diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf index 35e8bf2..3dce739 100644 --- a/confskel/openldap/ldap/slapd.conf +++ b/confskel/openldap/ldap/slapd.conf @@ -87,6 +87,7 @@ authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ # access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write + by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by anonymous auth by self write diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index db82473..90e841b 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -11,7 +11,8 @@ olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm ,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by dynacl/ac - i write + i write by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou + =core,ou=realm,@@@REALM_DCNAME@@@" write olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif index 2ed6f73..da66b0a 100644 --- a/confskel/openldap/skel.ldif +++ b/confskel/openldap/skel.ldif @@ -122,11 +122,38 @@ modifyTimestamp: @@@TIMESTAMP@@@Z dn: cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ cn: @@@ADMINGROUP@@@ +description: Realm Administrators emsdescription: Group emsplugins: PosixGroup emsplugins: KerberosGroup emstype: GroupEntry -gidNumber: 999 +gidNumber: 900 +objectClass: groupOfNames +objectClass: emsGroup +objectClass: posixGroup +objectClass: tdeAccountObject +emsmodules: kerberos +emsmodules: posix +member: cn=placeholder,@@@REALM_DCNAME@@@ +member: uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@ +memberUid: @@@ADMINUSER@@@ +tdeBuiltinAccount: TRUE +emsmodelclass: EMSGroup +structuralObjectClass: groupOfNames +creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +createTimestamp: @@@TIMESTAMP@@@Z +entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000 +modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ +modifyTimestamp: @@@TIMESTAMP@@@Z + +dn: cn=@@@LOCALADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ +cn: @@@LOCALADMINGROUP@@@ +description: Machine Administrators +emsdescription: Group +emsplugins: PosixGroup +emsplugins: KerberosGroup +emstype: GroupEntry +gidNumber: 901 objectClass: groupOfNames objectClass: emsGroup objectClass: posixGroup @@ -166,7 +193,7 @@ cn: Realm Administrator emsdescription: Admin User Entry emsprimarygroupdn: cn=@@@ADMINUSER@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@ emstype: UserEntry -gidNumber: 999 +gidNumber: 900 givenName: Realm homeDirectory: /home/@@@ADMINUSER@@@ krb5KDCFlags: 586 diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index ed3449f..3f553be 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -230,7 +230,7 @@ void LDAPController::save() { load(); } -void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, int ldifSchemaNumber=-1, uid_t userid=-1, gid_t groupid=-1) { +void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, int ldifSchemaNumber=-1, uid_t userid=-1, gid_t groupid=-1) { SHA1 sha; sha.process(rootPassword, strlen(rootPassword)); TQString rootpw_hash = sha.base64Hash(); @@ -271,6 +271,7 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi line.replace("@@@ROOTPW_SHA@@@", rootpw_hash); line.replace("@@@ADMINUSER@@@", adminUserName); line.replace("@@@ADMINGROUP@@@", adminGroupName); + line.replace("@@@LOCALADMINGROUP@@@", machineAdminGroupName); line.replace("@@@ADMINPW_SHA@@@", adminpw_hash); line.replace("@@@PKINIT_REQUIRE_EKU@@@", (realmconfig.pkinit_require_eku)?"yes":"no"); line.replace("@@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@", (realmconfig.pkinit_require_krbtgt_otherName)?"yes":"no"); @@ -420,7 +421,7 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err return 1; // Failure } -int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr) { +int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr) { int ldifSchemaNumber; ProcessingDialog pdialog(dialogparent); @@ -429,6 +430,9 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r pdialog.setActiveWindow(); tqApp->processEvents(); + // Reset improperly uninitialized variables + realmconfig.bonded = true; + // Find the templates TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults"); templateDir.replace("heimdal/heimdal.defaults", ""); @@ -471,14 +475,14 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME mkdir(TQString(destDir + "ldap/slapd.d/cn=config").ascii(), S_IRUSR|S_IWUSR|S_IXUSR); mkdir(TQString(destDir + "ldap/slapd.d/cn=config/cn=schema").ascii(), S_IRUSR|S_IWUSR|S_IXUSR); - replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "heimdal-kdc/kadmind.acl", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "heimdal-kdc/kadmind.acl", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.conf", destDir + "ldap/slapd.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); - replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.defaults", destDir + "ldap/slapd.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); +// replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.conf", destDir + "ldap/slapd.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); + replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.defaults", destDir + "ldap/slapd.defaults", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword); struct stat sb; uid_t slapd_uid = 0; @@ -490,27 +494,27 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME // Base database configuration ldifSchemaNumber = 1; - replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); // Schema files ldifSchemaNumber = 0; - replacePlaceholdersInFile(templateDir + "openldap/ldif/core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 1; - replacePlaceholdersInFile(templateDir + "openldap/ldif/cosine.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}cosine.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/cosine.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}cosine.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 2; - replacePlaceholdersInFile(templateDir + "openldap/ldif/inetorgperson.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}inetorgperson.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/inetorgperson.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}inetorgperson.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 3; - replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2307bis.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2307bis.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2307bis.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2307bis.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 4; - replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2739.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2739.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2739.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2739.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 5; - replacePlaceholdersInFile(templateDir + "openldap/ldif/ppolicy.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ppolicy.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/ppolicy.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ppolicy.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 6; - replacePlaceholdersInFile(templateDir + "openldap/ldif/ems-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ems-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/ems-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ems-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 7; - replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); ldifSchemaNumber = 8; - replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); + replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid); // Set permissions chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); @@ -519,7 +523,7 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR); - chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR); +// chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR); chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP); pdialog.setStatusMessage(i18n("Loading initial database into LDAP...")); @@ -566,9 +570,7 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME return -1; } - // RAJA FIXME // Move all those new Heimdal entries to the correct tree/branch - // ,o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm,dc=cluster90,dc=edu TQStringList domainChunks = TQStringList::split(".", realmconfig.name.lower()); TQString basedcname = "dc=" + domainChunks.join(",dc="); LDAPCredentials* credentials = new LDAPCredentials; @@ -586,11 +588,15 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME delete ldap_mgr; delete credentials; - // RAJA FIXME - // Write the ldap.conf file! + // Write the TDE realm configuration file + LDAPRealmConfigList realms; + realms.insert(realmconfig.name, realmconfig); + LDAPManager::writeTDERealmList(realms, m_systemconfig); + m_systemconfig->writeEntry("DefaultRealm", realmconfig.name); + m_systemconfig->sync(); - // RAJA FIXME - // Clean out all realms from the TDE configuration files and insert this realm ONLY! + pdialog.setStatusMessage(i18n("Configuring local system...")); + LDAPManager::writeLDAPConfFile(realmconfig); // RAJA FIXME pdialog.closeDialog(); diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h index 0531158..d831c72 100644 --- a/src/ldapcontroller.h +++ b/src/ldapcontroller.h @@ -30,6 +30,8 @@ #include #include +#include + #include "ldapcontrollerconfigbase.h" enum sc_command { @@ -40,25 +42,6 @@ enum sc_command { SC_SETDBPERMS }; -// PRIVATE -class LDAPRealmConfig -{ - public: - TQString name; - bool bonded; - long uid_offset; - long gid_offset; - TQStringList domain_mappings; - TQString kdc; - int kdc_port; - TQString admin_server; - int admin_server_port; - bool pkinit_require_eku; - bool pkinit_require_krbtgt_otherName; - bool win2k_pkinit; - bool win2k_pkinit_require_binding; -}; - class LDAPController: public KCModule { Q_OBJECT @@ -75,7 +58,7 @@ class LDAPController: public KCModule virtual const KAboutData *aboutData() const { return myAboutData; }; public: - int createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr); + int createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr); // FIXME // This should be moved to a TDE core library diff --git a/src/realmfinishpage.cpp b/src/realmfinishpage.cpp index f2fd1b6..954455a 100644 --- a/src/realmfinishpage.cpp +++ b/src/realmfinishpage.cpp @@ -44,6 +44,7 @@ RealmFinishPage::RealmFinishPage(TQWidget *parent, const char *name ) : RealmFin connect(ldapAdminUsername, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); connect(ldapAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); + connect(ldapMachineAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries())); m_parentWizard = dynamic_cast(parent); m_parentDialog = dynamic_cast(parent); @@ -55,7 +56,7 @@ RealmFinishPage::~RealmFinishPage(){ void RealmFinishPage::validateEntries() { if (m_parentWizard) { - if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "")) { + if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "")) { m_parentWizard->finishButton()->setEnabled(true); } else { @@ -63,7 +64,7 @@ void RealmFinishPage::validateEntries() { } } if (m_parentDialog) { - if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "")) { + if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "")) { m_parentDialog->enableButton(KDialogBase::Ok, true); } else { diff --git a/src/realmfinishpagedlg.ui b/src/realmfinishpagedlg.ui index 5cd11d6..e9bae3d 100644 --- a/src/realmfinishpagedlg.ui +++ b/src/realmfinishpagedlg.ui @@ -8,7 +8,7 @@ unnamed - + px_introSidebar @@ -99,7 +99,7 @@ unnamed - Administration Group + Realm Administration Group @@ -112,15 +112,28 @@ unnamed - LDAP Realm + Machine Administration Group + + ldapMachineAdminGroupname + + + + + unnamed + + + LDAP Realm + + + ldapAdminRealm - + Spacer6 @@ -137,7 +150,7 @@ - + Spacer5 diff --git a/src/realmintropagedlg.ui b/src/realmintropagedlg.ui index 651dd07..402df3e 100644 --- a/src/realmintropagedlg.ui +++ b/src/realmintropagedlg.ui @@ -99,8 +99,8 @@ 30 - - + + Spacer5 diff --git a/src/realmwizard.cpp b/src/realmwizard.cpp index fa720c2..184fb57 100644 --- a/src/realmwizard.cpp +++ b/src/realmwizard.cpp @@ -88,6 +88,8 @@ RealmWizard::RealmWizard(LDAPController* controller, TQString fqdn, TQWidget *pa realmpage->txtKDC->setText(m_fqdn); realmpage->txtAdminServer->setText(m_fqdn); realmpage->realmNameChanged(); + finishpage->ldapAdminGroupname->setText("realmadmins"); + finishpage->ldapMachineAdminGroupname->setText("machineadmins"); // Other setup finishpage->ldapAdminRealm->setEnabled(false); @@ -203,12 +205,20 @@ void RealmWizard::accept() { TQString errorString; // RAJA FIXME // root account should not be locked to "admin"! - if (m_controller->createNewLDAPRealm(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminGroupname->text(), finishpage->ldapAdminPassword->password(), "admin", finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) { + backButton()->setEnabled(false); + nextButton()->setEnabled(false); + finishButton()->setEnabled(false); + cancelButton()->setEnabled(false); + if (m_controller->createNewLDAPRealm(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminGroupname->text(), finishpage->ldapMachineAdminGroupname->text(), finishpage->ldapAdminPassword->password(), "admin", finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) { done(0); } else { KMessageBox::error(this, i18n("Unable to create new realm!

Details: %1").arg(errorString), i18n("Unable to create new realm")); } + + backButton()->setEnabled(true); + finishButton()->setEnabled(true); + cancelButton()->setEnabled(true); } /** calls all save functions after resetting all features/ OS/ theme selections to Trinity default */