From a1af9beb915e96da634b7d17762bf42146104d45 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 25 Jan 2011 10:47:25 -0500 Subject: Add option to disable TLS for LDAP auth Option is named to discourage use in production environments and is intentionally not listed in the SSSDConfig API. --- src/providers/ipa/ipa_common.c | 6 +++++- src/providers/ipa/ipa_common.h | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/providers/ipa') diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index b3467c606..401c19305 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -86,7 +86,11 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_access_order", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER } + { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, + /* Do not include ldap_auth_disable_tls_never_use_in_production in the + * manpages or SSSDConfig API + */ + { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } }; struct sdap_attr_map ipa_attr_map[] = { diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 39fe31dc5..ed67a2c7b 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 47 +#define IPA_OPTS_BASIC_TEST 48 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly -- cgit