[yast-commit] r60780 - in /trunk/ldap-server: ./ src/LdapServer.pm src/agent/SlapdConfigAgent.cc src/dialogs.ycp src/ldap-server_proposal.ycp src/lib/slapd-config.cpp src/lib/slapd-config.h src/wizards.ycp

Author: rhafer Date: Wed Feb 10 12:20:15 2010 New Revision: 60780 URL: http://svn.opensuse.org/viewcvs/yast?rev=60780&view=rev Log: Merged inst-proposal changes for replication from sle-11-sp1 branch (revisions 59745-59964) Modified: trunk/ldap-server/ (props changed) trunk/ldap-server/src/LdapServer.pm trunk/ldap-server/src/agent/SlapdConfigAgent.cc trunk/ldap-server/src/dialogs.ycp trunk/ldap-server/src/ldap-server_proposal.ycp trunk/ldap-server/src/lib/slapd-config.cpp trunk/ldap-server/src/lib/slapd-config.h trunk/ldap-server/src/wizards.ycp Modified: trunk/ldap-server/src/LdapServer.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/LdapServer.pm?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/LdapServer.pm (original) +++ trunk/ldap-server/src/LdapServer.pm Wed Feb 10 12:20:15 2010 @@ -35,6 +35,7 @@ my %error = ( msg => undef, details => undef ); my $ssl_check_command = "/usr/lib/YaST2/bin/ldap-server-ssl-check"; my $usingDefaults = 1; +my $fqdn = ""; my $readConfig = 0; my $restartRequired = 0; my $configured = 0; @@ -324,6 +325,28 @@ } ## + # @return the full qualified hostname of the machine or "" if not set + # +BEGIN { $TYPEINFO{ReadHostnameFQ} = ["function", "string"]; } +sub ReadHostnameFQ() +{ + if ( $fqdn eq "" ) + { + my $rc = SCR->Execute( '.target.bash_output', "/bin/hostname -f" ); + if ( $rc->{'stdout'} eq "" ) + { + y2milestone("could determine fqdn, hostname -f returned: ". $rc->{'stderr'} ); + } + else + { + $fqdn = $rc->{'stdout'}; + chomp($fqdn); + } + } + return $fqdn; +} + +## # @return Set base DN that shoudl we written to /etc/openldap/ldap.conf # BEGIN { $TYPEINFO{WriteLdapConfBase} = ["function", "boolean", "string"]; } @@ -1429,9 +1452,16 @@ } } my $oldtls = $self->ReadTlsConfig(); - if ( $oldtls->{'certKeyFile'} ne $tls->{'certKeyFile'} || - $oldtls->{'certFile'} ne $tls->{'certFile'} || - $oldtls->{'caCertFile'} ne $tls->{'caCertFile'}) + if ( ref($oldtls) eq "HASH" ) + { + if( $oldtls->{'certKeyFile'} ne $tls->{'certKeyFile'} || + $oldtls->{'certFile'} ne $tls->{'certFile'} || + $oldtls->{'caCertFile'} ne $tls->{'caCertFile'} ) + { + $restartRequired = 1; + } + } + elsif ( $tls->{'tls_active'} ) { $restartRequired = 1; } @@ -1591,6 +1621,7 @@ my $domain = $rc->{"stdout"}; if ( $domain eq "" ) { + y2milestone("\"hostname -d\" returned: \"". $rc->{'stderr'} . "\" falling back to default"); $domain = "site"; } chomp($domain); @@ -1665,121 +1696,146 @@ my $frontenddb = { 'type' => 'frontend' }; $self->InitGlobals(); - SCR->Execute('.ldapserver.initSchema' ); - my $rc = SCR->Write(".ldapserver.schema.addFromLdif", "/etc/openldap/schema/core.ldif" ); - if ( ! $rc ) { - my $err = SCR->Error(".ldapserver"); - y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); - $self->SetError( $err->{'summary'}, $err->{'description'} ); - return $rc; - } - $rc = SCR->Write(".ldapserver.schema.addFromLdif", "/etc/openldap/schema/cosine.ldif" ); - if ( ! $rc ) { - my $err = SCR->Error(".ldapserver"); - y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); - $self->SetError( $err->{'summary'}, $err->{'description'} ); - return $rc; - } - $rc = SCR->Write(".ldapserver.schema.addFromLdif", "/etc/openldap/schema/inetorgperson.ldif" ); - if ( ! $rc ) { - my $err = SCR->Error(".ldapserver"); - y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); - $self->SetError( $err->{'summary'}, $err->{'description'} ); - return $rc; - } - $rc = SCR->Write(".ldapserver.schema.addFromSchemafile", "/etc/openldap/schema/rfc2307bis.schema" ); - if ( ! $rc ) { - my $err = SCR->Error(".ldapserver"); - y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); - $self->SetError( $err->{'summary'}, $err->{'description'} ); - return $rc; - } - $rc = SCR->Write(".ldapserver.schema.addFromSchemafile", "/etc/openldap/schema/yast.schema" ); - if ( ! $rc ) { - my $err = SCR->Error(".ldapserver"); - y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); - $self->SetError( $err->{'summary'}, $err->{'description'} ); - return $rc; - } - - SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase, $database ] ); - if ( $dbDefaults{'defaultIndex'} == 1 || - ( ref($dbDefaults{'defaultIndex'}) eq "YaST::YCP::Boolean" && - $dbDefaults{'defaultIndex'}->value == 1 ) - ) + + if ( $self->ReadSetupSlave() ) { - foreach my $idx ( @$defaultIndexes ) + SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase ] ); + SCR->Write(".ldapserver.database.{0}.syncrepl", $syncreplbaseconfig ); + my $ldif = SCR->Read('.ldapserver.configAsLdif' ); + y2debug($ldif); + } + else #master or standalone + { + SCR->Execute('.ldapserver.initSchema' ); + my $rc = SCR->Write(".ldapserver.schema.addFromLdif", "/etc/openldap/schema/core.ldif" ); + if ( ! $rc ) { + my $err = SCR->Error(".ldapserver"); + y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); + $self->SetError( $err->{'summary'}, $err->{'description'} ); + return $rc; + } + $rc = SCR->Write(".ldapserver.schema.addFromLdif", "/etc/openldap/schema/cosine.ldif" ); + if ( ! $rc ) { + my $err = SCR->Error(".ldapserver"); + y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); + $self->SetError( $err->{'summary'}, $err->{'description'} ); + return $rc; + } + $rc = SCR->Write(".ldapserver.schema.addFromLdif", "/etc/openldap/schema/inetorgperson.ldif" ); + if ( ! $rc ) { + my $err = SCR->Error(".ldapserver"); + y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); + $self->SetError( $err->{'summary'}, $err->{'description'} ); + return $rc; + } + $rc = SCR->Write(".ldapserver.schema.addFromSchemafile", "/etc/openldap/schema/rfc2307bis.schema" ); + if ( ! $rc ) { + my $err = SCR->Error(".ldapserver"); + y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); + $self->SetError( $err->{'summary'}, $err->{'description'} ); + return $rc; + } + $rc = SCR->Write(".ldapserver.schema.addFromSchemafile", "/etc/openldap/schema/yast.schema" ); + if ( ! $rc ) { + my $err = SCR->Error(".ldapserver"); + y2error("Adding Schema failed: ".$err->{'summary'}." ".$err->{'description'}); + $self->SetError( $err->{'summary'}, $err->{'description'} ); + return $rc; + } + + SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase, $database ] ); + if ( $dbDefaults{'defaultIndex'} == 1 || + ( ref($dbDefaults{'defaultIndex'}) eq "YaST::YCP::Boolean" && + $dbDefaults{'defaultIndex'}->value == 1 ) + ) { - $self->ChangeDatabaseIndex(1, $idx ); + foreach my $idx ( @$defaultIndexes ) + { + $self->ChangeDatabaseIndex(1, $idx ); + } } - } - if ( defined $dbDefaults{'configpw'} && $dbDefaults{'configpw'} ne "" ) - { - my $confPwHash = $self->HashPassword($dbDefaults{'pwenctype'}, $dbDefaults{'configpw'} ); - my $changes = { "secure_only" => 1, "rootpw" => $confPwHash }; - $self->UpdateDatabase(0 ,$changes); - if ( $self->ReadSetupMaster() ) + if ( defined $dbDefaults{'configpw'} && $dbDefaults{'configpw'} ne "" ) { - my $syncprov = { 'enabled' => 1, - 'checkpoint' => { 'ops' => YaST::YCP::Integer(100), - 'min' => YaST::YCP::Integer(10) } - }; + my $confPwHash = $self->HashPassword($dbDefaults{'pwenctype'}, $dbDefaults{'configpw'} ); + my $changes = { "secure_only" => 1, "rootpw" => $confPwHash }; + $self->UpdateDatabase(0 ,$changes); + if ( $self->ReadSetupMaster() ) + { + # create helpful indexes for syncrepl + $self->ChangeDatabaseIndex(1, { "name" => "entryUUID", "eq" => 1 } ); + $self->ChangeDatabaseIndex(1, { "name" => "entryCSN", "eq" => 1 } ); + + my $syncprov = { 'enabled' => 1, + 'checkpoint' => { 'ops' => YaST::YCP::Integer(100), + 'min' => YaST::YCP::Integer(10) } + }; - SCR->Write( ".ldapserver.database.{0}.syncprov", $syncprov ); - SCR->Write( ".ldapserver.database.{1}.syncprov", $syncprov ); + SCR->Write( ".ldapserver.database.{0}.syncprov", $syncprov ); + SCR->Write( ".ldapserver.database.{1}.syncprov", $syncprov ); - my $syncpw = GenerateRandPassword(); - my $syncdn = "uid=syncrepl,ou=system,".$dbDefaults{'suffix'}; - my $rc = SCR->Execute( '.target.bash_output', "/bin/hostname -f" ); - my $fqdn = $rc->{"stdout"}; - chomp($fqdn); - my $syncrepl = { - "provider" => { - "protocol" => "ldap", - "target" => $fqdn, - "port" => YaST::YCP::Integer(389) - }, - "type" => "refreshAndPersist", - "binddn" => $syncdn, - "credentials" => $syncpw, - "basedn" => "cn=config", - "starttls" => YaST::YCP::Boolean(1), - "updateref" => {} - }; - SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl ); - $syncrepl->{'basedn'} = $dbDefaults{'suffix'}; - SCR->Write(".ldapserver.database.{1}.syncrepl", $syncrepl ); - $syncreplaccount->{'syncdn'} = $syncdn; - $syncreplaccount->{'syncpw'} = $syncpw; - $syncreplaccount->{'syncpw_hash'} = $self->HashPassword($dbDefaults{'pwenctype'}, $syncpw ); - $syncreplaccount->{'basedn'} = $dbDefaults{'suffix'}; - my @syncacl = ({ - 'target' => {}, - 'access' => [ - { 'type' => "dn.base", - 'value' => $syncdn, - 'level' => "read", - 'control' => "" }, - { 'type' => "*", - 'value' => "", - 'level' => "", - 'control' => "break" } - ] - }); - $rc = SCR->Write(".ldapserver.database.{0}.acl", \@syncacl ); - push @syncacl, @$defaultDbAcls; - $defaultDbAcls = \@syncacl; + my $syncpw = GenerateRandPassword(); + my $syncdn = "uid=syncrepl,ou=system,".$dbDefaults{'suffix'}; + my $hostname = $self->ReadHostnameFQ(); + if ( $hostname eq "" ) + { + $self->SetError( _("Could not determine own full qualified hostname"), + _("A master server for replication cannot work correctly without knowing the own full qualified hostname") ); + return 0; + } + my $syncrepl = { + "provider" => { + "protocol" => "ldap", + "target" => $hostname, + "port" => YaST::YCP::Integer(389) + }, + "type" => "refreshAndPersist", + "binddn" => $syncdn, + "credentials" => $syncpw, + "basedn" => "cn=config", + "starttls" => YaST::YCP::Boolean(1), + "updateref" => {} + }; + SCR->Write(".ldapserver.database.{0}.syncrepl", $syncrepl ); + $syncrepl->{'basedn'} = $dbDefaults{'suffix'}; + SCR->Write(".ldapserver.database.{1}.syncrepl", $syncrepl ); + $syncreplaccount->{'syncdn'} = $syncdn; + $syncreplaccount->{'syncpw'} = $syncpw; + $syncreplaccount->{'syncpw_hash'} = $self->HashPassword($dbDefaults{'pwenctype'}, $syncpw ); + $syncreplaccount->{'basedn'} = $dbDefaults{'suffix'}; + my @syncacl = ({ + 'target' => {}, + 'access' => [ + { 'type' => "dn.base", + 'value' => $syncdn, + 'level' => "read", + 'control' => "" }, + { 'type' => "*", + 'value' => "", + 'level' => "", + 'control' => "break" } + ] + }); + $rc = SCR->Write(".ldapserver.database.{0}.acl", \@syncacl ); + push @syncacl, @$defaultDbAcls; + $defaultDbAcls = \@syncacl; + + my @newlimits = ( { 'selector' => "dn.exact=\"$syncdn\"", + 'limits' => [ { 'type' => "size.soft", + 'value' => "unlimited" } ] } ); + SCR->Write(".ldapserver.database.{0}.limits", \@newlimits ); + SCR->Write(".ldapserver.database.{1}.limits", \@newlimits ); + } } + + # add default ACLs + $rc = SCR->Write(".ldapserver.database.{-1}.acl", $defaultGlobalAcls ); + $rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls ); + push @added_databases, $dbDefaults{'suffix'}; + $self->WriteAuthInfo( $dbDefaults{'suffix'}, + { bind_dn => $dbDefaults{'rootdn'}, + bind_pw => $dbDefaults{'rootpw_clear'} } ); } - - # add default ACLs - $rc = SCR->Write(".ldapserver.database.{-1}.acl", $defaultGlobalAcls ); - $rc = SCR->Write(".ldapserver.database.{1}.acl", $defaultDbAcls ); - push @added_databases, $dbDefaults{'suffix'}; - $self->WriteAuthInfo( $dbDefaults{'suffix'}, - { bind_dn => $dbDefaults{'rootdn'}, - bind_pw => $dbDefaults{'rootpw_clear'} } ); $usingDefaults = 0; $readConfig = 1; return 1; @@ -2059,6 +2115,25 @@ $self->SetError( $err->{'summary'}, $err->{'description'} ); return YaST::YCP::Boolean(0); } + + ## Update indexes if the database supports it and if not deleting syncrepl + if ( keys %$syncprov ) + { + my $db = $self->ReadDatabase( $dbindex ); + if ( $db->{'type'} eq "bdb" || $db->{'type'} eq "hdb" ) + { + my $indexes = SCR->Read(".ldapserver.database.{".$dbindex."}.indexes" ); + y2milestone("indexes: ". Data::Dumper->Dump([$indexes])); + if ( ! $indexes->{'entrycsn'}->{'eq'} ) + { + $self->ChangeDatabaseIndex($dbindex, { "name" => "entryCSN", "eq" => 1 } ); + } + if ( ! $indexes->{'entryUUID'}->{'eq'} ) + { + $self->ChangeDatabaseIndex($dbindex, { "name" => "entryUUID", "eq" => 1 } ); + } + } + } return YaST::YCP::Boolean(1); } @@ -2142,6 +2217,25 @@ $self->SetError( $err->{'summary'}, $err->{'description'} ); return YaST::YCP::Boolean(0); } + + ## Update indexes if the database supports it and if not deleting syncrepl + if ( keys %$syncrepl ) + { + my $db = $self->ReadDatabase( $dbindex ); + if ( $db->{'type'} eq "bdb" || $db->{'type'} eq "hdb" ) + { + my $indexes = SCR->Read(".ldapserver.database.{".$dbindex."}.indexes" ); + y2milestone("indexes: ". Data::Dumper->Dump([$indexes])); + if ( ! $indexes->{'entrycsn'}->{'eq'} ) + { + $self->ChangeDatabaseIndex($dbindex, { "name" => "entryCSN", "eq" => 1 } ); + } + if ( ! $indexes->{'entryUUID'}->{'eq'} ) + { + $self->ChangeDatabaseIndex($dbindex, { "name" => "entryUUID", "eq" => 1 } ); + } + } + } return YaST::YCP::Boolean(1); } @@ -2815,26 +2909,63 @@ } } } + for ( my $i=0; $i < scalar(@{$dbs})-1; $i++) + { + my $type = $dbs->[$i+1]->{'type'}; + my $suffix = $dbs->[$i+1]->{'suffix'}; + if ( $type eq "config" || $type eq "bdb" || $type eq "hdb" ) + { + my $db = SCR->Read(".ldapserver.database.{".$i."}" ); + my $needslimit = 1; + if ( lc($db->{'rootdn'}) eq lc($syncreplbaseconfig->{'binddn'}) ) + { + y2milestone("Repl DN \"".$syncreplbaseconfig->{'binddn'}. "\" is rootdn of database $i. No limit needed"); + } + else + { + my $limits = SCR->Read(".ldapserver.database.{".$i."}.limits" ); + y2milestone("Database $i limits:". Data::Dumper->Dump([ $limits ]) ); + foreach my $limit (@$limits) + { + if ( $limit->{'selector'} eq "dn.exact=\"".$syncreplbaseconfig->{'binddn'}."\"" ) + { + my $limitvals = $limit->{'limits'}; + foreach my $val (@$limitvals ) + { + if ( $val->{'type'} eq "size.soft" && $val->{'value'} eq "unlimited" ) + { + y2milestone("limit already present, no need to add"); + $needslimit = 0; + last; + } + } + if (! $needslimit ) + { + last; + } + } + } + if ($needslimit) + { + y2milestone("Setting sizelimit for syncrepuser to unlimited."); + my @newlimits = ( { 'selector' => "dn.exact=\"".$syncreplbaseconfig->{'binddn'}."\"", + 'limits' => [ { 'type' => "size.soft", + 'value' => "unlimited" } ] } ); + push @newlimits, @$limits; + SCR->Write(".ldapserver.database.{".$i."}.limits", \@newlimits ); + } + } + } + } SCR->Execute(".ldapserver.commitChanges" ); SCR->Execute(".ldapserver.reset" ); + $globals_initialized = 0; $self->CreateSyncReplAccount(); - SCR->Execute(".ldapserver.initGlobals" ); - my $cfgdatabase = { 'type' => 'config', - 'rootdn' => 'cn=config' }; - my $frontenddb = { 'type' => 'frontend' }; - SCR->Execute('.ldapserver.initDatabases', [ $frontenddb, $cfgdatabase ] ); $syncreplbaseconfig->{'binddn'} = "cn=config"; $syncreplbaseconfig->{'credentials'} = $auth_info->{'cn=config'}->{'bind_pw'}; $syncreplbaseconfig->{'basedn'} = "cn=config"; - SCR->Write(".ldapserver.database.{0}.syncrepl", $syncreplbaseconfig ); - my $ldif = SCR->Read('.ldapserver.configAsLdif' ); - y2milestone($ldif); - $overwriteConfig = 1; -# $self->Write( {resetCsn => 1} ); -# SCR->Execute(".ldapserver.reset" ); - return 1; } Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original) +++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Wed Feb 10 12:20:15 2010 @@ -850,6 +850,37 @@ return YCPNull(); } } + else if ( dbComponent == "limits" ) + { + YCPList resList; + OlcLimitList limitList; + if ( (*i)->getLimits(limitList) ) + { + OlcLimitList::const_iterator j; + for ( j = limitList.begin(); j != limitList.end(); j++ ) + { + YCPMap limitMap; + YCPList limitVals; + pairlist limits = (*j)->getLimits(); + pairlist::const_iterator k ; + for ( k = limits.begin(); k != limits.end(); k++ ) + { + YCPMap valMap; + valMap.add(YCPString("type"), YCPString(k->first) ); + valMap.add(YCPString("value"), YCPString(k->second) ); + limitVals.add(valMap); + } + limitMap.add( YCPString("selector"), YCPString( (*j)->getSelector().c_str() ) ); + limitMap.add( YCPString("limits"), limitVals); + resList.add(limitMap); + } + return resList; + } + else + { + return YCPNull(); + } + } else if ( dbComponent == "syncrepl" ) { YCPMap resMap; @@ -1089,6 +1120,10 @@ if ( path->length() == 0 ) { return YCPNull(); } else { + if ( ! globals ) + { + throw std::runtime_error("Configuration not initialized." ); + } if ( path->component_str(0) == "loglevel" ) { y2milestone("Write loglevel"); @@ -1655,6 +1690,30 @@ (*i)->replaceAccessControl(aclList); ret = true; } + else if ( dbComponent == "limits" ) + { + YCPList argList = arg->asList(); + OlcLimitList limitList; + for ( int j = 0; j < argList->size(); j++ ) + { + boost::shared_ptr<OlcLimits> limit( new OlcLimits() ); + YCPMap limitMap = argList->value(j)->asMap(); + limit->setSelector(limitMap->value(YCPString("selector"))->asString()->value_cstr() ); + + YCPList ycpLimitValues = limitMap->value(YCPString("limits"))->asList(); + pairlist limitVals; + for ( int k=0; k < ycpLimitValues->size(); k++ ) + { + YCPMap valMap = ycpLimitValues->value(k)->asMap(); + limitVals.push_back( make_pair(valMap->value(YCPString("type"))->asString()->value_cstr(), + valMap->value(YCPString("value"))->asString()->value_cstr() ) ); + } + limit->setLimits(limitVals); + limitList.push_back(limit); + } + (*i)->replaceLimits(limitList); + ret = true; + } else if ( dbComponent == "syncrepl" ) { YCPMap argMap = arg->asMap(); @@ -1685,7 +1744,10 @@ LDAPUrl prvuri; prvuri.setScheme(protocol); prvuri.setHost(target); - prvuri.setPort(port); + if ( ( protocol == "ldap" && port != 389 ) || ( protocol == "ldaps" && port != 636 ) ) + { + prvuri.setPort(port); + } sr->setType( type ); sr->setProvider( prvuri ); @@ -1694,6 +1756,7 @@ sr->setCredentials( cred ); // default retry (every 120 seconds) sr->setRetryString( "120 +" ); + sr->setTlsReqCert("demand"); if ( starttls ) { Modified: trunk/ldap-server/src/dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/dialogs.ycp?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/dialogs.ycp (original) +++ trunk/ldap-server/src/dialogs.ycp Wed Feb 10 12:20:15 2010 @@ -335,14 +335,26 @@ } else if (UI::QueryWidget( `id( `rbg_servertype ), `CurrentButton) == `rb_master ) { - LdapServer::WriteSetupMaster(true); - LdapServer::WriteSetupSlave(false); + if ( size( LdapServer::ReadHostnameFQ() ) == 0 ) + { + Popup::Notify(_("YaST was not able to determine the full qualified hostname of this\ncomputer. ") + + _("Setting up a replication master it not possible currently.") ); + UI::ChangeWidget( `rb_master, `Enabled, false ); + UI::ChangeWidget( `rbg_servertype, `CurrentButton, `rb_standalone ); + continue; + } + else + { + LdapServer::WriteSetupMaster(true); + LdapServer::WriteSetupSlave(false); + } } else { LdapServer::WriteSetupMaster(false); LdapServer::WriteSetupSlave(false); } + SCR::Execute(.ldapserver.reset); } return ret; } @@ -1011,6 +1023,7 @@ any ret = nil; LdapServer::SetupRemoteForReplication(); + LdapServer::ReadFromDefaults(); ret = `next; return ret; } Modified: trunk/ldap-server/src/ldap-server_proposal.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/ldap-server_proposal.ycp?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/ldap-server_proposal.ycp (original) +++ trunk/ldap-server/src/ldap-server_proposal.ycp Wed Feb 10 12:20:15 2010 @@ -87,17 +87,42 @@ { string rootPWString = ""; defaults = LdapServer::ReadInitialDefaults(); - if( defaults["rootpw_clear"]:"" == Users::GetRootPassword() ) + if (! LdapServer::ReadSetupSlave() ) { - rootPWString = _("[root password]"); - } else - { - rootPWString = _("[manually set]"); + if( defaults["rootpw_clear"]:"" == Users::GetRootPassword() ) + { + rootPWString = _("[root password]"); + } else + { + rootPWString = _("[manually set]"); + } + if( defaults["rootpw_clear"]:"" == "" ) + { + warning = _("Unable to retrieve the system root password. Set an LDAP server password to continue."); + warning_level = `blocker; + } + if ( LdapServer::ReadSetupMaster() ) + { + proposal = _("Setting up LDAP Master Server:"); + } + else + { + proposal = _("Setting up standalone LDAP Server:"); + } + proposal = proposal + + HTML::List( [ _("Base DN: ") + defaults["suffix"]:"", + _("Root DN: ") + defaults["rootdn"]:"", + _("LDAP Password: ") + rootPWString + ] ); } - if( defaults["rootpw_clear"]:"" == "" ) + else { - warning = _("Unable to retrieve the system root password. Set an LDAP server password to continue."); - warning_level = `blocker; + map syncrepl = LdapServer::ReadSyncreplBaseConfig(); + proposal = _("Setting up LDAP Slave Server") + + HTML::List( [ _("Provider: ") + (string)syncrepl["provider","protocol"]:"" + "://" + + (string)syncrepl["provider","target"]:"" + ":" + + tostring(syncrepl["provider","port"]:0) ] ); + } // Try to get Firewall status string fw_text = ""; @@ -128,16 +153,10 @@ fw_text = _("Firewall is disabled"); textdomain "ldap-server"; } - - proposal = _("LDAP Server Configuration:") + - HTML::List( [ _("Base DN: ") + defaults["suffix"]:"", - _("Root DN: ") + defaults["rootdn"]:"", - _("LDAP Password: ") + rootPWString - ] ) + - _("Start LDAP Server: ") + HTML::Bold( _("YES") ) + HTML::Newline() + - _("Register at SLP Daemon: ") + HTML::Bold( defaults["slpRegister"]:false ? _("YES") : _("NO") ) + - HTML::Newline() + - fw_text; + proposal = proposal + + _("Register at SLP Daemon: ") + HTML::Bold( defaults["slpRegister"]:false ? _("YES") : _("NO") ) + + HTML::Newline() + + fw_text; } else { proposal = _("Start LDAP Server: ") + HTML::Bold( _("NO") ); } @@ -213,6 +232,7 @@ return ret; } + if ( LdapServer::ReadSetupSlave() ) { Wizard::CreateDialog(); @@ -221,7 +241,7 @@ Wizard::CloseDialog(); if ( slave_ret == `next ) { - LdapServer::SetupRemoteForReplication(); + LdapServer::SetupRemoteForReplication(); } else { @@ -229,7 +249,6 @@ return ret; } } - LdapServer::ReadFromDefaults(); map defaults = LdapServer::ReadInitialDefaults(); Progress::set(false); Modified: trunk/ldap-server/src/lib/slapd-config.cpp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.cpp?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/lib/slapd-config.cpp (original) +++ trunk/ldap-server/src/lib/slapd-config.cpp Wed Feb 10 12:20:15 2010 @@ -191,7 +191,7 @@ void OlcConfigEntry::setStringValue(const std::string &type, const std::string &value) { - log_it(SLAPD_LOG_INFO,"setStringValue() " + type + " " + value); + log_it(SLAPD_LOG_DEBUG,"setStringValue() " + type + " " + value); if ( value.empty() ) { m_dbEntryChanged.delAttribute(type); @@ -290,7 +290,7 @@ if ( deleted ) { delValues.add(*j); - log_it(SLAPD_LOG_INFO,"Value deleted: " + *j ); + log_it(SLAPD_LOG_DEBUG,"Value deleted: " + *j ); } } j = changedAttr->getValues().begin(); @@ -308,7 +308,7 @@ if ( added ) { addValues.add(*j); - log_it(SLAPD_LOG_INFO,"Value added: " + *j); + log_it(SLAPD_LOG_DEBUG,"Value added: " + *j); } } bool replace = false; @@ -675,7 +675,7 @@ } else { - throw std::runtime_error( "Unsupported access level" ); + throw std::runtime_error( "Unsupported access level <" + level + ">" ); } } log_it(SLAPD_LOG_INFO, "access: " + level ); @@ -833,6 +833,86 @@ return aclString.str(); } +OlcLimits::OlcLimits( const std::string& limitString ) +{ + std::string::size_type spos = 0; + std::string::size_type tmppos = 0; + // limits look like this: <selector> <limit> [<limit> [...]] + + // split of the selector pattern + tmppos = limitString.find_first_not_of("\t ", spos ); + spos = tmppos; + tmppos = limitString.find_first_of("\t\" ", spos ); + // skip quoted whitespaces + while ( limitString[tmppos] == '"' && limitString[tmppos-1] != '\\') + { + tmppos = extractAlcToken( limitString, tmppos, true ); + tmppos = limitString.find_first_of("\t\" ", tmppos+1 ); + } + m_selector = limitString.substr(spos, tmppos-spos ); + log_it(SLAPD_LOG_DEBUG, "selector: <"+m_selector+">" ); + + // now the list of <limits> follows + spos = tmppos; + if ( spos != std::string::npos ) + { + spos = limitString.find_first_not_of("\t ", spos ); + } + while ( spos != std::string::npos ) + { + tmppos = extractAlcToken( limitString, spos, false ); + std::string tmp = limitString.substr( spos, tmppos-spos ); + log_it(SLAPD_LOG_DEBUG, "limit: <"+tmp+">" ); + std::string::size_type delimpos = tmp.find( '=' ); + if ( delimpos == std::string::npos ) + { + throw std::runtime_error( "error while parsing limits statement" ); + } + m_limits.push_back( make_pair(tmp.substr(0, delimpos), tmp.substr( delimpos+1 ) )); + if ( tmppos != std::string::npos ) + { + spos = limitString.find_first_not_of("\t ", tmppos+1 ); + } + else + { + break; + } + } +} + +void OlcLimits::setSelector( const std::string &value ) +{ + m_selector = value; +} + +void OlcLimits::setLimits ( const pairlist &value ) +{ + m_limits = value; +} + +std::string OlcLimits::getSelector() const +{ + return m_selector; +} + +pairlist OlcLimits::getLimits() const +{ + return m_limits; +} + +std::string OlcLimits::toLimitsString() const +{ + std::ostringstream limitStr; + limitStr << m_selector; + + pairlist::const_iterator i; + for ( i=m_limits.begin(); i != m_limits.end(); i++ ) + { + limitStr << " " << i->first << "=" << i->second ; + } + return limitStr.str(); +} + const std::string OlcSyncRepl::RID="rid"; const std::string OlcSyncRepl::PROVIDER="provider"; const std::string OlcSyncRepl::BASE="searchbase"; @@ -843,6 +923,7 @@ const std::string OlcSyncRepl::INTERVAL="interval"; const std::string OlcSyncRepl::STARTTLS="starttls"; const std::string OlcSyncRepl::RETRY="retry"; +const std::string OlcSyncRepl::TLS_REQCERT="tls_reqcert"; OlcSyncRepl::OlcSyncRepl( const std::string &syncreplLine): rid(1), @@ -941,6 +1022,10 @@ { this->setRetryString(value); } + else if ( key == TLS_REQCERT ) + { + this->setTlsReqCert(value); + } else { otherValues.push_back(make_pair(key, value)); @@ -974,6 +1059,10 @@ { srlStream << "starttls=critical "; } + if (! this->tlsReqCert.empty() ) + { + srlStream << "tls_reqcert=" << tlsReqCert << " "; + } srlStream << "bindmethod=\"" << this->bindmethod << "\" " << "binddn=\"" << this->binddn << "\" " << "credentials=\"" << this->credentials << "\""; @@ -1040,6 +1129,11 @@ retryString = value; } +void OlcSyncRepl::setTlsReqCert( const std::string &value ) +{ + tlsReqCert = value; +} + int OlcSyncRepl::getRid() const { return rid; @@ -1090,6 +1184,10 @@ return starttls; } +std::string OlcSyncRepl::getTlsReqCert() const +{ + return tlsReqCert; +} OlcSecurity::OlcSecurity(const std::string &securityVal) { @@ -1105,11 +1203,11 @@ spos1 = spos2; spos2 = securityVal.find_first_of("=", spos1 ); std::string key = securityVal.substr(spos1, spos2-spos1); - log_it(SLAPD_LOG_INFO, "Key: <" + key + ">"); + log_it(SLAPD_LOG_DEBUG, "Key: <" + key + ">"); spos1 = spos2 + 1; spos2 = extractAlcToken(securityVal, spos1, false ); std::string value = securityVal.substr(spos1, spos2-spos1); - log_it(SLAPD_LOG_INFO, "Value: <" + value + ">"); + log_it(SLAPD_LOG_DEBUG, "Value: <" + value + ">"); if ( spos2 != std::string::npos ) { spos1 = spos2 + 1; @@ -1294,6 +1392,54 @@ } } +bool OlcDatabase::getLimits(OlcLimitList &limitList) const +{ + const LDAPAttribute* limitsAttr = m_dbEntryChanged.getAttributeByName("olcLimits"); + log_it(SLAPD_LOG_INFO, "OlcDatabase::getLimits()"); + limitList.clear(); + bool ret = true; + if ( limitsAttr ) + { + StringList values = limitsAttr->getValues(); + StringList::const_iterator i; + for ( i = values.begin(); i != values.end(); i++ ) + { + log_it(SLAPD_LOG_DEBUG, "limits VALUE: " + *i ); + std::string limitString; + splitIndexFromString( *i, limitString ); + try { + boost::shared_ptr<OlcLimits> limit( new OlcLimits(limitString) ); + limitList.push_back(limit); + } + catch ( std::runtime_error e ) + { + log_it(SLAPD_LOG_INFO, "Can't parse Limit"); + log_it(SLAPD_LOG_INFO, e.what() ); + limitList.clear(); + ret = false; + break; + } + } + } + else + { + log_it(SLAPD_LOG_INFO, "no limit set"); + } + return ret; +} + +void OlcDatabase::replaceLimits( const OlcLimitList& limits ) +{ + this->setStringValue( "olcLimits", "" ); + OlcLimitList::const_iterator i; + int j = 0; + + for ( i = limits.begin(); i != limits.end(); i++ ) + { + this->addIndexedStringValue( "olcLimits", (*i)->toLimitsString(), j ); + j++; + } +} OlcSyncReplList OlcDatabase::getSyncRepl() const { @@ -2073,7 +2219,7 @@ void OlcConfig::waitForBackgroundTasks() { try { - LDAPModification mod( LDAPAttribute("objectClass", "olcConfig"), LDAPModification::OP_ADD ); + LDAPModification mod( LDAPAttribute("objectClass", "olcGlobal"), LDAPModification::OP_ADD ); LDAPModList ml; ml.addModification(mod); m_lc->modify( "cn=config", &ml ); Modified: trunk/ldap-server/src/lib/slapd-config.h URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.h?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/lib/slapd-config.h (original) +++ trunk/ldap-server/src/lib/slapd-config.h Wed Feb 10 12:20:15 2010 @@ -174,7 +174,7 @@ level != "compare" && level != "read" && level != "write" && level != "manage" ) { - throw std::runtime_error( "Unsupported access level" ); + throw std::runtime_error( "Unsupported access level <" + level + ">" ); } m_level = level; } @@ -231,6 +231,25 @@ OlcAclByList m_byList; }; +typedef std::liststd::string,std::string > pairlist; +class OlcLimits +{ + public: + inline OlcLimits() {} + + OlcLimits( const std::string &limitsString); + void setSelector( const std::string &value ); + void setLimits ( const pairlist&value ); + + std::string getSelector() const; + pairlist getLimits() const; + + std::string toLimitsString() const; + private: + std::string m_selector; + pairlist m_limits; +}; + class OlcSyncRepl { public: @@ -251,6 +270,7 @@ const static std::string INTERVAL; const static std::string STARTTLS; const static std::string RETRY; + const static std::string TLS_REQCERT; std::string toSyncReplLine() const; @@ -264,6 +284,7 @@ void setInterval( int days, int hours, int mins, int secs ); void setStartTls( StartTls tls ); void setRetryString( const std::string &value ); + void setTlsReqCert( const std::string &value ); int getRid() const; LDAPUrl getProvider() const; @@ -274,6 +295,7 @@ std::string getCredentials() const; void getInterval( int &days, int &hours, int &mins, int &secs ) const; StartTls getStartTls() const; + std::string getTlsReqCert() const; private: int rid; @@ -284,6 +306,7 @@ std::string binddn; std::string credentials; std::string retryString; + std::string tlsReqCert; int refreshOnlyDays; int refreshOnlyHours; int refreshOnlyMins; @@ -307,6 +330,7 @@ typedef std::list OlcOverlayList; typedef std::list OlcAccessList; +typedef std::list OlcLimitList; typedef std::list OlcSyncReplList; class OlcDatabase : public OlcConfigEntry @@ -329,6 +353,9 @@ bool getAcl( OlcAccessList& accessList ) const; virtual void addAccessControl( const std::string& acl, int index=-1 ); virtual void replaceAccessControl( const OlcAccessList& acllist ); + + bool getLimits( OlcLimitList& limitList ) const; + void replaceLimits( const OlcLimitList& limits ); OlcSyncReplList getSyncRepl() const; void setSyncRepl( const OlcSyncReplList& srl ); Modified: trunk/ldap-server/src/wizards.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/wizards.ycp?rev=60780&r1=60779&r2=60780&view=diff ============================================================================== --- trunk/ldap-server/src/wizards.ycp (original) +++ trunk/ldap-server/src/wizards.ycp Wed Feb 10 12:20:15 2010 @@ -123,15 +123,15 @@ Label::BackButton(), Label::NextButton()); map aliases = $[ - "startup" : ``( EnableServiceDialog() ), - "servertype" : ``( ServerTypeDialog() ), - "tlssettings" : ``( TlsConfigDialog() ), - "database" : ``( ProposalDialog() ), - "summary" : ``(SummaryDialog() ), - "advanced" : ``(MainSequence() ), - "write" : ``( WriteDialog() ), - "slavesetup" : ``( SlaveSetupDialog() ), - "mastersetup" : ``( MasterSetupDialog() ), + "startup" : ``( EnableServiceDialog() ), + "servertype" : ``( ServerTypeDialog() ), + "tlssettings" : ``( TlsConfigDialog() ), + "database" : ``( ProposalDialog() ), + "summary" : ``(SummaryDialog() ), + "advanced" : ``(MainSequence() ), + "write" : ``( WriteDialog() ), + "slavesetup" : ``( SlaveSetupDialog() ), + "mastersetup" : ``( MasterSetupDialog() ), "replicationsummary": ``( ReplicatonSetupSummaryDialog() ) ]; @@ -162,21 +162,21 @@ ], "mastersetup" : $[ `next : "summary", - `abort : `abort, + `abort : `abort ], "summary" : $[ `next : "write", `abort : `abort, `advanced : "advanced" ], - "advanced" : $[ - `abort : `abort, - `next : "write" - ], - "write" : $[ - `abort : `abort, - `next : `next - ] + "advanced" : $[ + `abort : `abort, + `next : "write" + ], + "write" : $[ + `abort : `abort, + `next : `next + ] ]; y2milestone( "--> starting ProposalSequence" ); -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org