@ -3260,7 +3260,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN ;
TQString databaseDN ;
ridString . sprintf ( " %03d " , rid ) ;
ridString . sprintf ( " %03d " , rid ) ;
databaseDN = " cn=config " ;
databaseDN = " cn=config " ;
serverSyncReplString = TQString ( " rid=%1 provider=ldaps://%2/ binddn= \" %3 \" bindmethod=simple credentials= \" %4 \" searchbase= \" %5 \" type=refreshAndPersist retry= \" %5 \" timeout=%6 tls_reqcert=%6 " ) . arg ( ridString ) . arg ( ( * it ) . fqdn ) . arg ( replicationinfo . syncDN ) . arg ( replicationinfo . syncPassword ) . arg ( databaseDN ) . arg ( replicationinfo . retryMethod ) . arg ( replicationinfo . timeout ) . arg ( ( replicationinfo . ignore_ssl_failure ) ? " allow " : " demand " ) ;
serverSyncReplString = TQString ( " rid=%1 provider=ldaps://%2/ binddn= \" %3 \" bindmethod=simple credentials= \" %4 \" searchbase= \" %5 \" type=refreshAndPersist retry= \" %5 \" timeout=%6 tls_reqcert=%6 " ) . arg ( ridString ) . arg ( ( * it ) . fqdn ) . arg ( replicationinfo . syncDN ) . arg ( replicationinfo . syncPassword ) . arg ( databaseDN ) . arg ( replicationinfo . retryMethod ) . arg ( replicationinfo . timeout ) . arg ( ( replicationinfo . ignore_ssl_failure ) ? " never " : " demand " ) ;
if ( replicationinfo . certificateFile ! = " " ) {
if ( replicationinfo . certificateFile ! = " " ) {
serverSyncReplString . append ( TQString ( " tls_cert= \" %1 \" " ) . arg ( replicationinfo . certificateFile ) ) ;
serverSyncReplString . append ( TQString ( " tls_cert= \" %1 \" " ) . arg ( replicationinfo . certificateFile ) ) ;
}
}
@ -3307,7 +3307,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN ;
TQString databaseDN ;
ridString . sprintf ( " %03d " , rid ) ;
ridString . sprintf ( " %03d " , rid ) ;
databaseDN = m_basedc ;
databaseDN = m_basedc ;
serverSyncReplString = TQString ( " rid=%1 provider=ldaps://%2/ binddn= \" %3 \" bindmethod=simple credentials= \" %4 \" searchbase= \" %5 \" type=refreshAndPersist retry= \" %5 \" timeout=%6 " ) . arg ( ridString ) . arg ( ( * it ) . fqdn ) . arg ( replicationinfo . syncDN ) . arg ( replicationinfo . syncPassword ) . arg ( databaseDN ) . arg ( replicationinfo . retryMethod ) . arg ( replicationinfo . timeout ) ;
serverSyncReplString = TQString ( " rid=%1 provider=ldaps://%2/ binddn= \" %3 \" bindmethod=simple credentials= \" %4 \" searchbase= \" %5 \" type=refreshAndPersist retry= \" %5 \" timeout=%6 tls_reqcert=%6 " ) . arg ( ridString ) . arg ( ( * it ) . fqdn ) . arg ( replicationinfo . syncDN ) . arg ( replicationinfo . syncPassword ) . arg ( databaseDN ) . arg ( replicationinfo . retryMethod ) . arg ( replicationinfo . timeout ) . arg ( ( replicationinfo . ignore_ssl_failure ) ? " never " : " demand " ) ;
if ( replicationinfo . certificateFile ! = " " ) {
serverSyncReplString . append ( TQString ( " tls_cert= \" %1 \" " ) . arg ( replicationinfo . certificateFile ) ) ;
}
if ( replicationinfo . caCertificateFile ! = " " ) {
serverSyncReplString . append ( TQString ( " tls_cacert= \" %1 \" " ) . arg ( replicationinfo . caCertificateFile ) ) ;
}
syncReplServerList . append ( serverSyncReplString ) ;
syncReplServerList . append ( serverSyncReplString ) ;
rid + + ;
rid + + ;
}
}
@ -3396,94 +3402,92 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
else KMessageBox : : error ( 0 , * readOnlyErrorString , i18n ( " LDAP Error " ) ) ;
else KMessageBox : : error ( 0 , * readOnlyErrorString , i18n ( " LDAP Error " ) ) ;
return - 2 ;
return - 2 ;
}
}
if ( currentReplicationInfo . enabled ! = replicationinfo . enabled ) {
if ( replicationinfo . enabled ) {
if ( replicationinfo . enabled ) {
// Set up replication
// Set up replication
// NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
// NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
// Check to see if the syncprov overlay entries already exist
// Check to see if the syncprov overlay entries already exist
bool haveOlcOverlaySyncProv = false ;
bool haveOlcOverlaySyncProv = false ;
LDAPMessage * msg ;
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , " olcDatabase={0}config,cn=config " , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
retcode = ldap_search_ext_s ( m_ldap , " olcDatabase={0}config,cn=config " , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
return - 2 ;
}
}
// Iterate through the returned entries
// Iterate through the returned entries
LDAPMessage * entry ;
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
if ( parseLDAPSyncProvOverlayConfigRecord ( entry ) ! = " " ) {
if ( parseLDAPSyncProvOverlayConfigRecord ( entry ) ! = " " ) {
haveOlcOverlaySyncProv = true ;
haveOlcOverlaySyncProv = true ;
}
}
}
}
// clean up
// clean up
ldap_msgfree ( msg ) ;
ldap_msgfree ( msg ) ;
if ( ! haveOlcOverlaySyncProv ) {
// Create the base DN entry
int number_of_parameters = 1 ; // 1 primary attribute
LDAPMod * mods [ number_of_parameters + 1 ] ;
set_up_attribute_operations ( mods , number_of_parameters ) ;
// Load initial required LDAP object attributes
i = 0 ;
TQStringList objectClassList ;
objectClassList . append ( " olcOverlayConfig " ) ;
objectClassList . append ( " olcSyncProvConfig " ) ;
create_multiple_attributes_operation ( mods , & i , " objectClass " , objectClassList ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Add new object
retcode = ldap_add_ext_s ( m_ldap , " olcOverlay=syncprov,olcDatabase={0}config,cn=config " , mods , NULL , NULL ) ;
// Clean up
clean_up_attribute_operations ( i , mods , prevterm , number_of_parameters ) ;
if ( ! haveOlcOverlaySyncProv ) {
// Create the base DN entry
int number_of_parameters = 1 ; // 1 primary attribute
LDAPMod * mods [ number_of_parameters + 1 ] ;
set_up_attribute_operations ( mods , number_of_parameters ) ;
// Load initial required LDAP object attributes
i = 0 ;
TQStringList objectClassList ;
objectClassList . append ( " olcOverlayConfig " ) ;
objectClassList . append ( " olcSyncProvConfig " ) ;
create_multiple_attributes_operation ( mods , & i , " objectClass " , objectClassList ) ;
LDAPMod * prevterm = mods [ i ] ;
mods [ i ] = NULL ;
// Add new object
retcode = ldap_add_ext_s ( m_ldap , " olcOverlay=syncprov,olcDatabase={0}config,cn=config " , mods , NULL , NULL ) ;
// Clean up
clean_up_attribute_operations ( i , mods , prevterm , number_of_parameters ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) {
* errstr = i18n ( " <qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
}
else {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
}
return - 2 ;
}
}
}
else {
// Check to see if the syncprov overlay entries exist
TQString olcOverlaySyncProvAttr ;
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , " olcDatabase={0}config,cn=config " , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
if ( errstr ) {
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
* errstr = i18n ( " <qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
}
else {
KMessageBox : : error ( 0 , i18n ( " <qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
}
return - 2 ;
return - 2 ;
}
}
}
}
else {
// Check to see if the syncprov overlay entries exist
TQString olcOverlaySyncProvAttr ;
LDAPMessage * msg ;
retcode = ldap_search_ext_s ( m_ldap , " olcDatabase={0}config,cn=config " , LDAP_SCOPE_SUBTREE , NULL , ldap_user_and_operational_attributes , 0 , NULL , NULL , NULL , 0 , & msg ) ;
if ( retcode ! = LDAP_SUCCESS ) {
if ( errstr ) * errstr = i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) ;
else KMessageBox : : error ( 0 , i18n ( " <qt>LDAP search failure<p>Reason: [%3] %4</qt> " ) . arg ( retcode ) . arg ( ldap_err2string ( retcode ) ) , i18n ( " LDAP Error " ) ) ;
return - 2 ;
}
// Iterate through the returned entries
// Iterate through the returned entries
LDAPMessage * entry ;
LDAPMessage * entry ;
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
for ( entry = ldap_first_entry ( m_ldap , msg ) ; entry ! = NULL ; entry = ldap_next_entry ( m_ldap , entry ) ) {
olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord ( entry ) ;
olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord ( entry ) ;
if ( olcOverlaySyncProvAttr ! = " " ) {
if ( olcOverlaySyncProvAttr ! = " " ) {
break ;
break ;
}
}
}
}
// clean up
// clean up
ldap_msgfree ( msg ) ;
ldap_msgfree ( msg ) ;
if ( olcOverlaySyncProvAttr ! = " " ) {
if ( olcOverlaySyncProvAttr ! = " " ) {
// FIXME
// FIXME
// OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
// OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
// See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
// See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
// If it were possible, the code would look something like this:
// If it were possible, the code would look something like this:
// retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
// retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
}
}
}
}
}
return 0 ;
return 0 ;