Write the LDAP conf file as well

13 years ago · 94ba247eec
parent dbaffcee86
commit 94ba247eec
4 changed files with 303 additions and 6 deletions
--- a/debian/control
+++ b/debian/control
@ -8,6 +8,6 @@ Standards-Version: 3.8.4

 Package: kcontrol-ldap-trinity
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, libpam-krb5, libpam-ldap, nss-updatedb, libpam-ccreds
 Description: LDAP control module for the TDE control center
 LDAP is a TDE control center module to manage TDE connections to LDAP realms.
--- a/src/ldap.cpp
+++ b/src/ldap.cpp
@ -48,6 +48,8 @@
 // Connect this to CMake/Automake
 #define KDE_CONFDIR "/etc/trinity"
 #define KRB5_FILE "/etc/krb5.conf"
+#define LDAP_FILE "/etc/ldap.conf"
+#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"

 typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;

@ -89,6 +91,13 @@ LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
 	connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm()));
 	connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties()));

+	connect(base->ldapVersion, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
+	connect(base->ldapTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
+	connect(base->bindPolicy, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
+	connect(base->ldapBindTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
+	connect(base->passwordHash, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
+	connect(base->ignoredUsers, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(changed()));
+
 	load();

 	if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
@ -110,6 +119,8 @@ void LDAPConfig::load() {

 void LDAPConfig::load(bool useDefaults )
 {
+	int i;
+
 	//Update the toggle buttons with the current configuration
 	systemconfig->setReadDefaults( useDefaults );
 	
@ -117,6 +128,13 @@ void LDAPConfig::load(bool useDefaults )
 	base->systemEnableSupport->setChecked(systemconfig->readBoolEntry("EnableLDAP", false));
 	m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
 	m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
+
+	m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
+	m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
+	m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
+	m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
+	m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
+	m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
 	
 	// Load realms
 	m_realms.clear();
@ -149,6 +167,24 @@ void LDAPConfig::load(bool useDefaults )
 	}

 	base->ticketLifetime->setValue(m_ticketLifetime);
+
+	base->ldapVersion->setValue(m_ldapVersion);
+	base->ldapTimeout->setValue(m_ldapTimeout);
+	for (i=0; i<base->bindPolicy->count(); i++) {
+		if (base->bindPolicy->text(i).lower() == m_defaultRealm.lower()) {
+			base->bindPolicy->setCurrentItem(i);
+			break;
+		}
+	}
+	base->ldapBindTimeout->setValue(m_ldapBindTimeout);
+	for (i=0; i<base->passwordHash->count(); i++) {
+		if (base->passwordHash->text(i).lower() == m_passwordHash.lower()) {
+			base->passwordHash->setCurrentItem(i);
+			break;
+		}
+	}
+	base->ignoredUsers->setText(m_ignoredUsers);
+
 	updateRealmList();

 	processLockouts();
@ -186,6 +222,14 @@ void LDAPConfig::save() {
 	systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
 	m_defaultRealm = base->defaultRealm->currentText();
 	m_ticketLifetime = base->ticketLifetime->value();
+
+	m_ldapVersion = base->ldapVersion->value();
+	m_ldapTimeout = base->ldapTimeout->value();
+	m_bindPolicy = base->bindPolicy->currentText();
+	m_ldapBindTimeout = base->ldapBindTimeout->value();
+	m_passwordHash = base->passwordHash->currentText();
+	m_ignoredUsers = base->ignoredUsers->text();
+
 	if (m_defaultRealm != "") {
 		systemconfig->writeEntry("DefaultRealm", m_defaultRealm);
 	}
@ -194,6 +238,13 @@ void LDAPConfig::save() {
 	}
 	systemconfig->writeEntry("TicketLifetime", m_ticketLifetime);

+	systemconfig->writeEntry("ConnectionLDAPVersion", m_ldapVersion);
+	systemconfig->writeEntry("ConnectionLDAPTimeout", m_ldapTimeout);
+	systemconfig->writeEntry("ConnectionBindPolicy", m_bindPolicy);
+	systemconfig->writeEntry("ConnectionBindTimeout", m_ldapBindTimeout);
+	systemconfig->writeEntry("ConnectionPasswordHash", m_passwordHash);
+	systemconfig->writeEntry("ConnectionIgnoredUsers", m_ignoredUsers);
+
 	LDAPRealmConfigList::Iterator it;
 	for (it = m_realms.begin(); it != m_realms.end(); ++it) {
 		LDAPRealmConfig realmcfg = it.data();
@ -230,8 +281,12 @@ void LDAPConfig::save() {

 	systemconfig->sync();

-	// Write the Kerberos5 configuration file
-	writeKrb5ConfFile();
+	if (base->systemEnableSupport->isChecked()) {
+		// Write the Kerberos5 configuration file
+		writeKrb5ConfFile();
+		// Write the LDAP configuration file
+		writeLDAPConfFile();
+	}

 	load();
 }
@ -240,6 +295,8 @@ void LDAPConfig::processLockouts() {
 	bool panelIsEnabled = base->systemEnableSupport->isChecked();

 	base->groupRealms->setEnabled(panelIsEnabled);
+	base->groupKrbDefaults->setEnabled(panelIsEnabled);
+	base->groupConnectionParameters->setEnabled(panelIsEnabled);

 	TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
 	if (selrealm) {
@ -414,6 +471,31 @@ void LDAPConfig::writeKrb5ConfFile() {
 	}
 }

+void LDAPConfig::writeLDAPConfFile() {
+	TQFile file(LDAP_FILE);
+	if (file.open(IO_WriteOnly)) {
+		TQTextStream stream( &file );
+
+		LDAPRealmConfig realmcfg = m_realms[m_defaultRealm];
+
+		stream << "# This file was automatically generated by TDE\n";
+		stream << "# All changes will be lost!\n";
+		stream << "\n";
+
+		stream << "host " << realmcfg.admin_server << "\n";
+		TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
+		stream << "base dc=" << domainChunks.join(",dc=") << "\n";
+		stream << "ldap_version " << m_ldapVersion << "\n";
+		stream << "timelimit " << m_ldapTimeout << "\n";
+		stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
+		stream << "bind_policy " << m_bindPolicy.lower() << "\n";
+		stream << "pam_password " << m_passwordHash.lower() << "\n";
+		stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
+
+		file.close();
+	}
+}
+
 int LDAPConfig::buttons() {
 	return KCModule::Apply|KCModule::Help;
 }
--- a/src/ldap.h
+++ b/src/ldap.h
@ -88,6 +88,7 @@ class LDAPConfig: public KCModule
 	private:
 		void updateRealmList();
 		void writeKrb5ConfFile();
+		void writeLDAPConfFile();

 	private:
 		KAboutData *myAboutData;
@ -96,6 +97,13 @@ class LDAPConfig: public KCModule
 		LDAPRealmConfigList m_realms;
 		TQString m_defaultRealm;
 		int m_ticketLifetime;
+
+		int m_ldapVersion;
+		int m_ldapTimeout;
+		TQString m_bindPolicy;
+		int m_ldapBindTimeout;
+		TQString m_passwordHash;
+		TQString m_ignoredUsers;
 };

 #endif
--- a/src/ldapconfigbase.ui
+++ b/src/ldapconfigbase.ui
@ -138,12 +138,42 @@
 							</widget>
 						</grid>
 					</widget>
-					<widget class="TQGroupBox" row="2" column="0">
+					<spacer row="4" column="0">
+						<property name="name" stdset="0">
+							<cstring>Spacer1</cstring>
+						</property>
+						<property name="orientation">
+							<enum>Vertical</enum>
+						</property>
+						<property name="sizeType">
+							<enum>Expanding</enum>
+						</property>
+						<property name="sizeHint">
+							<size>
+								<width>20</width>
+								<height>20</height>
+							</size>
+						</property>
+					</spacer>
+				</grid>
+			</widget>
+			<widget class="TQWidget">
+				<property name="name">
+					<cstring>tab</cstring>
+				</property>
+				<attribute name="title">
+					<string>LDAP Globals</string>
+				</attribute>
+				<grid>
+					<property name="name">
+						<cstring>unnamed</cstring>
+					</property>
+					<widget class="TQGroupBox" row="0" column="0">
 						<property name="name">
-							<cstring>groupDefaults</cstring>
+							<cstring>groupKrbDefaults</cstring>
 						</property>
 						<property name="title">
-							<string>LDAP Default Settings</string>
+							<string>Kerberos Default Settings</string>
 						</property>
 						<grid>
 							<property name="name">
@ -199,6 +229,183 @@
 							</widget>
 						</grid>
 					</widget>
+					<widget class="TQGroupBox" row="1" column="0">
+						<property name="name">
+							<cstring>groupConnectionParameters</cstring>
+						</property>
+						<property name="title">
+							<string>LDAP Connection Parameters</string>
+						</property>
+						<grid>
+							<property name="name">
+								<cstring>unnamed</cstring>
+							</property>
+							<widget class="TQLabel" row="0" column="0">
+								<property name="name">
+									<cstring>unnamed</cstring>
+								</property>
+								<property name="text">
+									<string>LDAP Version</string>
+								</property>
+								<property name="sizePolicy">
+									<sizepolicy>
+										<hsizetype>0</hsizetype>
+										<vsizetype>0</vsizetype>
+										<horstretch>0</horstretch>
+										<verstretch>0</verstretch>
+									</sizepolicy>
+								</property>
+							</widget>
+							<widget class="KIntNumInput" row="0" column="1" >
+								<property name="name">
+									<cstring>ldapVersion</cstring>
+								</property>
+								<property name="minValue">
+									<number>1</number>
+								</property>
+								<property name="maxValue">
+									<number>3</number>
+								</property>
+							</widget>
+							<widget class="TQLabel" row="0" column="2">
+								<property name="name">
+									<cstring>unnamed</cstring>
+								</property>
+								<property name="text">
+									<string>Time Limit (seconds)</string>
+								</property>
+								<property name="sizePolicy">
+									<sizepolicy>
+										<hsizetype>0</hsizetype>
+										<vsizetype>0</vsizetype>
+										<horstretch>0</horstretch>
+										<verstretch>0</verstretch>
+									</sizepolicy>
+								</property>
+							</widget>
+							<widget class="KIntNumInput" row="0" column="3" >
+								<property name="name">
+									<cstring>ldapTimeout</cstring>
+								</property>
+								<property name="minValue">
+									<number>1</number>
+								</property>
+								<property name="maxValue">
+									<number>1000000</number>
+								</property>
+							</widget>
+							<widget class="TQLabel" row="1" column="0">
+								<property name="name">
+									<cstring>unnamed</cstring>
+								</property>
+								<property name="text">
+									<string>Binding Policy</string>
+								</property>
+								<property name="sizePolicy">
+									<sizepolicy>
+										<hsizetype>0</hsizetype>
+										<vsizetype>0</vsizetype>
+										<horstretch>0</horstretch>
+										<verstretch>0</verstretch>
+									</sizepolicy>
+								</property>
+							</widget>
+							<widget class="KComboBox" row="1" column="1" >
+								<property name="name">
+									<cstring>bindPolicy</cstring>
+								</property>
+								<item>
+									<property name="text">
+										<string>soft</string>
+									</property>
+								</item>
+								<item>
+									<property name="text">
+										<string>hard</string>
+									</property>
+								</item>
+							</widget>
+							<widget class="TQLabel" row="1" column="2">
+								<property name="name">
+									<cstring>unnamed</cstring>
+								</property>
+								<property name="text">
+									<string>Binding Time Limit (seconds)</string>
+								</property>
+								<property name="sizePolicy">
+									<sizepolicy>
+										<hsizetype>0</hsizetype>
+										<vsizetype>0</vsizetype>
+										<horstretch>0</horstretch>
+										<verstretch>0</verstretch>
+									</sizepolicy>
+								</property>
+							</widget>
+							<widget class="KIntNumInput" row="1" column="3" >
+								<property name="name">
+									<cstring>ldapBindTimeout</cstring>
+								</property>
+								<property name="minValue">
+									<number>1</number>
+								</property>
+								<property name="maxValue">
+									<number>1000000</number>
+								</property>
+							</widget>
+							<widget class="TQLabel" row="2" column="0">
+								<property name="name">
+									<cstring>unnamed</cstring>
+								</property>
+								<property name="text">
+									<string>Password Hash</string>
+								</property>
+								<property name="sizePolicy">
+									<sizepolicy>
+										<hsizetype>0</hsizetype>
+										<vsizetype>0</vsizetype>
+										<horstretch>0</horstretch>
+										<verstretch>0</verstretch>
+									</sizepolicy>
+								</property>
+							</widget>
+							<widget class="KComboBox" row="2" column="1" >
+								<property name="name">
+									<cstring>passwordHash</cstring>
+								</property>
+								<item>
+									<property name="text">
+										<string>exop</string>
+									</property>
+								</item>
+								<item>
+									<property name="text">
+										<string>md5</string>
+									</property>
+								</item>
+							</widget>
+							<widget class="TQLabel" row="2" column="2">
+								<property name="name">
+									<cstring>unnamed</cstring>
+								</property>
+								<property name="text">
+									<string>Ignored Users</string>
+								</property>
+								<property name="sizePolicy">
+									<sizepolicy>
+										<hsizetype>0</hsizetype>
+										<vsizetype>0</vsizetype>
+										<horstretch>0</horstretch>
+										<verstretch>0</verstretch>
+									</sizepolicy>
+								</property>
+							</widget>
+							<widget class="KLineEdit" row="2" column="3" >
+								<property name="name">
+									<cstring>ignoredUsers</cstring>
+								</property>
+							</widget>
+						</grid>
+					</widget>
 					<spacer row="4" column="0">
 						<property name="name" stdset="0">
 							<cstring>Spacer4</cstring>