[yast-commit] r59379 - in /branches/SuSE-Code-11-SP1-Branch/ldap-server/src: LdapServer.pm dialogs.ycp wizards.ycp

Author: rhafer Date: Fri Nov 6 14:52:54 2009 New Revision: 59379 URL: http://svn.opensuse.org/viewcvs/yast?rev=59379&view=rev Log: initial implementation of a Wizard to setup cn=config replication Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp branches/SuSE-Code-11-SP1-Branch/ldap-server/src/wizards.ycp Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm?rev=59379&r1=59378&r2=59379&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm (original) +++ branches/SuSE-Code-11-SP1-Branch/ldap-server/src/LdapServer.pm Fri Nov 6 14:52:54 2009 @@ -2437,5 +2437,207 @@ y2milestone("ReadPpolicyDefault ". Data::Dumper->Dump([$ppolicy_objects->{$suffix}]) ); return $ppolicy_objects->{$suffix} } + +BEGIN { $TYPEINFO {SetupRemoteForReplication} = ["function", "boolean", ["map", "string", "any"] ]; } +sub SetupRemoteForReplication +{ + my ( $self, $param) = @_; + $param->{'target'}->{'port'} = YaST::YCP::Integer($param->{'target'}->{'port'}); + $param->{'starttls'} = YaST::YCP::Boolean($param->{'starttls'}); + + SCR->Execute(".ldapserver.init", $param ); + + my @db_changes = (); + my $dbs = $self->ReadDatabaseList(); + for ( my $i=0; $i < scalar(@{$dbs})-1; $i++) + { + my $type = $dbs->[$i+1]->{'type'}; + my $suffix = $dbs->[$i+1]->{'suffix'}; + if ( $type eq "config" || $type eq "bdb" || $type eq "hdb" ) + { + my $changes = { "index" => $i, "suffix" => $suffix }; + my $db = SCR->Read(".ldapserver.database.{".$i."}" ); + my $prv = SCR->Read(".ldapserver.database.{".$i."}.syncprov" ); + if ( keys %{$prv} == 0 ) + { + y2milestone("Database $i needs syncprov overlay"); + $changes->{'needsyncprov'} = 1; + } + else + { + $changes->{'needsyncprov'} = 0; + } + + my $cons = SCR->Read(".ldapserver.database.{".$i."}.syncrepl" ); + if ( keys %{$cons} == 0 ) + { + y2milestone("Database $i needs syncrepl config"); + $changes->{'needsyncrepl'} = 1; + } + else + { + $changes->{'needsyncrepl'} = 0; + } + if ( lc($db->{'rootdn'}) eq lc($param->{'binddn'}) ) + { + y2milestone("Repl DN is rootdn of database $i. No ACL needed"); + $changes->{'needsyncacl'} = 0; + } + else + { + my $acl = SCR->Read(".ldapserver.database.{".$i."}.acl" ); + my $needacl=1; + my @syncacl = ({ + 'target' => {}, + 'access' => [ + { 'type' => "dn.base", + 'value' => $param->{'binddn'}, + 'level' => "read", + 'control' => "" }, + { 'type' => "*", + 'value' => "", + 'level' => "", + 'control' => "break" } + ] + }); + foreach my $rule ( @{$acl} ) + { + my $wholedb=0; + if ( keys %{$rule->{'target'}} == 0 ) + { + $wholedb=1; + } + elsif ( defined $rule->{'target'}->{'dn'} && + $rule->{'target'}->{'dn'}->{'style'} eq "subtree" && + lc($rule->{'target'}->{'dn'}->{'value'}) eq lc($suffix) + ) + { + $wholedb=1; + } + else + { + # rule doesn't match the whole database + $wholedb=0; + last; + + } + if ($wholedb) + { + # this rule matches all db entries, check if it gives + # at least read access to the provided syncrepl id + foreach my $access ( @{$rule->{'access'}} ) + { + if ( $access->{'type'} eq "dn.base" && + lc($access->{'value'}) eq lc($param->{'binddn'} ) && + ($access->{'level'} eq "read" || $access->{'level'} eq "write") + ) + { + y2milestone("Found matching ACL in database $i"); + $needacl = 0; + last; + } + } + if (! $needacl) + { + last; + } + } + } + if ( $needacl ) + { + y2milestone("Database $i needs sync-acl"); + $changes->{'needsyncacl'} = 1; + } + else + { + $changes->{'needsyncacl'} = 0; + } + } + push @db_changes, $changes; + } + } + foreach my $db_change (@db_changes) + { + my $i = $db_change->{'index'}; + if ($db_change->{'needsyncacl'} ) + { + y2milestone("Adding ACL for syncrepl to database $i"); + my @syncacl = ({ + 'target' => {}, + 'access' => [ + { 'type' => "dn.base", + 'value' => $param->{'binddn'}, + 'level' => "read", + 'control' => "" }, + { 'type' => "*", + 'value' => "", + 'level' => "", + 'control' => "break" } + ] + }); + my $acl = SCR->Read(".ldapserver.database.{".$i."}.acl" ); + push @syncacl, (@$acl); + my $rc = SCR->Write(".ldapserver.database.{".$i."}.acl", \@syncacl ); + } + if ( $db_change->{'needsyncprov'} ) + { + y2milestone("Enabling syncrepl provider overlay on database $i"); + my $syncprov = { 'enabled' => 1, + 'checkpoint' => { 'ops' => YaST::YCP::Integer(100), + 'min' => YaST::YCP::Integer(5) + } + }; + SCR->Write(".ldapserver.database.{".$i."}.syncprov", $syncprov); + } + if ( $db_change->{'needsyncrepl'} ) + { + y2milestone("Adding syncrepl consumer configuration for database $i"); + my $syncrepl = { + "provider" => { + "protocol" => $param->{'target'}->{'protocol'}, + "target" => $param->{'target'}->{'target'}, + "port" => $param->{'target'}->{'port'} + }, + "type" => "refreshAndPersist", + "binddn" => $param->{'binddn'}, + "credentials" => $param->{'credentials'}, + "basedn" => $db_change->{"suffix"}, + "starttls" => $param->{'starttls'} + }; + SCR->Write(".ldapserver.database.{".$i."}.syncrepl", $syncrepl ); + } + } + y2milestone("Comminting changes to provider LDAP"); + SCR->Execute(".ldapserver.commitChanges" ); + SCR->Execute(".ldapserver.reset" ); + + # Remote should be ready now. Now create the local config stub required + # to initiate cn=config replication + SCR->Execute(".ldapserver.initGlobals" ); + + #SCR->Write(".ldapserver.global.serverIds", [ $ownServerId ] ); + my $cfgdatabase = { 'type' => 'config', + 'rootdn' => 'cn=config' }; + my $frontenddb = { 'type' => 'frontend' }; + SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase ] ); + my $syncrepl = { + "provider" => { + "protocol" => $param->{'target'}->{'protocol'}, + "target" => $param->{'target'}->{'target'}, + "port" => $param->{'target'}->{'port'} + }, + "type" => "refreshAndPersist", + "binddn" => $param->{'binddn'}, + "credentials" => $param->{'credentials'}, + "basedn" => "cn=config", + "starttls" => $param->{'starttls'}, + "updateref" => {} + }; + SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl ); + $overwriteConfig = 1; + $isSyncreplSlave = 1; + + return 1; +} 1; # EOF Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp?rev=59379&r1=59378&r2=59379&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/ldap-server/src/dialogs.ycp Fri Nov 6 14:52:54 2009 @@ -275,6 +275,58 @@ return ret; } +any ServerTypeDialog() +{ + term serverTypeWidget = + `HSquash( + `VBox( + `Heading( _("Please select Server type") ), + `VSpacing(), + `RadioButtonGroup( + `id( `rbg_servertype ), + `VBox( + `Left( + `RadioButton( + `id( `rb_master ), + _("This will be a standalone or master server"), + true + ) + ), + `VSpacing(), + `Left( + `RadioButton( + `id( `rb_slave ), + _("This will be a replica (slave) server.\n") + + _("All data including configuration will replicated from a remote server."), + false + ) + ) + ) + ) + ) + ); + Wizard::SetContentsButtons( caption, + serverTypeWidget, + HELPS["server_type"]:"help not found", + Label::BackButton(), + Label::NextButton() ); + any ret = nil; + while ( true ) + { + ret = UI::UserInput(); + y2milestone( "TlsConfigDialog: seeing return value '%1'", ret ); + if ( ret == `next ) + { + if (UI::QueryWidget( `id( `rbg_servertype ), `CurrentButton) == `rb_slave ) + { + ret = `slave_setup; + } + } + return ret; + } + return ret; +} + any TlsConfigDialog() { Wizard::SetContentsButtons( caption, @@ -467,5 +519,130 @@ return ret; } +any SlaveSetupDialog() +{ + term widget = + `HSquash( + `VBox( + `Heading( _("Slave server setup") ), + `VSpacing(), + `VSquash( + `HBox( + `ComboBox( `id( `cb_sync_prot ), `opt(`notify), _("Protocol"), [ "ldap", "ldaps" ] ), + `HSpacing(), + `InputField( `id( `te_sync_target ), `opt(`hstretch), _("Provider Hostname"), "" ), + `HSpacing(), + `HSquash( + `IntField( `id(`if_sync_port), "Port", 0, 65536, 389) + ), + `HSpacing(), + `VBox( + `Bottom( + `CheckBox( `id( `cb_start_tls ), _("Use StartTLS"), true ) + ), + `VSpacing(0.3) + ) + ) + ), + `VSpacing(0.3), + `Password( `id( `te_config_cred ), `opt(`hstretch), _("Administration Password for the \"cn=config\" Database"), "" ), + `VSpacing(0.3), + `HBox( + `InputField( `id( `te_sync_binddn ), `opt(`hstretch), _("Authentication DN to use for replication"), "" ), + `HSpacing(), + `Password( `id( `te_sync_cred ), `opt(`hstretch), _("Password"), "" ) + ) + ) + ); + + Wizard::SetContentsButtons( caption, + widget, + HELPS["slave_dialog"]:"help not found", + Label::BackButton(), + Label::NextButton() ); + any ret = nil; + while ( true ) + { + UI::ChangeWidget(`cb_start_tls, `Enabled, false ); + ret = UI::UserInput(); + y2milestone( "SlaveSetupDialog: seeing return value '%1'", ret ); + if ( ret == `next ) + { + // test connection + map provider = $[ + "protocol" : (string)UI::QueryWidget( `cb_sync_prot, `Value ), + "target" : (string)UI::QueryWidget( `te_sync_target, `Value ), + "port" : (integer)UI::QueryWidget( `if_sync_port, `Value ) + ]; + map testparm = $[]; + testparm = add(testparm, "target", provider ); + if ( provider["protocol"]:"ldap" == "ldap" ) + { + testparm = add(testparm, "starttls", true ); + } + else + { + testparm = add(testparm, "starttls", false ); + } + testparm = add(testparm, "basedn", "cn=config" ); + testparm = add(testparm, "binddn", "cn=config" ); + testparm = add(testparm, "credentials", (string)UI::QueryWidget(`te_config_cred, `Value) ); + if(!(boolean)SCR::Execute( .ldapserver.remoteBindCheck, testparm ) ) + { + map err = SCR::Error(.ldapserver); + Popup::ErrorDetails( _("Verifying the administration Password for the \"cn=config\" Database failed"), + _("The test returned the following error messages:") + + "\n\n\"" + + (string)err["summary"]:"" + "\"\n\"" + (string)err["description"]:"" + "\"\n" ); + continue; + } + + testparm["configcred"] = testparm["credentials"]:""; + testparm["binddn"] = (string)UI::QueryWidget(`te_sync_binddn, `Value); + testparm["credentials"] = (string)UI::QueryWidget(`te_sync_cred, `Value); + if(!(boolean)SCR::Execute( .ldapserver.remoteBindCheck, testparm ) ) + { + map err = SCR::Error(.ldapserver); + return Popup::ContinueCancelHeadline( + _("Verifying the Authentication DN and password for replication failed"), + _("The test returned the following error messages:") + + "\n\n\"" + + (string)err["summary"]:"" + "\"\n\"" + (string)err["description"]:"" + + "\"\n\n" + + _("Do you want to still want to continue?")); + } + if (!(boolean) LdapServer::SetupRemoteForReplication( testparm ) ) + { + map err = LdapServer::ReadError(); + Popup::Error( (string)err["msg"]:"" + "\n" + (string)err["details"]:"" + "\n" ); + } + } + if ( ret == `cb_sync_prot ) + { + string prot = (string) UI::QueryWidget( `cb_sync_prot, `Value ); + integer port = (integer) UI::QueryWidget( `if_sync_port, `Value ); + if ( prot == "ldaps" ) + { + UI::ChangeWidget( `cb_start_tls, `Value, false ); + if ( port == 389 ) + { + UI::ChangeWidget( `if_sync_port, `Value, 636 ); + } + } + else + { + UI::ChangeWidget( `cb_start_tls, `Value, true ); + if ( port == 636 ) + { + UI::ChangeWidget( `if_sync_port, `Value, 389 ); + } + } + continue; + } + return ret; + } + return ret; +} + /* EOF */ } Modified: branches/SuSE-Code-11-SP1-Branch/ldap-server/src/wizards.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP1-Branch/ldap-server/src/wizards.ycp?rev=59379&r1=59378&r2=59379&view=diff ============================================================================== --- branches/SuSE-Code-11-SP1-Branch/ldap-server/src/wizards.ycp (original) +++ branches/SuSE-Code-11-SP1-Branch/ldap-server/src/wizards.ycp Fri Nov 6 14:52:54 2009 @@ -105,20 +105,29 @@ map aliases = $[ "startup" : ``( EnableServiceDialog() ), + "servertype" : ``( ServerTypeDialog() ), "tlssettings" : ``( TlsConfigDialog() ), "database" : ``( ProposalDialog() ), "summary" : ``(SummaryDialog() ), "advanced" : ``(MainSequence() ), - "write" : ``( WriteDialog() ) + "write" : ``( WriteDialog() ), + "slavesetup" : ``( SlaveSetupDialog() ) ]; map sequence = $[ "ws_start" : "startup", "startup" : $[ - `next : "tlssettings", + `next : "servertype", `abort : `abort, `finish : `abort ], + "servertype" : $[ + `next : "tlssettings", + `slave_setup : "slavesetup" + ], + "slavesetup" : $[ + `next : "write" + ], "tlssettings" : $[ `next : "database" ], -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org