-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/03/2010 03:16 PM, Sumit Bose wrote:
On Fri, Apr 30, 2010 at 05:42:46PM +0200, Jakub Hrozek wrote: This is a rebased version of the patch that applies on top of the recent changes that went into 1.2.
There is a warning about 'new blank line at EOF', I think it is from src/man/include/service_discovery.xml.
Fixed
+#define SSS_LDAP_ID_SRV "ldap" +#define SSS_LDAP_AUTH_SRV "ldaps" +
the auth provider does an explicit StartTLS. So I think ldap is safe here in both cases. But it might be useful to have an option to change the default from "ldap" to "ldaps"?
OK, I have added a new ldap_dns_service option with the default of "ldap", which is now used for both auth and id but can trivially be reset to just about anything (the obvious use-case, of course being "ldaps")
A new patch is attached.