diff options
| author | Timothy Pearson <[email protected]> | 2012-06-06 17:38:31 -0500 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2012-06-06 17:38:31 -0500 |
| commit | 372cfda98cce196428a250ef9a60df64c0f7296e (patch) | |
| tree | dfe88937f13e7d148aa063be06b00aafd2119013 /src/ldapbonding.cpp | |
| parent | 0792d5408516a0a4c04e56cabefa7d1ffc440899 (diff) | |
| download | kcmldap-372cfda98cce196428a250ef9a60df64c0f7296e.tar.gz kcmldap-372cfda98cce196428a250ef9a60df64c0f7296e.zip | |
Write cert and sudoers files
Diffstat (limited to 'src/ldapbonding.cpp')
| -rw-r--r-- | src/ldapbonding.cpp | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/src/ldapbonding.cpp b/src/ldapbonding.cpp index d0d5346..4d939b3 100644 --- a/src/ldapbonding.cpp +++ b/src/ldapbonding.cpp @@ -54,7 +54,6 @@ #define PAMD_DIRECTORY "/etc/pam.d/" #define PAMD_COMMON_ACCOUNT "common-account" #define PAMD_COMMON_AUTH "common-auth" -#define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db" typedef KGenericFactory<LDAPConfig, TQWidget> ldapFactory; @@ -243,6 +242,8 @@ void LDAPConfig::defaults() { } void LDAPConfig::save() { + TQString errorstring; + // Write system configuration systemconfig->setGroup(NULL); systemconfig->writeEntry("EnableLDAP", base->systemEnableSupport->isChecked()); @@ -285,9 +286,24 @@ void LDAPConfig::save() { // Write the PAM configuration files writePAMFiles(); // Write the cron files - writeCronFiles(); - // RAJA FIXME - // Update the SUDOERS file with the domain-wide computer local admin group! + LDAPManager::writeCronFiles(); + + // Bind anonymously to LDAP + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = ""; + credentials->password = ""; + credentials->realm = m_defaultRealm.upper(); + LDAPManager* ldap_mgr = new LDAPManager(m_defaultRealm.upper(), "ldap://", credentials); + + // Add the domain-wide computer local admin group to local sudoers + ldap_mgr->writeSudoersConfFile(&errorstring); + // Get and install the CA root certificate from LDAP + mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + ldap_mgr->getTDECertificate("publicRootCertificate", KERBEROS_PKI_PUBLICDIR + m_realms[m_defaultRealm].admin_server + ".ldap.crt", &errorstring); + + delete ldap_mgr; + delete credentials; } load(); @@ -664,21 +680,6 @@ void LDAPConfig::writePAMFiles() { } } -void LDAPConfig::writeCronFiles() { - TQFile file(CRON_UPDATE_NSS_FILE); - if (file.open(IO_WriteOnly)) { - TQTextStream stream( &file ); - - stream << "# This file was automatically generated by TDE\n"; - stream << "# All changes will be lost!\n"; - stream << "\n"; - stream << "#!/bin/sh" << "\n"; - stream << "/usr/sbin/nss_updatedb ldap" << "\n"; - - file.close(); - } -} - int LDAPConfig::buttons() { return KCModule::Apply|KCModule::Help; } |