&ReadParse();
# Get the current rule
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
if (!$in{'new'}) {
# Write out access directives
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
# Log and return
&webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "modify",
config_file=/etc/ldap/slapd.d
schema_dir=/etc/ldap/slapd.d/cn=config/cn=schema
slapd=slapd
-ldap_user=ldap
+ldap_user=openldap
browse_max=100
start_cmd=/etc/init.d/slapd start
stop_cmd=/etc/init.d/slapd stop
&ReadParse();
# Filter out un-wanted rules
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
%d = map { $_, 1 } split(/\0/, $in{'d'});
# Save them
&save_directive($conf, "access", @newaccess);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("delete", "accesses", scalar(keys(%d)));
&redirect("edit_acl.cgi");
&ReadParse();
# Find it
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
$p = &parse_ldap_access($access[$in{'idx'}]);
($access[$in{'idx'}], $access[$in{'idx'}+1]);
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("down", "access", $p->{'what'});
&redirect("edit_acl.cgi");
&ReadParse();
# Find it includes
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
@incs = &find_value("include", $conf);
$idx = &indexof($in{'file'}, @incs);
($incs[$idx+1], $incs[$idx]) = ($incs[$idx], $incs[$idx+1]);
&save_directive($conf, "include", @incs);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("sup", undef, $in{'file'});
&redirect("edit_schema.cgi");
$keyfile, $certfile);
# Update config to use them
-&lock_file($config{'config_file'});
+&lock_slapd_files();
&save_directive($conf, "TLSCertificateFile", $certfile);
&save_directive($conf, "TLSCertificateKeyFile", $keyfile);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("gencert");
&redirect("");
&ui_print_header(undef, $text{'gencert_title'}, "");
print $text{'gencert_desc'},"<p>\n";
-print &ui_form_start("gencert.cgi", "post");
+print &ui_form_start(&get_config_type() == 1 ? "gencert.cgi"
+ : "gencert_ldif.cgi", "post");
print &ui_table_start($text{'gencert_header'}, undef, 2, [ "width=30%" ]);
# Generic key options
}
else {
$conf = &get_ldif_config();
- $cert = &find_ldif_value($s->[0], $conf, &get_config_db());
+ $cert = &find_ldif_value(
+ "olcTLSCertificateFile", $conf, &get_config_db());
}
if ($cert) {
print &ui_table_row($text{'gencert_dest'},
--- /dev/null
+#!/usr/local/bin/perl
+# Actually generate the cert, and update the LDIF format config file
+
+require './ldap-server-lib.pl';
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
+&foreign_require("webmin", "webmin-lib.pl");
+&ReadParse();
+&error_setup($text{'gencert_err'});
+$conf = &get_ldif_config();
+$confdb = &get_config_db();
+
+# Work out dest files
+if ($in{'dest_def'}) {
+ $keyfile = &find_ldif_value("olcTLSCertificateKeyFile", $conf, $confdb);
+ $certfile = &find_ldif_value("olcTLSCertificateFile", $conf, $confdb);
+ }
+else {
+ # In some dir
+ -d $in{'dest'} || &error($text{'gencert_edest'});
+ $keyfile = $in{'dest'}."/ldap.key";
+ $certfile = $in{'dest'}."/ldap.cert";
+ }
+
+# Do it
+$err = &webmin::parse_ssl_key_form(\%in, $keyfile,
+ $certfile eq $keyfile ? undef : $certfile);
+&error($err) if ($err);
+
+# Make readable by LDAP user
+&set_ownership_permissions($config{'ldap_user'}, undef, undef,
+ $keyfile, $certfile);
+
+# Update config to use them
+&lock_slapd_files();
+&save_ldif_directive($conf, "olcTLSCertificateFile", $confdb, $certfile);
+&save_ldif_directive($conf, "olcTLSCertificateKeyFile", $confdb, $keyfile);
+&flush_file_lines();
+&unlock_slapd_files();
+
+&webmin_log("gencert");
+&redirect("");
+
$file = $old[0]->{'file'};
}
else {
- # XXX file for first directive of that class
+ local ($first) = grep { lc($_->{'class'}) eq lc($cls) } @$conf;
+ $first || &error("No LDIF-format config file found for $cls");
+ $file = $first->{'file'};
+ }
+local $lref = &read_file_lines($file);
+for(my $i=0; $i<@old || $i<@values; $i++) {
+ local ($line, @unqvalues, @qvalues, $len);
+ if (defined($values[$i])) {
+ # Work out new line
+ @unqvalues = ref($values[$i]) eq 'ARRAY' ?
+ @{$values[$i]} :
+ ref($values[$i]) eq 'HASH' ?
+ @{$values[$i]->{'values'}} :
+ ( $values[$i] );
+ $line = $name.": ".join(" ", @unqvalues);
+ }
+ if (defined($old[$i]) && defined($values[$i])) {
+ # Update some directive
+ $lref->[$old[$i]->{'line'}] = $line;
+ if (&indexof($values[$i], @$conf) < 0) {
+ $old[$i]->{'values'} = \@unqvalues;
+ }
+ }
+ elsif (defined($old[$i]) && !defined($values[$i])) {
+ # Remove some directive (from cache too)
+ splice(@$lref, $old[$i]->{'line'}, 1);
+ local $idx = &indexof($old[$i], @$conf);
+ splice(@$conf, $idx, 1) if ($idx >= 0);
+ foreach my $c (@$conf) {
+ if ($c->{'line'} > $old[$i]->{'line'}) {
+ $c->{'line'} --;
+ }
+ }
+ }
+ elsif (!defined($old[$i]) && defined($values[$i])) {
+ # Add some directive
+ local $newdir = { 'name' => $name,
+ 'line' => scalar(@$lref),
+ 'file' => $file,
+ 'values' => \@unqvalues };
+ push(@$lref, $line);
+ push(@$conf, $newdir);
+ }
}
}
return undef;
}
+# lock_slapd_files()
+# Lock all LDAP config file(s)
+sub lock_slapd_files
+{
+if (&get_config_type() == 2) {
+ @ldap_lock_files = &recursive_find_ldif($config{'config_file'});
+ }
+else {
+ @ldap_lock_files = ( $config{'config_file'} );
+ }
+foreach my $f (@ldap_lock_files) {
+ &lock_file($f);
+ }
+}
+
+# unlock_slapd_files()
+# Un-lock all LDAP config file(s)
+sub unlock_slapd_files
+{
+foreach my $f (@ldap_lock_files) {
+ &lock_file($f);
+ }
+@ldap_lock_files = ( );
+}
+
1;
--- /dev/null
+#!/usr/local/bin/perl
+# Update local LDAP server LDIF file configuration options
+
+require './ldap-server-lib.pl';
+&error_setup($text{'slapd_err'});
+$access{'slapd'} || &error($text{'slapd_ecannot'});
+&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
+&ReadParse();
+
+&lock_slapd_files();
+$conf = &get_ldif_config();
+
+# Validate and store inputs
+
+# Top-level DN
+$defdb = &get_default_db();
+$in{'suffix'} =~ /=/ || &error($text{'slapd_esuffix'});
+&save_ldif_directive($conf, 'olcSuffix', $defdb, $in{'suffix'});
+
+# Admin login
+$in{'rootdn'} =~ /=/ || &error($text{'slapd_erootdn'});
+&save_ldif_directive($conf, 'olcRootDN', $defdb, $in{'rootdn'});
+
+# Admin password
+if (!$in{'rootchange_def'}) {
+ $in{'rootchange'} =~ /\S/ || &error($text{'slapd_erootpw'});
+ $crypt = &unix_crypt($in{'rootchange'}, substr(time(), -2));
+ &save_ldif_directive($conf, 'olcRootPW', $defdb, "{crypt}".$crypt);
+ $config{'pass'} = $in{'rootchange'};
+ $save_config = 1;
+ }
+
+# Cache sizes
+if (!$in{'dbcachesize_def'}) {
+ $in{'dbcachesize'} =~ /^\d+$/ || &error($text{'slapd_edbcachesize'});
+ &save_ldif_directive($conf, 'olcDbCachesize', $defdb,
+ $in{'dbcachesize'});
+ }
+else {
+ &save_ldif_directive($conf, 'olcDbCachesize', $defdb, undef);
+ }
+
+# Size limit
+if ($in{'sizelimit_def'}) {
+ &save_ldif_directive($conf, 'olcSizeLimit', $defdb, undef);
+ }
+else {
+ $in{'sizelimit'} =~ /^[1-9]\d*$/ || &error($text{'slapd_esizelimit'});
+ &save_ldif_directive($conf, 'olcSizeLimit', $defdb, $in{'sizelimit'});
+ }
+
+# LDAP protocols
+if (&can_get_ldap_protocols()) {
+ @newprotos = split(/\0/, $in{'protos'});
+ @newprotos || &error($text{'slapd_eprotos'});
+ }
+
+# SSL file options
+$confdb = &get_config_db();
+foreach $s ([ 'olcTLSCertificateFile', 'cert' ],
+ [ 'olcTLSCertificateKeyFile', 'key' ],
+ [ 'olcTLSCACertificateFile', 'ca' ]) {
+ if ($in{$s->[1].'_def'}) {
+ &save_ldif_directive($conf, $s->[0], $confdb, undef);
+ }
+ else {
+ &valid_pem_file($in{$s->[1]}, $s->[1]) ||
+ &error($text{'slapd_e'.$s->[1]});
+ &save_ldif_directive($conf, $s->[0], $confdb, $in{$s->[1]});
+ }
+ }
+
+# Write out the files
+&flush_file_lines();
+&unlock_slapd_files();
+if ($save_config) {
+ &lock_file($module_config_file);
+ &save_module_config();
+ &unlock_file($module_config_file);
+ }
+if (&can_get_ldap_protocols()) {
+ $protos = &get_ldap_protocols();
+ foreach $p (keys %$protos) {
+ $protos->{$p} = 0;
+ }
+ foreach $p (@newprotos) {
+ $protos->{$p} = 1;
+ }
+ &save_ldap_protocols($protos);
+ }
+&webmin_log('slapd');
+
+&redirect("");
+
@incs = &unique(@incs);
# Write out
-&lock_file($config{'config_file'});
+&lock_slapd_files();
&save_directive($conf, "include", @incs);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("schema");
&redirect("");
&local_ldap_server() == 1 || &error($text{'slapd_elocal'});
&ReadParse();
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
# Validate and store inputs
# Write out the files
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
if ($save_config) {
&lock_file($module_config_file);
&save_module_config();
&ReadParse();
# Find it
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
@access = &find("access", $conf);
$p = &parse_ldap_access($access[$in{'idx'}]);
($access[$in{'idx'}], $access[$in{'idx'}-1]);
&save_directive($conf, "access", @access);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("up", "access", $p->{'what'});
&redirect("edit_acl.cgi");
&ReadParse();
# Find it includes
-&lock_file($config{'config_file'});
+&lock_slapd_files();
$conf = &get_config();
@incs = &find_value("include", $conf);
$idx = &indexof($in{'file'}, @incs);
($incs[$idx-1], $incs[$idx]) = ($incs[$idx], $incs[$idx-1]);
&save_directive($conf, "include", @incs);
&flush_file_lines($config{'config_file'});
-&unlock_file($config{'config_file'});
+&unlock_slapd_files();
&webmin_log("sup", undef, $in{'file'});
&redirect("edit_schema.cgi");