" + i18n("Likely cause") + ":
");
+ if (ret.contains("
")) {
+ ret.prepend("
" + i18n("Potential causes") + ":
");
+ }
+ else {
+ ret.prepend("
" + i18n("Potential cause") + ":
");
+ }
}
return ret;
@@ -109,7 +120,31 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
return 0;
}
- int use_secure_connection = 0;
+ bool using_ldapi = false;
+ if (m_host.startsWith("ldapi://")) {
+ using_ldapi = true;
+ }
+ bool havepass = false;
+ if (m_creds || using_ldapi) {
+ havepass = true;
+ }
+ else {
+printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout);
+ LDAPPasswordDialog passdlg(0);
+ passdlg.m_base->ldapAdminRealm->setEnabled(false);
+ passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
+ passdlg.m_base->ldapUseTLS->setChecked(true);
+ if (passdlg.exec() == TQDialog::Accepted) {
+ havepass = true;
+ if (!m_creds) {
+ m_creds = new LDAPCredentials();
+ m_creds->username = passdlg.m_base->ldapAdminUsername->text();
+ m_creds->password = passdlg.m_base->ldapAdminPassword->password();
+ m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
+ m_creds->use_tls = passdlg.m_base->ldapUseTLS->isOn();
+ }
+ }
+ }
TQString uri;
if (m_host.contains("://")) {
@@ -122,7 +157,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
}
}
else {
- if (use_secure_connection == 1) {
+ if (m_creds->use_tls) {
m_port = LDAP_SECURE_PORT;
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
}
@@ -148,25 +183,6 @@ printf("[RAJA DEBUG 600.1] URI: %s\n\r", uri.ascii()); fflush(stdout);
printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
TQString errorString;
- bool havepass = false;
- if (m_creds) {
- havepass = true;
- }
- else {
-printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
- LDAPPasswordDialog passdlg(0);
- passdlg.m_base->ldapAdminRealm->setEnabled(false);
- passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
- if (passdlg.exec() == TQDialog::Accepted) {
- havepass = true;
- if (!m_creds) {
- m_creds = new LDAPCredentials();
- m_creds->username = passdlg.m_base->ldapAdminUsername->text();
- m_creds->password = passdlg.m_base->ldapAdminPassword->password();
- m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
- }
- }
- }
if (havepass == true) {
char* mechanism = NULL;
struct berval cred;
@@ -175,7 +191,7 @@ printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
cred.bv_val = pass.data();
cred.bv_len = pass.length();
printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
- if (!uri.startsWith("ldapi://")) {
+ if (!using_ldapi) {
if (!ldap_dn.contains(",")) {
// Look for a POSIX account with anonymous bind and the specified account name
TQString uri;
@@ -184,7 +200,7 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
uri = m_host;
}
else {
- if (use_secure_connection == 1) {
+ if (m_creds->use_tls) {
m_port = LDAP_SECURE_PORT;
uri = TQString("ldaps://%1:%2").arg(m_host).arg(m_port);
}
@@ -1398,11 +1414,14 @@ void LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg) {
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
stream << "pam_password " << m_passwordHash.lower() << "\n";
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
+ stream << "tls_cacert /etc/trinity/ldap/tde-ca/public/argus5.starlink.edu.ldap.crt" << "\n";
}
file.close();
}
+ chmod(LDAP_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+
delete systemconfig;
}
@@ -1473,6 +1492,15 @@ TQString LDAPManager::getMachineFQDN() {
//
// ===============================================================================================================
+LDAPCredentials::LDAPCredentials() {
+ // TQStrings are always initialized to TQString::null, so they don't need initialization here...
+ use_tls = true;
+}
+
+LDAPCredentials::~LDAPCredentials() {
+ //
+}
+
LDAPUserInfo::LDAPUserInfo() {
// TQStrings are always initialized to TQString::null, so they don't need initialization here...
informationValid = false;
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 38ae847..bf0106a 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -65,10 +65,15 @@ typedef TQValueList