|
|
|
|
@ -54,13 +54,11 @@
|
|
|
|
|
// Connect this to CMake/Automake
|
|
|
|
|
#define KDE_CONFDIR "/etc/trinity"
|
|
|
|
|
#define KRB5_FILE "/etc/krb5.conf"
|
|
|
|
|
#define LDAP_FILE "/etc/ldap.conf"
|
|
|
|
|
#define NSSWITCH_FILE "/etc/nsswitch.conf"
|
|
|
|
|
#define PAMD_DIRECTORY "/etc/pam.d/"
|
|
|
|
|
#define PAMD_COMMON_ACCOUNT "common-account"
|
|
|
|
|
#define PAMD_COMMON_AUTH "common-auth"
|
|
|
|
|
#define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db"
|
|
|
|
|
#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
|
|
|
|
|
|
|
|
|
|
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
|
|
|
|
|
|
|
|
|
|
@ -302,40 +300,7 @@ void LDAPConfig::save() {
|
|
|
|
|
systemconfig->writeEntry("ConnectionPasswordHash", m_passwordHash);
|
|
|
|
|
systemconfig->writeEntry("ConnectionIgnoredUsers", m_ignoredUsers);
|
|
|
|
|
|
|
|
|
|
LDAPRealmConfigList::Iterator it;
|
|
|
|
|
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
|
|
|
|
|
LDAPRealmConfig realmcfg = it.data();
|
|
|
|
|
TQString configRealmName = realmcfg.name;
|
|
|
|
|
configRealmName.prepend("LDAPRealm-");
|
|
|
|
|
systemconfig->setGroup(configRealmName);
|
|
|
|
|
// Save realm settings
|
|
|
|
|
systemconfig->writeEntry("bonded", realmcfg.bonded);
|
|
|
|
|
systemconfig->writeEntry("uid_offset", realmcfg.uid_offset);
|
|
|
|
|
systemconfig->writeEntry("gid_offset", realmcfg.gid_offset);
|
|
|
|
|
systemconfig->writeEntry("domain_mappings", realmcfg.domain_mappings);
|
|
|
|
|
systemconfig->writeEntry("kdc", realmcfg.kdc);
|
|
|
|
|
systemconfig->writeEntry("kdc_port", realmcfg.kdc_port);
|
|
|
|
|
systemconfig->writeEntry("admin_server", realmcfg.admin_server);
|
|
|
|
|
systemconfig->writeEntry("admin_server_port", realmcfg.admin_server_port);
|
|
|
|
|
systemconfig->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
|
|
|
|
|
systemconfig->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
|
|
|
|
|
systemconfig->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
|
|
|
|
|
systemconfig->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete any realms that do not exist in the m_realms database
|
|
|
|
|
TQStringList cfgRealms = systemconfig->groupList();
|
|
|
|
|
for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
|
|
|
|
|
if ((*it).startsWith("LDAPRealm-")) {
|
|
|
|
|
systemconfig->setGroup(*it);
|
|
|
|
|
TQString realmName=*it;
|
|
|
|
|
realmName.remove(0,strlen("LDAPRealm-"));
|
|
|
|
|
if (!m_realms.contains(realmName)) {
|
|
|
|
|
systemconfig->deleteGroup(*it);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LDAPManager::writeTDERealmList(m_realms, systemconfig);
|
|
|
|
|
systemconfig->sync();
|
|
|
|
|
|
|
|
|
|
if (base->systemEnableSupport->isChecked()) {
|
|
|
|
|
@ -349,13 +314,15 @@ void LDAPConfig::save() {
|
|
|
|
|
writePAMFiles();
|
|
|
|
|
// Write the cron files
|
|
|
|
|
writeCronFiles();
|
|
|
|
|
// RAJA FIXME
|
|
|
|
|
// Update the SUDOERS file with the domain-wide computer local admin group!
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
load();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void LDAPConfig::processLockouts() {
|
|
|
|
|
bool panelIsEnabled = base->systemEnableSupport->isChecked();
|
|
|
|
|
bool panelIsEnabled = (base->systemEnableSupport->isEnabled() && base->systemEnableSupport->isChecked());
|
|
|
|
|
|
|
|
|
|
base->groupRealms->setEnabled(panelIsEnabled);
|
|
|
|
|
base->groupKrbDefaults->setEnabled(panelIsEnabled);
|
|
|
|
|
@ -663,28 +630,7 @@ void LDAPConfig::writeKrb5ConfFile() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void LDAPConfig::writeLDAPConfFile() {
|
|
|
|
|
TQFile file(LDAP_FILE);
|
|
|
|
|
if (file.open(IO_WriteOnly)) {
|
|
|
|
|
TQTextStream stream( &file );
|
|
|
|
|
|
|
|
|
|
LDAPRealmConfig realmcfg = m_realms[m_defaultRealm];
|
|
|
|
|
|
|
|
|
|
stream << "# This file was automatically generated by TDE\n";
|
|
|
|
|
stream << "# All changes will be lost!\n";
|
|
|
|
|
stream << "\n";
|
|
|
|
|
|
|
|
|
|
stream << "host " << realmcfg.admin_server << "\n";
|
|
|
|
|
TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
|
|
|
|
|
stream << "base dc=" << domainChunks.join(",dc=") << "\n";
|
|
|
|
|
stream << "ldap_version " << m_ldapVersion << "\n";
|
|
|
|
|
stream << "timelimit " << m_ldapTimeout << "\n";
|
|
|
|
|
stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
|
|
|
|
|
stream << "bind_policy " << m_bindPolicy.lower() << "\n";
|
|
|
|
|
stream << "pam_password " << m_passwordHash.lower() << "\n";
|
|
|
|
|
stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
|
|
|
|
|
|
|
|
|
|
file.close();
|
|
|
|
|
}
|
|
|
|
|
LDAPManager::writeLDAPConfFile(m_realms[m_defaultRealm]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void LDAPConfig::writeNSSwitchFile() {
|
|
|
|
|
|
Timothy Pearson
12 years ago