-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/25/2009 07:06 AM, Sumit Bose wrote: > On Fri, Sep 25, 2009 at 06:33:57AM -0400, Stephen Gallagher wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 09/25/2009 06:16 AM, Sumit Bose wrote: >>> Hi, >>> >>> this patch adds the config option ldap_tls_cacert and >>> ldap_tls_cacertdir to specify the location of CA certificates. If they >>> are not used in sssd.conf the system defaults as defined in >>> /etc/openldap/ldap.conf will be used. I also extended the sssd-ldap >>> man page. >>> >>> This patch should fix #201 and #202. >>> >>> bye, >>> Sumit >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> sssd-devel mailing list >>> sssd-devel@lists.fedorahosted.org >>> https://fedorahosted.org/mailman/listinfo/sssd-devel >> >> You may want to specify in the manpage that unencrypted channels are >> supported if they're using LDAP only as an id_provider. I don't want to >> give anyone the impression that they MUST use LDAP encryption even if >> they're using kerberos for auth. >> >> The default for ldap_tls_cacert and ldap_tls_cacertdir should specify >> that they use the OpenLDAP client defaults on the system if they are >> available. "System defaults" is ambiguous (especially on a system that >> uses only mozldap). Hopefully in a few more Fedora revisions we will >> have a common certificate store, but until that happens we probably need >> to be more explicit here. >> >> The only issue I have with the code is with the trailing comma in struct >> sdap_gen_opts default_basic_opts[] >> >> >> - -- >> Stephen Gallagher >> RHCE 804006346421761 >> > > Hi, > > here is a new version with all three points addressed. > > bye, > Sumit > > > ------------------------------------------------------------------------ > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel
Ack - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkq8pgQACgkQeiVVYja6o6NxAACfdg+hxHHb7FwXebgjUfVtKVQ4 YasAoKIrCcv1AdoMFCKv6M2Omhu6k0Xq =JpvS -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
