diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py

--- authconfig-6.2.10/authinfo.py.cacertdir	2015-03-31 10:40:43.321241910 +0200

+++ authconfig-6.2.10/authinfo.py	2015-04-01 19:05:27.879900326 +0200

@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "

 PATH_WINBIND_NET = "/usr/bin/net"

 PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"

-PATH_LDAP_CACERTS = "/etc/openldap/cacerts"

+PATH_LDAP_CACERTS = "/etc/openldap/certs"

 LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem"

 PATH_CONFIG_BACKUPS = "/var/lib/authconfig"

@@ -155,6 +155,13 @@ def matchKey(line, key):

 	else:

 		return False

+def matchKeyI(line, key):

+	if line.lower().startswith(key.lower()):

+		# Skip intervening whitespace.

+		return line[len(key):].lstrip()

+	else:

+		return False

+

 def matchKeyEquals(line, key):

 	if line.startswith(key):

 		# Skip intervening whitespace.

@@ -926,9 +933,9 @@ def feedFork(command, echo, query, respo

 		try:

 			c = os.read(master, 1)

 		except OSError as err:

-			if err == errno.EINTR or err == errno.EAGAIN:

+			if err.errno == errno.EINTR or err.errno == errno.EAGAIN:

 				pass

-			elif err == errno.EIO:

+			elif err.errno == errno.EIO:

 				os.close(master)

 				eof = True

 			else:

@@ -1222,14 +1229,13 @@ class CacheBackup(FileBackup):

 		return rv

 # indexes for the configs

-(CFG_HESIOD, CFG_YP, CFG_LDAP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,

+(CFG_HESIOD, CFG_YP, CFG_NSSLDAP, CFG_PAMLDAP, CFG_NSLCD, CFG_OPENLDAP, CFG_KRB5,

 	CFG_KRB, CFG_PAM_PKCS11, CFG_SMB, CFG_NSSWITCH, CFG_CACHE,

 	CFG_PAM, CFG_POSTLOGIN_PAM, CFG_PASSWORD_PAM, CFG_FINGERPRINT_PAM, CFG_SMARTCARD_PAM, CFG_AUTHCONFIG, CFG_NETWORK, CFG_LIBUSER, CFG_PWQUALITY,

-	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 30))

+	CFG_LOGIN_DEFS, CFG_SSSD, CFG_SHADOW, CFG_PASSWD, CFG_GSHADOW, CFG_GROUP, CFG_DCONF, CFG_DCONF_LOCKS) = list(range(0, 29))

 all_configs = [

 	FileBackup("hesiod.conf", SYSCONFDIR+"/hesiod.conf"),

 	FileBackup("yp.conf", SYSCONFDIR+"/yp.conf"),

-	FileBackup("ldap.conf", SYSCONFDIR+"/ldap.conf"),

 	FileBackup("nss_ldap.conf", SYSCONFDIR+"/nss_ldap.conf"),

 	FileBackup("pam_ldap.conf", SYSCONFDIR+"/pam_ldap.conf"),

 	FileBackup("nslcd.conf", SYSCONFDIR+"/nslcd.conf"),

@@ -1627,7 +1633,6 @@ class AuthInfo:

 	# Read LDAP setup from /etc/ldap.conf.

 	def readLDAP(self, ref):

-		self.ldapCacertDir = PATH_LDAP_CACERTS

 		# Open the file.  Bail if it's not there or there's some problem

 		# reading it.

 		try:

@@ -1640,45 +1645,52 @@ class AuthInfo:

 					f = open(all_configs[CFG_PAMLDAP].origPath, "r")

 				except IOError:

 					try:

-						f = open(all_configs[CFG_LDAP].origPath, "r")

+						f = open(all_configs[CFG_OPENLDAP].origPath, "r")

 					except IOError:

+						self.ldapCacertDir = PATH_LDAP_CACERTS

 						return False

 		for line in f:

 			line = line.strip()

 			# Is it a "base" statement?

-			value = matchKey(line, "base")

+			value = matchKeyI(line, "base")

 			if value and checkDN(value):

 				# Save the base DN.

 				self.setParam("ldapBaseDN", value, ref)

 				continue

 			# Is it a "host" statement?

-			value = matchKey(line, "host")

+			value = matchKeyI(line, "host")

 			if value:

 				# Save the host name or IP.

 				self.setParam("ldapServer", value, ref)

 				continue

 			# Is it a "uri" statement?

-			value = matchKey(line, "uri")

+			value = matchKeyI(line, "uri")

 			if value:

 				# Save the host name or IP.

 				self.setParam("ldapServer", value, ref)

 				continue

 			# Is it a "ssl" statement?

-			value = matchKey(line, "ssl")

+			value = matchKeyI(line, "ssl")

 			if value:

 				self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref)

 				continue

 			# Is it a "nss_schema" statement?

-			value = matchKey(line, "nss_schema")

+			value = matchKeyI(line, "nss_schema")

 			if value:

 				self.setParam("ldapSchema", value, ref)

 				continue

+			value = matchKeyI(line, "tls_cacertdir")

+			if value:

+				self.setParam("ldapCacertDir", value, ref)

+				continue

 			# We'll pull MD5/DES crypt ("pam_password") from the config

 			# file, or from the pam_unix PAM config lines.

 		self.ldapServer = self.ldapHostsToURIs(cleanList(self.ldapServer), False)

+		if not self.ldapCacertDir:

+			self.ldapCacertDir = PATH_LDAP_CACERTS

 		f.close()

 		return True

@@ -2747,10 +2759,6 @@ class AuthInfo:

 		return True

 	def writeLDAP(self):

-		if os.path.isfile(all_configs[CFG_LDAP].origPath):

-			all_configs[CFG_LDAP].backup(self.backupDir)

-			self.writeLDAP2(all_configs[CFG_LDAP].origPath,

-					"uri", "host", "base", True, True, True)

 		if os.path.isfile(all_configs[CFG_NSSLDAP].origPath):

 			all_configs[CFG_NSSLDAP].backup(self.backupDir)

 			self.writeLDAP2(all_configs[CFG_NSSLDAP].origPath,

@@ -4443,11 +4451,11 @@ class AuthInfo:

 			self.uninstallIPA()

 	def testLDAPCACerts(self):

-		if self.enableLDAP or self.enableLDAPAuth:

+		if self.enableLDAP or self.enableLDAPAuth or self.ldapCacertURL:

 			try:

 				os.stat(self.ldapCacertDir)

 			except OSError as err:

-				if err == errno.ENOENT:

+				if err.errno == errno.ENOENT:

 					os.mkdir(self.ldapCacertDir, 0o755)

 			return isEmptyDir(self.ldapCacertDir)

@@ -4455,7 +4463,7 @@ class AuthInfo:

 	def rehashLDAPCACerts(self):

 		if ((self.enableLDAP or self.enableLDAPAuth) and

-			(self.enableLDAPS or 'ldaps:' in self.ldapServer)):

+			(self.enableLDAPS or 'ldaps:' in self.ldapServer)) or self.ldapCacertURL:

 			os.system("/usr/sbin/cacertdir_rehash " + self.ldapCacertDir)

 	def downloadLDAPCACert(self):