Author: rhafer
Date: Wed Feb 16 12:00:19 2011
New Revision: 63430
URL: http://svn.opensuse.org/viewcvs/yast?rev=63430&view=rev
Log:
Warn user, when creating a database with a non-standard base DN
and disable base-object creation in such case (bnc#669213)
Modified:
trunk/ldap-server/src/LdapDatabase.ycp
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/ldap-server.ycp
trunk/ldap-server/src/tree_structure.ycp
Modified: trunk/ldap-server/src/LdapDatabase.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapDatabase.ycp?rev=63430&r1=63429&r2=63430&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapDatabase.ycp (original)
+++ trunk/ldap-server/src/LdapDatabase.ycp Wed Feb 16 12:00:19 2011
@@ -19,6 +19,7 @@
string ldapconf_basedn = "";
boolean createDbDir = false;
+ boolean createBase = true;
term editPolicy =
@@ -75,6 +76,17 @@
)
);
+ global define boolean GetCreateBase()
+ {
+ return createBase;
+ }
+
+ global define boolean ResetCreateBase()
+ {
+ createBase = true;
+ return true;
+ }
+
global define symbol AddDbBasic( boolean createDefaults )
{
boolean user_changed_dbdir = false;
@@ -297,6 +309,29 @@
Popup::Error( err["msg"]:"" + "\n" + err["details"]:"" );
continue;
}
+ integer rc = LdapServer::CheckSuffixAutoCreate( db["suffix"]:"" );
+ if ( rc < 0 )
+ {
+ map err = LdapServer::ReadError();
+ Popup::Error( err["msg"]:"" + "\n" + err["details"]:"" );
+ continue;
+ }
+ else if ( rc > 0 )
+ {
+ map err = LdapServer::ReadError();
+ boolean res = Popup::AnyQuestion(Label::WarningMsg(),
+ _("The Base Object: \"") + db["suffix"]:"" +
+ _("\" can not be auto created by YaST.\n") +
+ err["msg"]:"",
+ Label::OKButton(), Label::CancelButton(), `focus);
+ if ( res == false ) {
+ continue;
+ } else {
+ y2debug( "Will not create base objects" );
+ createBase = false;
+ }
+
+ }
if( db["directory"]:"" == "" )
{
Popup::Error( _("A directory must be specified.") );
@@ -445,7 +480,9 @@
UI::ChangeWidget( `cb_ppolicy_uselockout, `Enabled , true );
UI::ChangeWidget( `te_ppolicy_defaultpolicy, `Enabled , true );
UI::ChangeWidget( `cb_pp_append_basedn, `Enabled, true );
- UI::ChangeWidget( `pb_define_policy, `Enabled , true );
+ if (LdapDatabase::GetCreateBase() ) {
+ UI::ChangeWidget( `pb_define_policy, `Enabled , true );
+ }
} else {
UI::ChangeWidget( `cb_ppolicy_hashcleartext, `Enabled , false );
UI::ChangeWidget( `cb_ppolicy_uselockout, `Enabled , false );
Modified: trunk/ldap-server/src/LdapServer.pm
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=63430&r1=63429&r2=63430&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Wed Feb 16 12:00:19 2011
@@ -2420,6 +2420,42 @@
return 1;
}
+##
+ # Check whether the object named be the supplied LDAP DN can be auto-created.
+ # @returns 0 in case of success,
+ # <0 if the supplied DN is invalid
+ # >0 if autocreation is not possible
+ #
+BEGIN { $TYPEINFO {CheckSuffixAutoCreate} = ["function", "integer", "string" ]; }
+sub CheckSuffixAutoCreate
+{
+ my ($self, $suffix) = @_;
+ my $object = X500::DN->ParseRFC2253($suffix);
+ my @attr = $object->getRDN($object->getRDNs()-1)->getAttributeTypes();
+ my $val = $object->getRDN($object->getRDNs()-1)->getAttributeValue($attr[0]);
+ if(!defined $attr[0] || !defined $val)
+ {
+ y2error("Error while extracting RDN values");
+ $self->SetError( _("Invalid LDAP DN: \""). $suffix. _("\", can't extract RDN values"));
+ return -1;
+ }
+ if( (lc($attr[0]) eq "ou") || ( lc($attr[0]) eq "o") || ( lc($attr[0]) eq "l") ||
+ ( lc($attr[0]) eq "st") || ( lc($attr[0]) eq "dc") ) {
+ return 0;
+ } elsif( lc($attr[0]) eq "c") {
+ if($val !~ /^\w{2}$/) {
+ $self->SetError( _("The value of the \"c\" Attribute must contain a valid ISO-3166 country 2-letter code."), "");
+ y2error("The countryName must be an ISO-3166 country 2-letter code.");
+ return -1;
+ }
+ return 0;
+ } else {
+ y2error("First part of suffix must be c=, st=, l=, o=, ou= or dc=.");
+ $self->SetError( _("First part of suffix must be c=, st=, l=, o=, ou= or dc=."), "");
+ return 1;
+ }
+}
+
BEGIN { $TYPEINFO {CheckDatabase} = ["function", "boolean", [ "map" , "string", "any"] ]; }
sub CheckDatabase
{
@@ -2462,10 +2498,10 @@
}
-BEGIN { $TYPEINFO {AddDatabase} = ["function", "boolean", "integer", [ "map" , "string", "any"], "boolean" ]; }
+BEGIN { $TYPEINFO {AddDatabase} = ["function", "boolean", "integer", [ "map" , "string", "any"], "boolean", "boolean" ]; }
sub AddDatabase
{
- my ($self, $index, $db, $createDir) = @_;
+ my ($self, $index, $db, $createDir, $createBase) = @_;
if ( ! $self->CheckDatabase($db) )
{
return 0;
@@ -2577,10 +2613,13 @@
$self->SetError( $err->{'summary'}, $err->{'description'} );
return 0;
}
- push @added_databases, $db->{'suffix'};
- $self->WriteAuthInfo( $db->{'suffix'},
+
+ if ( $createBase ) {
+ push @added_databases, $db->{'suffix'};
+ $self->WriteAuthInfo( $db->{'suffix'},
{ bind_dn => $db->{'rootdn'},
bind_pw => $db->{'rootpw_clear'} } );
+ }
return 1;
}
Modified: trunk/ldap-server/src/ldap-server.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/ldap-server.ycp?rev=63430&r1=63429&r2=63430&view=diff
==============================================================================
--- trunk/ldap-server/src/ldap-server.ycp (original)
+++ trunk/ldap-server/src/ldap-server.ycp Wed Feb 16 12:00:19 2011
@@ -96,7 +96,7 @@
// y2milestone("db-options : %1", db);
//
- ret = LdapServer::AddDatabase(0,db, true);
+ ret = LdapServer::AddDatabase(0,db, true, true);
if(!ret)
{
Modified: trunk/ldap-server/src/tree_structure.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/tree_structure.ycp?rev=63430&r1=63429&r2=63430&view=diff
==============================================================================
--- trunk/ldap-server/src/tree_structure.ycp (original)
+++ trunk/ldap-server/src/tree_structure.ycp Wed Feb 16 12:00:19 2011
@@ -550,12 +550,13 @@
{
rebuild_widget_tree = true;
map newDb = LdapDatabase::GetDatabase();
- if ( ! LdapServer::AddDatabase(0, newDb, LdapDatabase::GetCreateDir() ) )
+ if ( ! LdapServer::AddDatabase(0, newDb, LdapDatabase::GetCreateDir(), LdapDatabase::GetCreateBase() ) )
{
map err = LdapServer::ReadError();
callback_error = err["msg"]:"" + "\n" + err["details"]:"";
return false;
}
+ LdapDatabase::ResetCreateBase();
map syncrepl = LdapDatabase::GetSyncRepl();
if ( size(syncrepl) > 0 )
{
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org