summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/ldap.cpp64
-rw-r--r--src/ldap.h23
2 files changed, 7 insertions, 80 deletions
diff --git a/src/ldap.cpp b/src/ldap.cpp
index 4a77b74..9895f0f 100644
--- a/src/ldap.cpp
+++ b/src/ldap.cpp
@@ -54,13 +54,11 @@
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"
#define KRB5_FILE "/etc/krb5.conf"
-#define LDAP_FILE "/etc/ldap.conf"
#define NSSWITCH_FILE "/etc/nsswitch.conf"
#define PAMD_DIRECTORY "/etc/pam.d/"
#define PAMD_COMMON_ACCOUNT "common-account"
#define PAMD_COMMON_AUTH "common-auth"
#define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db"
-#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
@@ -302,40 +300,7 @@ void LDAPConfig::save() {
systemconfig->writeEntry("ConnectionPasswordHash", m_passwordHash);
systemconfig->writeEntry("ConnectionIgnoredUsers", m_ignoredUsers);
- LDAPRealmConfigList::Iterator it;
- for (it = m_realms.begin(); it != m_realms.end(); ++it) {
- LDAPRealmConfig realmcfg = it.data();
- TQString configRealmName = realmcfg.name;
- configRealmName.prepend("LDAPRealm-");
- systemconfig->setGroup(configRealmName);
- // Save realm settings
- systemconfig->writeEntry("bonded", realmcfg.bonded);
- systemconfig->writeEntry("uid_offset", realmcfg.uid_offset);
- systemconfig->writeEntry("gid_offset", realmcfg.gid_offset);
- systemconfig->writeEntry("domain_mappings", realmcfg.domain_mappings);
- systemconfig->writeEntry("kdc", realmcfg.kdc);
- systemconfig->writeEntry("kdc_port", realmcfg.kdc_port);
- systemconfig->writeEntry("admin_server", realmcfg.admin_server);
- systemconfig->writeEntry("admin_server_port", realmcfg.admin_server_port);
- systemconfig->writeEntry("pkinit_require_eku", realmcfg.pkinit_require_eku);
- systemconfig->writeEntry("pkinit_require_krbtgt_otherName", realmcfg.pkinit_require_krbtgt_otherName);
- systemconfig->writeEntry("win2k_pkinit", realmcfg.win2k_pkinit);
- systemconfig->writeEntry("win2k_pkinit_require_binding", realmcfg.win2k_pkinit_require_binding);
- }
-
- // Delete any realms that do not exist in the m_realms database
- TQStringList cfgRealms = systemconfig->groupList();
- for (TQStringList::Iterator it(cfgRealms.begin()); it != cfgRealms.end(); ++it) {
- if ((*it).startsWith("LDAPRealm-")) {
- systemconfig->setGroup(*it);
- TQString realmName=*it;
- realmName.remove(0,strlen("LDAPRealm-"));
- if (!m_realms.contains(realmName)) {
- systemconfig->deleteGroup(*it);
- }
- }
- }
-
+ LDAPManager::writeTDERealmList(m_realms, systemconfig);
systemconfig->sync();
if (base->systemEnableSupport->isChecked()) {
@@ -349,13 +314,15 @@ void LDAPConfig::save() {
writePAMFiles();
// Write the cron files
writeCronFiles();
+ // RAJA FIXME
+ // Update the SUDOERS file with the domain-wide computer local admin group!
}
load();
}
void LDAPConfig::processLockouts() {
- bool panelIsEnabled = base->systemEnableSupport->isChecked();
+ bool panelIsEnabled = (base->systemEnableSupport->isEnabled() && base->systemEnableSupport->isChecked());
base->groupRealms->setEnabled(panelIsEnabled);
base->groupKrbDefaults->setEnabled(panelIsEnabled);
@@ -663,28 +630,7 @@ void LDAPConfig::writeKrb5ConfFile() {
}
void LDAPConfig::writeLDAPConfFile() {
- TQFile file(LDAP_FILE);
- if (file.open(IO_WriteOnly)) {
- TQTextStream stream( &file );
-
- LDAPRealmConfig realmcfg = m_realms[m_defaultRealm];
-
- stream << "# This file was automatically generated by TDE\n";
- stream << "# All changes will be lost!\n";
- stream << "\n";
-
- stream << "host " << realmcfg.admin_server << "\n";
- TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
- stream << "base dc=" << domainChunks.join(",dc=") << "\n";
- stream << "ldap_version " << m_ldapVersion << "\n";
- stream << "timelimit " << m_ldapTimeout << "\n";
- stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
- stream << "bind_policy " << m_bindPolicy.lower() << "\n";
- stream << "pam_password " << m_passwordHash.lower() << "\n";
- stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
-
- file.close();
- }
+ LDAPManager::writeLDAPConfFile(m_realms[m_defaultRealm]);
}
void LDAPConfig::writeNSSwitchFile() {
diff --git a/src/ldap.h b/src/ldap.h
index d0b0c4e..124411d 100644
--- a/src/ldap.h
+++ b/src/ldap.h
@@ -31,33 +31,14 @@
#include <tqcombobox.h>
#include <tqcheckbox.h>
+#include <libtdeldap.h>
+
#include "ldapconfigbase.h"
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
-// PRIVATE
-class LDAPRealmConfig
-{
- public:
- TQString name;
- bool bonded;
- long uid_offset;
- long gid_offset;
- TQStringList domain_mappings;
- TQString kdc;
- int kdc_port;
- TQString admin_server;
- int admin_server_port;
- bool pkinit_require_eku;
- bool pkinit_require_krbtgt_otherName;
- bool win2k_pkinit;
- bool win2k_pkinit_require_binding;
-};
-
-typedef TQMap<TQString, LDAPRealmConfig> LDAPRealmConfigList;
-
class LDAPConfig: public KCModule
{
Q_OBJECT