diff options
author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2013-06-27 23:03:24 +0000 |
---|---|---|
committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2013-06-27 23:03:24 +0000 |
commit | 8a439f8521d78dc4c3ebcca248bc60f540e83acb (patch) | |
tree | d658934a63ccd6650f91cfb0ae65b4e3832f848e /src | |
parent | 5b8ec508a097798e42408f3bd03ce96985cfc90e (diff) | |
download | libtdeldap-8a439f8521d78dc4c3ebcca248bc60f540e83acb.tar.gz libtdeldap-8a439f8521d78dc4c3ebcca248bc60f540e83acb.zip |
Add a number of methods to enable multi-master replication
Diffstat (limited to 'src')
-rw-r--r-- | src/libtdeldap.cpp | 696 | ||||
-rw-r--r-- | src/libtdeldap.h | 35 |
2 files changed, 626 insertions, 105 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 8209501..8aac29f 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -876,6 +876,40 @@ void add_multiple_attributes_operation(LDAPMod **mods, int *i, TQString attr, TQ (*i)++; } +void delete_single_attribute_operation(LDAPMod **mods, int *i, TQString attr) { + mods[*i]->mod_op = LDAP_MOD_DELETE; + mods[*i]->mod_type = strdup(attr.ascii()); + (*i)++; +} + +void set_up_attribute_operations(LDAPMod **mods, int number_of_parameters) { + int i; + for (i=0;i<number_of_parameters;i++) { + mods[i] = new LDAPMod; + mods[i]->mod_type = NULL; + mods[i]->mod_values = NULL; + } + mods[number_of_parameters] = NULL; +} + +void clean_up_attribute_operations(int i, LDAPMod **mods, LDAPMod *prevterm, int number_of_parameters) { + mods[i] = prevterm; + for (i=0;i<number_of_parameters;i++) { + if (mods[i]->mod_type != NULL) { + free(mods[i]->mod_type); + } + if (mods[i]->mod_values != NULL) { + int j = 0; + while (mods[i]->mod_values[j] != NULL) { + free(mods[i]->mod_values[j]); + j++; + } + free(mods[i]->mod_values); + } + delete mods[i]; + } +} + int LDAPManager::updateUserInfo(LDAPUserInfo user, TQString *errstr) { int retcode; int i; @@ -889,12 +923,7 @@ int LDAPManager::updateUserInfo(LDAPUserInfo user, TQString *errstr) { // We will replace any existing attributes with the new values int number_of_parameters = 40; // 40 primary attributes LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; + set_up_attribute_operations(mods, number_of_parameters); // Load LDAP modification requests from provided data structure i=0; @@ -961,21 +990,7 @@ int LDAPManager::updateUserInfo(LDAPUserInfo user, TQString *errstr) { retcode = ldap_modify_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL); // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); if (retcode != LDAP_SUCCESS) { if (errstr) { @@ -1485,12 +1500,7 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group, TQString *errstr) { // We will replace any existing attributes with the new values int number_of_parameters = 3; // 3 primary attributes LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; + set_up_attribute_operations(mods, number_of_parameters); // Load LDAP modification requests from provided data structure i=0; @@ -1520,21 +1530,7 @@ int LDAPManager::updateGroupInfo(LDAPGroupInfo group, TQString *errstr) { retcode = ldap_modify_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL); // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); if (retcode != LDAP_SUCCESS) { if (errstr) { @@ -1575,12 +1571,7 @@ int LDAPManager::addUserInfo(LDAPUserInfo user, TQString *errstr) { // Create the base DN entry int number_of_parameters = 14; // 14 primary attributes LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; + set_up_attribute_operations(mods, number_of_parameters); // Load initial required LDAP object attributes i=0; @@ -1607,21 +1598,7 @@ int LDAPManager::addUserInfo(LDAPUserInfo user, TQString *errstr) { retcode = ldap_add_ext_s(m_ldap, user.distinguishedName.ascii(), mods, NULL, NULL); // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); if (retcode != LDAP_SUCCESS) { if (errstr) { @@ -1650,12 +1627,7 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) { // Create the base DN entry int number_of_parameters = 6; // 6 primary attributes LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; + set_up_attribute_operations(mods, number_of_parameters); TQString placeholderGroup = "cn=placeholder," + m_basedc; @@ -1675,21 +1647,7 @@ int LDAPManager::addGroupInfo(LDAPGroupInfo group, TQString *errstr) { retcode = ldap_add_ext_s(m_ldap, group.distinguishedName.ascii(), mods, NULL, NULL); // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - free(mods[i]->mod_values[j]); - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); if (retcode != LDAP_SUCCESS) { if (errstr) { @@ -2673,12 +2631,7 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at // We will replace any existing attributes with the new values int number_of_parameters = 1; // 1 primary attribute LDAPMod *mods[number_of_parameters+1]; - for (i=0;i<number_of_parameters;i++) { - mods[i] = new LDAPMod; - mods[i]->mod_type = NULL; - mods[i]->mod_values = NULL; - } - mods[number_of_parameters] = NULL; + set_up_attribute_operations(mods, number_of_parameters); // Load LDAP modification requests from provided data structure i=0; @@ -2690,21 +2643,7 @@ int LDAPManager::writeCertificateFileIntoDirectory(TQByteArray cert, TQString at retcode = ldap_modify_ext_s(m_ldap, TQString("cn=certificate store,o=tde,cn=tde realm data,ou=master services,ou=core,ou=realm,%1").arg(m_basedc).ascii(), mods, NULL, NULL); // Clean up - mods[i] = prevterm; - for (i=0;i<number_of_parameters;i++) { - if (mods[i]->mod_type != NULL) { - free(mods[i]->mod_type); - } - if (mods[i]->mod_values != NULL) { - int j = 0; - while (mods[i]->mod_values[j] != NULL) { - delete mods[i]->mod_values[j]; - j++; - } - free(mods[i]->mod_values); - } - delete mods[i]; - } + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); if (retcode != LDAP_SUCCESS) { if (errstr) *errstr = i18n("<qt>LDAP certificate upload failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); @@ -2885,6 +2824,94 @@ LDAPTDEBuiltinsInfo LDAPManager::parseLDAPTDEBuiltinsRecord(LDAPMessage* entry) return builtininfo; } +LDAPMasterReplicationInfo LDAPManager::parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry) { + char* dn = NULL; + char* attr; + struct berval **vals; + BerElement* ber; + int i; + + if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { + ldap_memfree(dn); + } + + for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { + if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { + TQString ldap_field = attr; + if (ldap_field == "olcServerID") { + i=0; + while (vals[i] != NULL) { + TQStringList serverIDMapping = TQStringList::split(" ", TQString(vals[i]->bv_val), FALSE); + LDAPMasterReplicationMapping mapping; + mapping.id = serverIDMapping[0].toInt(); + mapping.fqdn = serverIDMapping[1]; + mapping.fqdn.replace("ldap:", ""); + mapping.fqdn.replace("ldaps:", ""); + mapping.fqdn.replace("/", ""); + replicationinfo.serverIDs.append(mapping); + i++; + } + replicationinfo.informationValid = true; + } + else if (ldap_field == "olcMirrorMode") { + i=0; + TQString mirrorModeEnabled(vals[i]->bv_val); + if (mirrorModeEnabled == "TRUE") { + replicationinfo.enabled = true; + } + else { + replicationinfo.enabled = false; + } + } + ldap_value_free_len(vals); + } + ldap_memfree(attr); + } + + if (ber != NULL) { + ber_free(ber, 0); + } + + return replicationinfo; +} + +TQString LDAPManager::parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry) { + char* dn = NULL; + char* attr; + struct berval **vals; + BerElement* ber; + int i; + TQString syncProvEntry; + + if((dn = ldap_get_dn(m_ldap, entry)) != NULL) { + ldap_memfree(dn); + } + + for( attr = ldap_first_attribute(m_ldap, entry, &ber); attr != NULL; attr = ldap_next_attribute(m_ldap, entry, ber)) { + if ((vals = ldap_get_values_len(m_ldap, entry, attr)) != NULL) { + TQString ldap_field = attr; + if (ldap_field == "olcOverlay") { + i=0; + while (vals[i] != NULL) { + TQString value(vals[i]->bv_val); + if (value.endsWith("}syncprov")) { + syncProvEntry = value; + } + i++; + } + } + ldap_value_free_len(vals); + } + ldap_memfree(attr); + } + + if (ber != NULL) { + ber_free(ber, 0); + } + + return syncProvEntry; +} + LDAPTDEBuiltinsInfo LDAPManager::getTDEBuiltinMappings(TQString *errstr) { int retcode; LDAPTDEBuiltinsInfo builtininfo; @@ -2918,6 +2945,441 @@ LDAPTDEBuiltinsInfo LDAPManager::getTDEBuiltinMappings(TQString *errstr) { return LDAPTDEBuiltinsInfo(); } +LDAPMasterReplicationInfo LDAPManager::getLDAPMasterReplicationSettings(TQString *errstr) { + int retcode; + LDAPMasterReplicationInfo replicationinfo; + + if (bind(errstr) < 0) { + return LDAPMasterReplicationInfo(); + } + else { + // Check cn=config settings + LDAPMessage* msg; + retcode = ldap_search_ext_s(m_ldap, "cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return LDAPMasterReplicationInfo(); + } + + // Iterate through the returned entries + LDAPMessage* entry; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + LDAPMasterReplicationInfo potentialReplicationInfo; + potentialReplicationInfo = parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo(), entry); + if (potentialReplicationInfo.informationValid) { + replicationinfo = potentialReplicationInfo; + } + } + + // clean up + ldap_msgfree(msg); + + // Set OpenLDAP defaults + replicationinfo.enabled = false; + + // Check olcDatabase 0 configuration settings + retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return LDAPMasterReplicationInfo(); + } + + // Iterate through the returned entries + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + replicationinfo = parseLDAPMasterReplicationRecord(replicationinfo, entry); + } + + // clean up + ldap_msgfree(msg); + + return replicationinfo; + } + + return LDAPMasterReplicationInfo(); +} + +int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo replicationinfo, TQString *errstr) { + int retcode; + int i; + + if (bind(errstr) < 0) { + return -1; + } + else { + if (replicationinfo.enabled) { + if (!errstr && (replicationinfo.syncDN == "")) { + replicationinfo.syncDN = "cn=admin," + m_basedc; + } + if (!errstr && replicationinfo.syncPassword.isNull()) { + LDAPPasswordDialog passdlg(0, 0, false); + passdlg.m_base->ldapAdminRealm->setEnabled(false); + passdlg.m_base->ldapAdminRealm->insertItem(m_realm); + passdlg.m_base->ldapUseTLS->hide(); + passdlg.m_base->ldapAdminUsername->setEnabled(false); + passdlg.m_base->ldapAdminUsername->setText(replicationinfo.syncDN); + if (passdlg.exec() == TQDialog::Accepted) { + replicationinfo.syncPassword = passdlg.m_base->ldapAdminPassword->password(); + } + } + + if ((replicationinfo.syncDN == "") || (replicationinfo.syncPassword.isNull())) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: Invalid multi-master synchronization credentials provided</qt>"); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: Invalid multi-master synchronization credentials provided</qt>"), i18n("User Error")); + return -1; + } + + // Test credentials before continuing + LDAPCredentials* credentials = new LDAPCredentials; + credentials->username = replicationinfo.syncDN; + credentials->password = replicationinfo.syncPassword; + credentials->realm = m_realm; + LDAPManager* ldap_mgr = new LDAPManager(m_realm, "ldapi://", credentials); + TQString errorstring; + if (ldap_mgr->bind(&errorstring) != 0) { + delete ldap_mgr; + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: Invalid multi-master synchronization credentials provided</qt>"); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: Invalid multi-master synchronization credentials provided</qt>"), i18n("User Error")); + return -1; + } + delete ldap_mgr; + } + + if (replicationinfo.serverIDs.count() <= 0) { + replicationinfo.enabled = false; + } + + if (replicationinfo.serverIDs.count() > 0) { + // Assemble the LDAPMod structure + // We will replace any existing attributes with the new values + int number_of_parameters = 1; // 1 primary attribute + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP modification requests from provided data structure + i=0; + TQStringList serverMappingList; + LDAPMasterReplicationMap::iterator it; + for (it = replicationinfo.serverIDs.begin(); it != replicationinfo.serverIDs.end(); ++it) { + serverMappingList.append(TQString("%1 ldaps://%2/").arg((*it).id).arg((*it).fqdn)); + } + add_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if (retcode == LDAP_NO_SUCH_ATTRIBUTE) { + // Add new object instead + // Assemble the LDAPMod structure + // We will replace any existing attributes with the new values + int number_of_parameters = 1; // 1 primary attribute + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP modification requests from provided data structure + i=0; + TQStringList serverMappingList; + LDAPMasterReplicationMap::iterator it; + for (it = replicationinfo.serverIDs.begin(); it != replicationinfo.serverIDs.end(); ++it) { + serverMappingList.append(TQString("%1 ldaps://%2/").arg((*it).id).arg((*it).fqdn)); + } + create_multiple_attributes_operation(mods, &i, "olcServerID", serverMappingList); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_add_ext_s(m_ldap, "cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + } + + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + } + else { + // Delete the olcServerID entry + // Assemble the LDAPMod structure + int number_of_parameters = 1; // 1 primary attribute + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP delete request + i=0; + delete_single_attribute_operation(mods, &i, "olcServerID"); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_modify_ext_s(m_ldap, "cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + } + + { + if (replicationinfo.enabled) { + // Config Database + { + // Assemble the LDAPMod structure + // We will replace any existing attributes with the new values + int number_of_parameters = 2; // 2 primary attributes + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP modification requests from provided data structure + i=0; + TQStringList syncReplServerList; + LDAPMasterReplicationMap::iterator it; + int rid = 1; + for (it = replicationinfo.serverIDs.begin(); it != replicationinfo.serverIDs.end(); ++it) { + TQString ridString; + TQString serverSyncReplString; + TQString databaseDN; + ridString.sprintf("%03d", rid); + databaseDN = "cn=config"; + serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout); + syncReplServerList.append(serverSyncReplString); + rid++; + } + add_multiple_attributes_operation(mods, &i, "olcSyncRepl", syncReplServerList); + add_single_attribute_operation(mods, &i, "olcMirrorMode", "TRUE"); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={0}config,cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + } + + // Main Database + { + // Assemble the LDAPMod structure + // We will replace any existing attributes with the new values + int number_of_parameters = 2; // 2 primary attributes + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP modification requests from provided data structure + i=0; + TQStringList syncReplServerList; + LDAPMasterReplicationMap::iterator it; + int rid = 1; + for (it = replicationinfo.serverIDs.begin(); it != replicationinfo.serverIDs.end(); ++it) { + TQString ridString; + TQString serverSyncReplString; + TQString databaseDN; + ridString.sprintf("%03d", rid); + databaseDN = m_basedc; + serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout); + syncReplServerList.append(serverSyncReplString); + rid++; + } + add_multiple_attributes_operation(mods, &i, "olcSyncRepl", syncReplServerList); + add_single_attribute_operation(mods, &i, "olcMirrorMode", "TRUE"); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={1}hdb,cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + } + } + else { + // Delete the olcSyncRepl and olcMirrorMode entries + + // Main Database + { + // Assemble the LDAPMod structure + int number_of_parameters = 2; // 2 primary attributes + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP delete request + i=0; + delete_single_attribute_operation(mods, &i, "olcSyncRepl"); + delete_single_attribute_operation(mods, &i, "olcMirrorMode"); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={1}hdb,cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + } + + // Config Database + { + // Assemble the LDAPMod structure + int number_of_parameters = 2; // 2 primary attributes + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load LDAP delete request + i=0; + delete_single_attribute_operation(mods, &i, "olcSyncRepl"); + delete_single_attribute_operation(mods, &i, "olcMirrorMode"); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Perform LDAP update + retcode = ldap_modify_ext_s(m_ldap, "olcDatabase={0}config,cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if ((retcode != LDAP_SUCCESS) && (retcode != LDAP_NO_SUCH_ATTRIBUTE)) { + if (errstr) *errstr = i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP modification failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + } + } + + // Get current active replication settings + TQString* readOnlyErrorString = NULL; + LDAPMasterReplicationInfo currentReplicationInfo = getLDAPMasterReplicationSettings(readOnlyErrorString); + if (readOnlyErrorString) { + // Uh oh + if (errstr) *errstr = *readOnlyErrorString; + else KMessageBox::error(0, *readOnlyErrorString, i18n("LDAP Error")); + return -2; + } + if (currentReplicationInfo.enabled != replicationinfo.enabled) { + if (replicationinfo.enabled) { + // Set up replication + // NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration + + // Check to see if the syncprov overlay entries already exist + bool haveOlcOverlaySyncProv = false; + LDAPMessage* msg; + retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + + // Iterate through the returned entries + LDAPMessage* entry; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") { + haveOlcOverlaySyncProv = true; + } + } + + // clean up + ldap_msgfree(msg); + + if (!haveOlcOverlaySyncProv) { + // Create the base DN entry + int number_of_parameters = 1; // 1 primary attribute + LDAPMod *mods[number_of_parameters+1]; + set_up_attribute_operations(mods, number_of_parameters); + + // Load initial required LDAP object attributes + i=0; + TQStringList objectClassList; + objectClassList.append("olcOverlayConfig"); + objectClassList.append("olcSyncProvConfig"); + create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList); + LDAPMod *prevterm = mods[i]; + mods[i] = NULL; + + // Add new object + retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL); + + // Clean up + clean_up_attribute_operations(i, mods, prevterm, number_of_parameters); + + if (retcode != LDAP_SUCCESS) { + if (errstr) { + *errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + } + else { + KMessageBox::error(0, i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + } + return -2; + } + } + } + else { + // Check to see if the syncprov overlay entries exist + TQString olcOverlaySyncProvAttr; + LDAPMessage* msg; + retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg); + if (retcode != LDAP_SUCCESS) { + if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)); + else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error")); + return -2; + } + + // Iterate through the returned entries + LDAPMessage* entry; + for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) { + olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry); + if (olcOverlaySyncProvAttr != "") { + break; + } + } + + // clean up + ldap_msgfree(msg); + + if (olcOverlaySyncProvAttr != "") { + // FIXME + // OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files) + // See http://www.openldap.org/lists/openldap-software/200811/msg00103.html + // If it were possible, the code would look something like this: + // retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL); + } + } + } + return 0; + } + } + + return -1; +} + int LDAPManager::getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr) { int retcode; int returncode; @@ -3774,6 +4236,30 @@ LDAPTDEBuiltinsInfo::~LDAPTDEBuiltinsInfo() { // } +LDAPMasterReplicationInfo::LDAPMasterReplicationInfo() { + // TQStrings are always initialized to TQString::null, so they don't need initialization here... + informationValid = false; + enabled = false; + // FIXME + // Retry method and timeout should be user configurable + // See http://www.openldap.org/doc/admin24/slapdconfig.html for syntax + retryMethod = "5 5 300 5"; + timeout = 1; +} + +LDAPMasterReplicationInfo::~LDAPMasterReplicationInfo() { + // +} + + +LDAPMasterReplicationMapping::LDAPMasterReplicationMapping() { + id = -1; +} + +LDAPMasterReplicationMapping::~LDAPMasterReplicationMapping() { + // +} + KerberosTicketInfo::KerberosTicketInfo() { // TQStrings are always initialized to TQString::null, so they don't need initialization here... informationValid = false; diff --git a/src/libtdeldap.h b/src/libtdeldap.h index 2c73967..ee60b94 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -374,6 +374,37 @@ class LDAPTDEBuiltinsInfo TQString builtinStandardUserGroup; }; +class LDAPMasterReplicationMapping +{ + public: + LDAPMasterReplicationMapping(); + ~LDAPMasterReplicationMapping(); + + public: + int id; + TQString fqdn; +}; + +typedef TQValueList<LDAPMasterReplicationMapping> LDAPMasterReplicationMap; + +class LDAPMasterReplicationInfo +{ + public: + LDAPMasterReplicationInfo(); + ~LDAPMasterReplicationInfo(); + + public: + bool informationValid; + bool enabled; + LDAPMasterReplicationMap serverIDs; + TQString retryMethod; + int timeout; + int syncMethod; + TQString syncDN; + TQCString syncPassword; + TQString certificateFile; +}; + class KerberosTicketInfo { public: @@ -446,6 +477,8 @@ class LDAPManager : public TQObject { int writeCertificateFileIntoDirectory(TQByteArray cert, TQString attr, TQString* errstr=0); LDAPTDEBuiltinsInfo getTDEBuiltinMappings(TQString *errstr=0); + LDAPMasterReplicationInfo getLDAPMasterReplicationSettings(TQString *errstr=0); + int setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo replicationinfo, TQString *errstr=0); int writeSudoersConfFile(TQString *errstr=0); int getTDECertificate(TQString certificateName, TQString fileName, TQString *errstr=0); int setPasswordForUser(LDAPUserInfo user, TQString *errstr); @@ -489,6 +522,8 @@ class LDAPManager : public TQObject { LDAPMachineInfo parseLDAPMachineRecord(LDAPMessage* entry); LDAPServiceInfo parseLDAPMachineServiceRecord(LDAPMessage* entry); LDAPTDEBuiltinsInfo parseLDAPTDEBuiltinsRecord(LDAPMessage* entry); + LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry); + TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry); private: TQString m_realm; |