diff -up authconfig-6.2.10/authinfo.py.cacertdir authconfig-6.2.10/authinfo.py
--- authconfig-6.2.10/authinfo.py.cacertdir 2015-03-31 10:40:43.321241910 +0200
+++ authconfig-6.2.10/authinfo.py 2015-03-31 10:52:44.420811832 +0200
@@ -116,7 +116,7 @@ PATH_LIBSSS_AUTOFS = "/usr" + LIBDIR + "
PATH_WINBIND_NET = "/usr/bin/net"
PATH_IPA_CLIENT_INSTALL = "/usr/sbin/ipa-client-install"
-PATH_LDAP_CACERTS = "/etc/openldap/cacerts"
+PATH_LDAP_CACERTS = "/etc/openldap/certs"
LDAP_CACERT_DOWNLOADED = "authconfig_downloaded.pem"
PATH_CONFIG_BACKUPS = "/var/lib/authconfig"
@@ -155,6 +155,13 @@ def matchKey(line, key):
else:
return False
+def matchKeyI(line, key):
+ if line.lower().startswith(key.lower()):
+ # Skip intervening whitespace.
+ return line[len(key):].lstrip()
+ else:
+ return False
+
def matchKeyEquals(line, key):
if line.startswith(key):
# Skip intervening whitespace.
@@ -1627,7 +1634,6 @@ class AuthInfo:
# Read LDAP setup from /etc/ldap.conf.
def readLDAP(self, ref):
- self.ldapCacertDir = PATH_LDAP_CACERTS
# Open the file. Bail if it's not there or there's some problem
# reading it.
try:
@@ -1642,43 +1648,50 @@ class AuthInfo:
try:
f = open(all_configs[CFG_LDAP].origPath, "r")
except IOError:
+ self.ldapCacertDir = PATH_LDAP_CACERTS
return False
for line in f:
line = line.strip()
# Is it a "base" statement?
- value = matchKey(line, "base")
+ value = matchKeyI(line, "base")
if value and checkDN(value):
# Save the base DN.
self.setParam("ldapBaseDN", value, ref)
continue
# Is it a "host" statement?
- value = matchKey(line, "host")
+ value = matchKeyI(line, "host")
if value:
# Save the host name or IP.
self.setParam("ldapServer", value, ref)
continue
# Is it a "uri" statement?
- value = matchKey(line, "uri")
+ value = matchKeyI(line, "uri")
if value:
# Save the host name or IP.
self.setParam("ldapServer", value, ref)
continue
# Is it a "ssl" statement?
- value = matchKey(line, "ssl")
+ value = matchKeyI(line, "ssl")
if value:
self.setParam("enableLDAPS", matchLine(value, "start_tls"), ref)
continue
# Is it a "nss_schema" statement?
- value = matchKey(line, "nss_schema")
+ value = matchKeyI(line, "nss_schema")
if value:
self.setParam("ldapSchema", value, ref)
continue
+ value = matchKeyI(line, "tls_cacertdir")
+ if value:
+ self.setParam("ldapCacertDir", value, ref)
+ continue
# We'll pull MD5/DES crypt ("pam_password") from the config
# file, or from the pam_unix PAM config lines.
self.ldapServer = self.ldapHostsToURIs(cleanList(self.ldapServer), False)
+ if not self.ldapCacertDir:
+ self.ldapCacertDir = PATH_LDAP_CACERTS
f.close()
return True
@@ -4443,7 +4456,7 @@ class AuthInfo:
self.uninstallIPA()
def testLDAPCACerts(self):
- if self.enableLDAP or self.enableLDAPAuth:
+ if self.enableLDAP or self.enableLDAPAuth or self.ldapCacertURL:
try:
os.stat(self.ldapCacertDir)
except OSError as err:
@@ -4455,7 +4468,7 @@ class AuthInfo:
def rehashLDAPCACerts(self):
if ((self.enableLDAP or self.enableLDAPAuth) and
- (self.enableLDAPS or 'ldaps:' in self.ldapServer)):
+ (self.enableLDAPS or 'ldaps:' in self.ldapServer)) or self.ldapCacertURL:
os.system("/usr/sbin/cacertdir_rehash " + self.ldapCacertDir)
def downloadLDAPCACert(self):