/nsscache.conf 2008-09-08 18:31:58.000000000 -0700
+++ nsscache-0.8.3/nsscache.conf 2009-05-24 16:51:25.468374563 -0700
@@ -70,6 +70,9 @@
# Default filename for trusted CAs
#ldap_tls_cacertfile = '/usr/share/ssl/cert.pem'
+# Should we issue STARTTLS?
+# ldap_tls_starttls = 1
+
##
# nssdb module defaults
|
GitWeb
