&ui_print_header(undef, $text{'slapd_title'}, "", "slapd");
&ReadParse();
$conf = &get_config();
+@tds = ( "width=30%" );
print &ui_form_start("save_slapd.cgi", "post");
-print &ui_table_start($text{'slapd_header'}, undef, 2);
+print &ui_hidden_table_start($text{'slapd_header'}, undef, 2, "basic", 1,\@tds);
# Top-level DN
$suffix = &find_value('suffix', $conf);
$text{'default'}." (3600 $text{'slapd_secs'})").
" ".$text{'slapd_secs'});
-print &ui_table_end();
+print &ui_hidden_table_end("basic");
+
+# SSL section
+print &ui_hidden_table_start($text{'slapd_header2'}, undef, 2, "ssl", 0, \@tds);
+
+# SSL file options
+$anycert = 0;
+foreach $s ([ 'TLSCertificateFile', 'cert' ],
+ [ 'TLSCertificateKeyFile', 'key' ],
+ [ 'TLSCACertificateFile', 'ca' ]) {
+ $cert = &find_value($s->[0], $conf);
+ print &ui_table_row($text{'slapd_'.$s->[1]},
+ &ui_opt_textbox($s->[1], $cert, 50, $text{'slapd_none'}).
+ &file_chooser_button($s->[1]));
+ $anycert = 1 if ($cert);
+ }
+
+print &ui_hidden_table_end("ssl");
print &ui_form_end([ [ undef, $text{'save'} ] ]);
+# SSL setup button
+print "<hr>\n";
+print &ui_buttons_start();
+print &ui_buttons_row("gencert_form.cgi", $text{'slapd_gencert'},
+ $text{'slapd_gencertdesc'}.
+ ($anycert ? "<b>$text{'slapd_gencertwarn'}</b>" : ""));
+print &ui_buttons_end();
+
&ui_print_footer("", $text{'index_return'});
--- /dev/null
+#!/usr/local/bin/perl
+# Show a form for certificate generation
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+
+&ui_print_header(undef, $text{'gencert_title'}, "");
+
+
+&ui_print_footer("", $text{'index_return'});
+
+
--- /dev/null
+# install_check.pl
+
+do 'ldap-server-lib.pl';
+
+# is_installed(mode)
+# For mode 1, returns 2 if the server is installed and configured for use by
+# Webmin, 1 if installed but not configured, or 0 otherwise.
+# For mode 0, returns 1 if installed, 0 if not
+sub is_installed
+{
+local $local = &local_ldap_server();
+return 0 if ($local < 0);
+if ($_[0]) {
+ # Also check for DB connection
+ local $ldap = &connect_ldap_db();
+ return ref($ldap) ? 2 : 1;
+ }
+else {
+ return 1;
+ }
+}
+
slapd_secs=seconds
slapd_esizelimit=Missing or non-numeric maximum number of search results to return
slapd_etimelimit=Missing or non-numeric maximum time for searches
+slapd_header2=Encryption options
+slapd_cert=TLS certificate file
+slapd_key=TLS private key file
+slapd_ca=TLS CA certificate file
+slapd_none=None
+slapd_ecert=Missing or incorrectly formatted TLS certificate file
+slapd_ekey=Missing or incorrectly formatted TLS private key file
+slapd_eca=Missing or incorrectly formatted TLS CA certificate file
+slapd_gencert=Generate SSL Certificate
+slapd_gencertdesc=To run your LDAP server in TLS mode, an SSL certificate and private key must first be generated. Click this button to create a self-signed certificate for your system.
+slapd_gencertwarn=Warning - your existing certificate will no longer be used.
schema_title=Manage Schema
# XXX initial setup
# XXX install ldap server
# XXX default configs for various systems (include search max of 100)
-# XXX more slapd.conf options
-# XXX SSL certs
-# XXX schemacheck / gentlehup
+# XXX button to generate SSL cert / key
# XXX LDAP logging in more detail, like we do for SQL
# XXX spam, postfix and ldap-useradmin too
}
}
+# valid_pem_file(file, type)
+sub valid_pem_file
+{
+local ($file, $type) = @_;
+local $data = &read_file_contents($file);
+if ($type eq 'key') {
+ return $data =~ /\-{5}BEGIN RSA PRIVATE KEY\-{5}/ &&
+ $data =~ /\-{5}END RSA PRIVATE KEY\-{5}/;
+ }
+else {
+ return $data =~ /\-{5}BEGIN CERTIFICATE\-{5}/ &&
+ $data =~ /\-{5}END CERTIFICATE\-{5}/;
+ }
+}
+
1;
&save_directive($conf, 'timelimit', $in{'timelimit'});
}
+# SSL file options
+foreach $s ([ 'TLSCertificateFile', 'cert' ],
+ [ 'TLSCertificateKeyFile', 'key' ],
+ [ 'TLSCACertificateFile', 'ca' ]) {
+ if ($in{$s->[1].'_def'}) {
+ &save_directive($conf, $s->[0], undef);
+ }
+ else {
+ &valid_pem_file($in{$s->[1]}, $s->[1]) ||
+ &error($text{'slapd_e'.$s->[1]});
+ &save_directive($conf, $s->[0], $in{$s->[1]});
+ }
+ }
+
# Write out the files
&flush_file_lines($config{'config_file'});
&unlock_file($config{'config_file'});