Make app_pki_key and app_pki_cert optional

[virus2500]

Hi,

we don't use Client certificate authentication and failed to connect to our openldap since it apparently always uses client authentication as the mechanism.

When we commented out the lines

  # if $app_pki_key {
  #   $ldap_tls_key = $app_pki_key
  # } else {
  #   $ldap_tls_key = "${sssd::app_pki_dir}/private/${$facts['fqdn']}.pem"
  # }

  # if $app_pki_cert {
  #   $ldap_tls_cert = $app_pki_cert
  # } else {
  #   $ldap_tls_cert = "${sssd::app_pki_dir}/public/${$facts['fqdn']}.pub"
  # }

from manifests/provider/ldap.pp everything started working as expected.
Looking around for this issue i also found this issue https://simp-project.atlassian.net/jira/software/c/projects/SIMP/issues/SIMP-10741

Could you make this two parameters optional. Default seems to be "not set" anyway?

TIA

[sabo]

I've submitted a PR that resolves this issue (#137) but it's been awaiting review for a while now.

[virus2500]

Hi @sabo,

oops, seems like my brain didn't connect the dots while looking through the PRs.

I was thinking about how to do this without breaking their current logic.
Seems like your way is the only one that would keep their logic intact while still being able to opt-out of this behavior.

Now it would be interesting to know wether the dev(s) prefer to do it the "default" way, which would be an opt-in or keep the current way and implement your opt-out strategy.

I'll keep this issue open for now to increase visibility of this issue.