From bad8f8d3cfaf48e6693f9718857a4648a86b0d37 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Fri, 25 Jan 2019 23:23:44 +0100
Subject: [PATCH] Add startTLS when using ldapsearch

Fixes https://git.immae.eu/mantisbt/view.php?id=98
---
 nixops/ldap_authorized_keys.sh                  | 2 +-
 nixops/modules/gitolite/gitolite_ldap_groups.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixops/ldap_authorized_keys.sh b/nixops/ldap_authorized_keys.sh
index e8d7a64..ceaddbe 100755
--- a/nixops/ldap_authorized_keys.sh
+++ b/nixops/ldap_authorized_keys.sh
@@ -45,7 +45,7 @@ clean_key_line() {
 }
 
 ldap_search() {
-  $LDAPSEARCH -h $LDAP_HOST -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
+  $LDAPSEARCH -h $LDAP_HOST -ZZ -b $LDAP_BASE -D $LDAP_BIND -w "$LDAP_PASS" -x -o ldif-wrap=no -LLL "$@"
 }
 
 ldap_keys() {
diff --git a/nixops/modules/gitolite/gitolite_ldap_groups.sh b/nixops/modules/gitolite/gitolite_ldap_groups.sh
index 5f7ef6d..7db0da4 100755
--- a/nixops/modules/gitolite/gitolite_ldap_groups.sh
+++ b/nixops/modules/gitolite/gitolite_ldap_groups.sh
@@ -7,7 +7,7 @@ ldap_bindpw="$LDAP_PASS"
 ldap_searchbase="dc=immae,dc=eu"
 ldap_scope="subtree"
 
-ldap_options="-h ${ldap_host} -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
+ldap_options="-h ${ldap_host} -ZZ -x -D ${ldap_binddn} -w ${ldap_bindpw} -b ${ldap_searchbase} -s ${ldap_scope}"
 
 ldap_filter="(&(memberOf=cn=groups,cn=gitolite,ou=services,dc=immae,dc=eu)(|(member=uid=${uid_param},ou=users,dc=immae,dc=eu)(member=uid=${uid_param},ou=group_users,dc=immae,dc=eu)))"
 ldap_result=$(ldapsearch ${ldap_options} -LLL "${ldap_filter}" cn | grep 'cn:' | cut -d' ' -f2)
-- 
2.41.0