Author: rhafer Date: Fri Jun 27 16:01:01 2008 New Revision: 48656 URL: http://svn.opensuse.org/viewcvs/yast?rev=48656&view=rev Log: - obsoleted LdapServerConf.ycp - adjust filesystem ACLs on Certificates Removed: trunk/ldap-server/src/LdapServerConf.ycp Modified: trunk/ldap-server/src/LdapServer.pm trunk/ldap-server/src/Makefile.am trunk/ldap-server/src/dialogs.ycp trunk/ldap-server/src/ldap-server_proposal.ycp trunk/ldap-server/yast2-ldap-server.spec.in Modified: trunk/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=48656&r1=48655&r2=48656&view=diff ============================================================================== --- trunk/ldap-server/src/LdapServer.pm (original) +++ trunk/ldap-server/src/LdapServer.pm Fri Jun 27 16:01:01 2008 @@ -29,7 +29,8 @@ YaST::YCP::Import ("Service"); my %error = ( msg => undef, details => undef ); - +my $usingDefaults = 1; +my $configured = 0; my $usesBackConfig = 0; my $slapdConfChanged = 0; my $serviceEnabled = 0; @@ -398,6 +399,7 @@ SCR->Execute('.ldapserver.commitChanges' ); } sleep(1); + $configured = $ret; return $ret; } @@ -460,6 +462,17 @@ return (); } +BEGIN { $TYPEINFO{Configured} = ["function", "boolean"]; } +sub Configured +{ + return YaST::YCP::Boolean($configured); +} + +BEGIN { $TYPEINFO{UseDefaults} = ["function", "boolean"]; } +sub UseDefaults +{ + return YaST::YCP::Boolean($usingDefaults); +} ## # Return packages needed to be installed and removed during # Autoinstallation to insure module has all needed software @@ -513,8 +526,8 @@ return $registerSlp; } -BEGIN { $TYPEINFO {SetSlpEnabled} = ["function", "boolean", "boolean"]; } -sub SetSlpEnabled { +BEGIN { $TYPEINFO {SetSLPEnabled} = ["function", "boolean", "boolean"]; } +sub SetSLPEnabled { my $self = shift; y2milestone("SetSlpEnabled"); $registerSlp = shift; @@ -607,6 +620,31 @@ return 1; } +BEGIN { $TYPEINFO {SetTlsConfigCommonCert} = ["function", "boolean" ]; } +sub SetTlsConfigCommonCert +{ + my $self = shift; + my $ret = SCR->Execute(".target.bash", + "/usr/bin/setfacl -m u:ldap:r /etc/ssl/servercerts/serverkey.pem"); + if($ret != 0) { + return $self->SetError(_("Can not set a filesystem acl on the private key"), + "setfacl -m u:ldap:r /etc/ssl/servercerts/serverkey.pem failed.\n". + "Do you have filesystem acl support disabled?" ); + return 0; + } + + my $tlsSettings = { + "certKeyFile" => "/etc/ssl/servercerts/serverkey.pem", + "certFile" => "/etc/ssl/servercerts/servercert.pem", + "caCertFile" => "/etc/ssl/certs/YaST-CA.pem", + "caCertDir" => "", + "crlFile" => "", + "crlCheck" => 0, + "verifyClient" => 0 + }; + return $self->SetTlsConfig( $tlsSettings ); +} + BEGIN { $TYPEINFO {MigrateSlapdConf} = ["function", "boolean"]; } sub MigrateSlapdConf { @@ -683,6 +721,7 @@ $self->InitDbDefaults(); } y2milestone(Data::Dumper->Dump([\%dbDefaults])); + $usingDefaults = 1; return \%dbDefaults; } @@ -742,6 +781,7 @@ sub ReadFromDefaults { my $self = shift; + my $pwHash = $self->HashPassword($dbDefaults{'pwenctype'}, $dbDefaults{'rootpw_clear'} ); my $database = { 'type' => 'bdb', 'suffix' => $dbDefaults{'basedn'}, @@ -808,6 +848,7 @@ push @added_databases, { suffix => $dbDefaults{'basedn'}, rootdn => $dbDefaults{'rootdn'}, rootpw => $dbDefaults{'rootpw_clear'} }; + $usingDefaults = 0; return 1; } Modified: trunk/ldap-server/src/Makefile.am URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/Makefile.am?rev=48656&r1=48655&r2=48656&view=diff ============================================================================== --- trunk/ldap-server/src/Makefile.am (original) +++ trunk/ldap-server/src/Makefile.am Fri Jun 27 16:01:01 2008 @@ -21,8 +21,7 @@ ldap-server.desktop module_DATA = \ - LdapServer.pm \ - LdapServerConf.ycp + LdapServer.pm EXTRA_DIST = $(client_DATA) $(ynclude_DATA) $(module_DATA) $(desktop_DATA) Modified: trunk/ldap-server/src/dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/dialogs.ycp?rev=48656&r1=48655&r2=48656&view=diff ============================================================================== --- trunk/ldap-server/src/dialogs.ycp (original) +++ trunk/ldap-server/src/dialogs.ycp Fri Jun 27 16:01:01 2008 @@ -15,7 +15,6 @@ import "Label"; import "Wizard"; import "LdapServer"; -//import "LdapServerConf"; import "HTML"; import "DNS"; import "CaMgm"; @@ -298,13 +297,6 @@ Wizard::SetContentsButtons( caption, dlg_propose, HELPS["propose"]:"<p><b>no proposal help text</b></p>", Label::BackButton(), Label::NextButton() ); -// if( !LdapServerConf::proposal_changed ) -// { -// /* notify message */ -// Popup::Notify( _("Changing anything in this dialog disables the automatic -//generation of base DN, root DN, and LDAP password. -//") ); -// } if ( ! (boolean)defaults["serviceEnabled"]:false ) { UI::ChangeWidget( `id( `te_basedn ), `Enabled, false ); Modified: trunk/ldap-server/src/ldap-server_proposal.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/ldap-server_proposal.ycp?rev=48656&r1=48655&r2=48656&view=diff ============================================================================== --- trunk/ldap-server/src/ldap-server_proposal.ycp (original) +++ trunk/ldap-server/src/ldap-server_proposal.ycp Fri Jun 27 16:01:01 2008 @@ -15,7 +15,6 @@ textdomain "ldap-server"; import "LdapServer"; -import "LdapServerConf"; import "Ldap"; import "HTML"; import "Label"; @@ -47,9 +46,9 @@ map <string,any> defaults = nil; - if( force_reset || !LdapServerConf::proposal_changed ) + if( force_reset || LdapServer::UseDefaults() ) { - if (force_reset && LdapServerConf::wroteDatabase) + if ( force_reset && LdapServer::Configured() ) { /* error popup */ Report::Warning( _("The LDAP database has already been created. You can change the settings later in the installed system.") ); @@ -88,7 +87,7 @@ warning = _("Unable to retrieve the system root password. Set an LDAP server password to continue."); warning_level = `blocker; } - // Try to get Firewall status + // Try to get Firewall status string fw_text = ""; if ( SuSEFirewall::GetEnableService()) { list<string> known_interfaces = SuSEFirewall::GetListOfKnownInterfaces(); @@ -124,7 +123,7 @@ _("LDAP Password: ") + rootPWString ] ) + _("Start LDAP Server: ") + HTML::Bold( _("YES") ) + HTML::Newline() + - _("Register at SLP Daemon: ") + HTML::Bold( LdapServerConf::registerSLP ? _("YES") : _("NO") ) + + _("Register at SLP Daemon: ") + HTML::Bold( LdapServer::ReadSLPEnabled() ? _("YES") : _("NO") ) + HTML::Newline() + fw_text; } else { @@ -142,7 +141,7 @@ else if(func == "AskUser") { map stored = nil; symbol seq = nil; - if( LdapServerConf::wroteDatabase ) + if( LdapServer::Configured() ) { /* error popup */ Report::Warning( _("The LDAP database has already been created. You can change the settings later in the installed system.") ); @@ -171,8 +170,7 @@ } /* write the proposal */ else if(func == "Write") { - if( LdapServerConf::wroteDatabase ) return ret; - LdapServerConf::wroteDatabase = true; + if( LdapServer::Configured() ) return ret; if( LdapServer::ReadServiceEnabled() ) { @@ -195,58 +193,20 @@ Progress::off(); LdapServer::ReadFromDefaults(); LdapServer::SetServiceEnabled( true ); -// LdapServer::WriteLoglevel( 0 ); + LdapServer::SetLogLevels( ["none"] ); Progress::on(); -// map ldap_defaults = Ldap::Export(); -// y2debug( "ldap settings map: %1", ldap_defaults ); -// -// //map bash_out = (map<string,any>)SCR::Execute( .target.bash_output, "/bin/hostname --long" ); -// //string fqdn = (string)bash_out["stdout"]:""; -// //fqdn = substring( fqdn, 0, size(fqdn)-1 ); -// -// ldap_defaults["ldap_server"] = "localhost"; -// ldap_defaults["base_config_dn"] = "ou=ldapconfig,"+LdapServerConf::baseDN; -// ldap_defaults["bind_dn"] = LdapServerConf::rootDN; -// ldap_defaults["ldap_domain"] = LdapServerConf::baseDN; -// ldap_defaults["ldap_tls"] = false; -// ldap_defaults["file_server"] = true; -// ldap_defaults["create_ldap"] = true; -// -// if( LdapServerConf::useCommonCA ) -// { -// if( !YaPI::LdapServer::CheckCommonServerCertificate() ) -// { -// /* Error popup */ -// Report::Error( _("OpenLDAP Server: Common server certificate not available. -//StartTLS is disabled.") ); -// LdapServerConf::useCommonCA = false; -// ldap_defaults["ldap_tls"] = false; -// } else -// { -// LdapServer::WriteConfigureCommonServerCertificate( true ); -// ldap_defaults["ldap_tls"] = true; -// } -// } -// -// LdapServer::WriteSLPEnabled( LdapServerConf::registerSLP ); -// -// LdapServer::AddDatabase( $[ "database":"bdb", -// "suffix": LdapServerConf::baseDN, -// "rootdn" : LdapServerConf::rootDN, -// "passwd" : LdapServerConf::rootPW, -// "cryptmethod" : LdapServerConf::enctype, -// "directory" : "/var/lib/ldap" -// ] ); -// y2debug( "ldap settings map after setting: %1", ldap_defaults ); -// Ldap::SetDefaults( ldap_defaults ); -// Ldap::SetBindPassword( LdapServerConf::rootPW ); -// } -// + if( !LdapServer::HaveCommonServerCertificate() ) + { + Report::Error( _("OpenLDAP Server: Common server certificate not available. +StartTLS is disabled.") ); + } + else + { + LdapServer::SetTlsConfigCommonCert(); + } + LdapServer::SetSLPEnabled( true ); LdapServer::Write(); } -// -// //be paranoid -// LdapServerConf::rootPW = ""; } /* unknown function */ else { Modified: trunk/ldap-server/yast2-ldap-server.spec.in URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/yast2-ldap-server.spec.in?rev=48656&r1=48655&r2=48656&view=diff ============================================================================== --- trunk/ldap-server/yast2-ldap-server.spec.in (original) +++ trunk/ldap-server/yast2-ldap-server.spec.in Fri Jun 27 16:01:01 2008 @@ -27,7 +27,6 @@ @clientdir@/ldap-server.ycp @clientdir@/ldap-server_*.ycp @moduledir@/LdapServer.* -@moduledir@/LdapServerConf.* @moduledir@/YaPI/LdapServer.pm @desktopdir@/ldap-server.desktop @schemadir@/autoyast/rnc/ldap-server.rnc -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org