-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/25/2009 07:14 AM, Stephen Gallagher wrote: > On 09/25/2009 07:06 AM, Sumit Bose wrote: >> On Fri, Sep 25, 2009 at 06:33:57AM -0400, Stephen Gallagher wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 09/25/2009 06:16 AM, Sumit Bose wrote: >>>> Hi, >>>> >>>> this patch adds the config option ldap_tls_cacert and >>>> ldap_tls_cacertdir to specify the location of CA certificates. If they >>>> are not used in sssd.conf the system defaults as defined in >>>> /etc/openldap/ldap.conf will be used. I also extended the sssd-ldap >>>> man page. >>>> >>>> This patch should fix #201 and #202. >>>> >>>> bye, >>>> Sumit >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> sssd-devel mailing list >>>> sssd-devel@lists.fedorahosted.org >>>> https://fedorahosted.org/mailman/listinfo/sssd-devel >>> >>> You may want to specify in the manpage that unencrypted channels are >>> supported if they're using LDAP only as an id_provider. I don't want to >>> give anyone the impression that they MUST use LDAP encryption even if >>> they're using kerberos for auth. >>> >>> The default for ldap_tls_cacert and ldap_tls_cacertdir should specify >>> that they use the OpenLDAP client defaults on the system if they are >>> available. "System defaults" is ambiguous (especially on a system that >>> uses only mozldap). Hopefully in a few more Fedora revisions we will >>> have a common certificate store, but until that happens we probably need >>> to be more explicit here. >>> >>> The only issue I have with the code is with the trailing comma in struct >>> sdap_gen_opts default_basic_opts[] >>> >>> >>> - -- >>> Stephen Gallagher >>> RHCE 804006346421761 >>> > >> Hi, > >> here is a new version with all three points addressed. > >> bye, >> Sumit > > >> ------------------------------------------------------------------------ > >> _______________________________________________ >> sssd-devel mailing list >> sssd-devel@lists.fedorahosted.org >> https://fedorahosted.org/mailman/listinfo/sssd-devel > > Ack >
Pushed to master. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel - -- Stephen Gallagher RHCE 804006346421761 Looking to carve out IT costs? www.redhat.com/carveoutcosts/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkq8wWsACgkQeiVVYja6o6NmNQCffIDQ4LdlN8b1Z0XF/GylOk3Q wOwAn3YqWZNGmIOk9iar6cP4g+jvHYB/ =sRDh -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
