Bug#698649: ldap2zone: Patch to support Bind and TLS

Mon, 21 Jan 2013 10:33:17 -0800 

Package: ldap2zone
Version: 0.2-2
Severity: normal
Tags: patch

/usr/sbin/ldap2bind could be made with minor changes to support LDAP bind with 
a password from file by using ldapsearch's "-y" option. Having this support out 
from repository would be nice (not included in this patch).
/usr/sbin/ldap2zone doesn't support non-anonymous bind at all.

I've searched the net and came to a github page with modified version of 
ldap2zone at:
https://github.com/FransUrbo/bind9-ldap

This version already supports non-anonymous bind, try TLS, require TLS and SASL.
But the only way to specify bind password is by including it in command line 
with -w option which isn't secure enough.
So, I enchanted it some:
- -y option to specify file to read password from
- use LDAP V3 always, even if no TLS and SASL asked

I've made a patch between the version I've got from the above url with my 
changes and Debian's most fresh 0.2-3.1, it seems to be clean enough.
There are much sasl code which is not used due to SECUREBIND_SASL not defined. 
It should be quite easy to add SASL support by adding sasl.c from the above url 
and define SECUREBIND_SASL, if somebody interested.

-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 
'precise'), (100, 'precise-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-35-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ldap2zone depends on:
ii  bind9          1:9.8.1.dfsg.P1-4ubuntu0.5
ii  libc6          2.15-0ubuntu10.3
ii  libldap-2.4-2  2.4.28-1.1ubuntu4.2

ldap2zone recommends no packages.

ldap2zone suggests no packages.

-- Configuration Files:
/etc/cron.d/ldap2zone changed:
PATH=/sbin:/bin:/usr/sbin:/usr/bin
@reboot   bind  /usr/sbin/ldap2bind
@hourly   bind  /usr/sbin/ldap2bind
*/1 * * * *   bind  /usr/sbin/ldap2bind

/etc/default/ldap2zone/default [Errno 20] Not a directory: 
u'/etc/default/ldap2zone/default'

-- no debconf information

Attachment: ldap2zone-0.2-bind-tls-sasl-pwfile-v3.patch.gz
Description: GNU Zip compressed data

Reply via email to