#!/usr/bin/perl # version 1.35 # GPL like # vguardiola@mandrakesoft.com package MDK::Wizard::Ldap; use lib qw(/usr/lib/libDrakX); use ugtk2 qw(:create); use strict; use MDK::Wizard::ldapdef; use interactive; use services; use common; use standalone; use MDK::Wizard::Varspaceval; use MDK::Wizard::Wizcommon; use Expect; require Net::LDAP; use Net::LDAP::Util qw(ldap_error_text); #unless ($> == 0) { # die "You are not root Exiting\n"; #} my $wiz = new MDK::Wizard::Wizcommon; my $in = interactive->vnew; my $wiz_domain_name = $wiz->{net}->network_get("DOMAINNAME"); my $wiz_host_name = $wiz->{net}->network_get("HOSTNAME"); my $DOMAINNAME = chomp_(`domainname`); my $o = { name => N("Ldap wizard"), var => { defou => 'ou=People', srv => 'localhost', suffix => '', rootdn => '', rootpass => '', rootpass2 => '', cn => '', sn => '', uid => '', uidpass => '', lshell => '/bin/bash', home => '/home/', uidnb => '1004', gidnb => '1004', container => 'container', objectclass => 'top,account,posixaccount', shadowmax => '99999', shadowmin => '-1', plop => '', tmp => '', nom => '', prenom => '', }, needed_rpm => [ 'openldap-servers', 'openldap-clients', 'nss_ldap' ], defaultimage => "$ENV{__WIZ_HOME__}ldap_wizard/images/ldap.png", init => sub { test_host_domain($wiz_host_name, $DOMAINNAME); } }; $::Wizard_pix_up = "/usr/share/mcc/themes/default/ldap-mdk.png"; my $ldap_suffix=join(',dc=', split(/\./, chomp_(`hostname -f`))); $ldap_suffix =~ s/[^,]*,//; my $conf_file = "/etc/sysconfig/ldapwiz"; my $LDAPCONF = "/etc/openldap/slapd.conf"; #my $rootdn_cn = "Admin"; ##### Read conf file is exist my $hostname = `hostname`; $o->{var}{srv} = $hostname; if (-f $conf_file) { my %conf = getVarsFromSh($conf_file); $o->{var}{suffix} = $conf{suffix}; $o->{var}{rootdn} = $conf{rootdn}; $o->{var}{srv} = $conf{srv}; $o->{var}{defou} = $conf{users}; $o->{var}{rootpass} = $conf{rootpass}; } else { my $hostname = chomp_(`hostname`); $o->{var}{srv} = $hostname; $o->{var}{suffix} = $ldap_suffix; } my %level = ( 1 => N("Show Ldap configuration"), 2 => N("Add user in Ldap server"), 3 => N("Delete Ldap configuration"), ); $o->{pages} = { welcome => { name => N("Ldap configuration wizard") . "\n\n" . N("LDAP stands for Lightweight Directory Access Protocol.") . "\n\n" . N("It is a lightweight protocol for accessing directory services, specifically X.500-based directory services."), no_back => 1, post => sub { ! -f $conf_file and 'set_srv'; }, next => 'ask_menu', }, ask_menu => { name => N("Ldap configuration wizard"), no_back => 1, pre => sub { $o->{var}{wiz_level} ||= 1; }, post => sub { if ($o->{var}{wiz_level} == 2) { ! -f $conf_file and $in->ask_warn(N("Error"), N("You must setup an Ldap server first.")) and return 'set_srv'; return 'add_userposix'; } if ($o->{var}{wiz_level} == 1) { -f $conf_file and return 'resume'; } if ($o->{var}{wiz_level} == 3) { ! -f $conf_file and $in->ask_warn(N("Error"), N("You must setup an Ldap server first.")) and return 'set_srv'; return 'del_conf'; } }, data => [ { label => " " }, { label => N("Your choice:") . "\n\n", val => \$o->{var}{wiz_level}, type => 'list', list => [ keys %level ], format => sub { $level{$_[0]} } }, ], next => 'set_srv', }, del_conf => { name => N("Delete configuration") . "\n\n" . N("Saving existing base in /root/ldap-sav.ldiff"), post => \&sav_conf, next => 'welcome', }, add_userposix => { name => N("LDAP Adding User"), data => [ #{ label => " " }, { label => N("User Created in: %s, %s", $o->{var}{defou}, $o->{var}{suffix}) }, { label => "" }, { label => N("First Name:"), val => \$o->{var}{sn} }, { label => N("Name:"), val => \$o->{var}{cn} }, { label => N("User Login:"), val => \$o->{var}{uid} }, ], complete => sub { if (!$o->{var}{sn}) { $in->ask_warn(N("Error"), N("You must enter a valid First Name.")); return 1; } if (!$o->{var}{cn}) { $in->ask_warn(N("Error"), N("You must enter a valid Name.")); return 1; } if (!$o->{var}{uid}) { $in->ask_warn(N("Error"), N("You must enter a valid User Name.")); return 1; } }, next => 'password', }, password => { name => N("LDAP User Password"), data => [ { label => "" }, { label => N("Password:"), val => \$o->{var}{uidpass}, hidden => 1, help => N("passwords must match") }, { label => N("Password (again):"), val => \$o->{var}{uidpass2}, hidden => 1, help => N("passwords must match") }, ], complete => sub { if (!$o->{var}{uidpass}) { $in->ask_warn(N("Error"), N("You must enter a password for LDAP.")); $o->{var}{uidpass} = ""; return 1; } if ($o->{var}{uidpass} ne $o->{var}{uidpass2}) { $in->ask_warn(N("Error"), N("The passwords do not match")); $o->{var}{uidpass} = ""; $o->{var}{uidpass2} = ""; return 1; } }, next => 'summary_add_user', }, set_srv => { name => N("Configuring LDAP Server") . "\n\n" . N("LDAP directory tree") . "\n" . N("The DNS naming is used for LDAP directory tree definition") . "\n" . N("Domain name: %s", $wiz_domain_name) . "\n" . ("LDAP Diretory Tree: %s", $o->{var}{suffix}) . "\n\n" . N("LDAP Administrator") . "\n" . N("Administrator is a power user with grant access on LDAP database") . "\n" . "cn=" . N("Administrator,%s", $o->{var}{suffix}) . "\n\n", data => [ { label => " " }, { label => N("LDAP directory tree:"), val => \$o->{var}{suffix} }, { label => N("LDAP Administrator:"), val => \$o->{var}{rootdn} }, { label => N("LDAP Password:"), hidden => 1, val => \$o->{var}{rootpass} }, { label => N("LDAP Password (again):"), hidden => 1, val => \$o->{var}{rootpass2} }, ], pre => sub { $o->{var}{rootdn} = "cn=" . N("Administrator,%s", $o->{var}{suffix}); my $_cryptpass = crypt($o->{var}{rootpass}, "crypt"); # $o->{var}{rootpass} = $_cryptpass; }, complete => sub { if (!$o->{var}{suffix} || $o->{var}{suffix} !~ /dc/) { $in->ask_warn(N("Error"), N("You must enter a valid LDAP directory tree.")); return 1; } if (!$o->{var}{rootpass}) { $in->ask_warn(N("Error"), N("You must enter a password for LDAP.")); $o->{var}{rootpass} = ""; return 1; } if ($o->{var}{rootpass} ne $o->{var}{rootpass2}) { $in->ask_warn(N("Error"), N("The passwords do not match")); $o->{var}{rootpass} = ""; $o->{var}{rootpass2} = ""; return 1; } #$o->{var}{rootdn} = "cn=".$rootdn_cn.$o->{var}{suffix}, }, next => 'summary_set_srv', }, summary_add_user => { name => N("Confirmation of the user to create"), data => [ { label => " " }, { label => N("Name:"), type => 'field', val_ref => \$o->{var}{sn} }, { label => N("First name:"), type => 'field', val_ref => \$o->{var}{cn} }, { label => N("User Name:"), type => 'field', val_ref => \$o->{var}{uid} }, { label => N("Create in:"), type => 'field', val_ref => \$o->{var}{defou} }, #. \$o->{var}{suffix} }, ], post => \&do_it_user_add, next => $o->{var}{useraddisnogood}, }, summary_set_srv => { name => N("Confirmation Information for create an LDAP server"), data => [ { label => " " }, { label => N("LDAP directory tree:"), type => 'field', val_ref => \$o->{var}{suffix} }, { label => N("LDAP Administrator:"), type => 'field', val_ref => \$o->{var}{rootdn} }, { label => N("Users Container:"), type => 'field', val_ref => \$o->{var}{defou} }, ], post => \&do_it_setldap, next => 'end', }, end => { name => N("Congratulations"), data => [ { label => " " }, { label => N("The wizard successfully configured the LDAP.") } ], no_back => 1, end => 1, next => 0, }, add_user_good => { name => N("Successfully added User"), data => [ { label => " " }, { label => "\n" , val_ref => \$o->{var}{error_user_add} }, ], no_back => '1', next => 'ask_menu', }, add_user_nogood => { name => N("Error when adding user in Ldap database"), data => [ { label => " " }, { label => "\n" , val_ref => \$o->{var}{error_user_add} }, ], no_back => '1', next => 'add_userposix', }, resume => { name => N("Server already configured") . "\n\n" . N("You have already configured your Ldap Server") , post => sub { my $container_ou = $o->{var}{wiz_level} . "," . $o->{var}{suffix}; }, data => [ { label => " " } , { label => N("LDAP directory tree:"), type => 'field', val_ref => \$o->{var}{suffix} }, { label => N("LDAP Administrator:"), type => 'field', val_ref => \$o->{var}{rootdn} }, { label => N("Users Container:"), type => 'field', val_ref => \$o->{var}{defou} }, ], no_back => '1', next => 'ask_menu', }, }; sub do_it_setldap { return if $::testing; if (!-f $LDAPCONF) { die "no $LDAPCONF found"; } cp_af($LDAPCONF, $LDAPCONF . '.save'); if (!-f "$LDAPCONF.example") { cp_af($LDAPCONF, $LDAPCONF . '.example'); } cp_af($LDAPCONF . '.example', $LDAPCONF); # set suffix if (any { /^suffix/ } cat_($LDAPCONF)) { substInFile { s/suffix.*/suffix\t"$o->{var}{suffix}"/; } $LDAPCONF; } else { append_to_file($LDAPCONF, qq(suffix\t"$o->{var}{suffix}")); } # s/example/$dcall substInFile { s/dc=example,dc=com/$o->{var}{suffix}/g; } $LDAPCONF; # set rootdn if (any { /^rootdn/ } cat_($LDAPCONF)) { substInFile { s/rootdn.*/rootdn\t"$o->{var}{rootdn}"/; } $LDAPCONF; } else { append_to_file($LDAPCONF, qq(rootdn\t"$o->{var}{rootdn},$o->{var}{suffix}")); } # set rootpass my $_cryptpass = crypt($o->{var}{rootpass}, "crypt"); if (any { /^rootpw/ } cat_($LDAPCONF)) { substInFile { #s/rootpw.*/rootpw $cryptpass/; s/rootpw.*/rootpw $o->{var}{rootpass}/; } $LDAPCONF; } else { #append_to_file($LDAPCONF, "rootpw {CRYPT}$cryptpass"); append_to_file($LDAPCONF, "rootpw $o->{var}{rootpass}"); } # Modify /etc/ldap.conf # require authentication; authentication::update_ldap_conf( host => $o->{var}{srv}, base => $wiz_domain_name, nss_base_shadow => "ou=People,$o->{var}{suffix}", nss_base_passwd => "ou=People,$o->{var}{suffix}", nss_base_group => "ou=Group,$o->{var}{suffix}", ); # reset premisions system("chown -R root.ldap /etc/openldap"); services::restart('ldap'); sleep(4); init_ldap(); } sub init_ldap { my $_root_cn = (split('=', (split(/,/, $o->{var}{rootdn}))[0]))[1]; my $ldap_dc = (split('=', (split(/,/, $o->{var}{suffix}))[0]))[1]; $o->{var}{rootdn} =~ /cn=(\w+),/ and my $cnadmin = $1; my $LDAP; open($LDAP, "| ldapadd -x -D '$o->{var}{rootdn}' -w $o->{var}{rootpass}"); print $LDAP <{var}{suffix} dc: $ldap_dc objectClass: dcObject objectClass: organization o: Company dn: $o->{var}{rootdn} objectClass: organizationalRole cn: $cnadmin dn: ou=Hosts,$o->{var}{suffix} ou: Hosts description: OU Hosts objectClass: top objectClass: organizationalUnit dn: ou=People,$o->{var}{suffix} ou: People description: OU People objectClass: top objectClass: organizationalUnit dn: ou=Groups,$o->{var}{suffix} ou: Groups description: OU Groups objectClass: top objectClass: organizationalUnit RootLdif close($LDAP); # create config file in /etc/sysconfig/ldapwiz output($conf_file, <{var}{srv} suffix=$o->{var}{suffix} rootdn=$o->{var}{rootdn} rootpass=$o->{var}{rootpass} users=$o->{var}{defou} EOF system("chmod 700 /etc/sysconfig/ldapwiz"); } sub do_it_user_add { return if $::testing; my $uid = "10000"; while (defined(getpwuid($uid))) { $uid++; } $o->{var}{uidnb} = $uid; $o->{var}{gidnb} = $uid; ($o->{var}{code_return}, $o->{var}{error_user_add}) = add_user($o); if ($o->{var}{code_return} =~ /success/i) { $o->{var}{useraddisnogood} = "add_user_good"; } else { $o->{var}{useraddisnogood} = "add_user_nogood"; } } sub sav_conf { services::stop('ldap'); my $cmd = "slapcat -l /root/ldap-sav.ldiff"; system($cmd) == 0 or !$::testing and err_dialog(N("Error!"), N("%s Failed", $cmd)); system("cp /etc/openldap/slapd.conf /root/slapd.save"); system("rm /etc/sysconfig/ldapwiz"); system("rm -fr /var/lib/ldap/*"); } sub new { my ($class) = @_; bless $o, $class; } 1;