2 # Save the LDAP server to connect to
4 require './ldap-client-lib.pl';
5 &error_setup($text{'server_err'});
8 &lock_file($config{'auth_ldap'});
9 @secrets = split(/\t+/, $config{'secret'});
10 foreach $secret (@secrets) {
13 $conf = &get_config();
14 $uri = &find_svalue("uri", $conf);
16 # Validate and save inputs
19 for($i=0; defined($host = $in{'uhost_'.$i}); $i++) {
21 $port = $in{'uport_'.$i.'_def'} ? undef : $in{'uport_'.$i};
22 $proto = $in{'uproto_'.$i};
24 $port =~ /^\d+$/ && $port > 0 && $port < 65536 ||
25 &error(&text('server_euport', $host));
26 $uri = $proto."://".$host.($port ? ":$port" : "");
27 $uri .= "/" if ($proto eq "ldap" || $proto eq "ldaps");
30 @uris || &error($text{'server_euri'});
31 &save_directive($conf, "uri", join(" ", @uris));
34 # Set host and port directives
35 @hosts = split(/\s+/, $in{'host'});
37 &to_ipaddress($h) || &to_ip6address($h) ||
38 &error(&text('server_ehost', $h));
40 @hosts || &error($text{'server_ehosts'});
41 &save_directive($conf, "host", join(" ", @hosts));
44 if ($in{'port_def'}) {
45 &save_directive($conf, "port", undef);
48 $in{'port'} =~ /^\d+$/ &&
49 $in{'port'} > 0 && $in{'port'} < 65536 ||
50 &error($text{'server_eport'});
51 &save_directive($conf, "port", $in{'port'});
55 # Save LDAP protocol version
56 &save_directive($conf, "ldap_version", $in{'version'} || undef);
59 if ($in{'timelimit_def'}) {
60 &save_directive($conf, "bind_timelimit", undef);
63 $in{'timelimit'} =~ /^\d+$/ || &error($text{'server_etimelimit'});
64 &save_directive($conf, "bind_timelimit", $in{'timelimit'});
68 if ($in{'binddn_def'}) {
69 &save_directive($conf, "binddn", undef);
72 $in{'binddn'} =~ /\S/ || &error($text{'server_ebinddn'});
73 &save_directive($conf, "binddn", $in{'binddn'});
76 # Save non-root password
77 if ($in{'bindpw_def'}) {
78 &save_directive($conf, "bindpw", undef);
81 $in{'bindpw'} =~ /\S/ || &error($text{'server_ebindpw'});
82 &save_directive($conf, "bindpw", $in{'bindpw'});
86 if ($in{'rootbinddn_def'}) {
87 &save_directive($conf, "rootbinddn", undef);
90 $in{'rootbinddn'} =~ /\S/ || &error($text{'server_erootbinddn'});
91 &save_directive($conf, "rootbinddn", $in{'rootbinddn'});
95 if ($in{'rootbindpw_def'}) {
96 &save_rootbinddn_secret(undef);
99 $in{'rootbindpw'} =~ /\S/ || &error($text{'server_erootbindpw'});
100 &save_rootbinddn_secret($in{'rootbindpw'});
104 &save_directive($conf, "ssl", $in{'ssl'} || undef);
106 # Check server SSL cert
107 &save_directive($conf, "tls_checkpeer", $in{'peer'} || undef);
109 # CA cert file for server
110 if ($in{'cacert_def'}) {
111 &save_directive($conf, "tls_cacertfile", undef);
114 $in{'cacert'} =~ /^\// && -r $in{'cacert'} && !-d $in{'cacert'} ||
115 &error($text{'server_ecacert'});
116 &save_directive($conf, "tls_cacertfile", $in{'cacert'});
121 &unlock_file($config{'auth_ldap'});
122 foreach $secret (@secrets) {
123 &unlock_file($secret);
126 &webmin_log("server");