[Astlinux-commits] SF.net SVN: astlinux:[6213] branches/1.0

[<abe...@us...>]

Revision: 6213
          http://sourceforge.net/p/astlinux/code/6213
Author:   abelbeck
Date:     2013-10-03 01:04:36 +0000 (Thu, 03 Oct 2013)
Log Message:
-----------
slapd, configure for START_TLS support, note ldaps:// is deprecated

Modified Paths:
--------------
    branches/1.0/package/openldap/slapd.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/openldap/slapd.init
===================================================================
--- branches/1.0/package/openldap/slapd.init	2013-10-02 19:21:33 UTC (rev 6212)
+++ branches/1.0/package/openldap/slapd.init	2013-10-03 01:04:36 UTC (rev 6213)
@@ -48,6 +48,7 @@
 
 gen_slapd_conf()
 {
+  local cert key
 
   echo "include /etc/openldap/schema/core.schema
 include /etc/openldap/schema/cosine.schema
@@ -55,8 +56,20 @@
 
 pidfile /var/run/slapd.pid
 argsfile /var/run/slapd.args
+"
 
-database sql
+  cert="${LDAP_SERVER_CERT:-/mnt/kd/ssl/sip-tls/keys/server.crt}"
+  key="${LDAP_SERVER_KEY:-/mnt/kd/ssl/sip-tls/keys/server.key}"
+  if [ -f "$cert" -a -f "$key" ]; then
+    echo "TLSCertificateFile $cert
+TLSCertificateKeyFile $key
+"
+  else
+    logger -t slapd -p kern.info "LDAP Server SSL configuration error, continuing..."
+    logger -t slapd -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which LDAP Server will use by default."
+  fi
+
+  echo "database sql
 #suffix \"o=sql,c=RU\"
 #rootdn \"cn=root,o=sql,c=RU\"
 suffix \"dc=example,dc=com\"
@@ -69,8 +82,9 @@
 upper_func \"upper\"
 concat_pattern \"?||?\"
 has_ldapinfo_dn_ru no
+"
 
-#database ldif
+  echo "#database ldif
 #suffix \"dc=example,dc=com\"
 #rootdn \"cn=root,dc=example,dc=com\"
 #rootpw astlinux

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2013-10-02 19:21:33 UTC (rev 6212)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2013-10-03 01:04:36 UTC (rev 6213)
@@ -484,6 +484,8 @@
 #LDAP_TLS_REQCERT="never"                          # TLS certificate check: "never", "allow", "try" or "demand", defaults to "demand"
 ## LDAP Server - OpenLDAP (slapd)
 #LDAP_SERVER="yes"                                 # Enable LDAP server slapd with "yes", defaults to "no"
+#LDAP_SERVER_CERT=""                               # Defaults to "/mnt/kd/ssl/sip-tls/keys/server.crt"
+#LDAP_SERVER_KEY=""                                # Defaults to "/mnt/kd/ssl/sip-tls/keys/server.key"
 
 ## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc.
 ## Format: http://user:pass@proxyhost:proxyport"

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.