Description of problem: Stumbled on this when attempting to bring a FC^ box into an existing LDAP setup. When using system-config-authentication both the --enableldaptls and the --enableldapssh add the same identical line to ldap.conf despite the fact that nss_ldap recognizes a difference between ssl and tls operation Version-Release number of selected component (if applicable): authconfig-gtk-5.3.12-1.fc6 How reproducible: every time Steps to Reproduce: 1. use s-c-a --enableldapssl --update 2. check /etc/ldap.conf for the line ssl ... Actual results: Ssl option set to "ssl start_tls" Expected results: Ssl option set to "ssl yes" Additional info: This is important for interfacing with older LDAP servers that just start talking SSL on ldaps (636) since nss_ldap will get confused if set to start_tls waiting for the start signal.
Created attachment 295512 [details] make --enableldapssl enable SSL, not TLS works fine on this FC8 box, but has only been tested using the CLI, not the GUI. (requires python-2.5 for startswith() that takes a tuple.)
I do not think --enableldapssl should do this. Actually I think that --enableldapssl option should just be removed completely, --enableldaptls should stay as is that means put ssl start_tls into the config. There is support for using ldaps:// or ldap:// uri in the --ldapserver option already. So for ldaps you would use options '--ldapserver ldaps://<server>/ --disableldaptls' I'll drop the --enableldapssl alias and add some text to the --help and to tooltips in the GUI.