diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 872b436..49425b8 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -3260,7 +3260,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN;
ridString.sprintf("%03d", rid);
databaseDN = "cn=config";
- serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand");
+ serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand");
if (replicationinfo.certificateFile != "") {
serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
}
@@ -3307,7 +3307,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN;
ridString.sprintf("%03d", rid);
databaseDN = m_basedc;
- serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout);
+ serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand");
+ if (replicationinfo.certificateFile != "") {
+ serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
+ }
+ if (replicationinfo.caCertificateFile != "") {
+ serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile));
+ }
syncReplServerList.append(serverSyncReplString);
rid++;
}
@@ -3396,95 +3402,93 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
else KMessageBox::error(0, *readOnlyErrorString, i18n("LDAP Error"));
return -2;
}
- if (currentReplicationInfo.enabled != replicationinfo.enabled) {
- if (replicationinfo.enabled) {
- // Set up replication
- // NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
+ if (replicationinfo.enabled) {
+ // Set up replication
+ // NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
- // Check to see if the syncprov overlay entries already exist
- bool haveOlcOverlaySyncProv = false;
- LDAPMessage* msg;
- retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
- if (retcode != LDAP_SUCCESS) {
- if (errstr) *errstr = i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode));
- else KMessageBox::error(0, i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
- return -2;
- }
-
- // Iterate through the returned entries
- LDAPMessage* entry;
- for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
- if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") {
- haveOlcOverlaySyncProv = true;
- }
- }
-
- // clean up
- ldap_msgfree(msg);
+ // Check to see if the syncprov overlay entries already exist
+ bool haveOlcOverlaySyncProv = false;
+ LDAPMessage* msg;
+ retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+ if (retcode != LDAP_SUCCESS) {
+ if (errstr) *errstr = i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ return -2;
+ }
- if (!haveOlcOverlaySyncProv) {
- // Create the base DN entry
- int number_of_parameters = 1; // 1 primary attribute
- LDAPMod *mods[number_of_parameters+1];
- set_up_attribute_operations(mods, number_of_parameters);
-
- // Load initial required LDAP object attributes
- i=0;
- TQStringList objectClassList;
- objectClassList.append("olcOverlayConfig");
- objectClassList.append("olcSyncProvConfig");
- create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
- LDAPMod *prevterm = mods[i];
- mods[i] = NULL;
-
- // Add new object
- retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
-
- // Clean up
- clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-
- if (retcode != LDAP_SUCCESS) {
- if (errstr) {
- *errstr = i18n("LDAP overlay configuration failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode));
- }
- else {
- KMessageBox::error(0, i18n("LDAP overlay configuration failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
- }
- return -2;
- }
+ // Iterate through the returned entries
+ LDAPMessage* entry;
+ for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+ if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") {
+ haveOlcOverlaySyncProv = true;
}
}
- else {
- // Check to see if the syncprov overlay entries exist
- TQString olcOverlaySyncProvAttr;
- LDAPMessage* msg;
- retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
- if (retcode != LDAP_SUCCESS) {
- if (errstr) *errstr = i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode));
- else KMessageBox::error(0, i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
- return -2;
- }
+
+ // clean up
+ ldap_msgfree(msg);
+
+ if (!haveOlcOverlaySyncProv) {
+ // Create the base DN entry
+ int number_of_parameters = 1; // 1 primary attribute
+ LDAPMod *mods[number_of_parameters+1];
+ set_up_attribute_operations(mods, number_of_parameters);
+
+ // Load initial required LDAP object attributes
+ i=0;
+ TQStringList objectClassList;
+ objectClassList.append("olcOverlayConfig");
+ objectClassList.append("olcSyncProvConfig");
+ create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
+ LDAPMod *prevterm = mods[i];
+ mods[i] = NULL;
+
+ // Add new object
+ retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
+
+ // Clean up
+ clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
- // Iterate through the returned entries
- LDAPMessage* entry;
- for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
- olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry);
- if (olcOverlaySyncProvAttr != "") {
- break;
+ if (retcode != LDAP_SUCCESS) {
+ if (errstr) {
+ *errstr = i18n("LDAP overlay configuration failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode));
+ }
+ else {
+ KMessageBox::error(0, i18n("LDAP overlay configuration failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
}
+ return -2;
}
-
- // clean up
- ldap_msgfree(msg);
-
+ }
+ }
+ else {
+ // Check to see if the syncprov overlay entries exist
+ TQString olcOverlaySyncProvAttr;
+ LDAPMessage* msg;
+ retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+ if (retcode != LDAP_SUCCESS) {
+ if (errstr) *errstr = i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode));
+ else KMessageBox::error(0, i18n("LDAP search failureReason: [%3] %4
").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+ return -2;
+ }
+
+ // Iterate through the returned entries
+ LDAPMessage* entry;
+ for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+ olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry);
if (olcOverlaySyncProvAttr != "") {
- // FIXME
- // OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
- // See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
- // If it were possible, the code would look something like this:
- // retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
+ break;
}
}
+
+ // clean up
+ ldap_msgfree(msg);
+
+ if (olcOverlaySyncProvAttr != "") {
+ // FIXME
+ // OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
+ // See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
+ // If it were possible, the code would look something like this:
+ // retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
+ }
}
return 0;
}