Package: cpu
Version: 1.4.3-5
Severity: normal
Tags: patch
the docs say "tls is supported" and "tls may be used if ldap_uri is set".
unfortunately, the docs are not complete:
by default cpu doesn't try tls (which it did earlier).
*) cpu without options tells you about -x for start_tls, but neither
man cpu nor man cpu-ldap tell you about it.
this is minor.
*) you can not specify to use start_tls in the config file,
the code only looks for the -x command line. this is very annoying,
as it means that one has to always add -x to a cpu invocation.
a patch to support USE_TLS=0/1 in the config file is included; it
doesn't contain docu fixes, though. the config entry USE_TLS and -x
are made additive: USE_TLS doesn't disable tls if -x is given.
there is no "-x 0" so i thought this cleanest.
regards
az
---x---
--- ./commandline.c.old 2005-06-09 15:39:13.000000000 +1000
+++ commandline.c 2005-06-09 15:39:13.000000000 +1000
@@ -512,6 +512,13 @@
/* end of required fields */
+ /* enable tls if not on but don't disable it */
+ if (globalLdap->usetls == 0
+ && NULL != cfg_get_str("LDAP","USE_TLS"))
+ {
+ globalLdap->usetls = cfg_get_int("LDAP","USE_TLS");
+ }
+
if (operation == USERADD && globalLdap->password_file != NULL)
{
struct cpass *p = NULL;
---x---
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (980, 'testing'), (970, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.30
Locale: LANG=C, LC_CTYPE=de_AT (charmap=ISO-8859-1)
Versions of packages cpu depends on:
ii cracklib2 2.7-16 A pro-active password checker libr
ii debconf 1.4.30.13 Debian configuration management sy
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libldap2 2.1.30-8 OpenLDAP libraries
ii libsasl7 1.5.27-3.5 Authentication abstraction library
ii ucf 1.17 Update Configuration File: preserv
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
