Author: jsuchome Date: Wed Sep 3 14:41:05 2008 New Revision: 50616 URL: http://svn.opensuse.org/viewcvs/yast?rev=50616&view=rev Log: - LdapServerAccess.pm: adapted to new LdapServer API (rhafer, bnc#422523) - 2.17.3 Modified: trunk/ldap/VERSION trunk/ldap/package/yast2-ldap.changes trunk/ldap/src/LdapServerAccess.pm Modified: trunk/ldap/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap/VERSION?rev=50616&r1=50615&r2=50616&view=diff ============================================================================== --- trunk/ldap/VERSION (original) +++ trunk/ldap/VERSION Wed Sep 3 14:41:05 2008 @@ -1 +1 @@ -2.17.2 +2.17.3 Modified: trunk/ldap/package/yast2-ldap.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap/package/yast2-ldap.changes?rev=50616&r1=50615&r2=50616&view=diff ============================================================================== --- trunk/ldap/package/yast2-ldap.changes (original) +++ trunk/ldap/package/yast2-ldap.changes Wed Sep 3 14:41:05 2008 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Wed Sep 3 14:34:14 CEST 2008 - jsuchome@suse.cz + +- LdapServerAccess.pm: adapted to new LdapServer API + (rhafer, bnc#422523) +- 2.17.3 + +------------------------------------------------------------------- Wed Aug 6 11:36:43 CEST 2008 - jsuchome@suse.cz - adapted LdapServerAccess to new API of yast2-ldap-server (rhafer) Modified: trunk/ldap/src/LdapServerAccess.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap/src/LdapServerAccess.pm?rev=50616&r1=50615&r2=50616&view=diff ============================================================================== --- trunk/ldap/src/LdapServerAccess.pm (original) +++ trunk/ldap/src/LdapServerAccess.pm Wed Sep 3 14:41:05 2008 @@ -147,24 +147,42 @@ return undef; } my $indices = YaPI::LdapServer->ReadIndex ($suffix); - my $index_mod = { "name" => $attr }; + my $index_mod = { "name" => $attr, + "eq" => 0, + "sub" => 0, + "pres" => 0 + }; + if (defined $indices && ref ($indices) eq "HASH") { if ( defined $indices->{$attr} ) { - + if (! defined $indices->{$attr}->{'eq'} ) + { + $indices->{$attr}->{'eq'} = 0; + } + if (! defined $indices->{$attr}->{'sub'} ) + { + $indices->{$attr}->{'sub'} = 0; + } + if (! defined $indices->{$attr}->{'pres'} ) + { + $indices->{$attr}->{'pres'} = 0; + } + if ( ( grep /^eq$/, @param ) || ( $indices->{$attr}->{'eq'} ) ) { $index_mod->{'eq'} = 1; } if ( ( grep /^sub$/, @param ) || ( $indices->{$attr}->{'sub'} ) ) { - $index_mod->{'pres'} = 1; + $index_mod->{'sub'} = 1; } if ( ( grep /^pres$/, @param ) || ( $indices->{$attr}->{'pres'} ) ) { $index_mod->{'pres'} = 1; } + if ( ( $index_mod->{'pres'} == $indices->{$attr}->{'pres'} ) && ( $index_mod->{'sub'} == $indices->{$attr}->{'sub'} ) && ( $index_mod->{'eq'} == $indices->{$attr}->{'eq'} ) ) @@ -181,7 +199,7 @@ } if ( grep /^sub$/, @param ) { - $index_mod->{'pres'} = 1; + $index_mod->{'sub'} = 1; } if ( grep /^pres$/, @param ) { @@ -196,10 +214,6 @@ if (!YaPI::LdapServer->EditIndex ($suffix, $index_mod)) { return undef; } - if ($restart) { - # No restart needed anymore - # YaPI::LdapServer->SwitchService(1); - } } return Boolean(1); } @@ -207,18 +221,19 @@ } # adapt LDAP server ACL: allow administrator access, but deny everyone else -# 1. param: administrator's DN -# 2. param: restart LDAP server? +# 1. param: DN which should have write access +# 2. param: base DN of the database # return value: was anyting modified? (boolean) or undef on error BEGIN {$TYPEINFO{AddSambaACLHack} = ["function", "boolean", "string", "boolean"] } -sub AddSambaACLHack { + +sub AddSambaACL { my $self = shift; my $dn = shift; - my $restart = shift; + my $suffix = shift; if (Mode->config ()) { return Boolean (1); @@ -230,14 +245,54 @@ } require YaPI::LdapServer; + my $aclList = YaPI::LdapServer->ReadAcl($suffix); + + # + # Check if there are already acl in place for the samba attributes + # + foreach my $acl (@{$aclList}) + { + if ( defined ( $acl->{'target'}->{'attrs'} ) ) + { + my @attr = split /,/, $acl->{'target'}->{'attrs'}; + if ( ( grep { lc($_) eq "sambalmpassword" } @attr ) || + ( grep { lc($_) eq "sambantpassword" } @attr ) ) + { + y2milestone("Samba ACLs already present"); + return Boolean(0); + } + } + } - if (!SCR->Write (".ldapserver.sambaACLHack", $dn)) { + my @newAcl = ( + { + 'target' => { + 'attrs' => 'sambaLMPassword,sambaNTPassword', + 'dn' => { + 'style' => 'subtree', + 'value' => $suffix + } + }, + 'access' => [ + { + 'level' => 'write', + 'type' => 'dn.base', + 'value' => $dn + }, + { + 'level' => 'none', + 'type' => '*', + }, + ] + } + ); + push @newAcl,(@$aclList); + + if ( ! YaPI::LdapServer->WriteAcl($suffix, \@newAcl ) ) + { return undef; } - if ($restart) { - YaPI::LdapServer->SwitchService(1); - } - return Boolean (1); + return Boolean(1); } 42; -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org