stop_cmd=/etc/init.d/ldap stop
apply_cmd=/etc/init.d/ldap restart
init_name=ldap
+data_dir=/var/lib/ldap
schema_dir=OpenLDAP schema directory,7
ldap_user=User OpenLDAP server runs as,5
init_name=OpenLDAP server boot script name,3,Same as module name
+data_dir=OpenLDAP database directory,3,Not known
line2=User interface settings,11
browse_max=Maximum number of sub-objects to display,3,Unlimited
--- /dev/null
+slapd=1
+schema=1
+acl=1
+browser=1
+create=1
+start=1
+apply=1
}
}
+# Check if ldap directory permissions are correct
+$p = &check_ldap_permissions();
+if (!$p) {
+ print "<center>\n";
+ print &ui_form_start("perms.cgi");
+ print &text('index_permsdesc', "<tt>$config{'data_dir'}</tt>",
+ "<tt>$config{'ldap_user'}</tt>"),"<p>\n";
+ print &ui_form_end([ [ undef, $text{'index_perms'} ] ]);
+ print "</center>\n";
+ print "<hr>\n";
+ }
+
# Check if need to init new install, by creating the root DN
$ldap = &connect_ldap_db();
-if (ref($ldap) && $access{'browser'}) {
+if ($p && ref($ldap) && $access{'browser'}) {
$conf = &get_config();
$base = &find_value("suffix", $conf);
$rv = $ldap->search(base => $base,
index_bootdesc=Change this selection to determine if the OpenLDAP server is started at boot time or not.
index_setupdesc=Your LDAP server's database does not contain the root DN $1 yet, which means that no data can be added until you create it. However, Webmin can do this for you by clicking the button below.
index_setup=Create Root DN
+index_permsdesc=The LDAP server data directory $1 contains files not owned by the correct user $2, which means that it is unlikely to start up properly. However, Webmin can fix this for you by clicking the button below.
+index_perms=Fix Ownership
connect_eserver=The LDAP server $1 does not exist
connect_euser=No user to login as has been configured
log_delete_attr_l=Deleted attribute $1 from object $2
log_delete_attrs=Deleted $1 attributes from object $2
log_stop=Stopped LDAP server
-log_start=Started LDAP Server
+log_start=Started LDAP server
log_apply=Applied configuration
log_slapd=Changed LDAP server configuration
log_schema=Changed enabled LDAP schemas
log_sfile=Modified schema file $1
log_sup=Moved up schema file $1
log_sdown=Moved down schema file $1
+log_create=Created new DN $1
+log_bootup=Enabled LDAP server at boot
+log_bootdown=Disabled LDAP server at boot
+log_perms=Fixed LDAP server permissions
gencert_title=Generate SSL Certificate
gencert_header=New SSL certificate details
gencert_err=Failed to generate certificate
gencert_edest=Destination directory does not exist
+perms_err=Failed to fix file ownership
+
acl_slapd=Can configure LDAP server?
acl_schema=Can manage schema?
acl_acl=Can edit access control?
# Functions for configuring and talking to an LDAP server
# XXX help pages
# XXX acl section
-# XXX /var/lib/ldap/* files are owned by root on redhat
do '../web-lib.pl';
&init_config();
$a->{'name'} cmp $b->{'name'} } @rv;
}
+# check_ldap_permissions()
+# Returns 1 if ownership of the data dir is correct, 0 if not, -1 if not known
+sub check_ldap_permissions
+{
+local @uinfo;
+if ($config{'data_dir'} && $config{'ldap_user'} &&
+ defined(@uinfo = getpwnam($config{'ldap_user'}))) {
+ opendir(DATADIR, $config{'data_dir'});
+ local @datafiles = grep { !/^\./ } readdir(DATADIR);
+ closedir(DATADIR);
+ if (@datafiles) {
+ local @st = stat("$config{'data_dir'}/$datafiles[0]");
+ if ($st[4] != $uinfo[2]) {
+ return 0;
+ }
+ }
+ return 1;
+ }
+else {
+ return -1;
+ }
+}
+
1;
elsif ($action eq 'sfile' || $action eq 'sup' || $action eq 'sdown') {
return &text('log_'.$action, "<tt>".&html_escape($object)."</tt>");
}
+elsif ($action eq 'boot') {
+ return $object ? $text{'log_bootup'} : $text{'log_bootdown'};
+ }
else {
return $text{'log_'.$action};
}
--- /dev/null
+#!/usr/local/bin/perl
+# Fix file ownership, and then restart if running
+
+require './ldap-server-lib.pl';
+&ReadParse();
+&error_setup($text{'perms_err'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
+
+&system_logged("chown -R $config{'ldap_user'} ".quotemeta($config{'data_dir'}));
+if (&is_ldap_server_running()) {
+ &stop_ldap_server();
+ $err = &start_ldap_server();
+ &error($err) if ($err);
+ }
+&webmin_log("perms");
+&redirect("");
+