3 files changed, 25 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index a0e21f2..5eab333 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -68,6 +68,7 @@ version 0.9.4 -- unreleased
 	 . Removed warning about vserver not running (thanks anarcat)
 	ldap:
 	 . Compress now happens in-line to save some disk space (Closes: #370778)
+	 . ldaphost and tls options added for ldapsearch method (Closes: #362027)
 	makecd:
 	 . Added nicelevel option (thanks rhatto)
     lib changes
diff --git a/examples/example.ldap b/examples/example.ldap
index adc1fcd..ee7c57d 100644
--- a/examples/example.ldap
+++ b/examples/example.ldap
@@ -43,3 +43,9 @@
 ## to, not needed for slapcat
 # binddn =
 
+## ldaphost (no default): set this to your ldap host if it is not local
+# ldaphost =
+
+## tls (default yes): if set to 'yes' then TLS connection will be
+## attempted to your ldaphost by using the URI base ldaps: otherwise ldap: will be used
+# tls = yes
\ No newline at end of file
diff --git a/handlers/ldap b/handlers/ldap
index ee46831..ba3d78a 100644
--- a/handlers/ldap
+++ b/handlers/ldap
@@ -12,6 +12,14 @@ getconf restart no
 getconf method ldapsearch
 getconf passwordfile
 getconf binddn
+getconf ldaphost
+getconf tls yes
+
+if [ $tls = 'yes' ] 
+   URLBASE="ldaps"
+else
+   URLBASE="ldap"
+fi
 
 status="ok"
 
@@ -54,9 +62,17 @@ if [ "$ldif" == "yes" ]; then
          debug "$execstr"
       else
          if [ "$compress" == "yes" ]; then
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            if [ -n "$ldaphost" ]
+               execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            else
+               execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile | $GZIP"
+            fi
          else
-            execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            if [ -n "$ldaphost" ]
+               execstr="$LDAPSEARCH -H $URLBASE://$ldaphost -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            else
+               execstr="$LDAPSEARCH -x -L -b ""$dbsuffix"" -D ""$binddn"" -y $passwordfile"
+            fi
          fi
          [ -f "$passwordfile" ] || fatal "Password file $passwordfile not found. When method is set to ldapsearch, you must also specify a password file."
          debug "$execstr"