Start working on kerberos

pull/1/head
Timothy Pearson 13 years ago
parent 67f4ccf0b6
commit 8daa9e9e96

@ -4,11 +4,9 @@ objectClass: olcHdbConfig
olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: @@@REALM_DCNAME@@@
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none
olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by self write by anonymous auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by
* read
olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * read
olcLastMod: TRUE
olcRootDN: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@
olcRootPW: {SHA}@@@ROOTPW_SHA@@@
@ -18,6 +16,12 @@ olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: krb5PrincipalName eq,pres
olcDbIndex: cn eq,pres,subinitial
olcDbIndex: mail eq,pres
olcDbIndex: uid pres,eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
structuralObjectClass: olcHdbConfig
creatorsName: cn=config
createTimestamp: @@@TIMESTAMP@@@Z

@ -294,6 +294,24 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
tqApp->processEvents();
}
int LDAPController::controlHeimdalServer(sc_command command) {
if (command == SC_START) {
// FIXME
// This assumes Debian!
return system("/etc/init.d/heimdal-kdc start");
}
if (command == SC_STOP) {
// FIXME
// This assumes Debian!
return system("/etc/init.d/heimdal-kdc stop");
}
if (command == SC_RESTART) {
// FIXME
// This assumes Debian!
return system("/etc/init.d/heimdal-kdc restart");
}
}
int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) {
if (command == SC_START) {
// FIXME
@ -318,6 +336,8 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr
}
if (command == SC_SETDBPERMS) {
if ((userid > 0) && (groupid > 0)) {
// FIXME
// This assumes Debian!
TQString command;
command = TQString("chown -R %1 /var/lib/ldap/*").arg(userid);
system(command.ascii());
@ -357,7 +377,7 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY
replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "kadmind.acl", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
@ -387,20 +407,21 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY
// Set permissions
chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(destDir + "kadmind.acl").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(destDir + "kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(destDir + "heimdal-kdc/kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR);
chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR);
chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
pdialog.setStatusMessage(i18n("Purging existing LDAP database..."));
tqApp->processEvents();
controlLDAPServer(SC_PURGE);
pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
tqApp->processEvents();
pdialog.setStatusMessage(i18n("Stopping servers..."));
// Stop Heimdal
if (controlHeimdalServer(SC_STOP) != 0) {
if (errstr) *errstr = i18n("Unable to stop Kerberos server");
pdialog.closeDialog();
return -1;
}
// Stop slapd
if (controlLDAPServer(SC_STOP) != 0) {
if (errstr) *errstr = i18n("Unable to stop LDAP server");
@ -408,6 +429,13 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY
return -1;
}
pdialog.setStatusMessage(i18n("Purging existing LDAP database..."));
tqApp->processEvents();
controlLDAPServer(SC_PURGE);
pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
tqApp->processEvents();
// Load database
KProcess slapadd;
slapadd << "slapadd" << "-l" << configTempDir.name() + "skel.ldif";
@ -432,6 +460,12 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY
pdialog.closeDialog();
return -1;
}
// Start Heimdal
if (controlHeimdalServer(SC_START) != 0) {
if (errstr) *errstr = i18n("Unable to start Kerberos server");
pdialog.closeDialog();
return -1;
}
// RAJA FIXME
pdialog.closeDialog();

@ -86,6 +86,7 @@ class LDAPController: public KCModule
void processLockouts();
private:
int controlHeimdalServer(sc_command command);
int controlLDAPServer(sc_command command, uid_t userid=-1, gid_t groupid=-1);
private:

Loading…
Cancel
Save