diff options
| author | Timothy Pearson <[email protected]> | 2014-01-06 17:49:26 -0600 |
|---|---|---|
| committer | Timothy Pearson <[email protected]> | 2014-01-06 17:49:26 -0600 |
| commit | 571e1739fb4f6cf77c1e7297670801114b6de717 (patch) | |
| tree | 2a13cfd3c285b2a04e1963c85879a103264c65e5 | |
| parent | 39c401b796d4f896dd66e2b55287e8f18e564939 (diff) | |
| download | libtdeldap-571e1739fb4f6cf77c1e7297670801114b6de717.tar.gz libtdeldap-571e1739fb4f6cf77c1e7297670801114b6de717.zip | |
Fix LDAP CA root file configuration
| -rw-r--r-- | src/libtdeldap.cpp | 9 | ||||
| -rw-r--r-- | src/libtdeldap.h | 8 |
2 files changed, 14 insertions, 3 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index a416db0..8cf4bdd 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -2772,7 +2772,7 @@ int LDAPManager::moveKerberosEntries(TQString newSuffix, TQString* errstr) { return -1; } -int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr) { +int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr) { KSimpleConfig* systemconfig; TQString m_defaultRealm; int m_ldapVersion; @@ -2812,7 +2812,12 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr) { stream << "bind_policy " << m_bindPolicy.lower() << "\n"; stream << "pam_password " << m_passwordHash.lower() << "\n"; stream << "nss_initgroups_ignoreusers " << m_ignoredUsers << "\n"; - stream << "tls_cacert " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n"; + if (machineRole == ROLE_WORKSTATION) { + stream << "tls_cacert " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n"; + } + else { + stream << "tls_cacert " << KERBEROS_PKI_PEM_FILE << "\n"; + } } file.close(); diff --git a/src/libtdeldap.h b/src/libtdeldap.h index cde314c..814fc0a 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -90,6 +90,12 @@ enum LDAPKRB5Flags { KRB5_FLAG_MAX = 0x80000000 }; +enum LDAPMachineRole { + ROLE_WORKSTATION = 0, + ROLE_SECONDARY_REALM_CONTROLLER = 1, + ROLE_PRIMARY_REALM_CONTROLLER = 2 +}; + inline LDAPKRB5Flags operator|(LDAPKRB5Flags a, LDAPKRB5Flags b) { return static_cast<LDAPKRB5Flags>(static_cast<int>(a) | static_cast<int>(b)); @@ -514,7 +520,7 @@ class LDAPManager : public TQObject { static LDAPClientRealmConfig loadClientRealmConfig(KSimpleConfig* config, bool useDefaults=false); static int saveClientRealmConfig(LDAPClientRealmConfig clientRealmConfig, KSimpleConfig* config, TQString *errstr=0); static int writeClientKrb5ConfFile(LDAPClientRealmConfig clientRealmConfig, LDAPRealmConfigList realmList, TQString *errstr=0); - static int writeLDAPConfFile(LDAPRealmConfig realmcfg, TQString *errstr=0); + static int writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole machineRole, TQString *errstr=0); static int writeNSSwitchFile(TQString *errstr=0); static int writeClientCronFiles(TQString *errstr=0); static int writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr=0); |