https://bugzilla.redhat.com/show_bug.cgi?id=469261
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console replication changes
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: This adds support for starttls, gssapi, and digest to
the console for setting up replication agreements.
1) Instead of a checkbox for use ssl, I added 3 radio buttons - no ssl,
regular ldaps, starttls - note: active directory supports starttls
2) To the ssl auth and simple auth radio buttons, I added gssapi and
digest. The way the logic works is that gssapi is only allowed when
using regular ldap, digest and simple bind are allowed always, ssl auth
is only allowed with one of the ssl options. gssapi allows an empty
bind dn and password, but digest and simple require a bind dn and
password. NOTE: we do not support anything other than simple bind with
active directory in the GUI
I also changed the wording a little bit, and added tool tips (which will
hopefully not be too annoying)
I did not add additional checking e.g. the console cannot verify that
kerberos is set up properly
Platforms tested: RHEL5
Flag Day: no
Doc impact: oh yes
https://bugzilla.redhat.com/attachment.cgi?id=324349&action=diff
--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
