Hello community,
here is the log from the commit of package yast2-ldap-client for
openSUSE:Factory checked in at 2014-01-31 11:51:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-ldap-client (Old)
and /work/SRC/openSUSE:Factory/.yast2-ldap-client.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-ldap-client"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-ldap-client/yast2-ldap-client.changes
2013-12-08 19:50:27.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-ldap-client.new/yast2-ldap-client.changes
2014-01-31 11:51:19.000000000 +0100
@@ -1,0 +2,6 @@
+Tue Jan 21 09:54:15 UTC 2014 - vmora...@suse.com
+
+- Support LDAPS FATE#316086
+- 3.1.4
+
+-------------------------------------------------------------------
Old:
----
yast2-ldap-client-3.1.3.tar.bz2
New:
----
yast2-ldap-client-3.1.4.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-ldap-client.spec ++++++
--- /var/tmp/diff_new_pack.QRlDJ5/_old 2014-01-31 11:51:19.000000000 +0100
+++ /var/tmp/diff_new_pack.QRlDJ5/_new 2014-01-31 11:51:19.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package yast2-ldap-client
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: yast2-ldap-client
-Version: 3.1.3
+Version: 3.1.4
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -27,7 +27,7 @@
BuildRequires: perl-XML-Writer
BuildRequires: update-desktop-files
BuildRequires: yast2
-BuildRequires: yast2-devtools >= 3.0.6
+BuildRequires: yast2-devtools >= 3.1.10
BuildRequires: yast2-network
BuildRequires: yast2-pam
BuildRequires: yast2-testsuite
++++++ yast2-ldap-client-3.1.3.tar.bz2 -> yast2-ldap-client-3.1.4.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/VERSION
new/yast2-ldap-client-3.1.4/VERSION
--- old/yast2-ldap-client-3.1.3/VERSION 2013-12-05 16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/VERSION 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-3.1.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.changes
new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.changes
--- old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.changes
2013-12-05 16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.changes
2014-01-30 12:25:11.000000000 +0100
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Tue Jan 21 09:54:15 UTC 2014 - vmora...@suse.com
+
+- Support LDAPS FATE#316086
+- 3.1.4
+
+-------------------------------------------------------------------
Thu Dec 5 16:44:42 CET 2013 - jsuch...@suse.cz
- remove krb5 realm and kdc from sssd config when Kerberos support
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.spec
new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.spec
--- old/yast2-ldap-client-3.1.3/package/yast2-ldap-client.spec 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/package/yast2-ldap-client.spec 2014-01-30
12:25:11.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-ldap-client
-Version: 3.1.0
+Version: 3.1.4
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -26,7 +26,7 @@
Group: System/YaST
License: GPL-2.0
BuildRequires: doxygen perl-XML-Writer update-desktop-files yast2 yast2-pam
yast2-testsuite yast2-network
-BuildRequires: yast2-devtools >= 3.0.6
+BuildRequires: yast2-devtools >= 3.1.10
PreReq: %fillup_prereq
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-ldap-client-3.1.3/src/autoyast-rnc/ldap_client.rnc
new/yast2-ldap-client-3.1.4/src/autoyast-rnc/ldap_client.rnc
--- old/yast2-ldap-client-3.1.3/src/autoyast-rnc/ldap_client.rnc
2013-12-05 16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/src/autoyast-rnc/ldap_client.rnc
2014-01-30 12:25:11.000000000 +0100
@@ -9,6 +9,7 @@
ldap_domain? &
ldap_server? &
ldap_tls? &
+ ldaps? &
create_ldap? &
start_ldap? &
member_attribute? &
@@ -43,6 +44,7 @@
login_enabled = element login_enabled { BOOLEAN }
file_server = element file_server { BOOLEAN }
ldap_tls = element ldap_tls { BOOLEAN }
+ldaps = element ldaps { BOOLEAN }
start_ldap = element start_ldap { BOOLEAN }
create_ldap = element create_ldap { BOOLEAN }
sssd = element sssd { BOOLEAN }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/src/include/ldap/ui.rb
new/yast2-ldap-client-3.1.4/src/include/ldap/ui.rb
--- old/yast2-ldap-client-3.1.3/src/include/ldap/ui.rb 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/src/include/ldap/ui.rb 2014-01-30
12:25:11.000000000 +0100
@@ -210,86 +210,215 @@
true
end
+ def switch_ssl_config_widgets mode
+ switch =
+ case mode
+ when :on then true
+ when :off then false
+ end
+
+ [
+ :protocols,
+ :tls_cacertdir,
+ :br_tls_cacertdir,
+ :tls_cacertfile,
+ :br_tls_cacertfile,
+ :url,
+ :import_cert,
+ :request_server_certificate
+ ].each {|widget_id| UI.ChangeWidget(Id(widget_id), :Enabled, switch) }
+ end
+
# Popup for TLS/SSL related stuff
def SSLConfiguration
certTmpFile = Builtins.sformat("%1/__LDAPcert.crt", Directory.tmpdir)
tls_cacertdir = Ldap.tls_cacertdir
tls_cacertfile = Ldap.tls_cacertfile
- ldap_id_use_start_tls = Ldap.ldap_tls
+ use_tls = Ldap.ldap_tls
+ use_ldaps = Ldap.ldaps
+ request_server_certificate = Ldap.request_server_certificate
UI.OpenDialog(
Opt(:decorated),
HBox(
- HSpacing(1),
VBox(
- VSpacing(0.5),
+ VSpacing(0.6),
HSpacing(75),
- Left(
- CheckBox(
- Id(:ldap_id_use_start_tls),
- # checkbox label
- _("Use TLS for Identity Resolve"),
- ldap_id_use_start_tls
- )
- ),
- VSpacing(0.4),
- HBox(
- InputField(
- Id(:tls_cacertdir),
- Opt(:hstretch),
- # inputfield label
- _("Cer&tificate Directory"),
- tls_cacertdir
- ),
- VBox(
- Bottom(
- # button label
- PushButton(Id(:br_tls_cacertdir), _("B&rowse"))
+ Frame(
+ _("SSL/TLS Configuration"),
+ HBox(
+ VBox(
+ Left(
+ CheckBox(
+ Id(:secure_ldap),
+ Opt(:notify),
+ _("Use SSL/TLS"),
+ Ldap.use_secure_connection?
+ )
+ ),
+ HSpacing(1),
+ VBox(
+ VSpacing(0.5),
+ HSpacing(75),
+ Frame(
+ _("Protocols"),
+ HBox(
+ HSpacing(0.5),
+ VBox(
+ VSpacing(0.4),
+ RadioButtonGroup(
+ Id(:protocols),
+ Left(
+ HVSquash(
+ VBox(
+ Left(
+ RadioButton(
+ Id(:use_tls),
+ Opt(:notify),
+ _("StartTLS"),
+ use_tls
+ )
+ ),
+ Left(
+ RadioButton(
+ Id(:use_ldaps),
+ Opt(:notify),
+ _("LDAPS"),
+ use_ldaps
+ )
+ ),
+ )
+ )
+ )
+ ),
+ VSpacing(0.4)
+ )
+ )
+ ),
+ VSpacing(0.5),
+ Frame(
+ _("TLS Options"),
+ HBox(
+ HSpacing(0.5),
+ VBox(
+ VSpacing(0.4),
+ HBox(
+ Left(
+ CheckBox(
+ Id(:request_server_certificate),
+ Opt(:notify),
+ _("Request server certificate"),
+ request_server_certificate == 'demand'
+ )
+ )
+ )
+ )
+ )
+ ),
+ VSpacing(0.5),
+ Frame(
+ _("Certificates"),
+ HBox(
+ HSpacing(0.5),
+ VBox(
+ VSpacing(0.4),
+ HBox(
+ InputField(
+ Id(:tls_cacertdir),
+ Opt(:hstretch),
+ # inputfield label
+ _("Cer&tificate Directory"),
+ tls_cacertdir
+ ),
+ VBox(
+ Bottom(
+ # button label
+ PushButton(Id(:br_tls_cacertdir), _("B&rowse"))
+ )
+ )
+ ),
+ HBox(
+ InputField(
+ Id(:tls_cacertfile),
+ Opt(:hstretch),
+ # inputfield label
+ _("CA Cert&ificate File"),
+ tls_cacertfile
+ ),
+ VBox(
+ Bottom(
+ # button label
+ PushButton(Id(:br_tls_cacertfile),
_("Brows&e"))
+ )
+ )
+ ),
+ HBox(
+ InputField(
+ Id(:url),
+ Opt(:hstretch),
+ # inputfield label
+ _("CA Certificate URL for Download")
+ ),
+ VBox(
+ Bottom(
+ # push button label
+ PushButton(Id(:import_cert), _("Do&wnload CA
Certificate"))
+ )
+ )
+ )
+ )
+ )
+ )
+ )
)
)
),
- HBox(
- InputField(
- Id(:tls_cacertfile),
- Opt(:hstretch),
- # inputfield label
- _("CA Cert&ificate File"),
- tls_cacertfile
- ),
- VBox(
- Bottom(
- # button label
- PushButton(Id(:br_tls_cacertfile), _("Brows&e"))
- )
- )
- ),
- HBox(
- InputField(
- Id(:url),
- Opt(:hstretch),
- # inputfield label
- _("CA Certificate URL for Download")
- ),
- VBox(
- Bottom(
- # push button label
- PushButton(Id(:import_cert), _("Do&wnload CA Certificate"))
- )
- )
- ),
- ButtonBox(
- PushButton(Id(:ok), Label.OKButton),
- PushButton(Id(:cancel), Label.CancelButton)
- ),
- VSpacing(0.5)
+ ButtonBox(
+ PushButton(Id(:ok), Label.OKButton),
+ PushButton(Id(:cancel), Label.CancelButton)
),
- HSpacing(1)
+ VSpacing(0.4)
+ ),
+ HSpacing(1)
)
)
- ret = :again
+
+ switch_ssl_config_widgets(:off) unless Ldap.use_secure_connection?
+
+ result = :again
+
begin
- ret = Convert.to_symbol(UI.UserInput)
- if ret == :br_tls_cacertdir
+ result = Convert.to_symbol(UI.UserInput)
+
+ case result
+ when :secure_ldap
+ secure_ldap = UI.QueryWidget(Id(:secure_ldap), :Value)
+ case secure_ldap
+ when true
+ switch_ssl_config_widgets(:on)
+ when false
+ switch_ssl_config_widgets(:off)
+ use_ldaps = false
+ use_tls = false
+ end
+
+ when :use_tls
+ use_tls = true
+ use_ldaps = false
+ Ldap.modified = true
+ UI.ChangeWidget(Id(:request_server_certificate), :Value, true)
+
+ when :use_ldaps
+ use_ldaps = true
+ use_tls = false
+ Ldap.modified = true
+ UI.ChangeWidget(Id(:request_server_certificate), :Value, true)
+
+ when :request_server_certificate
+ widget_checked = UI.QueryWidget(Id(:request_server_certificate),
:Value)
+ request_server_certificate = widget_checked ? 'demand' : 'allow'
+
+ when :br_tls_cacertdir
dir = UI.AskForExistingDirectory(
tls_cacertdir,
# popup label
@@ -299,7 +428,8 @@
tls_cacertdir = dir
UI.ChangeWidget(Id(:tls_cacertdir), :Value, dir)
end
- elsif ret == :br_tls_cacertfile
+
+ when :br_tls_cacertfile
file = UI.AskForExistingFile(
tls_cacertfile,
"*.pem *.crt",
@@ -311,19 +441,8 @@
tls_cacertfile = file
UI.ChangeWidget(Id(:tls_cacertfile), :Value, file)
end
- else
- tls_cacertdir = Convert.to_string(
- UI.QueryWidget(Id(:tls_cacertdir), :Value)
- )
- tls_cacertfile = Convert.to_string(
- UI.QueryWidget(Id(:tls_cacertfile), :Value)
- )
- ldap_id_use_start_tls = UI.QueryWidget(
- Id(:ldap_id_use_start_tls),
- :Value
- ) == true
- end
- if ret == :import_cert
+
+ when :import_cert
dir = tls_cacertdir
dir = "/etc/openldap/cacerts/" if dir == ""
@@ -391,17 +510,20 @@
Ldap.modified = true
end
end
- end while ret != :ok && ret != :cancel
+
+ end while result != :ok && result != :cancel
UI.CloseDialog
- if ret == :ok
+ if result == :ok
Ldap.tls_cacertfile = tls_cacertfile
Ldap.tls_cacertdir = tls_cacertdir
- Ldap.ldap_tls = ldap_id_use_start_tls
+ Ldap.request_server_certificate = request_server_certificate
+ Ldap.ldap_tls = use_tls
+ Ldap.ldaps = use_ldaps
end
- ret == :ok
+ result == :ok
end
# The main dialog for ldap-client configuration
@@ -446,9 +568,24 @@
"to encrypt your communication with the LDAP server. You may
download a CA\n" +
"certificate file in PEM format from a given URL.</p>\n"
) +
+ _(
+ "<p>A TLS session may require special client configuration. One of
the config
+ options is TLS_REQCERT which specifies what checks to perform on
server certificates.
+ The value is the <b>level</b> that can be specified with keywords
<i>never</i>, <i>allow</i>,
+ <i>try</i> and <i>demand</i>. In the <b>SSL/TLS Configuration</b>
dialog there is
+ the option <b>Request server certificate</b> which will set the
TLS_REQCERT
+ configuration option to <i>demand</i> if it's enabled or to
<i>allow</i> if it's disabled.</p>\n"
+ ) +
+ _(
+ "<p>In addition to LDAP URLs and TLS/SSL encryption, LDAP supports
LDAPS URLs.
+ LDAPS URLs use SSL connections instead of plain connections. They
have a syntax
+ similar to LDAP URLs except the schemes are different and the
default port for LDAPS URLs
+ is 636 instead of 389.</p>\n"
+ ) +
# help text 8/9
_(
- "<p>To configure advanced LDAP settings, click\n<b>Advanced
Configuration</b>.</p>\n"
+ "<p>To configure advanced LDAP settings, click\n<b>Advanced
Configuration</b>.</p>\n" +
+ "<p>To configure security settings, click\n<b>SSL/TLS
Configuration</b>.</p>\n"
)
# help text 9/9 (additional)
autofs_help_text = _(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/src/modules/Ldap.rb
new/yast2-ldap-client-3.1.4/src/modules/Ldap.rb
--- old/yast2-ldap-client-3.1.3/src/modules/Ldap.rb 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/src/modules/Ldap.rb 2014-01-30
12:25:11.000000000 +0100
@@ -27,9 +27,12 @@
#
# $Id$
require "yast"
+require "uri"
module Yast
class LdapClass < Module
+ TLS_REQCERT_DEFAULT = 'demand'
+
def main
Yast.import "UI"
textdomain "ldap-client"
@@ -61,7 +64,6 @@
# DN of base configuration object
@base_config_dn = ""
-
Yast.include self, "ldap/routines.rb"
# Required packages for this module to operate
@@ -108,6 +110,9 @@
@base_dn_changed = false
@ldap_tls = true
+ @ldaps = false
+ # Openldap configuration option TLS_REQCERT
+ @request_server_certificate = TLS_REQCERT_DEFAULT
# CA certificates for server certificate verification
# At least one of these are required if tls_checkpeer is "yes"
@@ -321,6 +326,12 @@
}
end
+ def use_secure_connection?
+ @ldap_tls || @ldaps
+ end
+
+ alias_method :use_secure_connection, :use_secure_connection?
+
#----------------------------------------------------------------
# If the base DN has changed from a nonempty one, it may only be
@@ -408,6 +419,7 @@
@start = settings.fetch("start_ldap", false)
@ldap_tls = settings.fetch("ldap_tls", false)
+ @ldaps = settings.fetch("ldaps", false)
@login_enabled = settings.fetch("login_enabled", true)
@_start_autofs = settings.fetch("start_autofs", false)
@file_server = settings.fetch("file_server", false)
@@ -467,6 +479,7 @@
"ldap_server" => @server,
"ldap_domain" => @base_dn,
"ldap_tls" => @ldap_tls,
+ "ldaps" => @ldaps,
"bind_dn" => @bind_dn,
"file_server" => @file_server,
"base_config_dn" => @base_config_dn,
@@ -538,6 +551,12 @@
@ldap_tls ? _("Yes") : Summary.NotConfigured
)
+ summary = Summary.AddHeader(summary, _("LDAPS"))
+ summary = Summary.AddLine(
+ summary,
+ @ldaps ? _("Yes") : Summary.NotConfigured
+ )
+
# summary item
summary = Summary.AddHeader(
summary,
@@ -588,9 +607,14 @@
# summary
summary = Ops.add(
Ops.add(summary, "<br>"),
- _("LDAP TLS/SSL Configured")
+ _("LDAP TLS Configured")
)
end
+
+ if @ldaps
+ summary << "<br/>" << _("LDAPS Configured")
+ end
+
if @start && @sssd
# summary
summary = Ops.add(
@@ -751,11 +775,23 @@
if uri == ""
ret = ReadLdapConfEntry("host", "")
else
+ detect_ldaps(uri)
ret = uri2servers(uri)
end
ret
end
+ def detect_ldaps uri
+ uri = URI.parse(uri)
+ @ldaps = uri.scheme == 'ldaps'
+ current_tls_reqcert = read_openldap_config('TLS_REQCERT')
+ @request_server_certificate = current_tls_reqcert || TLS_REQCERT_DEFAULT
+ end
+
+ def detect_uri_scheme
+ @ldaps ? 'ldaps://' : 'ldap://'
+ end
+
# Reads LDAP settings from the SCR
# @return success
def Read
@@ -1881,7 +1917,7 @@
end
if Builtins.contains(ocs, "susegrouptemplate")
- return ["top", "posixGroup", "groupOfNames"]
+ return ["top", "posixGroup", "groupOfNames"]
# TODO sometimes there is groupofuniquenames...
elsif Builtins.contains(ocs, "suseusertemplate")
return ["top", "posixAccount", "shadowAccount", "InetOrgPerson"]
@@ -2216,82 +2252,39 @@
# ldap client utilities (like ldapsearch)
# @return modified?
def WriteOpenLdapConf
- write_openldap_conf = @openldap_modified
-
return false if !Package.Installed("openldap2-client")
-
- out = Convert.to_map(
- SCR.Execute(path(".target.bash_output"), "/bin/rpm -V
openldap2-client")
- )
-
- open_host = []
- open_uri = Convert.to_list(
- SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".uri"))
- )
- if open_uri == []
- open_uri = Convert.to_list(
- SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".URI"))
- )
- end
- if open_uri == []
- open_host = Convert.to_list(
- SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".host"))
- )
+ uris = @server.split.map {|u| detect_uri_scheme + u }.join(' ')
+ set_openldap('URI', uris)
+ set_openldap('HOST', nil)
+ set_openldap('BASE', @base_dn)
+
+ if @ldaps || @ldap_tls
+ set_openldap('TLS_REQCERT', @request_server_certificate)
+ set_openldap('TLS_CACERTDIR', @tls_cacertdir.empty? ? nil :
@tls_cacertdir)
+ set_openldap('TLS_CACERT', @tls_cacertfile.empty? ? nil :
@tls_cacertfile)
else
- open_host = [uri2servers(Ops.get_string(open_uri, 0, ""))]
- end
- open_base = Convert.to_list(
- SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".base"))
- )
-
- # if the config file was not modified by user yet
- if !Builtins.issubstring(
- Ops.get_string(out, "stdout", ""),
- "/etc/openldap/ldap.conf"
- )
- write_openldap_conf = true
- # if there are same values as in /etc/ldap.conf
- elsif @old_server == Ops.get_string(open_host, 0, "") &&
- @old_base_dn == Ops.get_string(open_base, 0, "")
- write_openldap_conf = true
+ set_openldap('TLS_REQCERT', nil)
+ set_openldap('TLS_CACERTDIR', nil)
+ set_openldap('TLS_CACERT', nil)
end
- if write_openldap_conf
- # update ldap.conf
- SCR.Write(
- path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".host"),
- nil
- )
-
- uri = Builtins.mergestring(
- Builtins.maplist(Builtins.splitstring(@server, " \t")) do |u|
- Ops.add("ldap://";, u)
- end,
- " "
- )
-
- SCR.Write(
- path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".uri"),
- [uri]
- )
-
- SCR.Write(
- path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".base"),
- [@base_dn]
- )
+ Builtins.y2milestone("file /etc/openldap/ldap.conf was modified")
+ end
- SCR.Write(
- path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".TLS_CACERTDIR"),
- @tls_cacertdir == "" ? nil : [@tls_cacertdir]
- )
- SCR.Write(
- path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".TLS_CACERT"),
- @tls_cacertfile == "" ? nil : [@tls_cacertfile]
- )
+ def set_openldap key, value
+ SCR.Write(
+ path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".#{key}"),
+ value.nil? ? nil : [value]
+ )
+ end
- Builtins.y2milestone("file /etc/openldap/ldap.conf was modified")
+ def read_openldap_config entry
+ result =
SCR.Read(path(".etc.ldap_conf.v.\"/etc/openldap/ldap.conf\".#{entry}"))
+ case result
+ when Array then result.first
+ when String then result
+ else result
end
- write_openldap_conf
end
# Write updated /etc/sssd/sssd.conf file
@@ -2351,7 +2344,7 @@
uri = Builtins.mergestring(
Builtins.maplist(Builtins.splitstring(@server, " \t")) do |s|
- Builtins.sformat("ldap://%1";, s)
+ detect_uri_scheme + s
end,
","
)
@@ -2643,7 +2636,7 @@
if !WriteLDAP({ @base_config_dn => config_object })
Builtins.y2error("%1 cannot be created", @base_config_dn)
end
- end
+ end
#TODO fail?
end
@@ -2868,7 +2861,7 @@
WriteLdapConfEntry("host", nil)
uri = Builtins.mergestring(
Builtins.maplist(Builtins.splitstring(@server, " \t")) do |u|
- Ops.add("ldap://";, u)
+ detect_uri_scheme + u
end,
" "
)
@@ -2886,6 +2879,8 @@
if @ldap_tls
WriteLdapConfEntry("ssl", "start_tls")
+ elsif @ldaps
+ WriteLdapConfEntry("ssl", nil)
else
WriteLdapConfEntry("ssl", "no")
end
@@ -2934,7 +2929,7 @@
"tls_checkpeer",
@tls_checkpeer == "yes" ? nil : @tls_checkpeer
)
- WriteNscdCache(@start && @sssd) unless oes
+ WriteNscdCache(@start && @sssd) unless @oes
end
if @start # ldap used for authentication
# ---------- correct pam_password value for Novell eDirectory
@@ -3368,6 +3363,8 @@
publish :variable => :old_base_dn, :type => "string", :private => true
publish :variable => :base_dn_changed, :type => "boolean", :private => true
publish :variable => :ldap_tls, :type => "boolean"
+ publish :variable => :ldaps, :type => "boolean"
+ publish :variable => :request_server_certificate, :type => "string"
publish :variable => :tls_cacertdir, :type => "string"
publish :variable => :tls_cacertfile, :type => "string"
publish :variable => :tls_checkpeer, :type => "string"
@@ -3492,7 +3489,7 @@
publish :function => :CommitTemplates, :type => "boolean (map)"
publish :function => :WriteToLDAP, :type => "map (map)"
publish :function => :WriteLDAP, :type => "boolean (map)"
- publish :function => :WriteOpenLdapConf, :type => "boolean ()"
+ publish :function => :WriteOpenLdapConf, :type => "void ()"
publish :function => :WriteSSSDConfig, :type => "boolean ()"
publish :function => :WritePlusLine, :type => "boolean (boolean)"
publish :function => :CheckOrderOfCreation, :type => "boolean ()"
@@ -3506,6 +3503,7 @@
publish :function => :SetAnonymous, :type => "void (boolean)"
publish :function => :SetGUI, :type => "void (boolean)"
publish :function => :RestartSSHD, :type => "void (boolean)"
+ publish :function => :use_secure_connection, :type => "boolean ()"
end
Ldap = LdapClass.new
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Export.out
new/yast2-ldap-client-3.1.4/testsuite/tests/Export.out
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Export.out 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Export.out 2014-01-30
12:25:11.000000000 +0100
@@ -21,4 +21,4 @@
Read .etc.krb5_conf.v."SUSE.CZ"."kdc" ["kdc.suse.cz"]
Return true
Dump ============================================
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ",
"krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":false, "login_enabled":true,
"member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt",
"sssd":false, "sssd_with_krb":true, "start_autofs":false, "start_ldap":true,
"tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ",
"krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":false, "ldaps":false,
"login_enabled":true, "member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt",
"sssd":false, "sssd_with_krb":true, "start_autofs":false, "start_ldap":true,
"tls_cacertdir":"/etc/openldap/cacerts/"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Export2.out
new/yast2-ldap-client-3.1.4/testsuite/tests/Export2.out
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Export2.out 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Export2.out 2014-01-30
12:25:11.000000000 +0100
@@ -28,4 +28,4 @@
Read .etc.sssd_conf.v."domain/default"."ldap_group_search_base" nil
Read .etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
Return true
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ",
"krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":true, "login_enabled":true,
"member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz",
"nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt",
"sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true,
"sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true,
"start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ",
"krb5_server":"kdc.suse.cz", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":true, "ldaps":false,
"login_enabled":true, "member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz",
"nss_base_passwd":"ou=users,dc=suse,dc=cz", "pam_password":"crypt",
"sssd":true, "sssd_cache_credentials":true, "sssd_enumerate":true,
"sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true,
"start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Export3.out
new/yast2-ldap-client-3.1.4/testsuite/tests/Export3.out
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Export3.out 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Export3.out 2014-01-30
12:25:11.000000000 +0100
@@ -28,4 +28,4 @@
Read .etc.sssd_conf.v."domain/default"."ldap_group_search_base"
"ou=group,dc=suse,dc=cz"
Read .etc.sssd_conf.v."domain/default"."ldap_autofs_search_base" nil
Return true
-Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ",
"krb5_server":"kdc.suse.cz,kdc.suse.de", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":false, "login_enabled":true,
"member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true,
"sssd_cache_credentials":true, "sssd_enumerate":true,
"sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true,
"start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
+Return $["base_config_dn":"", "bind_dn":"uid=manager,dc=suse,dc=cz",
"create_ldap":false, "file_server":false, "krb5_realm":"SUSE.CZ",
"krb5_server":"kdc.suse.cz,kdc.suse.de", "ldap_domain":"dc=suse,dc=cz",
"ldap_server":"localhost", "ldap_tls":false, "ldaps":false,
"login_enabled":true, "member_attribute":"member", "mkhomedir":true,
"nss_base_group":"ou=group,dc=suse,dc=cz", "pam_password":"crypt", "sssd":true,
"sssd_cache_credentials":true, "sssd_enumerate":true,
"sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true,
"start_ldap":true, "tls_cacertdir":"/etc/openldap/cacerts/"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read.out
new/yast2-ldap-client-3.1.4/testsuite/tests/Read.out
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Read.out 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read.out 2014-01-30
12:25:11.000000000 +0100
@@ -1,5 +1,6 @@
Dump ==== reading... ============================
Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333";
+Read .etc.ldap_conf.v."/etc/openldap/ldap.conf".TLS_REQCERT "demand"
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."tls_cacertdir"
"/etc/openldap/cacerts/"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read.rb
new/yast2-ldap-client-3.1.4/testsuite/tests/Read.rb
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Read.rb 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read.rb 2014-01-30
12:25:11.000000000 +0100
@@ -34,6 +34,9 @@
"tls_cacertfile" => nil,
"tls_checkpeer" => "no",
"uri" => "ldap://localhost:333";
+ },
+ "/etc/openldap/ldap.conf" => {
+ "TLS_REQCERT" => 'demand'
}
}
},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.out
new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.out
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.out 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.out 2014-01-30
12:25:11.000000000 +0100
@@ -1,4 +1,5 @@
Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333";
+Read .etc.ldap_conf.v."/etc/openldap/ldap.conf".TLS_REQCERT nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."tls_cacertdir"
"/etc/openldap/cacerts/"
@@ -31,6 +32,7 @@
Dump nss: -ou=group,dc=suse,dc=cz-
Dump nss: -dc=suse,dc=cz-
Read .etc.ldap_conf.v."/etc/ldap.conf"."uri" "ldap://localhost:333";
+Read .etc.ldap_conf.v."/etc/openldap/ldap.conf".TLS_REQCERT nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."base" "dc=suse,dc=cz"
Read .etc.ldap_conf.v."/etc/ldap.conf"."ssl" nil
Read .etc.ldap_conf.v."/etc/ldap.conf"."tls_cacertdir"
"/etc/openldap/cacerts/"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.rb
new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.rb
--- old/yast2-ldap-client-3.1.3/testsuite/tests/Read2.rb 2013-12-05
16:55:00.000000000 +0100
+++ new/yast2-ldap-client-3.1.4/testsuite/tests/Read2.rb 2014-01-30
12:25:11.000000000 +0100
@@ -36,6 +36,9 @@
"tls_cacertfile" => nil,
"tls_checkpeer" => "no",
"uri" => "ldap://localhost:333";
+ },
+ "/etc/openldap/ldap.conf" => {
+ "TLS_REQCERT" => nil
}
}
},
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
