From 72ea5fb83d926327079b5632a9e81a029ec965d9 Mon Sep 17 00:00:00 2001
From: Derek Jennings <djennings@mageia.org>
Date: Sat, 31 Aug 2013 13:59:16 +0100
Subject: fix drakauth ldap configuration (mga#10005)

---
 perl-install/authentication.pm | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'perl-install/authentication.pm')

diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index 714e815e9..048072aab 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -649,7 +649,7 @@ sub read_ldap_conf() {
     my %conf = map { 
 	s/^\s*#.*//; 
 	if_(_after_read_ldap_line($_) =~ /(\S+)\s+(.*)/, $1 => $2);
-    } cat_("$::prefix/etc/ldap.conf");
+    } cat_("$::prefix/etc/nslcd.conf");
     \%conf;
 }
 
@@ -669,7 +669,7 @@ sub update_ldap_conf {
 		$_ .= _pre_write_ldap_line("$cmd $val\n");
 	    }
 	}
-    } "$::prefix/etc/ldap.conf";
+    } "$::prefix/etc/nslcd.conf";
 }
 
 sub configure_krb5_for_AD {
@@ -897,23 +897,23 @@ sub fetch_dn {
 sub configure_nss_ldap {
 	my ($authentication) = @_;
 	update_ldap_conf(
-                         host => $authentication->{LDAP_server},
+			 uri => "ldaps://" . $authentication->{LDAP_server} . "/",
                          base => $authentication->{LDAPDOMAIN},
                         );
 
         if ($authentication->{nssgrp} eq '1') {
 
         update_ldap_conf(
-                         nss_base_shadow => $authentication->{nss_shadow} . "?sub",
-                         nss_base_passwd => $authentication->{nss_pwd} . "?sub",
-                         nss_base_group => $authentication->{nss_grp} . "?sub",
+                         'base shadow' => $authentication->{nss_shadow},
+                         'base passwd' => $authentication->{nss_pwd},
+                         'base group' => $authentication->{nss_grp},
                         );
         } else {
 
         update_ldap_conf(
-                         nss_base_shadow => $authentication->{LDAPDOMAIN} . "?sub",
-                         nss_base_passwd => $authentication->{LDAPDOMAIN} . "?sub",
-                         nss_base_group => $authentication->{LDAPDOMAIN}  . "?sub",
+                         'base shadow' => $authentication->{LDAPDOMAIN},
+                         'base passwd' => $authentication->{LDAPDOMAIN},
+                         'base group' => $authentication->{LDAPDOMAIN},
                         );
                 }
         if ($authentication->{anonymous} eq '1') {
@@ -926,7 +926,7 @@ sub configure_nss_ldap {
         if ($authentication->{cafile} eq '1') {
                  update_ldap_conf(
                  ssl => "on",
-                 tls_checkpeer => "yes",
+                 tls_reqcert => "demand",
                  tls_cacertfile => $authentication->{file},
                 );
         }
-- 
cgit v1.2.1