diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif index d2647c6..4859b63 100644 --- a/confskel/openldap/ldif/tde-core.ldif +++ b/confskel/openldap/ldif/tde-core.ldif @@ -29,10 +29,11 @@ olcAttributeTypes: {19} ( 1.3.6.1.4.1.40364.1.1.20 NAME 'publicRootCertificateOr # Used for storing PKI user certificates and certificate status olcAttributeTypes: {20} ( 1.3.6.1.4.1.40364.1.1.21 NAME 'pkiCertificate' DESC 'User PKI certificate and status encoded with text mode TQDataStream TQPair' SUP name ) olcAttributeTypes: {21} ( 1.3.6.1.4.1.40364.1.1.22 NAME 'publicRootCertificateRevocationList' DESC 'Certificate authority root certificate revocation list' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE ) +olcAttributeTypes: {22} ( 1.3.6.1.4.1.40364.1.1.23 NAME 'publicRootCRLIntervalDays' DESC 'Certificate authority root CRL update interval in days' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) olcObjectClasses: {0} ( 1.3.6.1.4.1.40364.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) ) olcObjectClasses: {1} ( 1.3.6.1.4.1.40364.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ pkiCertificate ) ) -olcObjectClasses: {2} ( 1.3.6.1.4.1.40364.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey $ publicRootCertificateRevocationList $ publicRootCertificateOriginServer ) ) +olcObjectClasses: {2} ( 1.3.6.1.4.1.40364.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey $ publicRootCertificateRevocationList $ publicRootCRLIntervalDays $ publicRootCertificateOriginServer ) ) olcObjectClasses: {3} ( 1.3.6.1.4.1.40364.1.2.4 NAME 'tdeBuiltinStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ builtinRealmAdminAccount $ builtinRealmAdminGroup $ builtinMachineAdminGroup $ builtinStandardUserGroup ) ) structuralObjectClass: olcSchemaConfig creatorsName: cn=config diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index ceb4c52..9575f0b 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -147,7 +147,7 @@ LDAPController::LDAPController(TQWidget *parent, const char *name, const TQStrin connect(m_base->multiMasterReplicationMappings, TQT_SIGNAL(executed(TQListViewItem*)), this, TQT_SLOT(modifySelectedMultiMasterReplication())); connect(m_base->advancedCaCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCertExpiryChanged())); - connect(m_base->advancedCaCrlExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCrlCertExpiryChanged())); + connect(m_base->advancedCaCrlExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCrlExpiryChanged())); connect(m_base->advancedKerberosCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(kerberosCertExpiryChanged())); connect(m_base->advancedLdapCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(ldapCertExpiryChanged())); @@ -767,7 +767,7 @@ void LDAPController::btncrlRegenerate() { credentials->realm = realmname; LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); - if (ldap_mgr->generatePKICRL(m_certconfig.caCrlExpiryDays, m_realmconfig[m_defaultRealm], KERBEROS_PKI_PEMKEY_FILE, KERBEROS_PKI_CRLDB_FILE, &errstr) != 0) { + if (ldap_mgr->generatePKICRL(m_certconfig.caCrlExpiryDays, m_realmconfig[m_defaultRealm], KERBEROS_PKI_CRL_FILE, KERBEROS_PKI_PEMKEY_FILE, KERBEROS_PKI_CRLDB_FILE, &errstr) != 0) { KMessageBox::error(this, i18n("Unable to regenerate CRL

Details: %1").arg(errstr), i18n("Unable to Regenerate CRL")); } @@ -1039,17 +1039,21 @@ void LDAPController::save() { m_systemconfig->sync(); + TQString errorstring; + TQString realmname = m_defaultRealm.upper(); + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = ""; + credentials->password = ""; + credentials->realm = realmname; + LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); + + if (ldap_mgr->setLdapCertificateStoreAttribute("publicRootCRLIntervalDays", TQString("%1").arg(m_certconfig.caCrlExpiryDays), &errorstring) != 0) { + KMessageBox::error(this, i18n("Unable to update CRL interval entry in LDAP database

Details: %1").arg(errorstring), i18n("LDAP Update Failure")); + } + // If role was not changed, update any role-specific advanced settings if (prevRole == m_systemconfig->readEntry("LDAPRole", "Workstation")) { if (m_base->systemRole->currentItem() == ROLE_PRIMARY_REALM_CONTROLLER) { - TQString realmname = m_defaultRealm.upper(); - LDAPCredentials* credentials = new LDAPCredentials; - credentials->username = ""; - credentials->password = ""; - credentials->realm = realmname; - LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); - TQString errorstring; - // Write multi-master replication settings LDAPMasterReplicationInfo replicationSettings; replicationSettings.enabled = m_base->advancedEnableMultiMasterReplication->isChecked(); @@ -1079,6 +1083,8 @@ void LDAPController::save() { } } + delete ldap_mgr; + load(); }