More ldap server options

diff --git a/ldap-server/edit_slapd.cgi b/ldap-server/edit_slapd.cgi
index 4134161..fed7d1d 100644 (file)
--- a/ldap-server/edit_slapd.cgi
+++ b/ldap-server/edit_slapd.cgi
@@ -6,9 +6,10 @@ require './ldap-server-lib.pl';
 &ui_print_header(undef, $text{'slapd_title'}, "", "slapd");
 &ReadParse();
 $conf = &get_config();
+@tds = ( "width=30%" );
 
 print &ui_form_start("save_slapd.cgi", "post");
-print &ui_table_start($text{'slapd_header'}, undef, 2);
+print &ui_hidden_table_start($text{'slapd_header'}, undef, 2, "basic", 1,\@tds);
 
 # Top-level DN
 $suffix = &find_value('suffix', $conf);
@@ -78,8 +79,33 @@ print &ui_table_row($text{'slapd_timelimit'},
                    $text{'default'}." (3600 $text{'slapd_secs'})").
     " ".$text{'slapd_secs'});
 
-print &ui_table_end();
+print &ui_hidden_table_end("basic");
+
+# SSL section
+print &ui_hidden_table_start($text{'slapd_header2'}, undef, 2, "ssl", 0, \@tds);
+
+# SSL file options
+$anycert = 0;
+foreach $s ([ 'TLSCertificateFile', 'cert' ],
+           [ 'TLSCertificateKeyFile', 'key' ],
+           [ 'TLSCACertificateFile', 'ca' ]) {
+       $cert = &find_value($s->[0], $conf);
+       print &ui_table_row($text{'slapd_'.$s->[1]},
+               &ui_opt_textbox($s->[1], $cert, 50, $text{'slapd_none'}).
+               &file_chooser_button($s->[1]));
+       $anycert = 1 if ($cert);
+       }
+
+print &ui_hidden_table_end("ssl");
 print &ui_form_end([ [ undef, $text{'save'} ] ]);
 
+# SSL setup button
+print "<hr>\n";
+print &ui_buttons_start();
+print &ui_buttons_row("gencert_form.cgi", $text{'slapd_gencert'},
+                     $text{'slapd_gencertdesc'}.
+                     ($anycert ? "<b>$text{'slapd_gencertwarn'}</b>" : ""));
+print &ui_buttons_end();
+
 &ui_print_footer("", $text{'index_return'});
 

diff --git a/ldap-server/gencert_form.cgi b/ldap-server/gencert_form.cgi
new file mode 100644 (file)
index 0000000..9cc3a51
--- /dev/null
+++ b/ldap-server/gencert_form.cgi
@@ -0,0 +1,12 @@
+#!/usr/local/bin/perl
+# Show a form for certificate generation
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+
+&ui_print_header(undef, $text{'gencert_title'}, "");
+
+
+&ui_print_footer("", $text{'index_return'});
+
+

diff --git a/ldap-server/install_check.pl b/ldap-server/install_check.pl
new file mode 100644 (file)
index 0000000..0a0c461
--- /dev/null
+++ b/ldap-server/install_check.pl
@@ -0,0 +1,22 @@
+# install_check.pl
+
+do 'ldap-server-lib.pl';
+
+# is_installed(mode)
+# For mode 1, returns 2 if the server is installed and configured for use by
+# Webmin, 1 if installed but not configured, or 0 otherwise.
+# For mode 0, returns 1 if installed, 0 if not
+sub is_installed
+{
+local $local = &local_ldap_server();
+return 0 if ($local < 0);
+if ($_[0]) {
+       # Also check for DB connection
+       local $ldap = &connect_ldap_db();
+       return ref($ldap) ? 2 : 1;
+       }
+else {
+       return 1;
+       }
+}
+

diff --git a/ldap-server/lang/en b/ldap-server/lang/en
index ecf2d5e..316196c 100644 (file)
--- a/ldap-server/lang/en
+++ b/ldap-server/lang/en
@@ -52,6 +52,17 @@ slapd_timelimit=Maximum time for searches
 slapd_secs=seconds
 slapd_esizelimit=Missing or non-numeric maximum number of search results to return
 slapd_etimelimit=Missing or non-numeric maximum time for searches
+slapd_header2=Encryption options
+slapd_cert=TLS certificate file
+slapd_key=TLS private key file
+slapd_ca=TLS CA certificate file
+slapd_none=None
+slapd_ecert=Missing or incorrectly formatted TLS certificate file
+slapd_ekey=Missing or incorrectly formatted TLS private key file
+slapd_eca=Missing or incorrectly formatted TLS CA certificate file
+slapd_gencert=Generate SSL Certificate
+slapd_gencertdesc=To run your LDAP server in TLS mode, an SSL certificate and private key must first be generated. Click this button to create a self-signed certificate for your system.
+slapd_gencertwarn=Warning - your existing certificate will no longer be used.
 
 schema_title=Manage Schema
 

diff --git a/ldap-server/ldap-server-lib.pl b/ldap-server/ldap-server-lib.pl
index 3705121..4bd3dd1 100644 (file)
--- a/ldap-server/ldap-server-lib.pl
+++ b/ldap-server/ldap-server-lib.pl
@@ -3,9 +3,7 @@
 # XXX initial setup
 # XXX install ldap server
 # XXX default configs for various systems (include search max of 100)
-# XXX more slapd.conf options
-#      XXX SSL certs
-#      XXX schemacheck / gentlehup
+# XXX button to generate SSL cert / key
 # XXX LDAP logging in more detail, like we do for SQL
 #      XXX spam, postfix and ldap-useradmin too
 
@@ -305,5 +303,20 @@ else {
        }
 }
 
+# valid_pem_file(file, type)
+sub valid_pem_file
+{
+local ($file, $type) = @_;
+local $data = &read_file_contents($file);
+if ($type eq 'key') {
+       return $data =~ /\-{5}BEGIN RSA PRIVATE KEY\-{5}/ &&
+              $data =~ /\-{5}END RSA PRIVATE KEY\-{5}/;
+       }
+else {
+       return $data =~ /\-{5}BEGIN CERTIFICATE\-{5}/ &&
+              $data =~ /\-{5}END CERTIFICATE\-{5}/;
+       }
+}
+
 1;
 

diff --git a/ldap-server/save_slapd.cgi b/ldap-server/save_slapd.cgi
index 715e60a..a343e90 100644 (file)
--- a/ldap-server/save_slapd.cgi
+++ b/ldap-server/save_slapd.cgi
@@ -54,6 +54,20 @@ else {
        &save_directive($conf, 'timelimit', $in{'timelimit'});
        }
 
+# SSL file options
+foreach $s ([ 'TLSCertificateFile', 'cert' ],
+           [ 'TLSCertificateKeyFile', 'key' ],
+           [ 'TLSCACertificateFile', 'ca' ]) {
+       if ($in{$s->[1].'_def'}) {
+               &save_directive($conf, $s->[0], undef);
+               }
+       else {
+               &valid_pem_file($in{$s->[1]}, $s->[1]) ||
+                       &error($text{'slapd_e'.$s->[1]});
+               &save_directive($conf, $s->[0], $in{$s->[1]});
+               }
+       }
+
 # Write out the files
 &flush_file_lines($config{'config_file'});
 &unlock_file($config{'config_file'});