I did not add --enableldapstarttls to config_redhat_nss_ldap because I'm not sure if it is present on el5 (IMO it is not).

authconfig in:
* config_redhat_nss_ldap got
  * --enableldaptls

* config_redhat_nss_pam_ldapd got
  * --enableldaptls
  * --enableldapstarttls
options

https://fedorahosted.org/freeipa/ticket/5654
--
Petr Vobornik
From 9efeceb704bb53c3de39a2793faab4c58f80fc60 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 25 Feb 2016 15:25:12 +0100
Subject: [PATCH] advise: configure TLS in redhat_nss_pam_ldapd and
 redhat_nss_ldap plugins

authconfig in:
* config_redhat_nss_ldap got
  * --enableldaptls

* config_redhat_nss_pam_ldapd got
  * --enableldaptls
  * --enableldapstarttls
options

https://fedorahosted.org/freeipa/ticket/5654
---
 ipaserver/advise/plugins/legacy_clients.py | 7 ++++---
 ipatests/test_integration/test_advise.py   | 8 +++++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py
index b6e1fc5a1549787fbe2805b0297d79211ae21d77..018175b560a69c418b2efa3a2247eb58c69f1dfe 100644
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -195,8 +195,9 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
 
         self.log.comment('Use the authconfig to configure nsswitch.conf '
                          'and the PAM stack')
-        self.log.command('authconfig --updateall --enableldap '
-                         '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
+        self.log.command('authconfig --updateall --enableldap --enableldaptls '
+                         '--enableldapstarttls --enableldapauth '
+                         '--ldapserver=%s --ldapbasedn=%s\n'
                          % (uri, base))
 
     def configure_ca_cert(self):
@@ -363,7 +364,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):
 
         self.log.comment('Use the authconfig to configure nsswitch.conf '
                          'and the PAM stack')
-        self.log.command('authconfig --updateall --enableldap '
+        self.log.command('authconfig --updateall --enableldap --enableldaptls '
                          '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
                          % (uri, base))
 
diff --git a/ipatests/test_integration/test_advise.py b/ipatests/test_integration/test_advise.py
index 613096f1caed3efb7db33076da5e57bea58cfa13..e263316b254a26b0c9e5a02f9e970349d1047491 100644
--- a/ipatests/test_integration/test_advise.py
+++ b/ipatests/test_integration/test_advise.py
@@ -104,7 +104,8 @@ class TestAdvice(IntegrationTest):
         advice_regex = "\#\!\/bin\/sh.*" \
                        "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+nss_ldap" \
                        "[\s]+authconfig.*authconfig[\s]+\-\-updateall" \
-                       "[\s]+\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
+                       "[\s]+\-\-enableldap[\s]+\-\-enableldaptls"\
+                       "[\s]+\-\-enableldapauth[\s]+" \
                        "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
         raiseerr = True
 
@@ -116,8 +117,9 @@ class TestAdvice(IntegrationTest):
         advice_regex = "\#\!\/bin\/sh.*" \
                        "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+" \
                        "nss\-pam\-ldapd[\s]+pam_ldap[\s]+authconfig.*" \
-                       "authconfig[\s]+\-\-updateall[\s]+" \
-                       "\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
+                       "authconfig[\s]+\-\-updateall[\s]+\-\-enableldap"\
+                       "[\s]+\-\-enableldaptls[\s]+\-\-enableldapstarttls"\
+                       "[\s]+\-\-enableldapauth[\s]+" \
                        "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
         raiseerr = True
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to