Hello community, here is the log from the commit of package yast2-ldap-client for openSUSE:Factory checked in at 2014-01-31 11:51:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-ldap-client (Old) and /work/SRC/openSUSE:Factory/.yast2-ldap-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-ldap-client" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-ldap-client/yast2-ldap-client.changes 2013-12-08 19:50:27.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-ldap-client.new/yast2-ldap-client.changes 2014-01-31 11:51:19.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Jan 21 09:54:15 UTC 2014 - vmora...@suse.com + +- Support LDAPS FATE#316086 +- 3.1.4 + +------------------------------------------------------------------- Old: ---- yast2-ldap-client-3.1.3.tar.bz2 New: ---- yast2-ldap-client-3.1.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-ldap-client.spec ++++++ --- /var/tmp/diff_new_pack.QRlDJ5/_old 2014-01-31 11:51:19.000000000 +0100 +++ /var/tmp/diff_new_pack.QRlDJ5/_new 2014-01-31 11:51:19.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package yast2-ldap-client # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: yast2-ldap-client -Version: 3.1.3 +Version: 3.1.4 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -27,7 +27,7 @@ BuildRequires: perl-XML-Writer BuildRequires: update-desktop-files BuildRequires: yast2 -BuildRequires: yast2-devtools >= 3.0.6 +BuildRequires: yast2-devtools >= 3.1.10 BuildRequires: yast2-network BuildRequires: yast2-pam BuildRequires: yast2-testsuite ++++++ yast2-ldap-client-3.1.3.tar.bz2 -> yast2-ldap-client-3.1.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/VERSION new/yast2-ldap-client-3.1.4/VERSION --- old/yast2-ldap-client-3.1.3/VERSION 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/VERSION 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -3.1.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.changes new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.changes --- old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.changes 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.changes 2014-01-30 12:25:11.000000000 +0100 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Jan 21 09:54:15 UTC 2014 - vmora...@suse.com + +- Support LDAPS FATE#316086 +- 3.1.4 + +------------------------------------------------------------------- Thu Dec 5 16:44:42 CET 2013 - jsuch...@suse.cz - remove krb5 realm and kdc from sssd config when Kerberos support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.spec new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.spec --- old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.spec 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.spec 2014-01-30 12:25:11.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-ldap-client -Version: 3.1.0 +Version: 3.1.4 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -26,7 +26,7 @@ Group: System/YaST License: GPL-2.0 BuildRequires: doxygen perl-XML-Writer update-desktop-files yast2 yast2-pam yast2-testsuite yast2-network -BuildRequires: yast2-devtools >= 3.0.6 +BuildRequires: yast2-devtools >= 3.1.10 PreReq: %fillup_prereq diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/src/autoyast-rnc/ldap_client.rnc new/yast2-ldap-client-3.1.4/src/autoyast-rnc/ldap_client.rnc --- old/yast2-ldap-client-3.1.3/src/autoyast-rnc/ldap_client.rnc 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/src/autoyast-rnc/ldap_client.rnc 2014-01-30 12:25:11.000000000 +0100 @@ -9,6 +9,7 @@ ldap_domain? & ldap_server? & ldap_tls? & + ldaps? & create_ldap? & start_ldap? & member_attribute? & @@ -43,6 +44,7 @@ login_enabled = element login_enabled { BOOLEAN } file_server = element file_server { BOOLEAN } ldap_tls = element ldap_tls { BOOLEAN } +ldaps = element ldaps { BOOLEAN } start_ldap = element start_ldap { BOOLEAN } create_ldap = element create_ldap { BOOLEAN } sssd = element sssd { BOOLEAN } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/src/include/ldap/ui.rb new/yast2-ldap-client-3.1.4/src/include/ldap/ui.rb --- old/yast2-ldap-client-3.1.3/src/include/ldap/ui.rb 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/src/include/ldap/ui.rb 2014-01-30 12:25:11.000000000 +0100 @@ -210,86 +210,215 @@ true end + def switch_ssl_config_widgets mode + switch = + case mode + when :on then true + when :off then false + end + + [ + :protocols, + :tls_cacertdir, + :br_tls_cacertdir, + :tls_cacertfile, + :br_tls_cacertfile, + :url, + :import_cert, + :request_server_certificate + ].each {|widget_id| UI.ChangeWidget(Id(widget_id), :Enabled, switch) } + end + # Popup for TLS/SSL related stuff def SSLConfiguration certTmpFile = Builtins.sformat("%1/__LDAPcert.crt", Directory.tmpdir) tls_cacertdir = Ldap.tls_cacertdir tls_cacertfile = Ldap.tls_cacertfile - ldap_id_use_start_tls = Ldap.ldap_tls + use_tls = Ldap.ldap_tls + use_ldaps = Ldap.ldaps + request_server_certificate = Ldap.request_server_certificate UI.OpenDialog( Opt(:decorated), HBox( - HSpacing(1), VBox( - VSpacing(0.5), + VSpacing(0.6), HSpacing(75), - Left( - CheckBox( - Id(:ldap_id_use_start_tls), - # checkbox label - _("Use TLS for Identity Resolve"), - ldap_id_use_start_tls - ) - ), - VSpacing(0.4), - HBox( - InputField( - Id(:tls_cacertdir), - Opt(:hstretch), - # inputfield label - _("Cer&tificate Directory"), - tls_cacertdir - ), - VBox( - Bottom( - # button label - PushButton(Id(:br_tls_cacertdir), _("B&rowse")) + Frame( + _("SSL/TLS Configuration"), + HBox( + VBox( + Left( + CheckBox( + Id(:secure_ldap), + Opt(:notify), + _("Use SSL/TLS"), + Ldap.use_secure_connection? + ) + ), + HSpacing(1), + VBox( + VSpacing(0.5), + HSpacing(75), + Frame( + _("Protocols"), + HBox( + HSpacing(0.5), + VBox( + VSpacing(0.4), + RadioButtonGroup( + Id(:protocols), + Left( + HVSquash( + VBox( + Left( + RadioButton( + Id(:use_tls), + Opt(:notify), + _("StartTLS"), + use_tls + ) + ), + Left( + RadioButton( + Id(:use_ldaps), + Opt(:notify), + _("LDAPS"), + use_ldaps + ) + ), + ) + ) + ) + ), + VSpacing(0.4) + ) + ) + ), + VSpacing(0.5), + Frame( + _("TLS Options"), + HBox( + HSpacing(0.5), + VBox( + VSpacing(0.4), + HBox( + Left( + CheckBox( + Id(:request_server_certificate), + Opt(:notify), + _("Request server certificate"), + request_server_certificate == 'demand' + ) + ) + ) + ) + ) + ), + VSpacing(0.5), + Frame( + _("Certificates"), + HBox( + HSpacing(0.5), + VBox( + VSpacing(0.4), + HBox( + InputField( + Id(:tls_cacertdir), + Opt(:hstretch), + # inputfield label + _("Cer&tificate Directory"), + tls_cacertdir + ), + VBox( + Bottom( + # button label + PushButton(Id(:br_tls_cacertdir), _("B&rowse")) + ) + ) + ), + HBox( + InputField( + Id(:tls_cacertfile), + Opt(:hstretch), + # inputfield label + _("CA Cert&ificate File"), + tls_cacertfile + ), + VBox( + Bottom( + # button label + PushButton(Id(:br_tls_cacertfile), _("Brows&e")) + ) + ) + ), + HBox( + InputField( + Id(:url), + Opt(:hstretch), + # inputfield label + _("CA Certificate URL for Download") + ), + VBox( + Bottom( + # push button label + PushButton(Id(:import_cert), _("Do&wnload CA Certificate")) + ) + ) + ) + ) + ) + ) + ) ) ) ), - HBox( - InputField( - Id(:tls_cacertfile), - Opt(:hstretch), - # inputfield label - _("CA Cert&ificate File"), - tls_cacertfile - ), - VBox( - Bottom( - # button label - PushButton(Id(:br_tls_cacertfile), _("Brows&e")) - ) - ) - ), - HBox( - InputField( - Id(:url), - Opt(:hstretch), - # inputfield label - _("CA Certificate URL for Download") - ), - VBox( - Bottom( - # push button label - PushButton(Id(:import_cert), _("Do&wnload CA Certificate")) - ) - ) - ), - ButtonBox( - PushButton(Id(:ok), Label.OKButton), - PushButton(Id(:cancel), Label.CancelButton) - ), - VSpacing(0.5) + ButtonBox( + PushButton(Id(:ok), Label.OKButton), + PushButton(Id(:cancel), Label.CancelButton) ), - HSpacing(1) + VSpacing(0.4) + ), + HSpacing(1) ) ) - ret = :again + + switch_ssl_config_widgets(:off) unless Ldap.use_secure_connection? + + result = :again + begin - ret = Convert.to_symbol(UI.UserInput) - if ret == :br_tls_cacertdir + result = Convert.to_symbol(UI.UserInput) + + case result + when :secure_ldap + secure_ldap = UI.QueryWidget(Id(:secure_ldap), :Value) + case secure_ldap + when true + switch_ssl_config_widgets(:on) + when false + switch_ssl_config_widgets(:off) + use_ldaps = false + use_tls = false + end + + when :use_tls + use_tls = true + use_ldaps = false + Ldap.modified = true + UI.ChangeWidget(Id(:request_server_certificate), :Value, true) + + when :use_ldaps + use_ldaps = true + use_tls = false + Ldap.modified = true + UI.ChangeWidget(Id(:request_server_certificate), :Value, true) + + when :request_server_certificate + widget_checked = UI.QueryWidget(Id(:request_server_certificate), :Value) + request_server_certificate = widget_checked ? 'demand' : 'allow' + + when :br_tls_cacertdir dir = UI.AskForExistingDirectory( tls_cacertdir, # popup label @@ -299,7 +428,8 @@ tls_cacertdir = dir UI.ChangeWidget(Id(:tls_cacertdir), :Value, dir) end - elsif ret == :br_tls_cacertfile + + when :br_tls_cacertfile file = UI.AskForExistingFile( tls_cacertfile, "*.pem *.crt", @@ -311,19 +441,8 @@ tls_cacertfile = file UI.ChangeWidget(Id(:tls_cacertfile), :Value, file) end - else - tls_cacertdir = Convert.to_string( - UI.QueryWidget(Id(:tls_cacertdir), :Value) - ) - tls_cacertfile = Convert.to_string( - UI.QueryWidget(Id(:tls_cacertfile), :Value) - ) - ldap_id_use_start_tls = UI.QueryWidget( - Id(:ldap_id_use_start_tls), - :Value - ) == true - end - if ret == :import_cert + + when :import_cert dir = tls_cacertdir dir = "/etc/openldap/cacerts/" if dir == "" @@ -391,17 +510,20 @@ Ldap.modified = true end end - end while ret != :ok && ret != :cancel + + end while result != :ok && result != :cancel UI.CloseDialog - if ret == :ok + if result == :ok Ldap.tls_cacertfile = tls_cacertfile Ldap.tls_cacertdir = tls_cacertdir - Ldap.ldap_tls = ldap_id_use_start_tls + Ldap.request_server_certificate = request_server_certificate + Ldap.ldap_tls = use_tls + Ldap.ldaps = use_ldaps end - ret == :ok + result == :ok end # The main dialog for ldap-client configuration @@ -446,9 +568,24 @@ "to encrypt your communication with the LDAP server. You may download a CA\n" + "certificate file in PEM format from a given URL.</p>\n" ) + + _( + "<p>A TLS session may require special client configuration. One of the config + options is TLS_REQCERT which specifies what checks to perform on server certificates. + The value is the <b>level</b> that can be specified with keywords <i>never</i>, <i>allow</i>, + <i>try</i> and <i>demand</i>. In the <b>SSL/TLS Configuration</b> dialog there is + the option <b>Request server certificate</b> which will set the TLS_REQCERT + configuration option to <i>demand</i> if it's enabled or to <i>allow</i> if it's disabled.</p>\n" + ) + + _( + "<p>In addition to LDAP URLs and TLS/SSL encryption, LDAP supports LDAPS URLs. + LDAPS URLs use SSL connections instead of plain connections. They have a syntax + similar to LDAP URLs except the schemes are different and the default port for LDAPS URLs + is 636 instead of 389.</p>\n" + ) + # help text 8/9 _( - "<p>To configure advanced LDAP settings, click\n<b>Advanced Configuration</b>.</p>\n" + "<p>To configure advanced LDAP settings, click\n<b>Advanced Configuration</b>.</p>\n" + + "<p>To configure security settings, click\n<b>SSL/TLS Configuration</b>.</p>\n" ) # help text 9/9 (additional) autofs_help_text = _( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/src/modules/Ldap.rb new/yast2-ldap-client-3.1.4/src/modules/Ldap.rb --- old/yast2-ldap-client-3.1.3/src/modules/Ldap.rb 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/src/modules/Ldap.rb 2014-01-30 12:25:11.000000000 +0100 @@ -27,9 +27,12 @@ # # $Id$ require "yast" +require "uri" module Yast class LdapClass < Module + TLS_REQCERT_DEFAULT = 'demand' + def main Yast.import "UI" textdomain "ldap-client" @@ -61,7 +64,6 @@ # DN of base configuration object @base_config_dn = "" - Yast.include self, "ldap/routines.rb" # Required packages for this module to operate @@ -108,6 +110,9 @@ @base_dn_changed = false @ldap_tls = true + @ldaps = false + # Openldap configuration option TLS_REQCERT + @request_server_certificate = TLS_REQCERT_DEFAULT # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" @@ -321,6 +326,12 @@ } end + def use_secure_connection? + @ldap_tls || @ldaps + end + + alias_method :use_secure_connection, :use_secure_connection? + #---------------------------------------------------------------- # If the base DN has changed from a nonempty one, it may only be @@ -408,6 +419,7 @@ @start = settings.fetch("start_ldap", false) @ldap_tls = settings.fetch("ldap_tls", false) + @ldaps = settings.fetch("ldaps", false) @login_enabled = settings.fetch("login_enabled", true) @_start_autofs = settings.fetch("start_autofs", false) @file_server = settings.fetch("file_server", false) @@ -467,6 +479,7 @@ "ldap_server" => @server, "ldap_domain" => @base_dn, "ldap_tls" => @ldap_tls, + "ldaps" => @ldaps, "bind_dn" => @bind_dn, "file_server" => @file_server, "base_config_dn" => @base_config_dn, @@ -538,6 +551,12 @@ @ldap_tls ? _("Yes") : Summary.NotConfigured ) + summary = Summary.AddHeader(summary, _("LDAPS")) + summary = Summary.AddLine( + summary, + @ldaps ? _("Yes") : Summary.NotConfigured + ) + # summary item summary = Summary.AddHeader( summary, @@ -588,9 +607,14 @@ # summary summary = Ops.add( Ops.add(summary, "<br>"), - _("LDAP TLS/SSL Configured") + _("LDAP TLS Configured") ) end + + if @ldaps + summary << "<br/>" << _("LDAPS Configured") + end + if @start && @sssd # summary summary = Ops.add( @@ -751,11 +775,23 @@ if uri == "" ret = ReadLdapConfEntry("host", "") else + detect_ldaps(uri) ret = uri2servers(uri) end ret end + def detect_ldaps uri + uri = URI.parse(uri) + @ldaps = uri.scheme == 'ldaps' + current_tls_reqcert = read_openldap_config('TLS_REQCERT') + @request_server_certificate = current_tls_reqcert || TLS_REQCERT_DEFAULT + end + + def detect_uri_scheme + @ldaps ? 'ldaps://' : 'ldap://' + end + # Reads LDAP settings from the SCR # @return success def Read @@ -1881,7 +1917,7 @@ end if Builtins.contains(ocs, "susegrouptemplate") - return ["top", "posixGroup", "groupOfNames"] + return ["top", "posixGroup", "groupOfNames"] # TODO sometimes there is groupofuniquenames... elsif Builtins.contains(ocs, "suseusertemplate") return ["top", "posixAccount", "shadowAccount", "InetOrgPerson"] @@ -2216,82 +2252,39 @@ # ldap client utilities (like ldapsearch) # @return modified? def WriteOpenLdapConf - write_openldap_conf = @openldap_modified - return false if !Package.Installed("openldap2-client") - - out = Convert.to_map( - SCR.Execute(path(".target.bash_output"), "/bin/rpm -V openldap2-client") - ) - - open_host = [] - open_uri = Convert.to_list( - SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".uri")) - ) - if open_uri == [] - open_uri = Convert.to_list( - SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".URI")) - ) - end - if open_uri == [] - open_host = Convert.to_list( - SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".host")) - ) + uris = @server.split.map {|u| detect_uri_scheme + u }.join(' ') + set_openldap('URI', uris) + set_openldap('HOST', nil) + set_openldap('BASE', @base_dn) + + if @ldaps || @ldap_tls + set_openldap('TLS_REQCERT', @request_server_certificate) + set_openldap('TLS_CACERTDIR', @tls_cacertdir.empty? ? nil : @tls_cacertdir) + set_openldap('TLS_CACERT', @tls_cacertfile.empty? ? nil : @tls_cacertfile) else - open_host = [uri2servers(Ops.get_string(open_uri, 0, ""))] - end - open_base = Convert.to_list( - SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".base")) - ) - - # if the config file was not modified by user yet - if !Builtins.issubstring( - Ops.get_string(out, "stdout", ""), - "/etc/openldap/ldap.conf" - ) - write_openldap_conf = true - # if there are same values as in /etc/ldap.conf - elsif @old_server == Ops.get_string(open_host, 0, "") && - @old_base_dn == Ops.get_string(open_base, 0, "") - write_openldap_conf = true + set_openldap('TLS_REQCERT', nil) + set_openldap('TLS_CACERTDIR', nil) + set_openldap('TLS_CACERT', nil) end - if write_openldap_conf - # update ldap.conf - SCR.Write( - path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".host"), - nil - ) - - uri = Builtins.mergestring( - Builtins.maplist(Builtins.splitstring(@server, " \t")) do |u| - Ops.add("ldap://", u) - end, - " " - ) - - SCR.Write( - path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".uri"), - [uri] - ) - - SCR.Write( - path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".base"), - [@base_dn] - ) + Builtins.y2milestone("file /etc/openldap/ldap.conf was modified") + end - SCR.Write( - path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".TLS_CACERTDIR"), - @tls_cacertdir == "" ? nil : [@tls_cacertdir] - ) - SCR.Write( - path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".TLS_CACERT"), - @tls_cacertfile == "" ? nil : [@tls_cacertfile] - ) + def set_openldap key, value + SCR.Write( + path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".#{key}"), + value.nil? ? nil : [value] + ) + end - Builtins.y2milestone("file /etc/openldap/ldap.conf was modified") + def read_openldap_config entry + result = SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".#{entry}")) + case result + when Array then result.first + when String then result + else result end - write_openldap_conf end # Write updated /etc/sssd/sssd.conf file @@ -2351,7 +2344,7 @@ uri = Builtins.mergestring( Builtins.maplist(Builtins.splitstring(@server, " \t")) do |s| - Builtins.sformat("ldap://%1", s) + detect_uri_scheme + s end, "," ) @@ -2643,7 +2636,7 @@ if !WriteLDAP({ @base_config_dn => config_object }) Builtins.y2error("%1 cannot be created", @base_config_dn) end - end + end #TODO fail? end @@ -2868,7 +2861,7 @@ WriteLdapConfEntry("host", nil) uri = Builtins.mergestring( Builtins.maplist(Builtins.splitstring(@server, " \t")) do |u| - Ops.add("ldap://", u) + detect_uri_scheme + u end, " " ) @@ -2886,6 +2879,8 @@ if @ldap_tls WriteLdapConfEntry("ssl", "start_tls") + elsif @ldaps + WriteLdapConfEntry("ssl", nil) else WriteLdapConfEntry("ssl", "no") end @@ -2934,7 +2929,7 @@ "tls_checkpeer", @tls_checkpeer == "yes" ? nil : @tls_checkpeer ) - WriteNscdCache(@start && @sssd) unless oes + WriteNscdCache(@start && @sssd) unless @oes end if @start # ldap used for authentication # ---------- correct pam_password value for Novell eDirectory @@ -3368,6 +3363,8 @@ publish :variable => :old_base_dn, :type => "string", :private => true publish :variable => :base_dn_changed, :type => "boolean", :private => true publish :variable => :ldap_tls, :type => "boolean" + publish :variable => :ldaps, :type => "boolean" + publish :variable => :request_server_certificate, :type => "string" publish :variable => :tls_cacertdir, :type => "string" publish :variable => :tls_cacertfile, :type => "string" publish :variable => :tls_checkpeer, :type => "string" @@ -3492,7 +3489,7 @@ publish :function => :CommitTemplates, :type => "boolean (map)" publish :function => :WriteToLDAP, :type => "map (map)" publish :function => :WriteLDAP, :type => "boolean (map)" - publish :function => :WriteOpenLdapConf, :type => "boolean ()" + publish :function => :WriteOpenLdapConf, :type => "void ()" publish :function => :WriteSSSDConfig, :type => "boolean ()" publish :function => :WritePlusLine, :type => "boolean (boolean)" publish :function => :CheckOrderOfCreation, :type => "boolean ()" @@ -3506,6 +3503,7 @@ publish :function => :SetAnonymous, :type => "void (boolean)" publish :function => :SetGUI, :type => "void (boolean)" publish :function => :RestartSSHD, :type => "void (boolean)" + publish :function => :use_secure_connection, :type => "boolean ()" end Ldap = LdapClass.new diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Export.out new/yast2-ldap-client-3.1.4/testsuite/tests/Export.out --- old/yast2-ldap-client-3.1.3/testsuite/tests/Export.out 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Export.out 2014-01-30 12:25:11.000000000 +0100 @@ -21,4 +21,4 @@ Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"] Return true Dump ============================================ -Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "sssd_with_krb":true, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] +Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldaps":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":false, "sssd_with_krb":true, "start_autofs":false, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Export2.out new/yast2-ldap-client-3.1.4/testsuite/tests/Export2.out --- old/yast2-ldap-client-3.1.3/testsuite/tests/Export2.out 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Export2.out 2014-01-30 12:25:11.000000000 +0100 @@ -28,4 +28,4 @@ Read .etc.sssd_conf.v."domain/default"."ldap_group_search_base" nil Read .etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil Return true -Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":true, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] +Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":true, "ldaps":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Export3.out new/yast2-ldap-client-3.1.4/testsuite/tests/Export3.out --- old/yast2-ldap-client-3.1.3/testsuite/tests/Export3.out 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Export3.out 2014-01-30 12:25:11.000000000 +0100 @@ -28,4 +28,4 @@ Read .etc.sssd_conf.v."domain/default"."ldap_group_search_base" "ou=group,dc=suse,dc=cz" Read .etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil Return true -Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz,kdc.suse.de", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] +Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz", "create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ", "krb5_server":"kdc.suse.cz,kdc.suse.de", "ldap_domain":"dc=suse,dc=cz", "ldap_server":"localhost", "ldap_tls":false, "ldaps":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":true, "nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read.out new/yast2-ldap-client-3.1.4/testsuite/tests/Read.out --- old/yast2-ldap-client-3.1.3/testsuite/tests/Read.out 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read.out 2014-01-30 12:25:11.000000000 +0100 @@ -1,5 +1,6 @@ Dump ==== reading... ============================ Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333" +Read .etc.ldap_conf.v."/etc/openldap/ldap.conf".TLS_REQCERT "demand" Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz" Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil Read .etc.ldap_conf.v."/etc/ldap.conf"."tls_cacertdir" "/etc/openldap/cacerts/" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read.rb new/yast2-ldap-client-3.1.4/testsuite/tests/Read.rb --- old/yast2-ldap-client-3.1.3/testsuite/tests/Read.rb 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read.rb 2014-01-30 12:25:11.000000000 +0100 @@ -34,6 +34,9 @@ "tls_cacertfile" => nil, "tls_checkpeer" => "no", "uri" => "ldap://localhost:333" + }, + "/etc/openldap/ldap.conf" => { + "TLS_REQCERT" => 'demand' } } }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.out new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.out --- old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.out 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.out 2014-01-30 12:25:11.000000000 +0100 @@ -1,4 +1,5 @@ Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333" +Read .etc.ldap_conf.v."/etc/openldap/ldap.conf".TLS_REQCERT nil Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz" Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil Read .etc.ldap_conf.v."/etc/ldap.conf"."tls_cacertdir" "/etc/openldap/cacerts/" @@ -31,6 +32,7 @@ Dump nss: -ou=group,dc=suse,dc=cz- Dump nss: -dc=suse,dc=cz- Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333" +Read .etc.ldap_conf.v."/etc/openldap/ldap.conf".TLS_REQCERT nil Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz" Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil Read .etc.ldap_conf.v."/etc/ldap.conf"."tls_cacertdir" "/etc/openldap/cacerts/" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.rb new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.rb --- old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.rb 2013-12-05 16:55:00.000000000 +0100 +++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.rb 2014-01-30 12:25:11.000000000 +0100 @@ -36,6 +36,9 @@ "tls_cacertfile" => nil, "tls_checkpeer" => "no", "uri" => "ldap://localhost:333" + }, + "/etc/openldap/ldap.conf" => { + "TLS_REQCERT" => nil } } }, -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org