|
|
@ -4346,11 +4346,14 @@ int LDAPManager::generateClientCertificatePublicCertificate(int expirydays, LDAP
|
|
|
|
|
|
|
|
|
|
|
|
TQString common_name = TQString::null;
|
|
|
|
TQString common_name = TQString::null;
|
|
|
|
if (user.name != "") {
|
|
|
|
if (user.name != "") {
|
|
|
|
common_name = TQString("/uid=%1").arg(user.name);
|
|
|
|
// TODO
|
|
|
|
|
|
|
|
// Determine if uid or CN is the best identifier
|
|
|
|
|
|
|
|
// common_name = TQString("/uid=%1").arg(user.name);
|
|
|
|
|
|
|
|
common_name = TQString("/CN=%1").arg(user.name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
subject = TQString("\"/CN=%1%2%3\"").arg(user.name).arg(openssldcForRealm(realmcfg.name)).arg(common_name);
|
|
|
|
subject = TQString("\"%1%2\"").arg(openssldcForRealm(realmcfg.name)).arg(common_name);
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(client_cfgfile).arg(subject);
|
|
|
|
if (system(command) < 0) {
|
|
|
|
if (system(command) < 0) {
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
return -1;
|
|
|
|
return -1;
|
|
|
@ -4913,6 +4916,12 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse
|
|
|
|
stream << "# This file was automatically generated by TDE\n";
|
|
|
|
stream << "# This file was automatically generated by TDE\n";
|
|
|
|
stream << "# All changes will be lost!\n";
|
|
|
|
stream << "# All changes will be lost!\n";
|
|
|
|
stream << "\n";
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
stream << "oid_section = new_oids" << "\n";
|
|
|
|
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
stream << "[new_oids]" << "\n";
|
|
|
|
|
|
|
|
stream << "uid = 0.9.2342.19200300.100.1.1" << "\n";
|
|
|
|
|
|
|
|
stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n";
|
|
|
|
|
|
|
|
stream << "\n";
|
|
|
|
stream << "[ca]" << "\n";
|
|
|
|
stream << "[ca]" << "\n";
|
|
|
|
stream << "default_ca = certificate_authority" << "\n";
|
|
|
|
stream << "default_ca = certificate_authority" << "\n";
|
|
|
|
stream << "\n";
|
|
|
|
stream << "\n";
|
|
|
|