On Mon, Mar 27, 2006 at 12:34:36PM -0500, Jeff Moyer wrote:
> ==> Regarding [autofs] [PATCH] starttls for autofs-ldap-auto-master.c
> (actually attaching it this time.); "Anthony M. Martinez" <[EMAIL PROTECTED]>
> adds:
>
> twopir> Since our LDAP server is configured to require confidentiality, I made
> twopir> the program default to using it.
>
> That's great for your environment, but breaks most everyone else. How
> about making this configurable and not changing the default? For Debian,
> I'm guessing the configuration would be stored in /etc/default/autofs. For
> Red Hat systems, it would use /etc/sysconfig/autofs.
Okay. I modified the patch such that passing the -s option to
autofs-ldap-auto-master will cause it to require confidentiality,
otherwise it behaves normally.
I'll look at the distro-specific stuff later.
Pi
>
> -Jeff
>
> _______________________________________________
> autofs mailing list
> [email protected]
> http://linux.kernel.org/mailman/listinfo/autofs
--
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.
-- Bjarne Stroustrup
--- autofs-4.1.4_beta2/samples/autofs-ldap-auto-master.c 2006-03-23
10:21:54.764752622 -0700
+++ autofs-4.1.4_beta2-starttls/samples/autofs-ldap-auto-master.c
2006-03-23 10:28:06.371758942 -0700
@@ -160,6 +160,7 @@
LDAP *ld = NULL;
int result;
int c;
+ int starttls = 0; /* By default, do not start TLS */
const char *map_key = MAPKEY, *entry_key = ENTRYKEY, *value = VALUE;
const char *map_oc = MAPOC, *entry_oc = ENTRYOC;
const char *map = MAP;
@@ -167,7 +168,7 @@
setlocale(LC_ALL, "");
/* Scan through the argument list. */
- while((c = getopt(argc, argv, "m:e:n:k:v:")) != -1) {
+ while((c = getopt(argc, argv, "m:e:n:k:v:s")) != -1) {
switch(c) {
case 'm':
/* This is the object class we expect maps to
@@ -198,6 +199,10 @@
* VALUE attribute. */
value = optarg;
break;
+ case 's':
+ /* Enable starttls on the LDAP link */
+ starttls = 1;
+ break;
default:
fprintf(stderr, "syntax: %s\n"
"\t[-m %s] (map object class)\n"
@@ -205,6 +210,7 @@
"\t[-n %s] (attribute used as map
key)\n"
"\t[-k %s] (attribute used as entry
key)\n"
"\t[-v %s] (attribute used as value)\n"
+ "\t[-s] (enable starttls)\n"
"\t[%s] (map name)\n",
strchr(argv[0], '/') ?
strrchr(argv[0], '/') + 1 : argv[0],
@@ -235,6 +241,12 @@
ld = ldap_init(NULL, LDAP_PORT);
}
+ if(starttls && (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)) {
+ /* Ooops. We failed to start TLS. Bomb out. */
+ ldap_perror(ld, "Couldn't start TLS");
+ return 3;
+ }
+
/* Connect to the server anonymously. */
result = ldap_simple_bind_s(ld, NULL, NULL);
if(result != LDAP_SUCCESS) {
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
