Add startTLS when using ldapsearch

Fixes https://git.immae.eu/mantisbt/view.php?id=98

diff --git a/nixops/ldap_authorized_keys.sh b/nixops/ldap_authorized_keys.sh
index e8d7a6487f676a77b9cf903849ba961b8fdf8304..ceaddbe48474e8cb65b934781382872c5d8c290b 100755 (executable)
--- a/nixops/ldap_authorized_keys.sh
+++ b/nixops/ldap_authorized_keys.sh
@@ -45,7 +45,7 @@ clean_key_line() {
 }
 
 ldap_search() {
-  $LDAPSEARCH -h $LDAP_HOST -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
+  $LDAPSEARCH -h $LDAP_HOST -ZZ -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
 }
 
 ldap_keys() {

diff --git a/nixops/modules/gitolite/gitolite_ldap_groups.sh b/nixops/modules/gitolite/gitolite_ldap_groups.sh
index 5f7ef6de1f8abd2549bf48f7f39460e6a86ebd05..7db0da4093a701435cc9d83269e6f6e035247c53 100755 (executable)
--- a/nixops/modules/gitolite/gitolite_ldap_groups.sh
+++ b/nixops/modules/gitolite/gitolite_ldap_groups.sh
@@ -7,7 +7,7 @@ ldap_bindpw="$LDAP_PASS"
 ldap_searchbase="dc=immae,dc=eu"
 ldap_scope="subtree"
 
-ldap_options="-h ${ldap_host} -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
+ldap_options="-h ${ldap_host} -ZZ -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
 
 ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
 ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn | grep 'cn:' | cut -d' ' -f2)