--- /dev/null
+
+do 'ldap-server-lib.pl';
+@acl_functions = ( 'slapd', 'schema', 'acl', 'browser', 'create' );
+
+# acl_security_form(&options)
+# Output HTML for editing security options for the acl module
+sub acl_security_form
+{
+foreach my $f (@acl_functions) {
+ print &ui_table_row($text{'acl_'.$f},
+ &ui_yesno_radio($f, $_[0]->{$f}));
+ }
+}
+
+# acl_security_save(&options)
+# Parse the form for security options for the acl module
+sub acl_security_save
+{
+foreach my $f (@acl_functions) {
+ $_[0]->{$f} = $in{$f};
+ }
+}
+
require './ldap-server-lib.pl';
&error_setup($text{'add_err'});
+$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse();
$ldap = &connect_ldap_db();
ref($ldap) || &error($ldap);
config_file=/etc/ldap/slapd.conf
schema_dir=/etc/ldap/schema
slapd=slapd
+ldap_user=ldap
slapd=Full path to OpenLDAP server program,8
config_file=OpenLDAP server configuration file,8
schema_dir=OpenLDAP schema directory,7
+ldap_user=User OpenLDAP server runs as,5
line2=User interface settings,11
browse_max=Maximum number of sub-objects to display,3,Unlimited
require './ldap-server-lib.pl';
&error_setup($text{'delete_err'});
+$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse();
$ldap = &connect_ldap_db();
ref($ldap) || &error($ldap);
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse();
# Find it includes
--- /dev/null
+#!/usr/local/bin/perl
+# Show access control settings from config
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'acl'} || &error($text{'acl_ecannot'});
+&ui_print_header(undef, $text{'acl_title'}, "", "acl");
+
+
require './ldap-server-lib.pl';
&ui_print_header(undef, $text{'browser_title'}, "", "browser");
+$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse();
# Connect to LDAP server, or die trying
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&ui_print_header(undef, $text{'schema_title'}, "", "schema");
&ReadParse();
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse();
&is_under_directory($config{'schema_dir'}, $in{'file'}) ||
&error($text{'schema_edir'});
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
&ui_print_header(undef, $text{'slapd_title'}, "", "slapd");
&ReadParse();
$conf = &get_config();
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
&foreign_require("webmin", "webmin-lib.pl");
&ReadParse();
&error_setup($text{'gencert_err'});
}
# Do it
-$err = &webmin::parse_ssl_key_form(\%in, $keyfile, $certfile);
+$err = &webmin::parse_ssl_key_form(\%in, $keyfile,
+ $certfile eq $keyfile ? undef : $certfile);
&error($err) if ($err);
+# Make readable by LDAP user
+&set_ownership_permissions($config{'ldap_user'}, undef, undef,
+ $keyfile, $certfile);
+
# Update config to use them
&lock_file($config{'config_file'});
&save_directive($conf, "TLSCertificateFile", $certfile);
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
&foreign_require("webmin", "webmin-lib.pl");
&ui_print_header(undef, $text{'gencert_title'}, "");
}
else {
# Just browser and DN creator?
- @pages = ( "browse", "create" );
+ @pages = ( "browser", "create" );
}
+@pages = grep { $access{$_} } @pages;
@links = map { "edit_".$_.".cgi" } @pages;
@titles = map { $text{$_."_title"} } @pages;
@icons = map { "images/$_.gif" } @pages;
slapd_gencert=Generate SSL Certificate
slapd_gencertdesc=To run your LDAP server in TLS mode, an SSL certificate and private key must first be generated. Click this button to create a self-signed certificate for your system.
slapd_gencertwarn=Warning - your existing certificate will no longer be used.
+slapd_elocal=You are not allowed to configure the LDAP server
schema_title=Manage Schema
schema_file=Name
schema_edesc=This page allows you to manually edit an LDAP schema file. This should only be done if you are familiar with the file format, as no checking is done by Webmin.
schema_return=schema list
schema_emove=Could not find schema file to move!
+schema_ecannot=You are not allowed to manage the LDAP schema
acl_title=LDAP Access Control
+acl_ecannot=You are not allowed to configure LDAP access control
browser_title=Browse Database
browser_econn=The LDAP browser cannot be used : $1
+browser_ecannot=You are not allowed to browse the LDAP database
browser_base=Browsing:
browser_ok=Show
browser_esearch=LDAP search failed : $1
gencert_dir=Directory
gencert_err=Failed to generate certificate
gencert_edest=Destination directory does not exist
+
+acl_slapd=Can configure LDAP server?
+acl_schema=Can manage schema?
+acl_acl=Can edit access control?
+acl_browser=Can browse and edit database?
+acl_create=Can create new tree?
# XXX initial setup
# XXX install ldap server
# XXX default configs for various systems (include search max of 100)
-# XXX LDAP logging in more detail, like we do for SQL
-# XXX spam, postfix and ldap-useradmin too
do '../web-lib.pl';
&init_config();
require './ldap-server-lib.pl';
&error_setup($text{'rename_err'});
+$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse();
$ldap = &connect_ldap_db();
ref($ldap) || &error($ldap);
require './ldap-server-lib.pl';
&error_setup($text{'save_err'});
+$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse();
$ldap = &connect_ldap_db();
ref($ldap) || &error($ldap);
require './ldap-server-lib.pl';
&error_setup($text{'schema_err'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
&ReadParse();
# Write out a schema file
require './ldap-server-lib.pl';
+&error_setup($text{'schema_eerr'});
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParseMime();
# Validate
-&error_setup($text{'schema_eerr'});
&is_under_directory($config{'schema_dir'}, $in{'file'}) ||
&error($text{'schema_edir'});
$in{'data'} =~ s/\r//g;
require './ldap-server-lib.pl';
&error_setup($text{'slapd_err'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
&ReadParse();
require './ldap-server-lib.pl';
&error_setup($text{'sdelete_err'});
+$access{'browser'} || &error($text{'browser_ecannot'});
&ReadParse();
$ldap = &connect_ldap_db();
ref($ldap) || &error($ldap);
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse();
# Find it includes
require './ldap-server-lib.pl';
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'schema'} || &error($text{'schema_ecannot'});
&ReadParse();
&is_under_directory($config{'schema_dir'}, $in{'file'}) ||
&error($text{'schema_edir'});