diff options
-rw-r--r-- | ldap_wizard/Ldap.pm | 291 |
1 files changed, 135 insertions, 156 deletions
diff --git a/ldap_wizard/Ldap.pm b/ldap_wizard/Ldap.pm index 9b1aec1d..0a0eb762 100644 --- a/ldap_wizard/Ldap.pm +++ b/ldap_wizard/Ldap.pm @@ -19,7 +19,6 @@ require Net::LDAP; use Net::LDAP::Util qw(ldap_error_text); - #unless ($> == 0) { # die "You are not root Exiting\n"; #} @@ -54,20 +53,13 @@ my $o = { nom => '', prenom => '', }, - needed_rpm => [ 'openldap-servers','openldap-clients','nss_ldap' ], - defaultimage => "$ENV{__WIZ_HOME__}ldap_wizard/images/ldap.png", - init => sub { - if ($wiz_host_name =~ /localhost/) { - return 0, N("You need to readjust your hostname.") - } - if (member($wiz_domain_name, qw(localdomain (none)))) { - return 0, N("You need to readjust your domainname. For an LDAP server you need a correct domainname, not equal to localdomain or none. Hostname must be a FQDN: Fully Qualified Domain Name. Launch drakconnect to adjust it.") - } - 1 - }, + needed_rpm => [ 'openldap-servers', 'openldap-clients', 'nss_ldap' ], + defaultimage => "$ENV{__WIZ_HOME__}ldap_wizard/images/ldap.png", + init => sub { + test_host_domain($wiz_host_name, $wiz_domain_name); + } }; - my $wiz = new MDK::Wizard::Wizcommon; my $wiz_domain_name = $wiz->{net}->network_get("DOMAINNAME"); my $wiz_host_name = $wiz->{net}->network_get("HOSTNAME"); @@ -104,80 +96,72 @@ my %level = ( $o->{pages} = { welcome => { name => N("Ldap configuration wizard") . "\n\n" . N("LDAP stands for Lightweight Directory Access Protocol.") . "\n\n" . N("It is a lightweight protocol for accessing directory services, specifically X.500-based directory services."), - no_back => 1, - post => sub { - ! -f $conf_file and 'set_srv'; - }, - - next => 'ask_menu' - }, - - ask_menu => { - name => N("Ldap configuration wizard"), - no_back => 1, - - pre => sub { - $o->{var}{wiz_level} ||= 1; - }, - post => sub { - if ($o->{var}{wiz_level} == 2) { - ! -f $conf_file and $::in->ask_warn(N("Error"), N("You must setup an Ldap server first.")) and return 'set_srv'; - return 'add_userposix'; - } - - - if ($o->{var}{wiz_level} == 1) { - -f $conf_file and return 'resume'; - } - if ($o->{var}{wiz_level} == 3) { - ! -f $conf_file and $::in->ask_warn(N("Error"), N("You must setup an Ldap server first.")) and return 'set_srv'; - return 'del_conf'; - } - }, - - data => [ - { label => " " }, - { label => N("Your choice:") . "\n\n", val => \$o->{var}{wiz_level}, type => 'list', list => [ keys %level ], format => sub { $level{$_[0]} } }, - ], - next => 'set_srv', - }, - - del_conf => { - name => N("Delete configuration") . "\n\n" . N("Saving existing base in /root/ldap-sav.ldiff"), - post => \&sav_conf, - next => 'welcome' - }, + no_back => 1, + post => sub { + ! -f $conf_file and 'set_srv'; + }, + next => 'ask_menu', + }, + ask_menu => { + name => N("Ldap configuration wizard"), + no_back => 1, + pre => sub { + $o->{var}{wiz_level} ||= 1; + }, + post => sub { + if ($o->{var}{wiz_level} == 2) { + ! -f $conf_file and $::in->ask_warn(N("Error"), N("You must setup an Ldap server first.")) and return 'set_srv'; + return 'add_userposix'; + } + if ($o->{var}{wiz_level} == 1) { + -f $conf_file and return 'resume'; + } + if ($o->{var}{wiz_level} == 3) { + ! -f $conf_file and $::in->ask_warn(N("Error"), N("You must setup an Ldap server first.")) and return 'set_srv'; + return 'del_conf'; + } + }, + data => [ + { label => " " }, + { label => N("Your choice:") . "\n\n", val => \$o->{var}{wiz_level}, type => 'list', list => [ keys %level ], format => sub { $level{$_[0]} } }, + ], + next => 'set_srv', + }, + del_conf => { + name => N("Delete configuration") . "\n\n" . N("Saving existing base in /root/ldap-sav.ldiff"), + post => \&sav_conf, + next => 'welcome', + }, add_userposix => { name => N("LDAP Adding User") . "\n\n" , data => [ - { label => " " }, - { label => N("User Created in: " . $o->{var}{defou} . ", " . $o->{var}{suffix})}, - { label => " " }, - { label => N("First Name:"), val => \$o->{var}{sn}, help => "aide p" }, - { label => N("Name:"), val => \$o->{var}{cn}, help => "aide p" }, - { label => N("User Login:"), val => \$o->{var}{uid}, help => "aide p" }, + { label => " " }, + { label => N("User Created in: %s, %s", $o->{var}{defou}, $o->{var}{suffix}) }, + { label => " " }, + { label => N("First Name:"), val => \$o->{var}{sn}, help => "aide p" }, + { label => N("Name:"), val => \$o->{var}{cn}, help => "aide p" }, + { label => N("User Login:"), val => \$o->{var}{uid}, help =>"aide p" }, ], complete => sub { if (!$o->{var}{sn}) { $::in->ask_warn(N("Error"), N("You must enter a valid First Name.")); return 1; - } - if (!$o->{var}{cn}) { - $::in->ask_warn(N("Error"), N("You must enter a valid Name.")); - return 1; - } - if (!$o->{var}{uid}) { - $::in->ask_warn(N("Error"), N("You must enter a valid User Name.")); - return 1; - } + } + if (!$o->{var}{cn}) { + $::in->ask_warn(N("Error"), N("You must enter a valid Name.")); + return 1; + } + if (!$o->{var}{uid}) { + $::in->ask_warn(N("Error"), N("You must enter a valid User Name.")); + return 1; + } }, - - next => 'password' + next => 'password', }, password => { name => N("LDAP User Password"), data => [ - { label => " " }, + { label => " " }, { label => N("Password:"), val => \$o->{var}{uidpass}, hidden => 1, help => N("passwords must match") }, { label => N("Password (again):"), val => \$o->{var}{uidpass2}, hidden => 1, help => N("passwords must match") }, ], @@ -188,112 +172,108 @@ $o->{pages} = { } if ($o->{var}{uidpass} ne $o->{var}{uidpass2}) { $::in->ask_warn(N("Error"), N("The passwords do not match")); - return 1; + return 1; } }, - next => 'summary_add_user' + next => 'summary_add_user', }, set_srv => { - name => "\n". N("Configuring LDAP Server") ."\n\n" . N("LDAP directory tree") . "\n" . N("The DNS naming is used for LDAP directory tree definition") . "\n" . N("Domain name: ") . $wiz_domain_name . "\n" . ("LDAP Diretory Tree: " . $o->{var}{suffix} ) . "\n\n" . N("LDAP Administrator") . "\n" . N("Administrator is a power user with grant access on LDAP database") . "\n" . "cn=".N("Administrator").",".$o->{var}{suffix} . "\n\n", + name => N("Configuring LDAP Server") . "\n\n" . N("LDAP directory tree") . "\n" . N("The DNS naming is used for LDAP directory tree definition") . "\n" . N("Domain name: %s", $wiz_domain_name) . "\n" . ("LDAP Diretory Tree: %s", $o->{var}{suffix}) . "\n\n" . N("LDAP Administrator") . "\n" . N("Administrator is a power user with grant access on LDAP database") . "\n" . "cn=" . N("Administrator,%s", $o->{var}{suffix}) . "\n\n", data => [ - { label => " " }, - { label => N("LDAP directory tree:"), val => \$o->{var}{suffix}, help => "aide p" }, - { label => N("LDAP Administrator:"), val => \$o->{var}{rootdn}, help => "aide p" }, - { label => N("LDAP Password:"), hidden => 1, val => \$o->{var}{rootpass}, help => "aide p" }, - { label => N("LDAP Password (again):"), hidden => 1, val => \$o->{var}{rootpass2}, help => "aide p" }, + { label => " " }, + { label => N("LDAP directory tree:"), val => \$o->{var}{suffix}, help => "aide p" }, + { label => N("LDAP Administrator:"), val => \$o->{var}{rootdn}, help => "aide p" }, + { label => N("LDAP Password:"), hidden => 1, val => \$o->{var}{rootpass}, help => "aide p" }, + { label => N("LDAP Password (again):"), hidden => 1, val => \$o->{var}{rootpass2}, help => "aide p" }, ], pre => sub { - $o->{var}{rootdn} = "cn=".N("Administrator").",".$o->{var}{suffix}; + $o->{var}{rootdn} = "cn=" . N("Administrator,%s", $o->{var}{suffix}); }, complete => sub { - if (!$o->{var}{suffix} || $o->{var}{suffix} !~ /dc/) { $::in->ask_warn(N("Error"), N("You must enter a valid LDAP directory tree.")); return 1; - } + } if (!$o->{var}{rootpass}) { $::in->ask_warn(N("Error"), N("You must enter a password for LDAP.")); return 1; - } + } if ($o->{var}{rootpass} ne $o->{var}{rootpass2}) { $::in->ask_warn(N("Error"), N("The passwords do not match")); return 1; } #$o->{var}{rootdn} = "cn=".$rootdn_cn.$o->{var}{suffix}, }, - next => 'summary_set_srv' + next => 'summary_set_srv', }, summary_add_user => { name => N("Confirmation of the user to create"), data => [ - { label => " " }, - { label => N("Name:"), type => 'field', fixed_val => \$o->{var}{sn} }, - { label => N("First name:"), type => 'field', fixed_val => \$o->{var}{cn} }, - { label => N("User Name:"), type => 'field', fixed_val => \$o->{var}{uid} }, - { label => N("Create in:"), type => 'field', fixed_val => \$o->{var}{defou} }, #. \$o->{var}{suffix} }, + { label => " " }, + { label => N("Name:"), type => 'field', fixed_val => \$o->{var}{sn} }, + { label => N("First name:"), type => 'field', fixed_val => \$o->{var}{cn} }, + { label => N("User Name:"), type => 'field', fixed_val => \$o->{var}{uid} }, + { label => N("Create in:"), type => 'field', fixed_val => \$o->{var}{defou} }, #. \$o->{var}{suffix} }, ], post => \&do_it_user_add, - next => $o->{var}{useraddisnogood} + next => $o->{var}{useraddisnogood}, }, summary_set_srv => { name => N("Confirmation Information for create an LDAP server"), data => [ - { label => " " }, + { label => " " }, { label => N("LDAP directory tree:"), type => 'field', fixed_val => \$o->{var}{suffix} }, { label => N("LDAP Administrator:"), type => 'field', fixed_val => \$o->{var}{rootdn} }, { label => N("Users Container:"), type => 'field', fixed_val => \$o->{var}{defou} }, ], post => \&do_it_setldap, - next => 'end' + next => 'end', }, end => { name => N("Congratulations"), - data => [ - { label => " " }, - { label => N("The wizard successfully configured the LDAP.") } ], + data => [ + { + label => " " }, + { + label => N("The wizard successfully configured the LDAP.") } ], no_back => 1, end => 1, - next => 0 + next => 0, }, - - add_user_good => { - name => N("Successfully added User"), - data => [ - { label => " " }, - { label => "\n",fixed_val => \$o->{var}{error_user_add} } - ], - no_back => '1', - next => 'ask_menu', - }, - + add_user_good => { + name => N("Successfully added User"), + data => [ + { label => " " }, + { label => "\n" , fixed_val => \$o->{var}{error_user_add} }, + ], + no_back => '1', + next => 'ask_menu', + }, add_user_nogood => { - name => N("Error when adding user in Ldap database"), - data => [ - { label => " " }, - { label => "\n",fixed_val => \$o->{var}{error_user_add} } - ], - no_back => '1', - next => 'add_userposix', - }, - - - - + name => N("Error when adding user in Ldap database"), + data => [ + { label => " " }, + { label => "\n" , fixed_val => \$o->{var}{error_user_add} }, + ], + no_back => '1', + next => 'add_userposix', + }, resume => { - name => N("Server already configured") . "\n\n" . N("You have already configured your Ldap Server") , - post => sub { - my $container_ou = $o->{var}{wiz_level}.",".$o->{var}{suffix}; - }, - data => [ { label => " " } , - { label => N("LDAP directory tree:"), type => 'field', fixed_val => \$o->{var}{suffix} }, - { label => N("LDAP Administrator:"), type => 'field', fixed_val => \$o->{var}{rootdn} }, - { label => N("Users Container:"), type => 'field', fixed_val => \$o->{var}{defou} }, - ], - no_back => '1', - next => 'ask_menu', - }, + name => N("Server already configured") . "\n\n" . N("You have already configured your Ldap Server") , + post => sub { + my $container_ou = $o->{var}{wiz_level} . "," . $o->{var}{suffix}; + }, + data => [ { label => " " } , + { label => N("LDAP directory tree:"), type => 'field', fixed_val => \$o->{var}{suffix} }, + { label => N("LDAP Administrator:"), type => 'field', fixed_val => \$o->{var}{rootdn} }, + { label => N("Users Container:"), type => 'field', fixed_val => \$o->{var}{defou} }, + ], + no_back => '1', + next => 'ask_menu', + }, }; + sub do_it_setldap { return if $::testing; if (!-f $LDAPCONF) { @@ -331,24 +311,24 @@ sub do_it_setldap { my $_cryptpass = crypt($o->{var}{rootpass}, "crypt"); if (any { /^rootpw/ } cat_($LDAPCONF)) { substInFile { - #s/rootpw.*/rootpw $cryptpass/; + #s/rootpw.*/rootpw $cryptpass/; s/rootpw.*/rootpw $o->{var}{rootpass}/; } $LDAPCONF; } else { - #append_to_file($LDAPCONF, "rootpw {CRYPT}$cryptpass"); + #append_to_file($LDAPCONF, "rootpw {CRYPT}$cryptpass"); append_to_file($LDAPCONF, "rootpw $o->{var}{rootpass}"); } # Modify /etc/ldap.conf # -require authentication; -authentication::update_ldap_conf( - host => $o->{var}{srv}, - base => $wiz_domain_name, - nss_base_shadow => "ou=People,$o->{var}{suffix}", - nss_base_passwd => "ou=People,$o->{var}{suffix}", - nss_base_group => "ou=Group,$o->{var}{suffix}", - ); + require authentication; + authentication::update_ldap_conf( + host => $o->{var}{srv}, + base => $wiz_domain_name, + nss_base_shadow => "ou=People,$o->{var}{suffix}", + nss_base_passwd => "ou=People,$o->{var}{suffix}", + nss_base_group => "ou=Group,$o->{var}{suffix}", + ); # reset premisions system("chown -R root.ldap /etc/openldap"); @@ -367,10 +347,10 @@ sub init_ldap { $o->{var}{rootdn} =~ /cn=(\w+),/ and my $cnadmin = $1; - my $LDAP; - open($LDAP, "| ldapadd -x -D '$o->{var}{rootdn}' -w $o->{var}{rootpass}"); + my $LDAP; + open($LDAP, "| ldapadd -x -D '$o->{var}{rootdn}' -w $o->{var}{rootpass}"); - print $LDAP <<RootLdif; + print $LDAP <<RootLdif; dn: $o->{var}{suffix} dc: $ldap_dc objectClass: dcObject @@ -404,7 +384,7 @@ RootLdif close($LDAP); - # create config file in /etc/sysconfig/ldapwiz + # create config file in /etc/sysconfig/ldapwiz output($conf_file, <<EOF); srv=$o->{var}{srv} suffix=$o->{var}{suffix} @@ -421,21 +401,20 @@ sub do_it_user_add { return if $::testing; my $uid = "10000"; while (defined(getpwuid($uid))) { - $uid++; - } + $uid++; + } - $o->{var}{uidnb} = $uid; - $o->{var}{gidnb} = $uid; + $o->{var}{uidnb} = $uid; + $o->{var}{gidnb} = $uid; ($o->{var}{code_return}, $o->{var}{error_user_add}) = add_user($o); if ($o->{var}{code_return} =~ /success/i) { - $o->{var}{useraddisnogood} = "add_user_good"; + $o->{var}{useraddisnogood} = "add_user_good"; } else { - $o->{var}{useraddisnogood} = "add_user_nogood"; + $o->{var}{useraddisnogood} = "add_user_nogood"; } - } - + sub sav_conf { services::stop('ldap'); my $cmd = "slapcat -l /root/ldap-sav.ldiff"; |