|
|
|
|
@ -2656,6 +2656,78 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TQString LDAPManager::getRealmCAMaster(TQString* errstr) {
|
|
|
|
|
int retcode;
|
|
|
|
|
int i;
|
|
|
|
|
TQString realmCAMaster;
|
|
|
|
|
|
|
|
|
|
TQString dn = TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc);
|
|
|
|
|
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return TQString();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
LDAPMessage* msg;
|
|
|
|
|
retcode = ldap_search_ext_s(m_ldap, dn.ascii(), LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
|
|
|
|
|
if (retcode != LDAP_SUCCESS) {
|
|
|
|
|
if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
|
|
|
|
|
else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
|
|
|
|
|
return TQString();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Iterate through the returned entries
|
|
|
|
|
LDAPMessage* entry;
|
|
|
|
|
for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
|
|
|
|
|
TQString result;
|
|
|
|
|
if (parseLDAPTDEStringAttribute(entry, "publicRootCertificateOriginServer", result)) {
|
|
|
|
|
realmCAMaster = result;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// clean up
|
|
|
|
|
ldap_msgfree(msg);
|
|
|
|
|
|
|
|
|
|
return realmCAMaster;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::setRealmCAMaster(TQString masterFQDN, TQString* errstr) {
|
|
|
|
|
int retcode;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (bind() < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Assemble the LDAPMod structure
|
|
|
|
|
// We will replace any existing attributes with the new values
|
|
|
|
|
int number_of_parameters = 1; // 1 primary attribute
|
|
|
|
|
LDAPMod *mods[number_of_parameters+1];
|
|
|
|
|
set_up_attribute_operations(mods, number_of_parameters);
|
|
|
|
|
|
|
|
|
|
// Load LDAP modification requests from provided data structure
|
|
|
|
|
i=0;
|
|
|
|
|
add_single_attribute_operation(mods, &i, "publicRootCertificateOriginServer", masterFQDN);
|
|
|
|
|
LDAPMod *prevterm = mods[i];
|
|
|
|
|
mods[i] = NULL;
|
|
|
|
|
|
|
|
|
|
// Perform LDAP update
|
|
|
|
|
retcode = ldap_modify_ext_s(m_ldap, TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc).ascii(), mods, NULL, NULL);
|
|
|
|
|
|
|
|
|
|
// Clean up
|
|
|
|
|
clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
|
|
|
|
|
|
|
|
|
|
if (retcode != LDAP_SUCCESS) {
|
|
|
|
|
if (errstr) *errstr = i18n("<qt>LDAP CA master modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
|
|
|
|
|
else KMessageBox::error(0, i18n("<qt>LDAP CA master modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Special method, used when creating a new Kerberos realm
|
|
|
|
|
int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) {
|
|
|
|
|
int retcode;
|
|
|
|
|
@ -2824,6 +2896,41 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry)
|
|
|
|
|
return builtininfo;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool LDAPManager::parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval) {
|
|
|
|
|
char* dn = NULL;
|
|
|
|
|
char* attr;
|
|
|
|
|
struct berval **vals;
|
|
|
|
|
BerElement* ber;
|
|
|
|
|
int i;
|
|
|
|
|
bool found = false;
|
|
|
|
|
|
|
|
|
|
LDAPTDEBuiltinsInfo builtininfo;
|
|
|
|
|
|
|
|
|
|
if((dn = ldap_get_dn(m_ldap, entry)) != NULL) {
|
|
|
|
|
ldap_memfree(dn);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) {
|
|
|
|
|
if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) {
|
|
|
|
|
builtininfo.informationValid = true;
|
|
|
|
|
TQString ldap_field = attr;
|
|
|
|
|
i=0;
|
|
|
|
|
if (ldap_field == attribute) {
|
|
|
|
|
retval = TQString(vals[i]->bv_val);
|
|
|
|
|
found = true;
|
|
|
|
|
}
|
|
|
|
|
ldap_value_free_len(vals);
|
|
|
|
|
}
|
|
|
|
|
ldap_memfree(attr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ber != NULL) {
|
|
|
|
|
ber_free(ber, 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return found;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LDAPMasterReplicationInfo LDAPManager::parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry) {
|
|
|
|
|
char* dn = NULL;
|
|
|
|
|
char* attr;
|
|
|
|
|
@ -3153,7 +3260,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
|
|
|
|
|
TQString databaseDN;
|
|
|
|
|
ridString.sprintf("%03d", rid);
|
|
|
|
|
databaseDN = "cn=config";
|
|
|
|
|
serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout);
|
|
|
|
|
serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand");
|
|
|
|
|
if (replicationinfo.certificateFile != "") {
|
|
|
|
|
serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
|
|
|
|
|
}
|
|
|
|
|
if (replicationinfo.caCertificateFile != "") {
|
|
|
|
|
serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile));
|
|
|
|
|
}
|
|
|
|
|
syncReplServerList.append(serverSyncReplString);
|
|
|
|
|
rid++;
|
|
|
|
|
}
|
|
|
|
|
@ -4245,6 +4358,7 @@ LDAPMasterReplicationInfo::LDAPMasterReplicationInfo() {
|
|
|
|
|
// See http://www.openldap.org/doc/admin24/slapdconfig.html for syntax
|
|
|
|
|
retryMethod = "5 5 300 5";
|
|
|
|
|
timeout = 1;
|
|
|
|
|
ignore_ssl_failure = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LDAPMasterReplicationInfo::~LDAPMasterReplicationInfo() {
|
|
|
|
|
|
Timothy Pearson
12 years ago