Fix LDAP CA root file configuration

11 years ago · 571e1739fb
parent 39c401b796
commit 571e1739fb
2 changed files with 14 additions and 3 deletions
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@ -2772,7 +2772,7 @@ int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
 	return -1;
 }

-int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr) {
+int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr) {
 	KSimpleConfig* systemconfig;
 	TQString m_defaultRealm;
 	int m_ldapVersion;
@ -2812,7 +2812,12 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr) {
 			stream << "bind_policy " << m_bindPolicy.lower() << "\n";
 			stream << "pam_password " << m_passwordHash.lower() << "\n";
 			stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
-			stream << "tls_cacert " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n";
+			if (machineRole == ROLE_WORKSTATION) {
+				stream << "tls_cacert " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n";
+			}
+			else {
+				stream << "tls_cacert " << KERBEROS_PKI_PEM_FILE << "\n";
+			}
 		}

 		file.close();
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@ -90,6 +90,12 @@ enum LDAPKRB5Flags {
 	KRB5_FLAG_MAX			= 0x80000000
 };

+enum LDAPMachineRole {
+	ROLE_WORKSTATION		= 0,
+	ROLE_SECONDARY_REALM_CONTROLLER	= 1,
+	ROLE_PRIMARY_REALM_CONTROLLER	= 2
+};
+
 inline LDAPKRB5Flags operator|(LDAPKRB5Flags a, LDAPKRB5Flags b)
 {
 	return static_cast<LDAPKRB5Flags>(static_cast<int>(a) | static_cast<int>(b));
@ -514,7 +520,7 @@ class LDAPManager : public TQObject {
 		static LDAPClientRealmConfig loadClientRealmConfig(KSimpleConfig* config, bool useDefaults=false);
 		static int saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, KSimpleConfig* config, TQString *errstr=0);
 		static int writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig, LDAPRealmConfigList realmList, TQString *errstr=0);
-		static int writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr=0);
+		static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0);
 		static int writeNSSwitchFile(TQString *errstr=0);
 		static int writeClientCronFiles(TQString *errstr=0);
 		static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0);