Attachment #9698 for bug #47974

View | Details | Raw Unified | Return to bug 47974
Collapse All | Expand All

(-)conffiles/etc/cron.d/univention-ldap (-2 / +2 lines)

Lines 2-11	Link Here

PATH=/usr/sbin:/usr/bin:/sbin:/bin

PATH=/usr/sbin:/usr/bin:/sbin:/bin

# recreate dh paramter files for forward secrecy

# re-create dh parameter files for forward secrecy on a regular basis

@!@

@!@

script = '/usr/share/univention-ldap/create-dh-parameter-files'

script = '/usr/share/univention-ldap/create-dh-parameter-files'

interval = configRegistry.get('ldap/tls/dh/cron', '30 4  * * *')

interval = configRegistry.get('ldap/tls/dh/cron')

if interval:

if interval:

	print '%s	root	%s' % (interval, script)

	print '%s	root	%s' % (interval, script)

@!@

@!@

(-)conffiles/etc/ldap/slapd.conf.d/30univention-ldap-server_head (-1 / +1 lines)

Lines 15-21	Link Here

if protocol:

if protocol:

	print 'TLSProtocolMin	%s' % (protocol,)

	print 'TLSProtocolMin	%s' % (protocol,)

from os.path import exists

from os.path import exists

filename = configRegistry.get("ldap/tls/dh/paramfile", "/etc/ldap/dh_2048.pem")

filename = configRegistry.get("ldap/tls/dh/paramfile")

if filename and exists(filename):

if filename and exists(filename):

	print 'TLSDHParamFile	%s' % (filename,)

	print 'TLSDHParamFile	%s' % (filename,)

@!@

@!@




univention-ldap (11.0.12-11) unstable; urgency=low

  * Bug #38685: Disable DH parameter creation by default

 -- Philipp Hahn <hahn@univention.de>  Mon, 20 Jul 2015 11:58:17 +0200

univention-ldap (11.0.12-10) unstable; urgency=low

  * Bug #38685: Make SSL/TLS ciphers configurable

 -- Philipp Hahn <hahn@univention.de>  Fri, 17 Jul 2015 08:03:11 +0200

univention-ldap (11.0.12-9) unstable; urgency=low

  * Bug #38584: Remove DHCP policy references

(-)debian/univention-ldap-server.postinst (-2 / +3 lines)

Lines 84-91	Link Here

	security/packetfilter/package/univention-ldap-server/tcp/7636/all/en="LDAPS"

	security/packetfilter/package/univention-ldap-server/tcp/7636/all/en="LDAPS"

[ -x "/etc/init.d/univention-firewall" ] && invoke-rc.d univention-firewall restart

[ -x "/etc/init.d/univention-firewall" ] && invoke-rc.d univention-firewall restart

[ -f /etc/ldap/dh_2048.pem ] || cp /usr/share/univention-ldap/dh_2048.pem /etc/ldap/

ucr set \

ucr set \

	ldap/debug/level?0 \

	ldap/debug/level?0 \

	slapd/port?"7389,389" \

	slapd/port?"7389,389" \

Lines 108-113	Link Here

108

	ldap/tls/dh/paramfile?/etc/ldap/dh_2048.pem \

106

	ldap/tls/dh/paramfile?/etc/ldap/dh_2048.pem \

109

	ldap/maxopenfiles?8192 # Bug #17705

107

	ldap/maxopenfiles?8192 # Bug #17705

110

108

109

paramfile="$(ucr get ldap/tls/dh/paramfile)"

110

[ -n "$paramfile" ] && [ ! -f "$paramfile" ] && cp /usr/share/univention-ldap/dh_2048.pem "$paramfile"

111

# UDM Property Attributes

112

# UDM Property Attributes

112

udm_prop_attrs="univentionUDMPropertyVersion,univentionUDMPropertyModule,univentionUDMPropertyShortDescription,univentionUDMPropertyLongDescription,univentionUDMPropertySyntax,univentionUDMPropertyMultivalue,univentionUDMPropertyDefault,univentionUDMPropertyLdapMapping,univentionUDMPropertyObjectClass,univentionUDMPropertyDeleteObjectClass,univentionUDMPropertyValueMayChange,univentionUDMPropertyLayoutTabName,univentionUDMPropertyLayoutOverwriteTab,univentionUDMPropertyLayoutOverwritePosition,univentionUDMPropertyLayoutPosition,univentionUDMPropertyCLIName,univentionUDMPropertyTranslationShortDescription,univentionUDMPropertyTranslationLongDescription,univentionUDMPropertyTranslationTabName,univentionUDMPropertyOptions,univentionUDMPropertyLayoutTabAdvanced,univentionUDMPropertyValueRequired,univentionUDMPropertyHook,univentionUDMPropertyDoNotSearch"

113

udm_prop_attrs="univentionUDMPropertyVersion,univentionUDMPropertyModule,univentionUDMPropertyShortDescription,univentionUDMPropertyLongDescription,univentionUDMPropertySyntax,univentionUDMPropertyMultivalue,univentionUDMPropertyDefault,univentionUDMPropertyLdapMapping,univentionUDMPropertyObjectClass,univentionUDMPropertyDeleteObjectClass,univentionUDMPropertyValueMayChange,univentionUDMPropertyLayoutTabName,univentionUDMPropertyLayoutOverwriteTab,univentionUDMPropertyLayoutOverwritePosition,univentionUDMPropertyLayoutPosition,univentionUDMPropertyCLIName,univentionUDMPropertyTranslationShortDescription,univentionUDMPropertyTranslationLongDescription,univentionUDMPropertyTranslationTabName,univentionUDMPropertyOptions,univentionUDMPropertyLayoutTabAdvanced,univentionUDMPropertyValueRequired,univentionUDMPropertyHook,univentionUDMPropertyDoNotSearch"

113

# recommended index settings

114

# recommended index settings

(-)scripts/create-dh-parameter-files (-1 / +1 lines)

Lines 38-44	Link Here

tmp=$(mktemp "$paramfile.XXXXXXXXXX")

tmp=$(mktemp "$paramfile.XXXXXXXXXX")

trap "cat '$log';rm -f '$tmp' '$log'" EXIT

trap "cat '$log';rm -f '$tmp' '$log'" EXIT

openssl gendh -out "$tmp" -2 2048

openssl dhparam -out "$tmp" -2 2048

chmod 644 "$tmp"

chmod 644 "$tmp"

mv "$tmp" "$paramfile"

mv "$tmp" "$paramfile"

Return to bug 47974