Mailinglist Archive: yast-commit (459 mails)

< Previous Next >
[yast-commit] r60780 - in /trunk/ldap-server: ./ src/LdapServer.pm src/agent/SlapdConfigAgent.cc src/dialogs.ycp src/ldap-server_proposal.ycp src/lib/slapd-config.cpp src/lib/slapd-config.h src/wizards.ycp
  • From: rhafer@xxxxxxxxxxxxxxxx
  • Date: Wed, 10 Feb 2010 11:20:16 -0000
  • Message-id: <E1NfAcC-0003AG-FZ@xxxxxxxxxxxxxxxx>
Author: rhafer
Date: Wed Feb 10 12:20:15 2010
New Revision: 60780

URL: http://svn.opensuse.org/viewcvs/yast?rev=60780&view=rev
Log:
Merged inst-proposal changes for replication from sle-11-sp1 branch
(revisions 59745-59964)

Modified:
trunk/ldap-server/ (props changed)
trunk/ldap-server/src/LdapServer.pm
trunk/ldap-server/src/agent/SlapdConfigAgent.cc
trunk/ldap-server/src/dialogs.ycp
trunk/ldap-server/src/ldap-server_proposal.ycp
trunk/ldap-server/src/lib/slapd-config.cpp
trunk/ldap-server/src/lib/slapd-config.h
trunk/ldap-server/src/wizards.ycp

Modified: trunk/ldap-server/src/LdapServer.pm
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/LdapServer.pm (original)
+++ trunk/ldap-server/src/LdapServer.pm Wed Feb 10 12:20:15 2010
@@ -35,6 +35,7 @@
my %error = ( msg => undef, details => undef );
my $ssl_check_command = "/usr/lib/YaST2/bin/ldap-server-ssl-check";
my $usingDefaults = 1;
+my $fqdn = "";
my $readConfig = 0;
my $restartRequired = 0;
my $configured = 0;
@@ -324,6 +325,28 @@
}

##
+ # @return the full qualified hostname of the machine or "" if not set
+ #
+BEGIN { $TYPEINFO{ReadHostnameFQ} = ["function", "string"]; }
+sub ReadHostnameFQ()
+{
+ if ( $fqdn eq "" )
+ {
+ my $rc = SCR->Execute( '.target.bash_output', "/bin/hostname -f" );
+ if ( $rc->{'stdout'} eq "" )
+ {
+ y2milestone("could determine fqdn, hostname -f returned: ".
$rc->{'stderr'} );
+ }
+ else
+ {
+ $fqdn = $rc->{'stdout'};
+ chomp($fqdn);
+ }
+ }
+ return $fqdn;
+}
+
+##
# @return Set base DN that shoudl we written to /etc/openldap/ldap.conf
#
BEGIN { $TYPEINFO{WriteLdapConfBase} = ["function", "boolean", "string"]; }
@@ -1429,9 +1452,16 @@
}
}
my $oldtls = $self->ReadTlsConfig();
- if ( $oldtls->{'certKeyFile'} ne $tls->{'certKeyFile'} ||
- $oldtls->{'certFile'} ne $tls->{'certFile'} ||
- $oldtls->{'caCertFile'} ne $tls->{'caCertFile'})
+ if ( ref($oldtls) eq "HASH" )
+ {
+ if( $oldtls->{'certKeyFile'} ne $tls->{'certKeyFile'} ||
+ $oldtls->{'certFile'} ne $tls->{'certFile'} ||
+ $oldtls->{'caCertFile'} ne $tls->{'caCertFile'} )
+ {
+ $restartRequired = 1;
+ }
+ }
+ elsif ( $tls->{'tls_active'} )
{
$restartRequired = 1;
}
@@ -1591,6 +1621,7 @@
my $domain = $rc->{"stdout"};
if ( $domain eq "" )
{
+ y2milestone("\"hostname -d\" returned: \"". $rc->{'stderr'} . "\"
falling back to default");
$domain = "site";
}
chomp($domain);
@@ -1665,121 +1696,146 @@
my $frontenddb = { 'type' => 'frontend' };

$self->InitGlobals();
- SCR->Execute('.ldapserver.initSchema' );
- my $rc = SCR->Write(".ldapserver.schema.addFromLdif",
"/etc/openldap/schema/core.ldif" );
- if ( ! $rc ) {
- my $err = SCR->Error(".ldapserver");
- y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
- $self->SetError( $err->{'summary'}, $err->{'description'} );
- return $rc;
- }
- $rc = SCR->Write(".ldapserver.schema.addFromLdif",
"/etc/openldap/schema/cosine.ldif" );
- if ( ! $rc ) {
- my $err = SCR->Error(".ldapserver");
- y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
- $self->SetError( $err->{'summary'}, $err->{'description'} );
- return $rc;
- }
- $rc = SCR->Write(".ldapserver.schema.addFromLdif",
"/etc/openldap/schema/inetorgperson.ldif" );
- if ( ! $rc ) {
- my $err = SCR->Error(".ldapserver");
- y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
- $self->SetError( $err->{'summary'}, $err->{'description'} );
- return $rc;
- }
- $rc = SCR->Write(".ldapserver.schema.addFromSchemafile",
"/etc/openldap/schema/rfc2307bis.schema" );
- if ( ! $rc ) {
- my $err = SCR->Error(".ldapserver");
- y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
- $self->SetError( $err->{'summary'}, $err->{'description'} );
- return $rc;
- }
- $rc = SCR->Write(".ldapserver.schema.addFromSchemafile",
"/etc/openldap/schema/yast.schema" );
- if ( ! $rc ) {
- my $err = SCR->Error(".ldapserver");
- y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
- $self->SetError( $err->{'summary'}, $err->{'description'} );
- return $rc;
- }
-
- SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase,
$database ] );
- if ( $dbDefaults{'defaultIndex'} == 1 ||
- ( ref($dbDefaults{'defaultIndex'}) eq "YaST::YCP::Boolean" &&
- $dbDefaults{'defaultIndex'}->value == 1 )
- )
+
+ if ( $self->ReadSetupSlave() )
{
- foreach my $idx ( @$defaultIndexes )
+ SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase
] );
+ SCR->Write(".ldapserver.database.{0}.syncrepl", $syncreplbaseconfig );
+ my $ldif = SCR->Read('.ldapserver.configAsLdif' );
+ y2debug($ldif);
+ }
+ else #master or standalone
+ {
+ SCR->Execute('.ldapserver.initSchema' );
+ my $rc = SCR->Write(".ldapserver.schema.addFromLdif",
"/etc/openldap/schema/core.ldif" );
+ if ( ! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return $rc;
+ }
+ $rc = SCR->Write(".ldapserver.schema.addFromLdif",
"/etc/openldap/schema/cosine.ldif" );
+ if ( ! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return $rc;
+ }
+ $rc = SCR->Write(".ldapserver.schema.addFromLdif",
"/etc/openldap/schema/inetorgperson.ldif" );
+ if ( ! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return $rc;
+ }
+ $rc = SCR->Write(".ldapserver.schema.addFromSchemafile",
"/etc/openldap/schema/rfc2307bis.schema" );
+ if ( ! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return $rc;
+ }
+ $rc = SCR->Write(".ldapserver.schema.addFromSchemafile",
"/etc/openldap/schema/yast.schema" );
+ if ( ! $rc ) {
+ my $err = SCR->Error(".ldapserver");
+ y2error("Adding Schema failed: ".$err->{'summary'}."
".$err->{'description'});
+ $self->SetError( $err->{'summary'}, $err->{'description'} );
+ return $rc;
+ }
+
+ SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase,
$database ] );
+ if ( $dbDefaults{'defaultIndex'} == 1 ||
+ ( ref($dbDefaults{'defaultIndex'}) eq "YaST::YCP::Boolean" &&
+ $dbDefaults{'defaultIndex'}->value == 1 )
+ )
{
- $self->ChangeDatabaseIndex(1, $idx );
+ foreach my $idx ( @$defaultIndexes )
+ {
+ $self->ChangeDatabaseIndex(1, $idx );
+ }
}
- }

- if ( defined $dbDefaults{'configpw'} && $dbDefaults{'configpw'} ne "" )
- {
- my $confPwHash = $self->HashPassword($dbDefaults{'pwenctype'},
$dbDefaults{'configpw'} );
- my $changes = { "secure_only" => 1, "rootpw" => $confPwHash };
- $self->UpdateDatabase(0 ,$changes);
- if ( $self->ReadSetupMaster() )
+ if ( defined $dbDefaults{'configpw'} && $dbDefaults{'configpw'} ne "" )
{
- my $syncprov = { 'enabled' => 1,
- 'checkpoint' => { 'ops' =>
YaST::YCP::Integer(100),
- 'min' => YaST::YCP::Integer(10)
}
- };
+ my $confPwHash = $self->HashPassword($dbDefaults{'pwenctype'},
$dbDefaults{'configpw'} );
+ my $changes = { "secure_only" => 1, "rootpw" => $confPwHash };
+ $self->UpdateDatabase(0 ,$changes);
+ if ( $self->ReadSetupMaster() )
+ {
+ # create helpful indexes for syncrepl
+ $self->ChangeDatabaseIndex(1, { "name" => "entryUUID", "eq" =>
1 } );
+ $self->ChangeDatabaseIndex(1, { "name" => "entryCSN", "eq" =>
1 } );
+
+ my $syncprov = { 'enabled' => 1,
+ 'checkpoint' => { 'ops' =>
YaST::YCP::Integer(100),
+ 'min' =>
YaST::YCP::Integer(10) }
+ };

- SCR->Write( ".ldapserver.database.{0}.syncprov", $syncprov );
- SCR->Write( ".ldapserver.database.{1}.syncprov", $syncprov );
+ SCR->Write( ".ldapserver.database.{0}.syncprov", $syncprov );
+ SCR->Write( ".ldapserver.database.{1}.syncprov", $syncprov );

- my $syncpw = GenerateRandPassword();
- my $syncdn = "uid=syncrepl,ou=system,".$dbDefaults{'suffix'};
- my $rc = SCR->Execute( '.target.bash_output', "/bin/hostname -f" );
- my $fqdn = $rc->{"stdout"};
- chomp($fqdn);
- my $syncrepl = {
- "provider" => {
- "protocol" => "ldap",
- "target" => $fqdn,
- "port" => YaST::YCP::Integer(389)
- },
- "type" => "refreshAndPersist",
- "binddn" => $syncdn,
- "credentials" => $syncpw,
- "basedn" => "cn=config",
- "starttls" => YaST::YCP::Boolean(1),
- "updateref" => {}
- };
- SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl );
- $syncrepl->{'basedn'} = $dbDefaults{'suffix'};
- SCR->Write(".ldapserver.database.{1}.syncrepl", $syncrepl );
- $syncreplaccount->{'syncdn'} = $syncdn;
- $syncreplaccount->{'syncpw'} = $syncpw;
- $syncreplaccount->{'syncpw_hash'} =
$self->HashPassword($dbDefaults{'pwenctype'}, $syncpw );
- $syncreplaccount->{'basedn'} = $dbDefaults{'suffix'};
- my @syncacl = ({
- 'target' => {},
- 'access' => [
- { 'type' => "dn.base",
- 'value' => $syncdn,
- 'level' => "read",
- 'control' => "" },
- { 'type' => "*",
- 'value' => "",
- 'level' => "",
- 'control' => "break" }
- ]
- });
- $rc = SCR->Write(".ldapserver.database.{0}.acl", \@syncacl );
- push @syncacl, @$defaultDbAcls;
- $defaultDbAcls = \@syncacl;
+ my $syncpw = GenerateRandPassword();
+ my $syncdn = "uid=syncrepl,ou=system,".$dbDefaults{'suffix'};
+ my $hostname = $self->ReadHostnameFQ();
+ if ( $hostname eq "" )
+ {
+ $self->SetError( _("Could not determine own full qualified
hostname"),
+ _("A master server for replication cannot work
correctly without knowing the own full qualified hostname") );
+ return 0;
+ }
+ my $syncrepl = {
+ "provider" => {
+ "protocol" => "ldap",
+ "target" => $hostname,
+ "port" => YaST::YCP::Integer(389)
+ },
+ "type" => "refreshAndPersist",
+ "binddn" => $syncdn,
+ "credentials" => $syncpw,
+ "basedn" => "cn=config",
+ "starttls" => YaST::YCP::Boolean(1),
+ "updateref" => {}
+ };
+ SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl );
+ $syncrepl->{'basedn'} = $dbDefaults{'suffix'};
+ SCR->Write(".ldapserver.database.{1}.syncrepl", $syncrepl );
+ $syncreplaccount->{'syncdn'} = $syncdn;
+ $syncreplaccount->{'syncpw'} = $syncpw;
+ $syncreplaccount->{'syncpw_hash'} =
$self->HashPassword($dbDefaults{'pwenctype'}, $syncpw );
+ $syncreplaccount->{'basedn'} = $dbDefaults{'suffix'};
+ my @syncacl = ({
+ 'target' => {},
+ 'access' => [
+ { 'type' => "dn.base",
+ 'value' => $syncdn,
+ 'level' => "read",
+ 'control' => "" },
+ { 'type' => "*",
+ 'value' => "",
+ 'level' => "",
+ 'control' => "break" }
+ ]
+ });
+ $rc = SCR->Write(".ldapserver.database.{0}.acl", \@syncacl );
+ push @syncacl, @$defaultDbAcls;
+ $defaultDbAcls = \@syncacl;
+
+ my @newlimits = ( { 'selector' => "dn.exact=\"$syncdn\"",
+ 'limits' => [ { 'type' => "size.soft",
+ 'value' => "unlimited" }
] } );
+ SCR->Write(".ldapserver.database.{0}.limits", \@newlimits );
+ SCR->Write(".ldapserver.database.{1}.limits", \@newlimits );
+ }
}
+
+ # add default ACLs
+ $rc = SCR->Write(".ldapserver.database.{-1}.acl", $defaultGlobalAcls );
+ $rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls );
+ push @added_databases, $dbDefaults{'suffix'};
+ $self->WriteAuthInfo( $dbDefaults{'suffix'},
+ { bind_dn => $dbDefaults{'rootdn'},
+ bind_pw => $dbDefaults{'rootpw_clear'} } );
}
-
- # add default ACLs
- $rc = SCR->Write(".ldapserver.database.{-1}.acl", $defaultGlobalAcls );
- $rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls );
- push @added_databases, $dbDefaults{'suffix'};
- $self->WriteAuthInfo( $dbDefaults{'suffix'},
- { bind_dn => $dbDefaults{'rootdn'},
- bind_pw => $dbDefaults{'rootpw_clear'} } );
$usingDefaults = 0;
$readConfig = 1;
return 1;
@@ -2059,6 +2115,25 @@
$self->SetError( $err->{'summary'}, $err->{'description'} );
return YaST::YCP::Boolean(0);
}
+
+ ## Update indexes if the database supports it and if not deleting syncrepl
+ if ( keys %$syncprov )
+ {
+ my $db = $self->ReadDatabase( $dbindex );
+ if ( $db->{'type'} eq "bdb" || $db->{'type'} eq "hdb" )
+ {
+ my $indexes =
SCR->Read(".ldapserver.database.{".$dbindex."}.indexes" );
+ y2milestone("indexes: ". Data::Dumper->Dump([$indexes]));
+ if ( ! $indexes->{'entrycsn'}->{'eq'} )
+ {
+ $self->ChangeDatabaseIndex($dbindex, { "name" => "entryCSN",
"eq" => 1 } );
+ }
+ if ( ! $indexes->{'entryUUID'}->{'eq'} )
+ {
+ $self->ChangeDatabaseIndex($dbindex, { "name" => "entryUUID",
"eq" => 1 } );
+ }
+ }
+ }
return YaST::YCP::Boolean(1);
}

@@ -2142,6 +2217,25 @@
$self->SetError( $err->{'summary'}, $err->{'description'} );
return YaST::YCP::Boolean(0);
}
+
+ ## Update indexes if the database supports it and if not deleting syncrepl
+ if ( keys %$syncrepl )
+ {
+ my $db = $self->ReadDatabase( $dbindex );
+ if ( $db->{'type'} eq "bdb" || $db->{'type'} eq "hdb" )
+ {
+ my $indexes =
SCR->Read(".ldapserver.database.{".$dbindex."}.indexes" );
+ y2milestone("indexes: ". Data::Dumper->Dump([$indexes]));
+ if ( ! $indexes->{'entrycsn'}->{'eq'} )
+ {
+ $self->ChangeDatabaseIndex($dbindex, { "name" => "entryCSN",
"eq" => 1 } );
+ }
+ if ( ! $indexes->{'entryUUID'}->{'eq'} )
+ {
+ $self->ChangeDatabaseIndex($dbindex, { "name" => "entryUUID",
"eq" => 1 } );
+ }
+ }
+ }
return YaST::YCP::Boolean(1);
}

@@ -2815,26 +2909,63 @@
}
}
}
+ for ( my $i=0; $i < scalar(@{$dbs})-1; $i++)
+ {
+ my $type = $dbs->[$i+1]->{'type'};
+ my $suffix = $dbs->[$i+1]->{'suffix'};
+ if ( $type eq "config" || $type eq "bdb" || $type eq "hdb" )
+ {
+ my $db = SCR->Read(".ldapserver.database.{".$i."}" );
+ my $needslimit = 1;
+ if ( lc($db->{'rootdn'}) eq lc($syncreplbaseconfig->{'binddn'}) )
+ {
+ y2milestone("Repl DN \"".$syncreplbaseconfig->{'binddn'}. "\"
is rootdn of database $i. No limit needed");
+ }
+ else
+ {
+ my $limits = SCR->Read(".ldapserver.database.{".$i."}.limits"
);
+ y2milestone("Database $i limits:". Data::Dumper->Dump([
$limits ]) );
+ foreach my $limit (@$limits)
+ {
+ if ( $limit->{'selector'} eq
"dn.exact=\"".$syncreplbaseconfig->{'binddn'}."\"" )
+ {
+ my $limitvals = $limit->{'limits'};
+ foreach my $val (@$limitvals )
+ {
+ if ( $val->{'type'} eq "size.soft" &&
$val->{'value'} eq "unlimited" )
+ {
+ y2milestone("limit already present, no need to
add");
+ $needslimit = 0;
+ last;
+ }
+ }
+ if (! $needslimit )
+ {
+ last;
+ }
+ }
+ }
+ if ($needslimit)
+ {
+ y2milestone("Setting sizelimit for syncrepuser to
unlimited.");
+ my @newlimits = ( { 'selector' =>
"dn.exact=\"".$syncreplbaseconfig->{'binddn'}."\"",
+ 'limits' => [ { 'type' =>
"size.soft",
+ 'value' =>
"unlimited" } ] } );
+ push @newlimits, @$limits;
+ SCR->Write(".ldapserver.database.{".$i."}.limits",
\@newlimits );
+ }
+ }
+ }
+ }
SCR->Execute(".ldapserver.commitChanges" );
SCR->Execute(".ldapserver.reset" );

+ $globals_initialized = 0;
$self->CreateSyncReplAccount();
- SCR->Execute(".ldapserver.initGlobals" );
- my $cfgdatabase = { 'type' => 'config',
- 'rootdn' => 'cn=config' };
- my $frontenddb = { 'type' => 'frontend' };
- SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase ] );
$syncreplbaseconfig->{'binddn'} = "cn=config";
$syncreplbaseconfig->{'credentials'} =
$auth_info->{'cn=config'}->{'bind_pw'};
$syncreplbaseconfig->{'basedn'} = "cn=config";

- SCR->Write(".ldapserver.database.{0}.syncrepl", $syncreplbaseconfig );
- my $ldif = SCR->Read('.ldapserver.configAsLdif' );
- y2milestone($ldif);
- $overwriteConfig = 1;
-# $self->Write( {resetCsn => 1} );
-# SCR->Execute(".ldapserver.reset" );
-
return 1;
}


Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original)
+++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Wed Feb 10 12:20:15 2010
@@ -850,6 +850,37 @@
return YCPNull();
}
}
+ else if ( dbComponent == "limits" )
+ {
+ YCPList resList;
+ OlcLimitList limitList;
+ if ( (*i)->getLimits(limitList) )
+ {
+ OlcLimitList::const_iterator j;
+ for ( j = limitList.begin(); j != limitList.end(); j++
)
+ {
+ YCPMap limitMap;
+ YCPList limitVals;
+ pairlist limits = (*j)->getLimits();
+ pairlist::const_iterator k ;
+ for ( k = limits.begin(); k != limits.end(); k++ )
+ {
+ YCPMap valMap;
+ valMap.add(YCPString("type"),
YCPString(k->first) );
+ valMap.add(YCPString("value"),
YCPString(k->second) );
+ limitVals.add(valMap);
+ }
+ limitMap.add( YCPString("selector"), YCPString(
(*j)->getSelector().c_str() ) );
+ limitMap.add( YCPString("limits"), limitVals);
+ resList.add(limitMap);
+ }
+ return resList;
+ }
+ else
+ {
+ return YCPNull();
+ }
+ }
else if ( dbComponent == "syncrepl" )
{
YCPMap resMap;
@@ -1089,6 +1120,10 @@
if ( path->length() == 0 ) {
return YCPNull();
} else {
+ if ( ! globals )
+ {
+ throw std::runtime_error("Configuration not initialized." );
+ }
if ( path->component_str(0) == "loglevel" )
{
y2milestone("Write loglevel");
@@ -1655,6 +1690,30 @@
(*i)->replaceAccessControl(aclList);
ret = true;
}
+ else if ( dbComponent == "limits" )
+ {
+ YCPList argList = arg->asList();
+ OlcLimitList limitList;
+ for ( int j = 0; j < argList->size(); j++ )
+ {
+ boost::shared_ptr<OlcLimits> limit( new
OlcLimits() );
+ YCPMap limitMap = argList->value(j)->asMap();
+
limit->setSelector(limitMap->value(YCPString("selector"))->asString()->value_cstr()
);
+
+ YCPList ycpLimitValues =
limitMap->value(YCPString("limits"))->asList();
+ pairlist limitVals;
+ for ( int k=0; k < ycpLimitValues->size(); k++ )
+ {
+ YCPMap valMap =
ycpLimitValues->value(k)->asMap();
+ limitVals.push_back(
make_pair(valMap->value(YCPString("type"))->asString()->value_cstr(),
+
valMap->value(YCPString("value"))->asString()->value_cstr() ) );
+ }
+ limit->setLimits(limitVals);
+ limitList.push_back(limit);
+ }
+ (*i)->replaceLimits(limitList);
+ ret = true;
+ }
else if ( dbComponent == "syncrepl" )
{
YCPMap argMap = arg->asMap();
@@ -1685,7 +1744,10 @@
LDAPUrl prvuri;
prvuri.setScheme(protocol);
prvuri.setHost(target);
- prvuri.setPort(port);
+ if ( ( protocol == "ldap" && port != 389 ) || (
protocol == "ldaps" && port != 636 ) )
+ {
+ prvuri.setPort(port);
+ }

sr->setType( type );
sr->setProvider( prvuri );
@@ -1694,6 +1756,7 @@
sr->setCredentials( cred );
// default retry (every 120 seconds)
sr->setRetryString( "120 +" );
+ sr->setTlsReqCert("demand");

if ( starttls )
{

Modified: trunk/ldap-server/src/dialogs.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/dialogs.ycp?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/dialogs.ycp (original)
+++ trunk/ldap-server/src/dialogs.ycp Wed Feb 10 12:20:15 2010
@@ -335,14 +335,26 @@
}
else if (UI::QueryWidget( `id( `rbg_servertype ), `CurrentButton)
== `rb_master )
{
- LdapServer::WriteSetupMaster(true);
- LdapServer::WriteSetupSlave(false);
+ if ( size( LdapServer::ReadHostnameFQ() ) == 0 )
+ {
+ Popup::Notify(_("YaST was not able to determine the full
qualified hostname of this\ncomputer. ") +
+ _("Setting up a replication master it not
possible currently.") );
+ UI::ChangeWidget( `rb_master, `Enabled, false );
+ UI::ChangeWidget( `rbg_servertype, `CurrentButton,
`rb_standalone );
+ continue;
+ }
+ else
+ {
+ LdapServer::WriteSetupMaster(true);
+ LdapServer::WriteSetupSlave(false);
+ }
}
else
{
LdapServer::WriteSetupMaster(false);
LdapServer::WriteSetupSlave(false);
}
+ SCR::Execute(.ldapserver.reset);
}
return ret;
}
@@ -1011,6 +1023,7 @@
any ret = nil;

LdapServer::SetupRemoteForReplication();
+ LdapServer::ReadFromDefaults();
ret = `next;
return ret;
}

Modified: trunk/ldap-server/src/ldap-server_proposal.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/ldap-server_proposal.ycp?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/ldap-server_proposal.ycp (original)
+++ trunk/ldap-server/src/ldap-server_proposal.ycp Wed Feb 10 12:20:15 2010
@@ -87,17 +87,42 @@
{
string rootPWString = "";
defaults = LdapServer::ReadInitialDefaults();
- if( defaults["rootpw_clear"]:"" == Users::GetRootPassword() )
+ if (! LdapServer::ReadSetupSlave() )
{
- rootPWString = _("[root password]");
- } else
- {
- rootPWString = _("[manually set]");
+ if( defaults["rootpw_clear"]:"" == Users::GetRootPassword() )
+ {
+ rootPWString = _("[root password]");
+ } else
+ {
+ rootPWString = _("[manually set]");
+ }
+ if( defaults["rootpw_clear"]:"" == "" )
+ {
+ warning = _("Unable to retrieve the system root password. Set
an LDAP server password to continue.");
+ warning_level = `blocker;
+ }
+ if ( LdapServer::ReadSetupMaster() )
+ {
+ proposal = _("Setting up LDAP Master Server:");
+ }
+ else
+ {
+ proposal = _("Setting up standalone LDAP Server:");
+ }
+ proposal = proposal +
+ HTML::List( [ _("Base DN: ") + defaults["suffix"]:"",
+ _("Root DN: ") + defaults["rootdn"]:"",
+ _("LDAP Password: ") + rootPWString
+ ] );
}
- if( defaults["rootpw_clear"]:"" == "" )
+ else
{
- warning = _("Unable to retrieve the system root password. Set an
LDAP server password to continue.");
- warning_level = `blocker;
+ map <string,any> syncrepl = LdapServer::ReadSyncreplBaseConfig();
+ proposal = _("Setting up LDAP Slave Server") +
+ HTML::List( [ _("Provider: ") +
(string)syncrepl["provider","protocol"]:"" + "://"
+ +
(string)syncrepl["provider","target"]:"" + ":"
+ +
tostring(syncrepl["provider","port"]:0) ] );
+
}
// Try to get Firewall status
string fw_text = "";
@@ -128,16 +153,10 @@
fw_text = _("Firewall is disabled");
textdomain "ldap-server";
}
-
- proposal = _("LDAP Server Configuration:") +
- HTML::List( [ _("Base DN: ") + defaults["suffix"]:"",
- _("Root DN: ") + defaults["rootdn"]:"",
- _("LDAP Password: ") + rootPWString
- ] ) +
- _("Start LDAP Server: ") + HTML::Bold( _("YES") ) +
HTML::Newline() +
- _("Register at SLP Daemon: ") + HTML::Bold(
defaults["slpRegister"]:false ? _("YES") : _("NO") ) +
- HTML::Newline() +
- fw_text;
+ proposal = proposal +
+ _("Register at SLP Daemon: ") + HTML::Bold(
defaults["slpRegister"]:false ? _("YES") : _("NO") ) +
+ HTML::Newline() +
+ fw_text;
} else {
proposal = _("Start LDAP Server: ") + HTML::Bold( _("NO") );
}
@@ -213,6 +232,7 @@

return ret;
}
+
if ( LdapServer::ReadSetupSlave() )
{
Wizard::CreateDialog();
@@ -221,7 +241,7 @@
Wizard::CloseDialog();
if ( slave_ret == `next )
{
- LdapServer::SetupRemoteForReplication();
+ LdapServer::SetupRemoteForReplication();
}
else
{
@@ -229,7 +249,6 @@
return ret;
}
}
-
LdapServer::ReadFromDefaults();
map <string,any> defaults = LdapServer::ReadInitialDefaults();
Progress::set(false);

Modified: trunk/ldap-server/src/lib/slapd-config.cpp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.cpp?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/slapd-config.cpp (original)
+++ trunk/ldap-server/src/lib/slapd-config.cpp Wed Feb 10 12:20:15 2010
@@ -191,7 +191,7 @@

void OlcConfigEntry::setStringValue(const std::string &type, const std::string
&value)
{
- log_it(SLAPD_LOG_INFO,"setStringValue() " + type + " " + value);
+ log_it(SLAPD_LOG_DEBUG,"setStringValue() " + type + " " + value);
if ( value.empty() )
{
m_dbEntryChanged.delAttribute(type);
@@ -290,7 +290,7 @@
if ( deleted )
{
delValues.add(*j);
- log_it(SLAPD_LOG_INFO,"Value deleted: " + *j );
+ log_it(SLAPD_LOG_DEBUG,"Value deleted: " + *j );
}
}
j = changedAttr->getValues().begin();
@@ -308,7 +308,7 @@
if ( added )
{
addValues.add(*j);
- log_it(SLAPD_LOG_INFO,"Value added: " + *j);
+ log_it(SLAPD_LOG_DEBUG,"Value added: " + *j);
}
}
bool replace = false;
@@ -675,7 +675,7 @@
}
else
{
- throw std::runtime_error( "Unsupported access level" );
+ throw std::runtime_error( "Unsupported access level <"
+ level + ">" );
}
}
log_it(SLAPD_LOG_INFO, "access: " + level );
@@ -833,6 +833,86 @@
return aclString.str();
}

+OlcLimits::OlcLimits( const std::string& limitString )
+{
+ std::string::size_type spos = 0;
+ std::string::size_type tmppos = 0;
+ // limits look like this: <selector> <limit> [<limit> [...]]
+
+ // split of the selector pattern
+ tmppos = limitString.find_first_not_of("\t ", spos );
+ spos = tmppos;
+ tmppos = limitString.find_first_of("\t\" ", spos );
+ // skip quoted whitespaces
+ while ( limitString[tmppos] == '"' && limitString[tmppos-1] != '\\')
+ {
+ tmppos = extractAlcToken( limitString, tmppos, true );
+ tmppos = limitString.find_first_of("\t\" ", tmppos+1 );
+ }
+ m_selector = limitString.substr(spos, tmppos-spos );
+ log_it(SLAPD_LOG_DEBUG, "selector: <"+m_selector+">" );
+
+ // now the list of <limits> follows
+ spos = tmppos;
+ if ( spos != std::string::npos )
+ {
+ spos = limitString.find_first_not_of("\t ", spos );
+ }
+ while ( spos != std::string::npos )
+ {
+ tmppos = extractAlcToken( limitString, spos, false );
+ std::string tmp = limitString.substr( spos, tmppos-spos );
+ log_it(SLAPD_LOG_DEBUG, "limit: <"+tmp+">" );
+ std::string::size_type delimpos = tmp.find( '=' );
+ if ( delimpos == std::string::npos )
+ {
+ throw std::runtime_error( "error while parsing limits statement" );
+ }
+ m_limits.push_back( make_pair(tmp.substr(0, delimpos), tmp.substr(
delimpos+1 ) ));
+ if ( tmppos != std::string::npos )
+ {
+ spos = limitString.find_first_not_of("\t ", tmppos+1 );
+ }
+ else
+ {
+ break;
+ }
+ }
+}
+
+void OlcLimits::setSelector( const std::string &value )
+{
+ m_selector = value;
+}
+
+void OlcLimits::setLimits ( const pairlist &value )
+{
+ m_limits = value;
+}
+
+std::string OlcLimits::getSelector() const
+{
+ return m_selector;
+}
+
+pairlist OlcLimits::getLimits() const
+{
+ return m_limits;
+}
+
+std::string OlcLimits::toLimitsString() const
+{
+ std::ostringstream limitStr;
+ limitStr << m_selector;
+
+ pairlist::const_iterator i;
+ for ( i=m_limits.begin(); i != m_limits.end(); i++ )
+ {
+ limitStr << " " << i->first << "=" << i->second ;
+ }
+ return limitStr.str();
+}
+
const std::string OlcSyncRepl::RID="rid";
const std::string OlcSyncRepl::PROVIDER="provider";
const std::string OlcSyncRepl::BASE="searchbase";
@@ -843,6 +923,7 @@
const std::string OlcSyncRepl::INTERVAL="interval";
const std::string OlcSyncRepl::STARTTLS="starttls";
const std::string OlcSyncRepl::RETRY="retry";
+const std::string OlcSyncRepl::TLS_REQCERT="tls_reqcert";

OlcSyncRepl::OlcSyncRepl( const std::string &syncreplLine):
rid(1),
@@ -941,6 +1022,10 @@
{
this->setRetryString(value);
}
+ else if ( key == TLS_REQCERT )
+ {
+ this->setTlsReqCert(value);
+ }
else
{
otherValues.push_back(make_pair(key, value));
@@ -974,6 +1059,10 @@
{
srlStream << "starttls=critical ";
}
+ if (! this->tlsReqCert.empty() )
+ {
+ srlStream << "tls_reqcert=" << tlsReqCert << " ";
+ }
srlStream << "bindmethod=\"" << this->bindmethod << "\" "
<< "binddn=\"" << this->binddn << "\" "
<< "credentials=\"" << this->credentials << "\"";
@@ -1040,6 +1129,11 @@
retryString = value;
}

+void OlcSyncRepl::setTlsReqCert( const std::string &value )
+{
+ tlsReqCert = value;
+}
+
int OlcSyncRepl::getRid() const
{
return rid;
@@ -1090,6 +1184,10 @@
return starttls;
}

+std::string OlcSyncRepl::getTlsReqCert() const
+{
+ return tlsReqCert;
+}

OlcSecurity::OlcSecurity(const std::string &securityVal)
{
@@ -1105,11 +1203,11 @@
spos1 = spos2;
spos2 = securityVal.find_first_of("=", spos1 );
std::string key = securityVal.substr(spos1, spos2-spos1);
- log_it(SLAPD_LOG_INFO, "Key: <" + key + ">");
+ log_it(SLAPD_LOG_DEBUG, "Key: <" + key + ">");
spos1 = spos2 + 1;
spos2 = extractAlcToken(securityVal, spos1, false );
std::string value = securityVal.substr(spos1, spos2-spos1);
- log_it(SLAPD_LOG_INFO, "Value: <" + value + ">");
+ log_it(SLAPD_LOG_DEBUG, "Value: <" + value + ">");
if ( spos2 != std::string::npos )
{
spos1 = spos2 + 1;
@@ -1294,6 +1392,54 @@
}
}

+bool OlcDatabase::getLimits(OlcLimitList &limitList) const
+{
+ const LDAPAttribute* limitsAttr =
m_dbEntryChanged.getAttributeByName("olcLimits");
+ log_it(SLAPD_LOG_INFO, "OlcDatabase::getLimits()");
+ limitList.clear();
+ bool ret = true;
+ if ( limitsAttr )
+ {
+ StringList values = limitsAttr->getValues();
+ StringList::const_iterator i;
+ for ( i = values.begin(); i != values.end(); i++ )
+ {
+ log_it(SLAPD_LOG_DEBUG, "limits VALUE: " + *i );
+ std::string limitString;
+ splitIndexFromString( *i, limitString );
+ try {
+ boost::shared_ptr<OlcLimits> limit( new OlcLimits(limitString)
);
+ limitList.push_back(limit);
+ }
+ catch ( std::runtime_error e )
+ {
+ log_it(SLAPD_LOG_INFO, "Can't parse Limit");
+ log_it(SLAPD_LOG_INFO, e.what() );
+ limitList.clear();
+ ret = false;
+ break;
+ }
+ }
+ }
+ else
+ {
+ log_it(SLAPD_LOG_INFO, "no limit set");
+ }
+ return ret;
+}
+
+void OlcDatabase::replaceLimits( const OlcLimitList& limits )
+{
+ this->setStringValue( "olcLimits", "" );
+ OlcLimitList::const_iterator i;
+ int j = 0;
+
+ for ( i = limits.begin(); i != limits.end(); i++ )
+ {
+ this->addIndexedStringValue( "olcLimits", (*i)->toLimitsString(), j );
+ j++;
+ }
+}

OlcSyncReplList OlcDatabase::getSyncRepl() const
{
@@ -2073,7 +2219,7 @@
void OlcConfig::waitForBackgroundTasks()
{
try {
- LDAPModification mod( LDAPAttribute("objectClass", "olcConfig"),
LDAPModification::OP_ADD );
+ LDAPModification mod( LDAPAttribute("objectClass", "olcGlobal"),
LDAPModification::OP_ADD );
LDAPModList ml;
ml.addModification(mod);
m_lc->modify( "cn=config", &ml );

Modified: trunk/ldap-server/src/lib/slapd-config.h
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.h?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/slapd-config.h (original)
+++ trunk/ldap-server/src/lib/slapd-config.h Wed Feb 10 12:20:15 2010
@@ -174,7 +174,7 @@
level != "compare" && level != "read" &&
level != "write" && level != "manage" )
{
- throw std::runtime_error( "Unsupported access level" );
+ throw std::runtime_error( "Unsupported access level <" + level
+ ">" );
}
m_level = level;
}
@@ -231,6 +231,25 @@
OlcAclByList m_byList;
};

+typedef std::list<std::pair<std::string,std::string> > pairlist;
+class OlcLimits
+{
+ public:
+ inline OlcLimits() {}
+
+ OlcLimits( const std::string &limitsString);
+ void setSelector( const std::string &value );
+ void setLimits ( const pairlist&value );
+
+ std::string getSelector() const;
+ pairlist getLimits() const;
+
+ std::string toLimitsString() const;
+ private:
+ std::string m_selector;
+ pairlist m_limits;
+};
+
class OlcSyncRepl
{
public:
@@ -251,6 +270,7 @@
const static std::string INTERVAL;
const static std::string STARTTLS;
const static std::string RETRY;
+ const static std::string TLS_REQCERT;

std::string toSyncReplLine() const;

@@ -264,6 +284,7 @@
void setInterval( int days, int hours, int mins, int secs );
void setStartTls( StartTls tls );
void setRetryString( const std::string &value );
+ void setTlsReqCert( const std::string &value );

int getRid() const;
LDAPUrl getProvider() const;
@@ -274,6 +295,7 @@
std::string getCredentials() const;
void getInterval( int &days, int &hours, int &mins, int &secs ) const;
StartTls getStartTls() const;
+ std::string getTlsReqCert() const;

private:
int rid;
@@ -284,6 +306,7 @@
std::string binddn;
std::string credentials;
std::string retryString;
+ std::string tlsReqCert;
int refreshOnlyDays;
int refreshOnlyHours;
int refreshOnlyMins;
@@ -307,6 +330,7 @@

typedef std::list<boost::shared_ptr<OlcOverlay> > OlcOverlayList;
typedef std::list<boost::shared_ptr<OlcAccess> > OlcAccessList;
+typedef std::list<boost::shared_ptr<OlcLimits> > OlcLimitList;
typedef std::list<boost::shared_ptr<OlcSyncRepl> > OlcSyncReplList;

class OlcDatabase : public OlcConfigEntry
@@ -329,6 +353,9 @@
bool getAcl( OlcAccessList& accessList ) const;
virtual void addAccessControl( const std::string& acl, int index=-1 );
virtual void replaceAccessControl( const OlcAccessList& acllist );
+
+ bool getLimits( OlcLimitList& limitList ) const;
+ void replaceLimits( const OlcLimitList& limits );

OlcSyncReplList getSyncRepl() const;
void setSyncRepl( const OlcSyncReplList& srl );

Modified: trunk/ldap-server/src/wizards.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/wizards.ycp?rev=60780&r1=60779&r2=60780&view=diff
==============================================================================
--- trunk/ldap-server/src/wizards.ycp (original)
+++ trunk/ldap-server/src/wizards.ycp Wed Feb 10 12:20:15 2010
@@ -123,15 +123,15 @@
Label::BackButton(), Label::NextButton());

map aliases = $[
- "startup" : ``( EnableServiceDialog() ),
- "servertype" : ``( ServerTypeDialog() ),
- "tlssettings" : ``( TlsConfigDialog() ),
- "database" : ``( ProposalDialog() ),
- "summary" : ``(SummaryDialog() ),
- "advanced" : ``(MainSequence() ),
- "write" : ``( WriteDialog() ),
- "slavesetup" : ``( SlaveSetupDialog() ),
- "mastersetup" : ``( MasterSetupDialog() ),
+ "startup" : ``( EnableServiceDialog() ),
+ "servertype" : ``( ServerTypeDialog() ),
+ "tlssettings" : ``( TlsConfigDialog() ),
+ "database" : ``( ProposalDialog() ),
+ "summary" : ``(SummaryDialog() ),
+ "advanced" : ``(MainSequence() ),
+ "write" : ``( WriteDialog() ),
+ "slavesetup" : ``( SlaveSetupDialog() ),
+ "mastersetup" : ``( MasterSetupDialog() ),
"replicationsummary": ``( ReplicatonSetupSummaryDialog() )
];

@@ -162,21 +162,21 @@
],
"mastersetup" : $[
`next : "summary",
- `abort : `abort,
+ `abort : `abort
],
"summary" : $[
`next : "write",
`abort : `abort,
`advanced : "advanced"
],
- "advanced" : $[
- `abort : `abort,
- `next : "write"
- ],
- "write" : $[
- `abort : `abort,
- `next : `next
- ]
+ "advanced" : $[
+ `abort : `abort,
+ `next : "write"
+ ],
+ "write" : $[
+ `abort : `abort,
+ `next : `next
+ ]
];

y2milestone( "--> starting ProposalSequence" );

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages