From 999fcba2daf30ed9e596df579d0b172874a048f4 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Tue, 2 Jul 2013 17:10:45 +0000
Subject: [PATCH] Set syncrepl TSL CA certificate by default

---
 src/ldapcontroller.cpp | 20 ++++++++++++++++++++
 src/ldapcontroller.h   |  1 +
 2 files changed, 21 insertions(+)

diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index d8f344a..cdf31e9 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -147,6 +147,7 @@ LDAPController::LDAPController(TQWidget *parent, const char *name, const TQStrin
 	connect(m_base->multiMasterReplicationMappings, TQT_SIGNAL(executed(TQListViewItem*)), this, TQT_SLOT(modifySelectedMultiMasterReplication()));
 
 	m_fqdn = LDAPManager::getMachineFQDN();
+	m_roleFullyConfigured = true;
 
 	// FIXME
 	// This assumes Debian!
@@ -201,6 +202,8 @@ void LDAPController::systemRoleChanged() {
 					m_base->systemRole->setCurrentItem(previousRole);
 				}
 				else {
+					m_roleFullyConfigured = false;
+
 					// Something will probably change
 					save();
 				
@@ -215,6 +218,8 @@ void LDAPController::systemRoleChanged() {
 						// Wizard completed; commit changes
 						save();
 					}
+
+					m_roleFullyConfigured = true;
 				
 					// Something probably changed
 					load();
@@ -238,6 +243,8 @@ void LDAPController::systemRoleChanged() {
 					m_base->systemRole->setCurrentItem(previousRole);
 				}
 				else {
+					m_roleFullyConfigured = false;
+
 					// Something will probably change
 					save();
 		
@@ -252,6 +259,8 @@ void LDAPController::systemRoleChanged() {
 						// Wizard completed; commit changes
 						save();
 					}
+
+					m_roleFullyConfigured = true;
 		
 					// Something probably changed
 					load();
@@ -417,9 +426,15 @@ void LDAPController::load() {
 
 		// Get builtin TDE account mappings from LDAP
 		LDAPTDEBuiltinsInfo builtins = ldap_mgr->getTDEBuiltinMappings(&errorstring);
+		if (m_roleFullyConfigured && errorstring != "") {
+			KMessageBox::error(0, errorstring);
+		}
 
 		// Get replication mappings from LDAP
 		LDAPMasterReplicationInfo replicationsettings = ldap_mgr->getLDAPMasterReplicationSettings(&errorstring);
+		if (m_roleFullyConfigured && errorstring != "") {
+			KMessageBox::error(0, errorstring);
+		}
 		m_base->advancedEnableMultiMasterReplication->setChecked(replicationsettings.enabled);
 		m_base->multiMasterReplicationMappings->clear();
 		LDAPMasterReplicationMap::iterator it;
@@ -429,6 +444,9 @@ void LDAPController::load() {
 
 		// Get certificate settings from LDAP
 		TQString realmCAMaster = ldap_mgr->getRealmCAMaster(&errorstring);
+		if (m_roleFullyConfigured && errorstring != "") {
+			KMessageBox::error(0, errorstring);
+		}
 
 		delete ldap_mgr;
 		delete credentials;
@@ -948,6 +966,8 @@ void LDAPController::save() {
 			m_systemconfig->setGroup("Replication");
 			replicationSettings.syncPassword = m_systemconfig->readEntry("Password");
 			m_systemconfig->setGroup(NULL);
+			// Use the TDE LDAP CA for replication TLS
+			replicationSettings.caCertificateFile = KERBEROS_PKI_PEM_FILE;
 
 			replicationSettings.ignore_ssl_failure = m_base->ignoreReplicationSSLFailures->isChecked();
 
diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h
index 150addc..bee45df 100644
--- a/src/ldapcontroller.h
+++ b/src/ldapcontroller.h
@@ -111,6 +111,7 @@ class LDAPController: public TDECModule
 
 		TQString m_fqdn;
 		int m_prevRole;
+		bool m_roleFullyConfigured;
 		TQString m_ldapUserName;
 		TQString m_ldapGroupName;