From 571e1739fb4f6cf77c1e7297670801114b6de717 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Mon, 6 Jan 2014 17:49:26 -0600 Subject: [PATCH] Fix LDAP CA root file configuration --- src/libtdeldap.cpp | 9 +++++++-- src/libtdeldap.h | 8 +++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index a416db0..8cf4bdd 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -2772,7 +2772,7 @@ int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) { return -1; } -int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr) { +int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr) { KSimpleConfig* systemconfig; TQString m_defaultRealm; int m_ldapVersion; @@ -2812,7 +2812,12 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr) { stream << "bind_policy " << m_bindPolicy.lower() << "\n"; stream << "pam_password " << m_passwordHash.lower() << "\n"; stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n"; - stream << "tls_cacert " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n"; + if (machineRole == ROLE_WORKSTATION) { + stream << "tls_cacert " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n"; + } + else { + stream << "tls_cacert " << KERBEROS_PKI_PEM_FILE << "\n"; + } } file.close(); diff --git a/src/libtdeldap.h b/src/libtdeldap.h index cde314c..814fc0a 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -90,6 +90,12 @@ enum LDAPKRB5Flags { KRB5_FLAG_MAX = 0x80000000 }; +enum LDAPMachineRole { + ROLE_WORKSTATION = 0, + ROLE_SECONDARY_REALM_CONTROLLER = 1, + ROLE_PRIMARY_REALM_CONTROLLER = 2 +}; + inline LDAPKRB5Flags operator|(LDAPKRB5Flags a, LDAPKRB5Flags b) { return static_cast(static_cast(a) | static_cast(b)); @@ -514,7 +520,7 @@ class LDAPManager : public TQObject { static LDAPClientRealmConfig loadClientRealmConfig(KSimpleConfig* config, bool useDefaults=false); static int saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, KSimpleConfig* config, TQString *errstr=0); static int writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig, LDAPRealmConfigList realmList, TQString *errstr=0); - static int writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr=0); + static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0); static int writeNSSwitchFile(TQString *errstr=0); static int writeClientCronFiles(TQString *errstr=0); static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0);