Mailinglist Archive: yast-commit (1109 mails)

< Previous Next >
[yast-commit] r50616 - in /trunk/ldap: VERSION package/yast2-ldap.changes src/LdapServerAccess.pm
  • From: jsuchome@xxxxxxxxxxxxxxxx
  • Date: Wed, 03 Sep 2008 12:41:05 -0000
  • Message-id: <20080903124105.7057630B21@xxxxxxxxxxxxxxxx>
Author: jsuchome
Date: Wed Sep 3 14:41:05 2008
New Revision: 50616

URL: http://svn.opensuse.org/viewcvs/yast?rev=50616&view=rev
Log:
- LdapServerAccess.pm: adapted to new LdapServer API
(rhafer, bnc#422523)
- 2.17.3


Modified:
trunk/ldap/VERSION
trunk/ldap/package/yast2-ldap.changes
trunk/ldap/src/LdapServerAccess.pm

Modified: trunk/ldap/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap/VERSION?rev=50616&r1=50615&r2=50616&view=diff
==============================================================================
--- trunk/ldap/VERSION (original)
+++ trunk/ldap/VERSION Wed Sep 3 14:41:05 2008
@@ -1 +1 @@
-2.17.2
+2.17.3

Modified: trunk/ldap/package/yast2-ldap.changes
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap/package/yast2-ldap.changes?rev=50616&r1=50615&r2=50616&view=diff
==============================================================================
--- trunk/ldap/package/yast2-ldap.changes (original)
+++ trunk/ldap/package/yast2-ldap.changes Wed Sep 3 14:41:05 2008
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Wed Sep 3 14:34:14 CEST 2008 - jsuchome@xxxxxxx
+
+- LdapServerAccess.pm: adapted to new LdapServer API
+ (rhafer, bnc#422523)
+- 2.17.3
+
+-------------------------------------------------------------------
Wed Aug 6 11:36:43 CEST 2008 - jsuchome@xxxxxxx

- adapted LdapServerAccess to new API of yast2-ldap-server (rhafer)

Modified: trunk/ldap/src/LdapServerAccess.pm
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap/src/LdapServerAccess.pm?rev=50616&r1=50615&r2=50616&view=diff
==============================================================================
--- trunk/ldap/src/LdapServerAccess.pm (original)
+++ trunk/ldap/src/LdapServerAccess.pm Wed Sep 3 14:41:05 2008
@@ -147,24 +147,42 @@
return undef;
}
my $indices = YaPI::LdapServer->ReadIndex ($suffix);
- my $index_mod = { "name" => $attr };
+ my $index_mod = { "name" => $attr,
+ "eq" => 0,
+ "sub" => 0,
+ "pres" => 0
+ };
+
if (defined $indices && ref ($indices) eq "HASH") {

if ( defined $indices->{$attr} )
{
-
+ if (! defined $indices->{$attr}->{'eq'} )
+ {
+ $indices->{$attr}->{'eq'} = 0;
+ }
+ if (! defined $indices->{$attr}->{'sub'} )
+ {
+ $indices->{$attr}->{'sub'} = 0;
+ }
+ if (! defined $indices->{$attr}->{'pres'} )
+ {
+ $indices->{$attr}->{'pres'} = 0;
+ }
+
if ( ( grep /^eq$/, @param ) || ( $indices->{$attr}->{'eq'} ) )
{
$index_mod->{'eq'} = 1;
}
if ( ( grep /^sub$/, @param ) || ( $indices->{$attr}->{'sub'} ) )
{
- $index_mod->{'pres'} = 1;
+ $index_mod->{'sub'} = 1;
}
if ( ( grep /^pres$/, @param ) || ( $indices->{$attr}->{'pres'} ) )
{
$index_mod->{'pres'} = 1;
}
+
if ( ( $index_mod->{'pres'} == $indices->{$attr}->{'pres'} ) &&
( $index_mod->{'sub'} == $indices->{$attr}->{'sub'} ) &&
( $index_mod->{'eq'} == $indices->{$attr}->{'eq'} ) )
@@ -181,7 +199,7 @@
}
if ( grep /^sub$/, @param )
{
- $index_mod->{'pres'} = 1;
+ $index_mod->{'sub'} = 1;
}
if ( grep /^pres$/, @param )
{
@@ -196,10 +214,6 @@
if (!YaPI::LdapServer->EditIndex ($suffix, $index_mod)) {
return undef;
}
- if ($restart) {
- # No restart needed anymore
- # YaPI::LdapServer->SwitchService(1);
- }
}
return Boolean(1);
}
@@ -207,18 +221,19 @@
}

# adapt LDAP server ACL: allow administrator access, but deny everyone else
-# 1. param: administrator's DN
-# 2. param: restart LDAP server?
+# 1. param: DN which should have write access
+# 2. param: base DN of the database
# return value: was anyting modified? (boolean) or undef on error
BEGIN {$TYPEINFO{AddSambaACLHack} = ["function",
"boolean",
"string", "boolean"]
}
-sub AddSambaACLHack {
+
+sub AddSambaACL {

my $self = shift;
my $dn = shift;
- my $restart = shift;
+ my $suffix = shift;

if (Mode->config ()) {
return Boolean (1);
@@ -230,14 +245,54 @@
}

require YaPI::LdapServer;
+ my $aclList = YaPI::LdapServer->ReadAcl($suffix);
+
+ #
+ # Check if there are already acl in place for the samba attributes
+ #
+ foreach my $acl (@{$aclList})
+ {
+ if ( defined ( $acl->{'target'}->{'attrs'} ) )
+ {
+ my @attr = split /,/, $acl->{'target'}->{'attrs'};
+ if ( ( grep { lc($_) eq "sambalmpassword" } @attr ) ||
+ ( grep { lc($_) eq "sambantpassword" } @attr ) )
+ {
+ y2milestone("Samba ACLs already present");
+ return Boolean(0);
+ }
+ }
+ }

- if (!SCR->Write (".ldapserver.sambaACLHack", $dn)) {
+ my @newAcl = (
+ {
+ 'target' => {
+ 'attrs' => 'sambaLMPassword,sambaNTPassword',
+ 'dn' => {
+ 'style' => 'subtree',
+ 'value' => $suffix
+ }
+ },
+ 'access' => [
+ {
+ 'level' => 'write',
+ 'type' => 'dn.base',
+ 'value' => $dn
+ },
+ {
+ 'level' => 'none',
+ 'type' => '*',
+ },
+ ]
+ }
+ );
+ push @newAcl,(@$aclList);
+
+ if ( ! YaPI::LdapServer->WriteAcl($suffix, \@newAcl ) )
+ {
return undef;
}
- if ($restart) {
- YaPI::LdapServer->SwitchService(1);
- }
- return Boolean (1);
+ return Boolean(1);
}

42;

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages