Bug 577219

Summary: Authconfig should disallow setting both ldaps and TLS
Product: [Fedora] Fedora Reporter: Stephen Gallagher <sgallagh>
Component: authconfigAssignee: Tomas Mraz <tmraz>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: tmraz
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-24 01:00:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephen Gallagher 2010-03-26 13:41:53 UTC 
Description of problem:
Right now, it is possible to save a configuration with
LDAP Server: ldaps://ldap.example.com
and 
'Use TLS to encrypt connections' checked. This is an invalid configuration. It is only possible to set one form of encryption or the other at a time.

Version-Release number of selected component (if applicable):
authconfig-6.1.1-1.fc13.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. Start authconfig
2. Choose LDAP for User Account Database and Authentication Method
3. Enter 'ldaps://ldap.example.com' for the LDAP server
4. Check 'Use TLS to encrypt connections'
  
Actual results:
The 'apply' button is selectable, and authconfig will save an sssd.conf file with the options:
ldap_uri = ldaps://ldap.example.com
ldap_id_use_start_tls = True

This will result in an unusable configuration (the LDAP server will reject the connection)

Expected results:
The 'apply' button should be grayed-out, and warning text similar to that which warns that one or the other of ldaps or TLS must be used should inform the user that it is invalid to use both.

Additional info:
Comment 1 Tomas Mraz 2010-03-26 13:58:51 UTC 
I'd like to postpone it to F14 as this requires adding a new translatable string - for the warning.
Comment 2 Stephen Gallagher 2010-03-29 12:58:10 UTC 
I suppose that's reasonable. It's not likely that someone will attempt to do both.
Comment 3 Bug Zapper 2010-07-30 11:12:13 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping