[Bug 663012] New: yast2 ldap-client write ldaps:// uri to sssd.conf
https://bugzilla.novell.com/show_bug.cgi?id=663012 https://bugzilla.novell.com/show_bug.cgi?id=663012#c0 Summary: yast2 ldap-client write ldaps:// uri to sssd.conf Classification: openSUSE Product: openSUSE 11.4 Version: Milestone 5 of 6 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: jsuchome@novell.com ReportedBy: rhafer@novell.com QAContact: jsrain@novell.com Found By: Development Blocker: --- After configuring sssd with yast2-ldap-client I see "ldap_uri = ldaps://<my-ldap-server>" in sssd.conf. Please use "ldap://" instead of "ldaps://" as we already set "ldap_id_use_start_tls = True" using ldaps:// uri and starttls at the same time is wrong. BTW, please also switch to "uri" instead of "host" in /etc/ldap.conf and /etc/openldap/ldap.conf, that way we have it consitent across all the files. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663012
https://bugzilla.novell.com/show_bug.cgi?id=663012#c1
Jiří Suchomel
After configuring sssd with yast2-ldap-client I see "ldap_uri = ldaps://<my-ldap-server>" in sssd.conf. Please use "ldap://" instead of "ldaps://" as we already set "ldap_id_use_start_tls = True" using ldaps:// uri and starttls at the same time is wrong.
OK.
BTW, please also switch to "uri" instead of "host" in /etc/ldap.conf and /etc/openldap/ldap.conf, that way we have it consitent across all the files.
So, if 'host' is present, should I remove it? And again, 'uri' should use only ldap:// and no ldaps? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
BTW, please also switch to "uri" instead of "host" in /etc/ldap.conf and /etc/openldap/ldap.conf, that way we have it consitent across all the files.
So, if 'host' is present, should I remove it? Yes, it is either "host" or "uri" not both at the same time (for the ldap.conf files). OTOH, doesn't yast2-ldap/yast2-ldap-client able to make use of the "uri" setting or does it only evaluate the "host" lines, e.g. when determing
https://bugzilla.novell.com/show_bug.cgi?id=663012
https://bugzilla.novell.com/show_bug.cgi?id=663012#c2
Ralf Haferkamp
And again, 'uri' should use only ldap:// and no ldaps? Yes. Or we would need to add another option to the UI for the user to select to either use "ldap:// + StartTLS" or "ldaps://". I'd rather not add that.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=663012
https://bugzilla.novell.com/show_bug.cgi?id=663012#c3
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=663012
https://bugzilla.novell.com/show_bug.cgi?id=663012#c4
Ralf Haferkamp
participants (1)
-
bugzilla_noreply@novell.com