From 833b7029954bcb29d23766d0d50558388ace519e Mon Sep 17 00:00:00 2001
From: Ian Allison <iana@pims.math.ca>
Date: Thu, 8 Oct 2015 21:16:35 -0700
Subject: warnquota: Added StartTLS support

An option called LDAP_TLS has been added to warnquota.conf which
controls whether the LDAP connection uses StartTLS. The option supports
the following values

 never - Don't ask for a certificate
 allow - Ask for certificate, proceed if valid
 try - Ask for certificate, proceed if valid or not given
 demand - Ask for certificate, proceed only if given and valid

Signed-off-by: Ian Allison <iana@pims.math.ca>
Signed-off-by: Jan Kara <jack@suse.cz>
---
 warnquota.conf | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'warnquota.conf')

diff --git a/warnquota.conf b/warnquota.conf
index 59d4f5f..b06f81f 100644
--- a/warnquota.conf
+++ b/warnquota.conf
@@ -60,6 +60,12 @@ GROUP_SIGNATURE	= See you!|			Your admin|
 # Otherwise you should specify LDAP_HOST and LDAP_PORT
 # LDAP_HOST = ldap
 # LDAP_PORT = 389
+# LDAP_TLS = false (false|never|allow|try|demand) use StarTLS
+#   false - don't use starTLS
+#   never - don't ask for a certificate
+#   allow - request certificate, proceed even if not verified
+#   try - request certificate, terminate if bad, proceed if not sent
+#   demand - request certificate, proceed only if verified
 # LDAP_BINDDN = uid=ReadOnlyUser,o=YourOrg
 # LDAP_BINDPW = YourReadOnlyUserPassword
 # LDAP_BASEDN = YourSearchBase
-- 
cgit v1.2.3