summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <[email protected]>2012-05-20 03:47:11 -0500
committerTimothy Pearson <[email protected]>2012-05-20 03:47:11 -0500
commit94ba247eec24814e287c4bebf4085de0565bbcd2 (patch)
treeb32de1b2a430a039b1336ea70d90c389f93e43f0
parentdbaffcee8670af6f571356c43d26357237fcd616 (diff)
downloadkcmldap-94ba247eec24814e287c4bebf4085de0565bbcd2.tar.gz
kcmldap-94ba247eec24814e287c4bebf4085de0565bbcd2.zip
Write the LDAP conf file as well
Diffstat
-rw-r--r--debian/control2
-rw-r--r--src/ldap.cpp86
-rw-r--r--src/ldap.h8
-rw-r--r--src/ldapconfigbase.ui213
4 files changed, 303 insertions, 6 deletions
diff --git a/debian/control b/debian/control
index 2c1ce15..a50fc24 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,6 @@ Standards-Version: 3.8.4
Package: kcontrol-ldap-trinity
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, heimdal-clients, libpam-krb5, libpam-ldap, nss-updatedb, libpam-ccreds
Description: LDAP control module for the TDE control center
LDAP is a TDE control center module to manage TDE connections to LDAP realms. \ No newline at end of file
diff --git a/src/ldap.cpp b/src/ldap.cpp
index 306d8c6..2394b03 100644
--- a/src/ldap.cpp
+++ b/src/ldap.cpp
@@ -48,6 +48,8 @@
// Connect this to CMake/Automake
#define KDE_CONFDIR "/etc/trinity"
#define KRB5_FILE "/etc/krb5.conf"
+#define LDAP_FILE "/etc/ldap.conf"
+#define DEFAULT_IGNORED_USERS_LIST "avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,haldaemon,hplip,irc,klog,landscape,libuuid,list,lp,mail,man,messagebus,news,ntp,polkituser,postfix,proxy,pulse,root,rtkit,saned,sshd,statd,sync,sys,syslog,timidity,usbmux,uucp,www-data"
typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory;
@@ -89,6 +91,13 @@ LDAPConfig::LDAPConfig(TQWidget *parent, const char *name, const TQStringList&)
connect(base->btnDeactivateRealm, TQT_SIGNAL(clicked()), this, TQT_SLOT(deactivateRealm()));
connect(base->btnRealmProperties, TQT_SIGNAL(clicked()), this, TQT_SLOT(realmProperties()));
+ connect(base->ldapVersion, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
+ connect(base->ldapTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
+ connect(base->bindPolicy, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
+ connect(base->ldapBindTimeout, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(changed()));
+ connect(base->passwordHash, TQT_SIGNAL(activated(int)), this, TQT_SLOT(changed()));
+ connect(base->ignoredUsers, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(changed()));
+
load();
if (getuid() != 0 || !systemconfig->checkConfigFilesWritable( true )) {
@@ -110,6 +119,8 @@ void LDAPConfig::load() {
void LDAPConfig::load(bool useDefaults )
{
+ int i;
+
//Update the toggle buttons with the current configuration
systemconfig->setReadDefaults( useDefaults );
@@ -117,6 +128,13 @@ void LDAPConfig::load(bool useDefaults )
base->systemEnableSupport->setChecked(systemconfig->readBoolEntry("EnableLDAP", false));
m_defaultRealm = systemconfig->readEntry("DefaultRealm", TQString::null);
m_ticketLifetime = systemconfig->readNumEntry("TicketLifetime", 86400);
+
+ m_ldapVersion = systemconfig->readNumEntry("ConnectionLDAPVersion", 3);
+ m_ldapTimeout = systemconfig->readNumEntry("ConnectionLDAPTimeout", 2);
+ m_bindPolicy = systemconfig->readEntry("ConnectionBindPolicy", "soft");
+ m_ldapBindTimeout = systemconfig->readNumEntry("ConnectionBindTimeout", 2);
+ m_passwordHash = systemconfig->readEntry("ConnectionPasswordHash", "exop");
+ m_ignoredUsers = systemconfig->readEntry("ConnectionIgnoredUsers", DEFAULT_IGNORED_USERS_LIST);
// Load realms
m_realms.clear();
@@ -149,6 +167,24 @@ void LDAPConfig::load(bool useDefaults )
}
base->ticketLifetime->setValue(m_ticketLifetime);
+
+ base->ldapVersion->setValue(m_ldapVersion);
+ base->ldapTimeout->setValue(m_ldapTimeout);
+ for (i=0; i<base->bindPolicy->count(); i++) {
+ if (base->bindPolicy->text(i).lower() == m_defaultRealm.lower()) {
+ base->bindPolicy->setCurrentItem(i);
+ break;
+ }
+ }
+ base->ldapBindTimeout->setValue(m_ldapBindTimeout);
+ for (i=0; i<base->passwordHash->count(); i++) {
+ if (base->passwordHash->text(i).lower() == m_passwordHash.lower()) {
+ base->passwordHash->setCurrentItem(i);
+ break;
+ }
+ }
+ base->ignoredUsers->setText(m_ignoredUsers);
+
updateRealmList();
processLockouts();
@@ -186,6 +222,14 @@ void LDAPConfig::save() {
systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked());
m_defaultRealm = base->defaultRealm->currentText();
m_ticketLifetime = base->ticketLifetime->value();
+
+ m_ldapVersion = base->ldapVersion->value();
+ m_ldapTimeout = base->ldapTimeout->value();
+ m_bindPolicy = base->bindPolicy->currentText();
+ m_ldapBindTimeout = base->ldapBindTimeout->value();
+ m_passwordHash = base->passwordHash->currentText();
+ m_ignoredUsers = base->ignoredUsers->text();
+
if (m_defaultRealm != "") {
systemconfig->writeEntry("DefaultRealm", m_defaultRealm);
}
@@ -194,6 +238,13 @@ void LDAPConfig::save() {
}
systemconfig->writeEntry("TicketLifetime", m_ticketLifetime);
+ systemconfig->writeEntry("ConnectionLDAPVersion", m_ldapVersion);
+ systemconfig->writeEntry("ConnectionLDAPTimeout", m_ldapTimeout);
+ systemconfig->writeEntry("ConnectionBindPolicy", m_bindPolicy);
+ systemconfig->writeEntry("ConnectionBindTimeout", m_ldapBindTimeout);
+ systemconfig->writeEntry("ConnectionPasswordHash", m_passwordHash);
+ systemconfig->writeEntry("ConnectionIgnoredUsers", m_ignoredUsers);
+
LDAPRealmConfigList::Iterator it;
for (it = m_realms.begin(); it != m_realms.end(); ++it) {
LDAPRealmConfig realmcfg = it.data();
@@ -230,8 +281,12 @@ void LDAPConfig::save() {
systemconfig->sync();
- // Write the Kerberos5 configuration file
- writeKrb5ConfFile();
+ if (base->systemEnableSupport->isChecked()) {
+ // Write the Kerberos5 configuration file
+ writeKrb5ConfFile();
+ // Write the LDAP configuration file
+ writeLDAPConfFile();
+ }
load();
}
@@ -240,6 +295,8 @@ void LDAPConfig::processLockouts() {
bool panelIsEnabled = base->systemEnableSupport->isChecked();
base->groupRealms->setEnabled(panelIsEnabled);
+ base->groupKrbDefaults->setEnabled(panelIsEnabled);
+ base->groupConnectionParameters->setEnabled(panelIsEnabled);
TQListViewItem *selrealm = base->ldapRealmList->selectedItem();
if (selrealm) {
@@ -414,6 +471,31 @@ void LDAPConfig::writeKrb5ConfFile() {
}
}
+void LDAPConfig::writeLDAPConfFile() {
+ TQFile file(LDAP_FILE);
+ if (file.open(IO_WriteOnly)) {
+ TQTextStream stream( &file );
+
+ LDAPRealmConfig realmcfg = m_realms[m_defaultRealm];
+
+ stream << "# This file was automatically generated by TDE\n";
+ stream << "# All changes will be lost!\n";
+ stream << "\n";
+
+ stream << "host " << realmcfg.admin_server << "\n";
+ TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
+ stream << "base dc=" << domainChunks.join(",dc=") << "\n";
+ stream << "ldap_version " << m_ldapVersion << "\n";
+ stream << "timelimit " << m_ldapTimeout << "\n";
+ stream << "bind_timelimit " << m_ldapBindTimeout << "\n";
+ stream << "bind_policy " << m_bindPolicy.lower() << "\n";
+ stream << "pam_password " << m_passwordHash.lower() << "\n";
+ stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n";
+
+ file.close();
+ }
+}
+
int LDAPConfig::buttons() {
return KCModule::Apply|KCModule::Help;
}
diff --git a/src/ldap.h b/src/ldap.h
index 923d8f6..7e2e236 100644
--- a/src/ldap.h
+++ b/src/ldap.h
@@ -88,6 +88,7 @@ class LDAPConfig: public KCModule
private:
void updateRealmList();
void writeKrb5ConfFile();
+ void writeLDAPConfFile();
private:
KAboutData *myAboutData;
@@ -96,6 +97,13 @@ class LDAPConfig: public KCModule
LDAPRealmConfigList m_realms;
TQString m_defaultRealm;
int m_ticketLifetime;
+
+ int m_ldapVersion;
+ int m_ldapTimeout;
+ TQString m_bindPolicy;
+ int m_ldapBindTimeout;
+ TQString m_passwordHash;
+ TQString m_ignoredUsers;
};
#endif
diff --git a/src/ldapconfigbase.ui b/src/ldapconfigbase.ui
index bf81979..ee6e963 100644
--- a/src/ldapconfigbase.ui
+++ b/src/ldapconfigbase.ui
@@ -138,12 +138,42 @@
</widget>
</grid>
</widget>
- <widget class="TQGroupBox" row="2" column="0">
+ <spacer row="4" column="0">
+ <property name="name" stdset="0">
+ <cstring>Spacer1</cstring>
+ </property>
+ <property name="orientation">
+ <enum>Vertical</enum>
+ </property>
+ <property name="sizeType">
+ <enum>Expanding</enum>
+ </property>
+ <property name="sizeHint">
+ <size>
+ <width>20</width>
+ <height>20</height>
+ </size>
+ </property>
+ </spacer>
+ </grid>
+ </widget>
+ <widget class="TQWidget">
+ <property name="name">
+ <cstring>tab</cstring>
+ </property>
+ <attribute name="title">
+ <string>LDAP Globals</string>
+ </attribute>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="TQGroupBox" row="0" column="0">
<property name="name">
- <cstring>groupDefaults</cstring>
+ <cstring>groupKrbDefaults</cstring>
</property>
<property name="title">
- <string>LDAP Default Settings</string>
+ <string>Kerberos Default Settings</string>
</property>
<grid>
<property name="name">
@@ -199,6 +229,183 @@
</widget>
</grid>
</widget>
+ <widget class="TQGroupBox" row="1" column="0">
+ <property name="name">
+ <cstring>groupConnectionParameters</cstring>
+ </property>
+ <property name="title">
+ <string>LDAP Connection Parameters</string>
+ </property>
+ <grid>
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <widget class="TQLabel" row="0" column="0">
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <property name="text">
+ <string>LDAP Version</string>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>0</hsizetype>
+ <vsizetype>0</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ </widget>
+ <widget class="KIntNumInput" row="0" column="1" >
+ <property name="name">
+ <cstring>ldapVersion</cstring>
+ </property>
+ <property name="minValue">
+ <number>1</number>
+ </property>
+ <property name="maxValue">
+ <number>3</number>
+ </property>
+ </widget>
+ <widget class="TQLabel" row="0" column="2">
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <property name="text">
+ <string>Time Limit (seconds)</string>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>0</hsizetype>
+ <vsizetype>0</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ </widget>
+ <widget class="KIntNumInput" row="0" column="3" >
+ <property name="name">
+ <cstring>ldapTimeout</cstring>
+ </property>
+ <property name="minValue">
+ <number>1</number>
+ </property>
+ <property name="maxValue">
+ <number>1000000</number>
+ </property>
+ </widget>
+ <widget class="TQLabel" row="1" column="0">
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <property name="text">
+ <string>Binding Policy</string>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>0</hsizetype>
+ <vsizetype>0</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ </widget>
+ <widget class="KComboBox" row="1" column="1" >
+ <property name="name">
+ <cstring>bindPolicy</cstring>
+ </property>
+ <item>
+ <property name="text">
+ <string>soft</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>hard</string>
+ </property>
+ </item>
+ </widget>
+ <widget class="TQLabel" row="1" column="2">
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <property name="text">
+ <string>Binding Time Limit (seconds)</string>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>0</hsizetype>
+ <vsizetype>0</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ </widget>
+ <widget class="KIntNumInput" row="1" column="3" >
+ <property name="name">
+ <cstring>ldapBindTimeout</cstring>
+ </property>
+ <property name="minValue">
+ <number>1</number>
+ </property>
+ <property name="maxValue">
+ <number>1000000</number>
+ </property>
+ </widget>
+ <widget class="TQLabel" row="2" column="0">
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <property name="text">
+ <string>Password Hash</string>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>0</hsizetype>
+ <vsizetype>0</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ </widget>
+ <widget class="KComboBox" row="2" column="1" >
+ <property name="name">
+ <cstring>passwordHash</cstring>
+ </property>
+ <item>
+ <property name="text">
+ <string>exop</string>
+ </property>
+ </item>
+ <item>
+ <property name="text">
+ <string>md5</string>
+ </property>
+ </item>
+ </widget>
+ <widget class="TQLabel" row="2" column="2">
+ <property name="name">
+ <cstring>unnamed</cstring>
+ </property>
+ <property name="text">
+ <string>Ignored Users</string>
+ </property>
+ <property name="sizePolicy">
+ <sizepolicy>
+ <hsizetype>0</hsizetype>
+ <vsizetype>0</vsizetype>
+ <horstretch>0</horstretch>
+ <verstretch>0</verstretch>
+ </sizepolicy>
+ </property>
+ </widget>
+ <widget class="KLineEdit" row="2" column="3" >
+ <property name="name">
+ <cstring>ignoredUsers</cstring>
+ </property>
+ </widget>
+ </grid>
+ </widget>
<spacer row="4" column="0">
<property name="name" stdset="0">
<cstring>Spacer4</cstring>
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-19 14:08:47 +0000