Argonaut doesn't do TLS (with beginnings of patch)
Argonaut doesn't try to initiate a TLS connection (though perhaps it works using depricated ldaps:// URL). Not sure how to decide if Argonaut uses TLS, but I don't think it's harmful for Argonaut to always try TLS and fail (and maybe give a debug message). I got TLS-enabled Argonaut to work by hard-configuring in argonaut_ldap_init:
my $ldap = Net::LDAP->new( $ldapuris ); my $mesg2 = $ldap->start_tls( verify => 'require', clientcert => '/etc/argonaut/pki/argonaut.pem', clientkey => '/etc/argonaut/pki/argonaut.key', capath => '/etc/ssl/certs' );
The required variables should be from ldap config file specified in argonaut.conf: TLS_REQCERT require (the default should probably be "none") TLS_CERT /etc/argonaut/pki/argonaut.pem (the default maybe should be /etc/ssl/certs/ssl-cert-snakeoil.pem) TLS_KEY /etc/argonaut/pki/argonaut.key (the default maybe should be /etc/ssl/certs/private/ssl-cert-snakeoil.key TLS_CACERTDIR /etc/ssl/certs (the default should be /etc/ssl/certs)
(from redmine: issue id 2972, created on 2014-02-06, closed on 2014-06-17)
- Changesets:
- Revision c2701443 by Côme Chilliet on 2014-02-06T08:37:23.000Z:
Fixes: #2972 supporting TLS options from ldap.conf
- Revision 4ca56f42 by Côme Chilliet on 2014-05-12T14:21:00.000Z:
Fixes: #2972 Using tls only if argonaut.conf contains tls = off