Write the LDAP conf file as well

pull/1/head
Timothy Pearson 13 years ago
parent dbaffcee86
commit 94ba247eec

2
debian/control vendored

@ -8,6 +8,6 @@ Standards-Version: 3.8.4
Package: kcontrol-ldap-trinity Package: kcontrol-ldap-trinity
Architecture: any Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, libpam-krb5, libpam-ldap, nss-updatedb, libpam-ccreds
Description: LDAP control module for the TDE control center Description: LDAP control module for the TDE control center
LDAP is a TDE control center module to manage TDE connections to LDAP realms. LDAP is a TDE control center module to manage TDE connections to LDAP realms.

@ -48,6 +48,8 @@
// Connect this to CMake/Automake // Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity" #define KDE_CONFDIR "/etc/trinity"
#define KRB5_FILE "/etc/krb5.conf" #define KRB5_FILE "/etc/krb5.conf"
#define LDAP_FILE "/etc/ldap.conf"
#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory; typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
@ -89,6 +91,13 @@ LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm())); connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm()));
connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties())); connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties()));
connect(base->ldapVersion, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
connect(base->ldapTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
connect(base->bindPolicy, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
connect(base->ldapBindTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
connect(base->passwordHash, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
connect(base->ignoredUsers, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(changed()));
load(); load();
if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) { if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
@ -110,6 +119,8 @@ void LDAPConfig::load() {
void LDAPConfig::load(bool useDefaults ) void LDAPConfig::load(bool useDefaults )
{ {
int i;
//Update the toggle buttons with the current configuration //Update the toggle buttons with the current configuration
systemconfig->setReadDefaults( useDefaults ); systemconfig->setReadDefaults( useDefaults );
@ -118,6 +129,13 @@ void LDAPConfig::load(bool useDefaults )
m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null); m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400); m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
// Load realms // Load realms
m_realms.clear(); m_realms.clear();
TQStringList cfgRealms = systemconfig->groupList(); TQStringList cfgRealms = systemconfig->groupList();
@ -149,6 +167,24 @@ void LDAPConfig::load(bool useDefaults )
} }
base->ticketLifetime->setValue(m_ticketLifetime); base->ticketLifetime->setValue(m_ticketLifetime);
base->ldapVersion->setValue(m_ldapVersion);
base->ldapTimeout->setValue(m_ldapTimeout);
for (i=0; i<base->bindPolicy->count(); i++) {
if (base->bindPolicy->text(i).lower() == m_defaultRealm.lower()) {
base->bindPolicy->setCurrentItem(i);
break;
}
}
base->ldapBindTimeout->setValue(m_ldapBindTimeout);
for (i=0; i<base->passwordHash->count(); i++) {
if (base->passwordHash->text(i).lower() == m_passwordHash.lower()) {
base->passwordHash->setCurrentItem(i);
break;
}
}
base->ignoredUsers->setText(m_ignoredUsers);
updateRealmList(); updateRealmList();
processLockouts(); processLockouts();
@ -186,6 +222,14 @@ void LDAPConfig::save() {
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked()); systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
m_defaultRealm = base->defaultRealm->currentText(); m_defaultRealm = base->defaultRealm->currentText();
m_ticketLifetime = base->ticketLifetime->value(); m_ticketLifetime = base->ticketLifetime->value();
m_ldapVersion = base->ldapVersion->value();
m_ldapTimeout = base->ldapTimeout->value();
m_bindPolicy = base->bindPolicy->currentText();
m_ldapBindTimeout = base->ldapBindTimeout->value();
m_passwordHash = base->passwordHash->currentText();
m_ignoredUsers = base->ignoredUsers->text();
if (m_defaultRealm != "") { if (m_defaultRealm != "") {
systemconfig->writeEntry("DefaultRealm", m_defaultRealm); systemconfig->writeEntry("DefaultRealm", m_defaultRealm);
} }
@ -194,6 +238,13 @@ void LDAPConfig::save() {
} }
systemconfig->writeEntry("TicketLifetime", m_ticketLifetime); systemconfig->writeEntry("TicketLifetime", m_ticketLifetime);
systemconfig->writeEntry("ConnectionLDAPVersion", m_ldapVersion);
systemconfig->writeEntry("ConnectionLDAPTimeout", m_ldapTimeout);
systemconfig->writeEntry("ConnectionBindPolicy", m_bindPolicy);
systemconfig->writeEntry("ConnectionBindTimeout", m_ldapBindTimeout);
systemconfig->writeEntry("ConnectionPasswordHash", m_passwordHash);
systemconfig->writeEntry("ConnectionIgnoredUsers", m_ignoredUsers);
LDAPRealmConfigList::Iterator it; LDAPRealmConfigList::Iterator it;
for (it = m_realms.begin(); it != m_realms.end(); ++it) { for (it = m_realms.begin(); it != m_realms.end(); ++it) {
LDAPRealmConfig realmcfg = it.data(); LDAPRealmConfig realmcfg = it.data();
@ -230,8 +281,12 @@ void LDAPConfig::save() {
systemconfig->sync(); systemconfig->sync();
// Write the Kerberos5 configuration file if (base->systemEnableSupport->isChecked()) {
writeKrb5ConfFile(); // Write the Kerberos5 configuration file
writeKrb5ConfFile();
// Write the LDAP configuration file
writeLDAPConfFile();
}
load(); load();
} }
@ -240,6 +295,8 @@ void LDAPConfig::processLockouts() {
bool panelIsEnabled = base->systemEnableSupport->isChecked(); bool panelIsEnabled = base->systemEnableSupport->isChecked();
base->groupRealms->setEnabled(panelIsEnabled); base->groupRealms->setEnabled(panelIsEnabled);
base->groupKrbDefaults->setEnabled(panelIsEnabled);
base->groupConnectionParameters->setEnabled(panelIsEnabled);
TQListViewItem *selrealm = base->ldapRealmList->selectedItem(); TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
if (selrealm) { if (selrealm) {
@ -414,6 +471,31 @@ void LDAPConfig::writeKrb5ConfFile() {
} }
} }
void LDAPConfig::writeLDAPConfFile() {
TQFile file(LDAP_FILE);
if (file.open(IO_WriteOnly)) {
TQTextStream stream( &file );
LDAPRealmConfig realmcfg = m_realms[m_defaultRealm];
stream << "# This file was automatically generated by TDE\n";
stream << "# All changes will be lost!\n";
stream << "\n";
stream << "host " << realmcfg.admin_server << "\n";
TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
stream << "base dc=" << domainChunks.join(",dc=") << "\n";
stream << "ldap_version " << m_ldapVersion << "\n";
stream << "timelimit " << m_ldapTimeout << "\n";
stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
stream << "pam_password " << m_passwordHash.lower() << "\n";
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
file.close();
}
}
int LDAPConfig::buttons() { int LDAPConfig::buttons() {
return KCModule::Apply|KCModule::Help; return KCModule::Apply|KCModule::Help;
} }

@ -88,6 +88,7 @@ class LDAPConfig: public KCModule
private: private:
void updateRealmList(); void updateRealmList();
void writeKrb5ConfFile(); void writeKrb5ConfFile();
void writeLDAPConfFile();
private: private:
KAboutData *myAboutData; KAboutData *myAboutData;
@ -96,6 +97,13 @@ class LDAPConfig: public KCModule
LDAPRealmConfigList m_realms; LDAPRealmConfigList m_realms;
TQString m_defaultRealm; TQString m_defaultRealm;
int m_ticketLifetime; int m_ticketLifetime;
int m_ldapVersion;
int m_ldapTimeout;
TQString m_bindPolicy;
int m_ldapBindTimeout;
TQString m_passwordHash;
TQString m_ignoredUsers;
}; };
#endif #endif

@ -138,12 +138,42 @@
</widget> </widget>
</grid> </grid>
</widget> </widget>
<widget class="TQGroupBox" row="2" column="0"> <spacer row="4" column="0">
<property name="name" stdset="0">
<cstring>Spacer1</cstring>
</property>
<property name="orientation">
<enum>Vertical</enum>
</property>
<property name="sizeType">
<enum>Expanding</enum>
</property>
<property name="sizeHint">
<size>
<width>20</width>
<height>20</height>
</size>
</property>
</spacer>
</grid>
</widget>
<widget class="TQWidget">
<property name="name">
<cstring>tab</cstring>
</property>
<attribute name="title">
<string>LDAP Globals</string>
</attribute>
<grid>
<property name="name">
<cstring>unnamed</cstring>
</property>
<widget class="TQGroupBox" row="0" column="0">
<property name="name"> <property name="name">
<cstring>groupDefaults</cstring> <cstring>groupKrbDefaults</cstring>
</property> </property>
<property name="title"> <property name="title">
<string>LDAP Default Settings</string> <string>Kerberos Default Settings</string>
</property> </property>
<grid> <grid>
<property name="name"> <property name="name">
@ -199,6 +229,183 @@
</widget> </widget>
</grid> </grid>
</widget> </widget>
<widget class="TQGroupBox" row="1" column="0">
<property name="name">
<cstring>groupConnectionParameters</cstring>
</property>
<property name="title">
<string>LDAP Connection Parameters</string>
</property>
<grid>
<property name="name">
<cstring>unnamed</cstring>
</property>
<widget class="TQLabel" row="0" column="0">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>LDAP Version</string>
</property>
<property name="sizePolicy">
<sizepolicy>
<hsizetype>0</hsizetype>
<vsizetype>0</vsizetype>
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
<widget class="KIntNumInput" row="0" column="1" >
<property name="name">
<cstring>ldapVersion</cstring>
</property>
<property name="minValue">
<number>1</number>
</property>
<property name="maxValue">
<number>3</number>
</property>
</widget>
<widget class="TQLabel" row="0" column="2">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Time Limit (seconds)</string>
</property>
<property name="sizePolicy">
<sizepolicy>
<hsizetype>0</hsizetype>
<vsizetype>0</vsizetype>
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
<widget class="KIntNumInput" row="0" column="3" >
<property name="name">
<cstring>ldapTimeout</cstring>
</property>
<property name="minValue">
<number>1</number>
</property>
<property name="maxValue">
<number>1000000</number>
</property>
</widget>
<widget class="TQLabel" row="1" column="0">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Binding Policy</string>
</property>
<property name="sizePolicy">
<sizepolicy>
<hsizetype>0</hsizetype>
<vsizetype>0</vsizetype>
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
<widget class="KComboBox" row="1" column="1" >
<property name="name">
<cstring>bindPolicy</cstring>
</property>
<item>
<property name="text">
<string>soft</string>
</property>
</item>
<item>
<property name="text">
<string>hard</string>
</property>
</item>
</widget>
<widget class="TQLabel" row="1" column="2">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Binding Time Limit (seconds)</string>
</property>
<property name="sizePolicy">
<sizepolicy>
<hsizetype>0</hsizetype>
<vsizetype>0</vsizetype>
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
<widget class="KIntNumInput" row="1" column="3" >
<property name="name">
<cstring>ldapBindTimeout</cstring>
</property>
<property name="minValue">
<number>1</number>
</property>
<property name="maxValue">
<number>1000000</number>
</property>
</widget>
<widget class="TQLabel" row="2" column="0">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Password Hash</string>
</property>
<property name="sizePolicy">
<sizepolicy>
<hsizetype>0</hsizetype>
<vsizetype>0</vsizetype>
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
<widget class="KComboBox" row="2" column="1" >
<property name="name">
<cstring>passwordHash</cstring>
</property>
<item>
<property name="text">
<string>exop</string>
</property>
</item>
<item>
<property name="text">
<string>md5</string>
</property>
</item>
</widget>
<widget class="TQLabel" row="2" column="2">
<property name="name">
<cstring>unnamed</cstring>
</property>
<property name="text">
<string>Ignored Users</string>
</property>
<property name="sizePolicy">
<sizepolicy>
<hsizetype>0</hsizetype>
<vsizetype>0</vsizetype>
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
</widget>
<widget class="KLineEdit" row="2" column="3" >
<property name="name">
<cstring>ignoredUsers</cstring>
</property>
</widget>
</grid>
</widget>
<spacer row="4" column="0"> <spacer row="4" column="0">
<property name="name" stdset="0"> <property name="name" stdset="0">
<cstring>Spacer4</cstring> <cstring>Spacer4</cstring>

Loading…
Cancel
Save