do 'ldap-server-lib.pl';
-@acl_functions = ( 'slapd', 'schema', 'acl', 'browser', 'create', 'start',
- 'apply' );
+@acl_functions = ( &get_config_type() == 2 ? 'ldif' : 'slapd',
+ 'schema', 'acl', 'browser', 'create', 'start', 'apply' );
# acl_security_form(&options)
# Output HTML for editing security options for the acl module
&foreign_require("init", "init-lib.pl");
$iname = $config{'init_name'} || $module_name;
if ($in{'boot'}) {
- $conf = &get_config();
- $pidfile = &find_value("pidfile", $conf);
+ $pidfile = &get_ldap_server_pidfile();
&init::enable_at_boot($iname, "Start OpenLDAP server",
"$config{'slapd'} 2>&1 </dev/null",
"kill `cat $pidfile`");
slapd=1
+ldif=1
schema=1
acl=1
browser=1
print &ui_table_start($text{'create_header'}, undef, 2);
# Domain or DN
-$conf = &get_config();
-$dn = &find_value('suffix', $conf);
+$dn = &get_ldap_base();
$dom = &get_system_hostname();
if ($dom =~ /^([^\.]+)\.([^\.]+\.\S+)$/) {
$dom = $2; # Just domain name
--- /dev/null
+#!/usr/local/bin/perl
+# Show local LDAP server configuration options, from LDIF format config
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
+&ui_print_header(undef, $text{'slapd_title'}, "", "slapd");
+&ReadParse();
+$conf = &get_ldif_config();
+@tds = ( "width=30%" );
+
+print &ui_form_start("save_ldif.cgi", "post");
+print &ui_hidden_table_start($text{'slapd_header'}, "width=100%", 2,
+ "basic", 1,\@tds);
+
+# Top-level DN
+$defdb = &get_default_db();
+$suffix = &find_ldif_value("olcSuffix", $conf, $defdb);
+print &ui_table_row($text{'slapd_suffix'},
+ &ui_textbox('suffix', $suffix, 60));
+
+# Admin login
+$rootdn = &find_ldif_value("olcRootDN", $conf, $defdb);
+print &ui_table_row($text{'slapd_rootdn'},
+ &ui_textbox('rootdn', $rootdn, 60));
+
+# Admin password
+$rootpw = &find_ldif_value("olcRootPW", $conf, $defdb);
+if ($rootpw =~ /^{crypt}(.*)/i) {
+ $rootmode = 1;
+ $rootcrypt = $1;
+ }
+elsif ($rootpw =~ /^{sha1}(.*)/i) {
+ $rootmode = 2;
+ $rootsha1 = $1;
+ }
+elsif ($rootpw =~ /^{[a-z0-9]+}(.*)/i) {
+ $rootmode = 3;
+ $rootenc = $rootpw;
+ }
+else {
+ $rootmode = 0;
+ $rootplain = $rootpw;
+ }
+
+# Current password
+print &ui_table_row($text{'slapd_rootpw'},
+ $rootmode == 1 ? &text('slapd_root1', $rootcrypt) :
+ $rootmode == 2 ? &text('slapd_root2', $rootsha1) :
+ $rootmode == 3 ? &text('slapd_root3', $rootenc) :
+ $rootplain eq '' ? $text{'slapd_noroot'} :
+ $rootplain);
+
+# Set to new
+print &ui_table_row($text{'slapd_rootchange'},
+ &ui_opt_textbox('rootchange', undef, 30,
+ $text{'slapd_leave'}, $text{'slapd_set'}));
+
+# Cache size
+$dbcachesize = &find_ldif_value("olcDbCachesize", $conf, $defdb);
+print &ui_table_row($text{'slapd_dbcachesize'},
+ &ui_opt_textbox("dbcachesize", $dbcachesize, 10, $text{'default'}));
+
+# Size limit
+$sizelimit = &find_ldif_value("olcSizeLimit", $conf, $defdb);
+print &ui_table_row($text{'slapd_sizelimit'},
+ &ui_opt_textbox('sizelimit', $sizelimit, 10, $text{'default'}." (500)"));
+
+print &ui_hidden_table_end("basic");
+
+# SSL section
+print &ui_hidden_table_start($text{'slapd_header2'}, "width=100%", 2,
+ "ssl", 0, \@tds);
+
+# Protocols to serve
+if (&can_get_ldap_protocols()) {
+ $protos = &get_ldap_protocols();
+ @protos = sort { $a cmp $b } keys %$protos;
+ print &ui_table_row($text{'slapd_protos'},
+ &ui_select("protos",
+ [ grep { $protos->{$_} } @protos ],
+ [ map { [ $_, $text{'slapd_'.$_} ] } @protos ],
+ scalar(@protos), 1));
+ }
+
+# SSL file options
+$anycert = 0;
+$confdb = &get_config_db();
+foreach $s ([ 'olcTLSCertificateFile', 'cert' ],
+ [ 'olcTLSCertificateKeyFile', 'key' ],
+ [ 'olcTLSCACertificateFile', 'ca' ]) {
+ $cert = &find_ldif_value($s->[0], $conf, $confdb);
+ print &ui_table_row($text{'slapd_'.$s->[1]},
+ &ui_opt_textbox($s->[1], $cert, 50, $text{'slapd_none'}).
+ &file_chooser_button($s->[1]));
+ $anycert = 1 if ($cert);
+ }
+
+print &ui_hidden_table_end("ssl");
+print &ui_form_end([ [ undef, $text{'save'} ] ]);
+
+# SSL setup button
+print &ui_hr();
+print &ui_buttons_start();
+print &ui_buttons_row("gencert_form.cgi", $text{'slapd_gencert'},
+ $text{'slapd_gencertdesc'}.
+ ($anycert ? "<b>$text{'slapd_gencertwarn'}</b>" : ""));
+print &ui_buttons_end();
+
+&ui_print_footer("", $text{'index_return'});
+
"LDAP server on ".&get_display_hostname());
# Destination files
-$conf = &get_config();
-$cert = &find_value("TLSCertificateFile", $conf);
+if (&get_config_type() == 1) {
+ $conf = &get_config();
+ $cert = &find_value("TLSCertificateFile", $conf);
+ }
+else {
+ $conf = &get_ldif_config();
+ $cert = &find_ldif_value($s->[0], $conf, &get_config_db());
+ }
if ($cert) {
print &ui_table_row($text{'gencert_dest'},
&ui_opt_textbox("dest", undef, 40, $text{'gencert_same'},
--- /dev/null
+slapd.gif
\ No newline at end of file
# Work out icons
if ($local) {
# All local server icons
- @pages = ( "slapd", "schema", "acl", "browser", "create" );
+ @pages = ( &get_config_type() == 1 ? "slapd" : "ldif",
+ "schema", "acl", "browser", "create" );
}
else {
- # Just browser and DN creator?
+ # Just browser and DN creator
@pages = ( "browser", "create" );
}
@pages = grep { $access{$_} } @pages;
connect_cpan=You can have the <tt>$1</tt> Perl module <a href='$2'>automatically installed</a> from CPAN.
slapd_title=OpenLDAP Server Configuration
+ldif_title=$slapd_title
slapd_header=Global LDAP server options
slapd_suffix=Root DN for LDAP database
slapd_rootdn=Administration login DN
perms_err=Failed to fix file ownership
acl_slapd=Can configure LDAP server?
+acl_ldif=$acl_slapd
acl_schema=Can manage schema?
acl_acl=Can edit access control?
acl_browser=Can browse and edit database?
# For LDIF format configs, returns the config DN for the default database
sub get_default_db
{
-# XXX make configurable
-return "cn=config,olcDatabase={1}hdb";
+return "olcDatabase={1}hdb,cn=config";
+}
+
+sub get_config_db
+{
+return "cn=config";
}
# local_ldap_server()
local $cls = $file;
$cls =~ s/^\Q$config{'config_file'}\/\E//;
$cls =~ s/\.ldif$//;
- $cls =~ s/\//,/g;
+ $cls = join(",", reverse(split(/\//, $cls)));
open(CONFIG, $file);
while(<CONFIG>) {
s/\r|\n//g;
}
}
+# save_ldif_directive(&config, name, class, value|&values|&directive, ...)
+# Update the value(s) of some entry in the LDIF format config file
+sub save_ldif_directive
+{
+local ($conf, $name, $cls, @values) = @_;
+local @old = &find_ldif($name, $conf, $cls);
+local $file;
+if (@old) {
+ $file = $old[0]->{'file'};
+ }
+else {
+ # XXX file for first directive of that class
+ }
+}
+
# start_ldap_server()
# Attempts to start the LDAP server process. Returns undef on success or an
# error message on failure.
}
}
+# get_ldap_server_pidfile()
+# Returns the LDAP server's PID file, or undef if not found
+sub get_ldap_server_pidfile
+{
+if (&get_config_type() == 1) {
+ local $conf = &get_config();
+ return &find_value("pidfile", $conf);
+ }
+else {
+ local $conf = &get_ldif_config();
+ return &find_value("olcPidFile", $conf);
+ }
+}
+
# is_ldap_server_running()
# Returns the process ID of the running LDAP server, or undef
sub is_ldap_server_running
{
-local $conf = &get_config();
-local $pidfile = &find_value("pidfile", $conf);
+local $pidfile = &get_ldap_server_pidfile();
if ($pidfile) {
return &check_pid_file($pidfile);
}
sub get_config_dir
{
+if (-d $config{'config_file'}) {
+ return $config{'config_file'};
+ }
if ($config{'config_file'} =~ /^(\S+)\/([^\/]+)$/) {
return $1;
}