-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/25/2009 07:14 AM, Stephen Gallagher wrote:
On 09/25/2009 07:06 AM, Sumit Bose wrote:
> On Fri, Sep 25, 2009 at 06:33:57AM -0400, Stephen Gallagher wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 09/25/2009 06:16 AM, Sumit Bose wrote:
>>> Hi,
>>>
>>> this patch adds the config option ldap_tls_cacert and
>>> ldap_tls_cacertdir to specify the location of CA certificates. If they
>>> are not used in sssd.conf the system defaults as defined in
>>> /etc/openldap/ldap.conf will be used. I also extended the sssd-ldap
>>> man page.
>>>
>>> This patch should fix #201 and #202.
>>>
>>> bye,
>>> Sumit
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> sssd-devel mailing list
>>> sssd-devel(a)lists.fedorahosted.org
>>>
https://fedorahosted.org/mailman/listinfo/sssd-devel
>>
>> You may want to specify in the manpage that unencrypted channels are
>> supported if they're using LDAP only as an id_provider. I don't want to
>> give anyone the impression that they MUST use LDAP encryption even if
>> they're using kerberos for auth.
>>
>> The default for ldap_tls_cacert and ldap_tls_cacertdir should specify
>> that they use the OpenLDAP client defaults on the system if they are
>> available. "System defaults" is ambiguous (especially on a system that
>> uses only mozldap). Hopefully in a few more Fedora revisions we will
>> have a common certificate store, but until that happens we probably need
>> to be more explicit here.
>>
>> The only issue I have with the code is with the trailing comma in struct
>> sdap_gen_opts default_basic_opts[]
>>
>>
>> - --
>> Stephen Gallagher
>> RHCE 804006346421761
>>
> Hi,
> here is a new version with all three points addressed.
> bye,
> Sumit
> ------------------------------------------------------------------------
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>
https://fedorahosted.org/mailman/listinfo/sssd-devel
Ack
Pushed to master.
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
- --
Stephen Gallagher
RHCE 804006346421761
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkq8wWsACgkQeiVVYja6o6NmNQCffIDQ4LdlN8b1Z0XF/GylOk3Q
wOwAn3YqWZNGmIOk9iar6cP4g+jvHYB/
=sRDh
-----END PGP SIGNATURE-----