diff options
Diffstat (limited to 'perl-install/authentication.pm')
| -rw-r--r-- | perl-install/authentication.pm | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm index 9fc00a78e..518411a28 100644 --- a/perl-install/authentication.pm +++ b/perl-install/authentication.pm @@ -1,4 +1,4 @@ -package authentication; # $Id: authentication.pm 269894 2010-06-05 20:50:23Z tv $ +package authentication; use common; @@ -52,10 +52,10 @@ my $lib = (arch() =~ /x86_64/ ? 'lib64' : 'lib'); my %kind2packages = ( local => [], SmartCard => [ 'castella-pam' ], - LDAP => [ 'openldap-clients', 'nss_ldap', 'pam_ldap', 'autofs', 'nss_updatedb' ], - KRB5 => [ 'nss_ldap', 'pam_krb5', "${lib}sasl2-plug-gssapi", 'nss_updatedb' ], + LDAP => [ 'openldap-clients', 'nss-pam-ldapd', 'autofs', 'nss_updatedb' ], + KRB5 => [ 'nss-pam-ldapd', 'pam_krb5', "${lib}sasl2-plug-gssapi", 'nss_updatedb' ], NIS => [ 'ypbind', 'autofs' ], - winbind => [ 'samba-winbind', 'nss_ldap', 'pam_krb5', "${lib}sasl2-plug-gssapi" ], + winbind => [ 'samba-winbind', 'nss-pam-ldapd', 'pam_krb5', "${lib}sasl2-plug-gssapi" ], ); @@ -649,7 +649,7 @@ sub read_ldap_conf() { my %conf = map { s/^\s*#.*//; if_(_after_read_ldap_line($_) =~ /(\S+)\s+(.*)/, $1 => $2); - } cat_("$::prefix/etc/ldap.conf"); + } cat_("$::prefix/etc/nslcd.conf"); \%conf; } @@ -669,7 +669,7 @@ sub update_ldap_conf { $_ .= _pre_write_ldap_line("$cmd $val\n"); } } - } "$::prefix/etc/ldap.conf"; + } "$::prefix/etc/nslcd.conf"; } sub configure_krb5_for_AD { @@ -693,12 +693,12 @@ sub configure_krb5_for_AD { $uc_domain = { kdc = $authentication->{AD_server}:88 admin_server = $authentication->{AD_server}:749 - default_domain = $authentication->{DNS_domain} + default_domain = $authentication->{AD_domain} } EOF domain_realm => <<EOF, - .$authentication->{DNS_domain} = $uc_domain - $authentication->{DNS_domain} = $uc_domain + .$authentication->{AD_domain} = $uc_domain + $authentication->{AD_domain} = $uc_domain EOF kdc => <<'EOF', profile = /etc/kerberos/krb5kdc/kdc.conf @@ -897,23 +897,25 @@ sub fetch_dn { sub configure_nss_ldap { my ($authentication) = @_; update_ldap_conf( - host => $authentication->{LDAP_server}, + uri => $authentication->{cafile} eq '1' ? "ldaps://" . $authentication->{LDAP_server} . "/" : "ldap://" . $authentication->{LDAP_server} . "/", base => $authentication->{LDAPDOMAIN}, ); if ($authentication->{nssgrp} eq '1') { update_ldap_conf( - nss_base_shadow => $authentication->{nss_shadow} . "?sub", - nss_base_passwd => $authentication->{nss_pwd} . "?sub", - nss_base_group => $authentication->{nss_grp} . "?sub", + 'base shadow' => $authentication->{nss_shadow}, + 'base passwd' => $authentication->{nss_pwd}, + 'base group' => $authentication->{nss_grp}, + scope => "sub", ); } else { update_ldap_conf( - nss_base_shadow => $authentication->{LDAPDOMAIN} . "?sub", - nss_base_passwd => $authentication->{LDAPDOMAIN} . "?sub", - nss_base_group => $authentication->{LDAPDOMAIN} . "?sub", + 'base shadow' => $authentication->{LDAPDOMAIN}, + 'base passwd' => $authentication->{LDAPDOMAIN}, + 'base group' => $authentication->{LDAPDOMAIN}, + scope => "sub", ); } if ($authentication->{anonymous} eq '1') { @@ -926,7 +928,7 @@ sub configure_nss_ldap { if ($authentication->{cafile} eq '1') { update_ldap_conf( ssl => "on", - tls_checkpeer => "yes", + tls_reqcert => "allow", tls_cacertfile => $authentication->{file}, ); } |