fusiondirectory-setup doesn't handle correctly start_tls support
While playing with things like olcSecurity=1 and start_tls, found out that fusiondirectory-setup was not working. I found 2 issues:
- it looks for tls_* in upper case, while the ldap.conf file tends to use lower case instead
- it handles only tls_cacertdir but it's known to not work with gnutls
A possible fix is:
--- /usr/sbin/fusiondirectory-setup 2015-06-02 15:30:45.000000000 +0200 +++ /tmp/fusiondirectory-setup 2015-06-03 17:30:47.043191524 +0200 @@ -767,14 +767,15 @@ sub get_ldap_connexion { 'REQCERT' => 'require', 'CERT' => '', 'KEY' => '', - 'CACERTDIR' => '' + 'CACERTDIR' => '', + 'CACERT' => '', ); # Scan LDAP config while () { /^\s*(#|$)/ && next; chomp; - if (m/^TLS_(REQCERT|CERT|KEY|CACERTDIR)\s+(.*)\s*$/) { - $tls_options{$1} = $2; + if (m/^TLS_(REQCERT|CERT|KEY|CACERTDIR|CACERT)\s+(.*)\s*$/i) { + $tls_options{uc $1} = $2; } } close(LDAPCONF); @@ -783,7 +784,8 @@ sub get_ldap_connexion { verify => $tls_options{'REQCERT'}, clientcert => $tls_options{'CERT'}, clientkey => $tls_options{'KEY'}, - capath => $tls_options{'CACERTDIR'} + capath => $tls_options{'CACERTDIR'}, + cafile => $tls_options{'CACERT'} ); }
(from redmine: issue id 3837, created on 2015-06-03, closed on 2015-06-05)
- Custom Fields:
- Bug in version: 1.0.8.6
- Uploads: