Properly set up syncrepl

pull/1/head
Timothy Pearson 12 years ago
parent c8902fca04
commit a9affe1102

@ -3260,7 +3260,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN; TQString databaseDN;
ridString.sprintf("%03d", rid); ridString.sprintf("%03d", rid);
databaseDN = "cn=config"; databaseDN = "cn=config";
serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand"); serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand");
if (replicationinfo.certificateFile != "") { if (replicationinfo.certificateFile != "") {
serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile)); serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
} }
@ -3307,7 +3307,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
TQString databaseDN; TQString databaseDN;
ridString.sprintf("%03d", rid); ridString.sprintf("%03d", rid);
databaseDN = m_basedc; databaseDN = m_basedc;
serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout); serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand");
if (replicationinfo.certificateFile != "") {
serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
}
if (replicationinfo.caCertificateFile != "") {
serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile));
}
syncReplServerList.append(serverSyncReplString); syncReplServerList.append(serverSyncReplString);
rid++; rid++;
} }
@ -3396,94 +3402,92 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
else KMessageBox::error(0, *readOnlyErrorString, i18n("LDAP Error")); else KMessageBox::error(0, *readOnlyErrorString, i18n("LDAP Error"));
return -2; return -2;
} }
if (currentReplicationInfo.enabled != replicationinfo.enabled) { if (replicationinfo.enabled) {
if (replicationinfo.enabled) { // Set up replication
// Set up replication // NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
// NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
// Check to see if the syncprov overlay entries already exist // Check to see if the syncprov overlay entries already exist
bool haveOlcOverlaySyncProv = false; bool haveOlcOverlaySyncProv = false;
LDAPMessage* msg; LDAPMessage* msg;
retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) { if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2; return -2;
} }
// Iterate through the returned entries // Iterate through the returned entries
LDAPMessage* entry; LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") { if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") {
haveOlcOverlaySyncProv = true; haveOlcOverlaySyncProv = true;
}
} }
}
// clean up // clean up
ldap_msgfree(msg); ldap_msgfree(msg);
if (!haveOlcOverlaySyncProv) {
// Create the base DN entry
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load initial required LDAP object attributes
i=0;
TQStringList objectClassList;
objectClassList.append("olcOverlayConfig");
objectClassList.append("olcSyncProvConfig");
create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Add new object
retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if (!haveOlcOverlaySyncProv) {
// Create the base DN entry
int number_of_parameters = 1; // 1 primary attribute
LDAPMod *mods[number_of_parameters+1];
set_up_attribute_operations(mods, number_of_parameters);
// Load initial required LDAP object attributes
i=0;
TQStringList objectClassList;
objectClassList.append("olcOverlayConfig");
objectClassList.append("olcSyncProvConfig");
create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
LDAPMod *prevterm = mods[i];
mods[i] = NULL;
// Add new object
retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
// Clean up
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
if (retcode != LDAP_SUCCESS) {
if (errstr) {
*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
}
else {
KMessageBox::error(0, i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
}
return -2;
}
}
}
else {
// Check to see if the syncprov overlay entries exist
TQString olcOverlaySyncProvAttr;
LDAPMessage* msg;
retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) { if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); if (errstr) {
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); *errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
}
else {
KMessageBox::error(0, i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
}
return -2; return -2;
} }
}
}
else {
// Check to see if the syncprov overlay entries exist
TQString olcOverlaySyncProvAttr;
LDAPMessage* msg;
retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
if (retcode != LDAP_SUCCESS) {
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
return -2;
}
// Iterate through the returned entries // Iterate through the returned entries
LDAPMessage* entry; LDAPMessage* entry;
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry); olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry);
if (olcOverlaySyncProvAttr != "") { if (olcOverlaySyncProvAttr != "") {
break; break;
}
} }
}
// clean up // clean up
ldap_msgfree(msg); ldap_msgfree(msg);
if (olcOverlaySyncProvAttr != "") { if (olcOverlaySyncProvAttr != "") {
// FIXME // FIXME
// OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files) // OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
// See http://www.openldap.org/lists/openldap-software/200811/msg00103.html // See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
// If it were possible, the code would look something like this: // If it were possible, the code would look something like this:
// retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL); // retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
}
} }
} }
return 0; return 0;

Loading…
Cancel
Save