Remove LDAP_TLS_PROTOCOL_MIN as it does not take effect

jgehrcke · jgehrcke · commit c7cdcbb3f2e0 · 2016-07-20T19:03:38.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 1.1.4
+Remove TLS environment variable LDAP_TLS_PROTOCOL_MIN, see #69
+
+
 ## 1.1.3
 Merge pull request :
   - Use mdb over hdb #50
diff --git a/README.md b/README.md
@@ -254,7 +254,6 @@ TLS options:
 - **LDAP_TLS_CA_CRT_FILENAME**: Ldap ssl CA certificate  filename. Defaults to `ca.crt`
 - **LDAP_TLS_ENFORCE**: Enforce TLS. Defaults to `false`
 - **LDAP_TLS_CIPHER_SUITE**: TLS cipher suite. Defaults to `SECURE256:-VERS-SSL3.0`
-- **LDAP_TLS_PROTOCOL_MIN**: TLS min protocol. Defaults to `3.1`
 - **LDAP_TLS_VERIFY_CLIENT**: TLS verify client. Defaults to `demand`
 
 	Help: http://www.openldap.org/doc/admin24/tls.html
diff --git a/example/extend-osixia-openldap/environment/my-env.yaml.startup b/example/extend-osixia-openldap/environment/my-env.yaml.startup
@@ -24,7 +24,6 @@ LDAP_TLS_CA_CRT_FILENAME: ca.crt
 
 LDAP_TLS_ENFORCE: false
 LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
-LDAP_TLS_PROTOCOL_MIN: 3.1
 LDAP_TLS_VERIFY_CLIENT: never
 
 # Replication
diff --git a/example/kubernetes/simple/ldap-rc.yaml b/example/kubernetes/simple/ldap-rc.yaml
@@ -55,8 +55,6 @@ spec:
               value: "false"
             - name: LDAP_TLS_CIPHER_SUITE
               value: "SECURE256:-VERS-SSL3.0"
-            - name: LDAP_TLS_PROTOCOL_MIN
-              value: "3.1"
             - name: LDAP_TLS_VERIFY_CLIENT
               value: "demand"
             - name: LDAP_REPLICATION
diff --git a/example/kubernetes/using-secrets/environment/my-env.yaml.startup b/example/kubernetes/using-secrets/environment/my-env.yaml.startup
@@ -24,7 +24,6 @@ LDAP_TLS_CA_CRT_FILENAME: ca.crt
 
 LDAP_TLS_ENFORCE: false
 LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
-LDAP_TLS_PROTOCOL_MIN: 3.1
 LDAP_TLS_VERIFY_CLIENT: never
 
 # Replication
diff --git a/image/environment/default.yaml.startup b/image/environment/default.yaml.startup
@@ -29,7 +29,6 @@ LDAP_TLS_CA_CRT_FILENAME: ca.crt
 
 LDAP_TLS_ENFORCE: false
 LDAP_TLS_CIPHER_SUITE: SECURE256:-VERS-SSL3.0
-LDAP_TLS_PROTOCOL_MIN: 3.1
 LDAP_TLS_VERIFY_CLIENT: demand
 
 # Replication
diff --git a/image/service/slapd/assets/config/tls/tls-enable.ldif b/image/service/slapd/assets/config/tls/tls-enable.ldif
@@ -3,9 +3,6 @@ changetype: modify
 replace: olcTLSCipherSuite
 olcTLSCipherSuite: {{ LDAP_TLS_CIPHER_SUITE }}
 -
-replace: olcTLSProtocolMin
-olcTLSProtocolMin: {{ LDAP_TLS_PROTOCOL_MIN }}
--
 replace: olcTLSCACertificateFile
 olcTLSCACertificateFile: {{ LDAP_TLS_CA_CRT_PATH }}
 -
diff --git a/image/service/slapd/startup.sh b/image/service/slapd/startup.sh
@@ -242,7 +242,6 @@ EOF
     sed -i "s|{{ LDAP_TLS_DH_PARAM_PATH }}|${LDAP_TLS_DH_PARAM_PATH}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/tls/tls-enable.ldif
 
     sed -i "s|{{ LDAP_TLS_CIPHER_SUITE }}|${LDAP_TLS_CIPHER_SUITE}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/tls/tls-enable.ldif
-    sed -i "s|{{ LDAP_TLS_PROTOCOL_MIN }}|${LDAP_TLS_PROTOCOL_MIN}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/tls/tls-enable.ldif
     sed -i "s|{{ LDAP_TLS_VERIFY_CLIENT }}|${LDAP_TLS_VERIFY_CLIENT}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/tls/tls-enable.ldif
 
     ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f ${CONTAINER_SERVICE_DIR}/slapd/assets/config/tls/tls-enable.ldif 2>&1 | log-helper debug

Original file line number	Diff line number	Diff line change
`@@ -3,9 +3,6 @@ changetype: modify`
`3`	`3`	`replace: olcTLSCipherSuite`
`4`	`4`	`olcTLSCipherSuite: {{ LDAP_TLS_CIPHER_SUITE }}`
`5`	`5`	`-`
`6`		`-replace: olcTLSProtocolMin`
`7`		`-olcTLSProtocolMin: {{ LDAP_TLS_PROTOCOL_MIN }}`
`8`		`--`
`9`	`6`	`replace: olcTLSCACertificateFile`
`10`	`7`	`olcTLSCACertificateFile: {{ LDAP_TLS_CA_CRT_PATH }}`
`11`	`8`	`-`