diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 872b436..49425b8 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -3260,7 +3260,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl TQString databaseDN; ridString.sprintf("%03d", rid); databaseDN = "cn=config"; - serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand"); + serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand"); if (replicationinfo.certificateFile != "") { serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile)); } @@ -3307,7 +3307,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl TQString databaseDN; ridString.sprintf("%03d", rid); databaseDN = m_basedc; - serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout); + serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand"); + if (replicationinfo.certificateFile != "") { + serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile)); + } + if (replicationinfo.caCertificateFile != "") { + serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile)); + } syncReplServerList.append(serverSyncReplString); rid++; } @@ -3396,95 +3402,93 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl else KMessageBox::error(0, *readOnlyErrorString, i18n("LDAP Error")); return -2; } - if (currentReplicationInfo.enabled != replicationinfo.enabled) { - if (replicationinfo.enabled) { - // Set up replication - // NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration + if (replicationinfo.enabled) { + // Set up replication + // NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration - // Check to see if the syncprov overlay entries already exist - bool haveOlcOverlaySyncProv = false; - LDAPMessage* msg; - retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); - if (retcode != LDAP_SUCCESS) { - if (errstr) *errstr = i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); - else KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } - - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") { - haveOlcOverlaySyncProv = true; - } - } - - // clean up - ldap_msgfree(msg); + // Check to see if the syncprov overlay entries already exist + bool haveOlcOverlaySyncProv = false; + LDAPMessage* msg; + retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } - if (!haveOlcOverlaySyncProv) { - // Create the base DN entry - int number_of_parameters = 1; // 1 primary attribute - LDAPMod *mods[number_of_parameters+1]; - set_up_attribute_operations(mods, number_of_parameters); - - // Load initial required LDAP object attributes - i=0; - TQStringList objectClassList; - objectClassList.append("olcOverlayConfig"); - objectClassList.append("olcSyncProvConfig"); - create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList); - LDAPMod *prevterm = mods[i]; - mods[i] = NULL; - - // Add new object - retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL); - - // Clean up - clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - - if (retcode != LDAP_SUCCESS) { - if (errstr) { - *errstr = i18n("LDAP overlay configuration failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); - } - else { - KMessageBox::error(0, i18n("LDAP overlay configuration failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - } - return -2; - } + // Iterate through the returned entries + LDAPMessage* entry; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") { + haveOlcOverlaySyncProv = true; } } - else { - // Check to see if the syncprov overlay entries exist - TQString olcOverlaySyncProvAttr; - LDAPMessage* msg; - retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); - if (retcode != LDAP_SUCCESS) { - if (errstr) *errstr = i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); - else KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); - return -2; - } + + // clean up + ldap_msgfree(msg); + + if (!haveOlcOverlaySyncProv) { + // Create the base DN entry + int number_of_parameters = 1; // 1 primary attribute + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load initial required LDAP object attributes + i=0; + TQStringList objectClassList; + objectClassList.append("olcOverlayConfig"); + objectClassList.append("olcSyncProvConfig"); + create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Add new object + retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); - // Iterate through the returned entries - LDAPMessage* entry; - for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { - olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry); - if (olcOverlaySyncProvAttr != "") { - break; + if (retcode != LDAP_SUCCESS) { + if (errstr) { + *errstr = i18n("LDAP overlay configuration failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); + } + else { + KMessageBox::error(0, i18n("LDAP overlay configuration failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); } + return -2; } - - // clean up - ldap_msgfree(msg); - + } + } + else { + // Check to see if the syncprov overlay entries exist + TQString olcOverlaySyncProvAttr; + LDAPMessage* msg; + retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("LDAP search failure

Reason: [%3] %4").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + + // Iterate through the returned entries + LDAPMessage* entry; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry); if (olcOverlaySyncProvAttr != "") { - // FIXME - // OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files) - // See http://www.openldap.org/lists/openldap-software/200811/msg00103.html - // If it were possible, the code would look something like this: - // retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL); + break; } } + + // clean up + ldap_msgfree(msg); + + if (olcOverlaySyncProvAttr != "") { + // FIXME + // OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files) + // See http://www.openldap.org/lists/openldap-software/200811/msg00103.html + // If it were possible, the code would look something like this: + // retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL); + } } return 0; }