advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins

authconfig in config_redhat_nss_ldap and config_redhat_nss_pam_ldapd got new option --enableldaptls It should have effect primarily on el5 systems. https://fedorahosted.org/freeipa/ticket/5654 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-02-25 15:25:12 +01:00
parent 271086ebdd
commit 02d3ea1062
2 changed files with 6 additions and 5 deletions
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -195,7 +195,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):

        self.log.comment('Use the authconfig to configure nsswitch.conf '
                         'and the PAM stack')
-        self.log.command('authconfig --updateall --enableldap '
+        self.log.command('authconfig --updateall --enableldap --enableldaptls '
                         '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
                         % (uri, base))

@@ -363,7 +363,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):

        self.log.comment('Use the authconfig to configure nsswitch.conf '
                         'and the PAM stack')
-        self.log.command('authconfig --updateall --enableldap '
+        self.log.command('authconfig --updateall --enableldap --enableldaptls '
                         '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
                         % (uri, base))

--- a/ipatests/test_integration/test_advise.py
+++ b/ipatests/test_integration/test_advise.py
@@ -104,7 +104,8 @@ class TestAdvice(IntegrationTest):
        advice_regex = "\#\!\/bin\/sh.*" \
                       "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+nss_ldap" \
                       "[\s]+authconfig.*authconfig[\s]+\-\-updateall" \
-                       "[\s]+\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
+                       "[\s]+\-\-enableldap[\s]+\-\-enableldaptls"\
+                       "[\s]+\-\-enableldapauth[\s]+" \
                       "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
        raiseerr = True

@@ -116,8 +117,8 @@ class TestAdvice(IntegrationTest):
        advice_regex = "\#\!\/bin\/sh.*" \
                       "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+" \
                       "nss\-pam\-ldapd[\s]+pam_ldap[\s]+authconfig.*" \
-                       "authconfig[\s]+\-\-updateall[\s]+" \
-                       "\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
+                       "authconfig[\s]+\-\-updateall[\s]+\-\-enableldap"\
+                       "[\s]+\-\-enableldaptls[\s]+\-\-enableldapauth[\s]+" \
                       "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
        raiseerr = True