From 65f35eb4d99739393bbf5030cc0f29b14da6e418 Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Mon, 29 Sep 2025 22:37:04 -0500 Subject: Don't attempt to access the LDAP server if the realm DC is blank If the realm DC is blank, it indicates that configuration has not reached a point where connection to the LDAP server is possible. Providing a blank DC to LDAP will always result in an invalid DN error. This resolves spurious popups when creating the first realm control server in a given realm. Signed-off-by: Timothy Pearson --- src/ldapcontroller.cpp | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) (limited to 'src/ldapcontroller.cpp') diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp index 33aa245..e8465a4 100644 --- a/src/ldapcontroller.cpp +++ b/src/ldapcontroller.cpp @@ -531,7 +531,10 @@ void LDAPController::updateCertDisplay() { credentials->username = ""; credentials->password = ""; credentials->realm = realmname; - LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); + LDAPManager* ldap_mgr = NULL; + if (realmname != "") { + ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); + } // Certificate Authority if (TQFile::exists(KERBEROS_PKI_PEM_FILE)) { @@ -601,7 +604,7 @@ void LDAPController::updateCertDisplay() { // Certificate Revocation List TQByteArray certificateContents; - if (ldap_mgr->getTDECertificate("publicRootCertificateRevocationList", &certificateContents, NULL) == 0) { + if (ldap_mgr && ldap_mgr->getTDECertificate("publicRootCertificateRevocationList", &certificateContents, NULL) == 0) { certExpiry = LDAPManager::getCertificateExpiration(certificateContents); if (certExpiry >= now) { m_base->crlExpiryString->setText("Expires " + certExpiry.toString()); @@ -622,7 +625,9 @@ void LDAPController::updateCertDisplay() { m_base->crlExpiryString->setPaletteForegroundColor(CERT_STATUS_COLOR_NOTFOUND); } - delete ldap_mgr; + if (ldap_mgr) { + delete ldap_mgr; + } } void LDAPController::btncaSetMaster() { @@ -1055,9 +1060,13 @@ void LDAPController::save() { credentials->username = ""; credentials->password = ""; credentials->realm = realmname; - LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); + LDAPManager* ldap_mgr = NULL; - if (ldap_mgr->setLdapCertificateStoreAttribute("publicRootCRLIntervalDays", TQString("%1").arg(m_certconfig.caCrlExpiryDays), &errorstring) != 0) { + if (realmname != "") { + ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials); + } + + if (ldap_mgr && ldap_mgr->setLdapCertificateStoreAttribute("publicRootCRLIntervalDays", TQString("%1").arg(m_certconfig.caCrlExpiryDays), &errorstring) != 0) { KMessageBox::error(this, i18n("Unable to update CRL interval entry in LDAP database

Details: %1").arg(errorstring), i18n("LDAP Update Failure")); } @@ -1087,13 +1096,15 @@ void LDAPController::save() { replicationSettings.ignore_ssl_failure = m_base->ignoreReplicationSSLFailures->isChecked(); - if (ldap_mgr->setLDAPMasterReplicationSettings(replicationSettings, NULL) != 0) { + if (ldap_mgr && ldap_mgr->setLDAPMasterReplicationSettings(replicationSettings, NULL) != 0) { // ERROR } } } - delete ldap_mgr; + if (ldap_mgr) { + delete ldap_mgr; + } load(); } -- cgit v1.2.3