packaging: added new encryption options for LDAP

Signed-off-by: Miquel Sabaté Solà <[email protected]>

.rubocop.yml

@@ -43,7 +43,7 @@ Metrics/BlockLength:
 #   2. The models regarding the registry have to be modularized.
 #   3. LDAP has to be refactored.
 Metrics/ClassLength:
-  Max: 230
+  Max: 240
 
 # The default is just too small. A limit of 100 looks reasonable and many other
 # projects (including inside of SUSE) are also using this value.

packaging/suse/portusctl/lib/cli.rb

@@ -56,8 +56,17 @@ class Cli < Thor
   option "ldap-hostname", desc: "LDAP: server hostname"
   option "ldap-port", desc: "LDAP: server port", default: "389"
   option "ldap-method",
-         desc:    "LDAP: encryption method (recommended: starttls)",
+         desc:    "LDAP: encryption method",
          default: "plain"
+  option "ldap-encryption-method",
+         desc:    "LDAP: encryption method",
+         default: "plain"
+  option "ldap-encryption-options-ca-file",
+         desc:    "LDAP: path to the CA file to be passed",
+         default: ""
+  option "ldap-encryption-options-ssl-version",
+         desc:    "LDAP: SSL version to be used for communications",
+         default: "TLSv1_2"
   option "ldap-base", desc: "LDAP: base", default: "ou=users, dc=example, dc=com"
   option "ldap-filter", desc: "LDAP: filter users"
   option "ldap-uid", desc: "LDAP: uid", default: "uid"

packaging/suse/portusctl/man/man1/portusctl-setup.1

@@ -81,8 +81,20 @@ The port on which the LDAP server is listening.
 .TP
 \fB\-\-ldap\-method\fP
 The encryption method that the LDAP server is using. You have three options:
-\fBplain\fP (default), \fBsimple_tls\fP and \fBstarttls\fP\&. Even if \fBplain\fP is the
-default value, we strongly recommend using \fBstarttls\fP in production environments.
+\fBplain\fP (default), \fBsimple_tls\fP and \fBstarttls\fP\&. This has been
+deprecated.
+.TP
+\fB\-\-ldap\-encryption\-method\fP:
+The encryption method that the LDAP server is using. You have three options:
+\fBplain\fP (default), \fBsimple_tls\fP and \fBstart_tls\fP\&.
+.TP
+\fB\-\-ldap\-encryption\-options\-ca\-file\fP:
+The path to the CA file to be used for encrypted communications. If nothing is
+provided, then it defaults to the ones from the host.
+.TP
+\fB\-\-ldap\-encryption\-options\-ssl\-version\fP:
+The SSL version to be used on all communications. It uses 'TLSv1_2' by
+default.
 .TP
 \fB\-\-ldap\-base\fP
 The LDAP base to be considered when fetching users. It defaults to

packaging/suse/portusctl/man/markdown/portusctl-setup.md

@@ -83,8 +83,20 @@ first time.
 
 **--ldap-method**
   The encryption method that the LDAP server is using. You have three options:
-  **plain** (default), **simple_tls** and **starttls**. Even if **plain** is the
-  default value, we strongly recommend using **starttls** in production environments.
+  **plain** (default), **simple_tls** and **starttls**. This has been
+  deprecated.
+
+**--ldap-encryption-method**:
+  The encryption method that the LDAP server is using. You have three options:
+  **plain** (default), **simple_tls** and **start_tls**.
+
+**--ldap-encryption-options-ca-file**:
+  The path to the CA file to be used for encrypted communications. If nothing is
+  provided, then it defaults to the ones from the host.
+
+**--ldap-encryption-options-ssl-version**:
+  The SSL version to be used on all communications. It uses 'TLSv1_2' by
+  default.
 
 **--ldap-base**
   The LDAP base to be considered when fetching users. It defaults to