1 files changed, 38 insertions, 0 deletions

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 197f7c0..62faa34 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -114,12 +114,15 @@ extern "C" {
 #define LDAP_FILE "/etc/ldap/ldap.conf"
 #define LDAP_SECONDARY_FILE "/etc/ldap.conf"
 #define LDAP_TERTIARY_FILE "/etc/libnss-ldap.conf"
+#define LDAP_NSLCD_FILE "/etc/nslcd.conf"
 
 #define TDELDAP_SUDO_D_FILE "/etc/sudoers.d/tde-realm-admins"
 
 #define CRON_UPDATE_NSS_FILE "/etc/cron.daily/upd-local-nss-db"
 #define CRON_UPDATE_NSS_COMMAND "/usr/sbin/nss_updatedb ldap"
 
+#define LDAP_RESTART_NSLCD_COMMAND "/etc/init.d/nslcd restart"
+
 #ifndef SYSTEM_CA_STORE_CERT_LOCATION
 #define SYSTEM_CA_STORE_CERT_LOCATION "/usr/local/share/ca-certificates/"
 #endif
@@ -3363,6 +3366,36 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
 		return -1;
 	}
 
+	TQFile nslcd_file(LDAP_NSLCD_FILE);
+	if (nslcd_file.open(IO_WriteOnly)) {
+		TQTextStream stream( &nslcd_file );
+
+		stream << "# This file was automatically generated by TDE\n";
+		stream << "# All changes will be lost!\n";
+		stream << "\n";
+
+		if (realmcfg.bonded) {
+			stream << "uid nslcd" << "\n";
+			stream << "gid nslcd" << "\n";
+			stream << "uri ldaps://" << realmcfg.admin_server << "/\n";
+			TQStringList domainChunks = TQStringList::split(".", realmcfg.name.lower());
+			stream << "base dc=" << domainChunks.join(",dc=") << "\n";
+			if (machineRole == ROLE_WORKSTATION) {
+				stream << "tls_cacertfile " << KERBEROS_PKI_PUBLICDIR << realmcfg.admin_server << ".ldap.crt\n";
+			}
+			else {
+				stream << "tls_cacertfile " << KERBEROS_PKI_PEM_FILE << "\n";
+			}
+		}
+
+		nslcd_file.close();
+	}
+
+	if (chmod(LDAP_NSLCD_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
+		if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(LDAP_FILE);
+		return -1;
+	}
+
 	// Create symbolic link to secondary LDAP configuration file
 	if (fileExists(LDAP_SECONDARY_FILE)) {
 		if (unlink(LDAP_SECONDARY_FILE) < 0) {
@@ -4250,6 +4283,11 @@ int LDAPManager::writeClientCronFiles(TQString *errstr) {
 		return -1;
 	}
 
+	if (system(LDAP_RESTART_NSLCD_COMMAND) < 0) {
+		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(LDAP_RESTART_NSLCD_COMMAND);
+		return -1;
+	}
+
 	if (system(CRON_UPDATE_NSS_COMMAND) < 0) {
 		if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(CRON_UPDATE_NSS_COMMAND);
 		return -1;