From 02d3ea106214c7e170cb9bf051e4085ade440134 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Mar 01 2016 12:05:20 +0000
Subject: advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins


authconfig in config_redhat_nss_ldap and config_redhat_nss_pam_ldapd got
new option --enableldaptls

It should have effect primarily on el5 systems.

https://fedorahosted.org/freeipa/ticket/5654

Reviewed-By: Tomas Babej <tbabej@redhat.com>

---

diff --git a/ipaserver/advise/plugins/legacy_clients.py b/ipaserver/advise/plugins/legacy_clients.py
index b6e1fc5..9e381f1 100644
--- a/ipaserver/advise/plugins/legacy_clients.py
+++ b/ipaserver/advise/plugins/legacy_clients.py
@@ -195,7 +195,7 @@ class config_redhat_nss_pam_ldapd(config_base_legacy_client):
 
         self.log.comment('Use the authconfig to configure nsswitch.conf '
                          'and the PAM stack')
-        self.log.command('authconfig --updateall --enableldap '
+        self.log.command('authconfig --updateall --enableldap --enableldaptls '
                          '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
                          % (uri, base))
 
@@ -363,7 +363,7 @@ class config_redhat_nss_ldap(config_base_legacy_client):
 
         self.log.comment('Use the authconfig to configure nsswitch.conf '
                          'and the PAM stack')
-        self.log.command('authconfig --updateall --enableldap '
+        self.log.command('authconfig --updateall --enableldap --enableldaptls '
                          '--enableldapauth --ldapserver=%s --ldapbasedn=%s\n'
                          % (uri, base))
 
diff --git a/ipatests/test_integration/test_advise.py b/ipatests/test_integration/test_advise.py
index 613096f..82d6d84 100644
--- a/ipatests/test_integration/test_advise.py
+++ b/ipatests/test_integration/test_advise.py
@@ -104,7 +104,8 @@ class TestAdvice(IntegrationTest):
         advice_regex = "\#\!\/bin\/sh.*" \
                        "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+nss_ldap" \
                        "[\s]+authconfig.*authconfig[\s]+\-\-updateall" \
-                       "[\s]+\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
+                       "[\s]+\-\-enableldap[\s]+\-\-enableldaptls"\
+                       "[\s]+\-\-enableldapauth[\s]+" \
                        "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
         raiseerr = True
 
@@ -116,8 +117,8 @@ class TestAdvice(IntegrationTest):
         advice_regex = "\#\!\/bin\/sh.*" \
                        "yum[\s]+install[\s]+\-y[\s]+curl[\s]+openssl[\s]+" \
                        "nss\-pam\-ldapd[\s]+pam_ldap[\s]+authconfig.*" \
-                       "authconfig[\s]+\-\-updateall[\s]+" \
-                       "\-\-enableldap[\s]+\-\-enableldapauth[\s]+" \
+                       "authconfig[\s]+\-\-updateall[\s]+\-\-enableldap"\
+                       "[\s]+\-\-enableldaptls[\s]+\-\-enableldapauth[\s]+" \
                        "\-\-ldapserver=.*[\s]+\-\-ldapbasedn=.*"
         raiseerr = True