Comment 0 for bug 1159770

The file /etc/ldap.conf contains the settings for LDAP authentication. The recommended way of configuring this file and LDAP authentication, is through debconf. However, there is no way to specify whether TLS or SSL must be used for LDAP authentication, and without this setting, the user passwords will be sent in cleartext over the network.

Release: Ubuntu 12.04.2 LTS
Version: ldap-auth-config: Installed: 0.5.3

Expected: To be able to set up secure LDAP authentication through debconf

Instead: Configuring that TLS or SSL is required, is not possible. This also means that it cannot be preseeded during automated installs.

To enable TLS or SSL, the /etc/ldap.conf must contain "ssl start_tls' or 'ssl on' as appropriate. These are available already in the file, but currently commented out. These can be failry easyily brought under debconf control, would only require a new question in control/Templates, and code in control/postinst.