On Tue, May 04, 2010 at 01:40:03PM +0200, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/03/2010 03:16 PM, Sumit Bose wrote:
On Fri, Apr 30, 2010 at 05:42:46PM +0200, Jakub Hrozek wrote: This is a rebased version of the patch that applies on top of the recent changes that went into 1.2.
There is a warning about 'new blank line at EOF', I think it is from src/man/include/service_discovery.xml.
Fixed
+#define SSS_LDAP_ID_SRV "ldap" +#define SSS_LDAP_AUTH_SRV "ldaps"
the auth provider does an explicit StartTLS. So I think ldap is safe here in both cases. But it might be useful to have an option to change the default from "ldap" to "ldaps"?
OK, I have added a new ldap_dns_service option with the default of "ldap", which is now used for both auth and id but can trivially be reset to just about anything (the obvious use-case, of course being "ldaps")
A new patch is attached.
ACK, but please add <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/service_discovery.xml" /> to sssd-ldap.5.xml before committing it.
bye, Sumit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvgB5MACgkQHsardTLnvCXtDgCggc6nx3QPsYweCQo6UqHfdbuY rj8AoJfOi6bbNJZkjLSAQynfiHrzpYvO =RsXG -----END PGP SIGNATURE-----