From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Fri, 25 Jan 2019 22:23:44 +0000 (+0100)
Subject: Add startTLS when using ldapsearch
X-Git-Tag: nur_publish~288
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=bad8f8d3cfaf48e6693f9718857a4648a86b0d37

Add startTLS when using ldapsearch

Fixes https://git.immae.eu/mantisbt/view.php?id=98
---

diff --git a/nixops/ldap_authorized_keys.sh b/nixops/ldap_authorized_keys.sh
index e8d7a64..ceaddbe 100755
--- a/nixops/ldap_authorized_keys.sh
+++ b/nixops/ldap_authorized_keys.sh
@@ -45,7 +45,7 @@ clean_key_line() {
 }
 
 ldap_search() {
-  $LDAPSEARCH -h $LDAP_HOST -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
+  $LDAPSEARCH -h $LDAP_HOST -ZZ -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
 }
 
 ldap_keys() {
diff --git a/nixops/modules/gitolite/gitolite_ldap_groups.sh b/nixops/modules/gitolite/gitolite_ldap_groups.sh
index 5f7ef6d..7db0da4 100755
--- a/nixops/modules/gitolite/gitolite_ldap_groups.sh
+++ b/nixops/modules/gitolite/gitolite_ldap_groups.sh
@@ -7,7 +7,7 @@ ldap_bindpw="$LDAP_PASS"
 ldap_searchbase="dc=immae,dc=eu"
 ldap_scope="subtree"
 
-ldap_options="-h ${ldap_host} -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
+ldap_options="-h ${ldap_host} -ZZ -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
 
 ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
 ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn | grep 'cn:' | cut -d' ' -f2)