diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2025-10-01 22:06:50 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2025-10-17 19:02:59 -0500 |
| commit | ce91d201e0f71fb43bdb4a9faea747679a0c02dd (patch) | |
| tree | 07a726a30ba62996c64a346d6299f75fbe6d4d13 /src/libtdeldap.cpp | |
| parent | f18baf461d242485c36f50c94561bbd07b909ac0 (diff) | |
| download | libtdeldap-ce91d201e0f71fb43bdb4a9faea747679a0c02dd.tar.gz libtdeldap-ce91d201e0f71fb43bdb4a9faea747679a0c02dd.zip | |
Add support for nslcd
nslcd is required on newer versions of Debian, and uses its own configuration
file instead of /etc/ldap.conf
Diffstat (limited to 'src/libtdeldap.cpp')
| -rw-r--r-- | src/libtdeldap.cpp | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 197f7c0..62faa34 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -114,12 +114,15 @@ extern "C" { #define LDAP_FILE "/etc/ldap/ldap.conf" #define LDAP_SECONDARY_FILE "/etc/ldap.conf" #define LDAP_TERTIARY_FILE "/etc/libnss-ldap.conf" +#define LDAP_NSLCD_FILE "/etc/nslcd.conf" #define TDELDAP_SUDO_D_FILE "/etc/sudoers.d/tde-realm-admins" #define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db" #define CRON_UPDATE_NSS_COMMAND "/usr/sbin/nss_updatedb ldap" +#define LDAP_RESTART_NSLCD_COMMAND "/etc/init.d/nslcd restart" + #ifndef SYSTEM_CA_STORE_CERT_LOCATION #define SYSTEM_CA_STORE_CERT_LOCATION "/usr/local/share/ca-certificates/" #endif @@ -3363,6 +3366,36 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac return -1; } + TQFile nslcd_file(LDAP_NSLCD_FILE); + if (nslcd_file.open(IO_WriteOnly)) { + TQTextStream stream( &nslcd_file ); + + stream << "# This file was automatically generated by TDE\n"; + stream << "# All changes will be lost!\n"; + stream << "\n"; + + if (realmcfg.bonded) { + stream << "uid nslcd" << "\n"; + stream << "gid nslcd" << "\n"; + stream << "uri ldaps://" << realmcfg.admin_server << "/\n"; + TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower()); + stream << "base dc=" << domainChunks.join(",dc=") << "\n"; + if (machineRole == ROLE_WORKSTATION) { + stream << "tls_cacertfile " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n"; + } + else { + stream << "tls_cacertfile " << KERBEROS_PKI_PEM_FILE << "\n"; + } + } + + nslcd_file.close(); + } + + if (chmod(LDAP_NSLCD_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { + if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(LDAP_FILE); + return -1; + } + // Create symbolic link to secondary LDAP configuration file if (fileExists(LDAP_SECONDARY_FILE)) { if (unlink(LDAP_SECONDARY_FILE) < 0) { @@ -4250,6 +4283,11 @@ int LDAPManager::writeClientCronFiles(TQString *errstr) { return -1; } + if (system(LDAP_RESTART_NSLCD_COMMAND) < 0) { + if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(LDAP_RESTART_NSLCD_COMMAND); + return -1; + } + if (system(CRON_UPDATE_NSS_COMMAND) < 0) { if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(CRON_UPDATE_NSS_COMMAND); return -1; |