diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2016-02-25 15:25:12 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2016-03-01 13:05:20 +0100 |
| commit | 02d3ea106214c7e170cb9bf051e4085ade440134 (patch) | |
| tree | ef2ac1ec2c20e2a36b0c9a880911150961b12f5a | |
| parent | 271086ebdd10b2229534220d830d1cbd5af6a352 (diff) | |
| download | freeipa-02d3ea106214c7e170cb9bf051e4085ade440134.tar.gz freeipa-02d3ea106214c7e170cb9bf051e4085ade440134.tar.xz freeipa-02d3ea106214c7e170cb9bf051e4085ade440134.zip | |
advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins
authconfig in config_redhat_nss_ldap and config_redhat_nss_pam_ldapd got
new option --enableldaptls
It should have effect primarily on el5 systems.
https://fedorahosted.org/freeipa/ticket/5654
Reviewed-By: Tomas Babej <tbabej@redhat.com>
| -rw-r--r-- | ipaserver/advise/plugins/legacy_clients.py | 4 | ||||
| -rw-r--r-- | ipatests/test_integration/test_advise.py | 7 |
2 files changed, 6 insertions, 5 deletions
diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py index b6e1fc5a1..9e381f12a 100644 --- a/ipaserver/advise/plugins/legacy_clients.py +++ b/ipaserver/advise/plugins/legacy_clients.py @@ -195,7 +195,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client): self.log.comment('Use the authconfig to configure nsswitch.conf ' 'and the PAM stack') - self.log.command('authconfig --updateall --enableldap ' + self.log.command('authconfig --updateall --enableldap --enableldaptls ' '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n' % (uri, base)) @@ -363,7 +363,7 @@ class config_redhat_nss_ldap(config_base_legacy_client): self.log.comment('Use the authconfig to configure nsswitch.conf ' 'and the PAM stack') - self.log.command('authconfig --updateall --enableldap ' + self.log.command('authconfig --updateall --enableldap --enableldaptls ' '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n' % (uri, base)) diff --git a/ipatests/test_integration/test_advise.py b/ipatests/test_integration/test_advise.py index 613096f1c..82d6d84cf 100644 --- a/ipatests/test_integration/test_advise.py +++ b/ipatests/test_integration/test_advise.py @@ -104,7 +104,8 @@ class TestAdvice(IntegrationTest): advice_regex = "\#\!\/bin\/sh.*" \ "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+nss_ldap" \ "[\s]+authconfig.*authconfig[\s]+\-\-updateall" \ - "[\s]+\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \ + "[\s]+\-\-enableldap[\s]+\-\-enableldaptls"\ + "[\s]+\-\-enableldapauth[\s]+" \ "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*" raiseerr = True @@ -116,8 +117,8 @@ class TestAdvice(IntegrationTest): advice_regex = "\#\!\/bin\/sh.*" \ "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+" \ "nss\-pam\-ldapd[\s]+pam_ldap[\s]+authconfig.*" \ - "authconfig[\s]+\-\-updateall[\s]+" \ - "\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \ + "authconfig[\s]+\-\-updateall[\s]+\-\-enableldap"\ + "[\s]+\-\-enableldaptls[\s]+\-\-enableldapauth[\s]+" \ "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*" raiseerr = True |