diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index 303a756..ff350b6 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -4,11 +4,9 @@ objectClass: olcHdbConfig olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb olcDbDirectory: /var/lib/ldap olcSuffix: @@@REALM_DCNAME@@@ -olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou - s auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none +olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by self write by anonymous auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none olcAccess: {1}to dn.base="" by * read -olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by - * read +olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * read olcLastMod: TRUE olcRootDN: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ olcRootPW: {SHA}@@@ROOTPW_SHA@@@ @@ -18,6 +16,12 @@ olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq +olcDbIndex: krb5PrincipalName eq,pres +olcDbIndex: cn eq,pres,subinitial +olcDbIndex: mail eq,pres +olcDbIndex: uid pres,eq +olcDbIndex: uidNumber eq +olcDbIndex: gidNumber eq structuralObjectClass: olcHdbConfig creatorsName: cn=config createTimestamp: @@@TIMESTAMP@@@Z diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 427148b..4bcf59d 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -294,6 +294,24 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi tqApp->processEvents(); } +int LDAPController::controlHeimdalServer(sc_command command) { + if (command == SC_START) { + // FIXME + // This assumes Debian! + return system("/etc/init.d/heimdal-kdc start"); + } + if (command == SC_STOP) { + // FIXME + // This assumes Debian! + return system("/etc/init.d/heimdal-kdc stop"); + } + if (command == SC_RESTART) { + // FIXME + // This assumes Debian! + return system("/etc/init.d/heimdal-kdc restart"); + } +} + int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t groupid) { if (command == SC_START) { // FIXME @@ -318,6 +336,8 @@ int LDAPController::controlLDAPServer(sc_command command, uid_t userid, gid_t gr } if (command == SC_SETDBPERMS) { if ((userid > 0) && (groupid > 0)) { + // FIXME + // This assumes Debian! TQString command; command = TQString("chown -R %1 /var/lib/ldap/*").arg(userid); system(command.ascii()); @@ -357,7 +377,7 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "kadmind.acl", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); @@ -387,20 +407,21 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY // Set permissions chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); chmod(TQString(destDir + "kadmind.acl").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); - chmod(TQString(destDir + "kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); + chmod(TQString(destDir + "heimdal-kdc/kdc.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR); chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR); chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); - pdialog.setStatusMessage(i18n("Purging existing LDAP database...")); - tqApp->processEvents(); - controlLDAPServer(SC_PURGE); - - pdialog.setStatusMessage(i18n("Loading initial database into LDAP...")); - tqApp->processEvents(); + pdialog.setStatusMessage(i18n("Stopping servers...")); + // Stop Heimdal + if (controlHeimdalServer(SC_STOP) != 0) { + if (errstr) *errstr = i18n("Unable to stop Kerberos server"); + pdialog.closeDialog(); + return -1; + } // Stop slapd if (controlLDAPServer(SC_STOP) != 0) { if (errstr) *errstr = i18n("Unable to stop LDAP server"); @@ -408,6 +429,13 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY return -1; } + pdialog.setStatusMessage(i18n("Purging existing LDAP database...")); + tqApp->processEvents(); + controlLDAPServer(SC_PURGE); + + pdialog.setStatusMessage(i18n("Loading initial database into LDAP...")); + tqApp->processEvents(); + // Load database KProcess slapadd; slapadd << "slapadd" << "-l" << configTempDir.name() + "skel.ldif"; @@ -432,6 +460,12 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY pdialog.closeDialog(); return -1; } + // Start Heimdal + if (controlHeimdalServer(SC_START) != 0) { + if (errstr) *errstr = i18n("Unable to start Kerberos server"); + pdialog.closeDialog(); + return -1; + } // RAJA FIXME pdialog.closeDialog(); diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h index f5bd2a7..85fc334 100644 --- a/src/ldapcontroller.h +++ b/src/ldapcontroller.h @@ -86,6 +86,7 @@ class LDAPController: public KCModule void processLockouts(); private: + int controlHeimdalServer(sc_command command); int controlLDAPServer(sc_command command, uid_t userid=-1, gid_t groupid=-1); private: