The initial certificate handling code has been implemented for TLS only. Since it works for SSL as well and may be required in some scenarious, use the code whenever any security protocol is configured.
Details
Diff Detail
- Repository
- R178 PIM: KLDAP
- Lint
Automatic diff as part of commit; lint not applicable. - Unit
Automatic diff as part of commit; unit tests not applicable.
Yes, I tested against Samba 4.7 with both SSL (LDAPS/port 636) and TLS. The CA certificate has been supplied via LdapServer::setTLSCACertFile(...) and verification enforced via LdapServer::setTLSRequireCertificate(LdapServer::TLSReqCertHard). Without this patch, only TLS works even when setting LdapServer::TLSReqCertNever since this option is ignored in the previous implementation for the SSL case. With this patch applied, SSL/LDAPS works fine too.
Thanks for reviewing! Is there any timeline when the changes will be visible in the Git repository?
I just applied for a developer account. Once approved and got access to the kldap repository, I'll commit the changes. If things do not work this way, you can commit the changes too.
Normally we only give people after some patches developer access, as with this you have commit access to every KDE repos. In order to push your commit, we need your name, that we use as author of the commit.
OK, then please commit the changes as Tobias Junghans <tobias.junghans@veyon.io> - thanks in advance :-)