summaryrefslogtreecommitdiffstats
path: root/perl-install
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install')
-rw-r--r--perl-install/authentication.pm64
1 files changed, 46 insertions, 18 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index 9b8d3ab09..50f6e60de 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -52,12 +52,28 @@ sub ask_parameters {
}
if ($kind eq 'LDAP') {
- $authentication->{LDAP_server} ||= 'ldap.' . $netc->{DOMAINNAME};
- $netc->{LDAPDOMAIN} ||= domain_to_ldap_domain($netc->{DOMAINNAME});
+ $authentication->{LDAP_server} ||= $netc->{HOSTNAME};
+ $authentication->{LDAP_users_db} ||= domain_to_ldap_domain($netc->{DOMAINNAME});
+
+ my %scope = my @scope = (
+ scope_one => "one",
+ scope_base => "base",
+ scope_sub => "sub",
+ );
+
+ #$netc->{LDAPDOMAIN} = $s;
$in->ask_from('',
- N("Authentication LDAP"),
- [ { label => N("LDAP Base dn"), val => \$netc->{LDAPDOMAIN} },
- { label => N("LDAP Server"), val => \$authentication->{LDAP_server} },
+ N("\nAuthentication LDAP\n"),
+ [ { label => N("\nServer Information :")},
+ { label => N("\tLDAP Server\n"), val => \$authentication->{LDAP_server} },
+ { label => N("\tUse SSL connection"), val => \$authentication->{LDAP_ssl}, type => 'bool' },
+ { label => N("\nUser Base :")},
+ { label => N("\tBase :"), val => \$authentication->{LDAP_users_db} },
+ { label => N("\tScope :\n"), val => \$authentication->{LDAP_scope}, list => [map {$_->[0] } group_by2(@scope)], format => sub { $scope{$_[0]} } },
+ { label => N("\nBind Server :")},
+ { label => N("\tUse Anonymous Bind"), val => \$anonymous, type => 'bool' },
+ { label => N("\tDistinguished Name"), val => \$authentication->{LDAP_user}, disabled => sub { $anonymous } },
+ { label => N("\tPassword\n"), val => \$authentication->{LDAP_passwd}, disabled => sub { $anonymous } },
]) or return;
} elsif ($kind eq 'AD') {
@@ -84,9 +100,9 @@ sub ask_parameters {
[ { label => N("Domain"), val => \$authentication->{AD_domain} },
#{ label => N("Server"), val => \$authentication->{AD_server} },
{ label => N("Server"), type => 'combo', val => \$authentication->{AD_server}, list => \@srvs , not_edit => 0 },
- { label => N("LDAP users database"), val => \$authentication->{AD_users_db} },
+ { label => N("Users database"), val => \$authentication->{AD_users_db} },
{ label => N("Use Anonymous BIND "), val => \$anonymous, type => 'bool' },
- { label => N("LDAP user allowed to browse the Active Directory"), val => \$AD_user, disabled => sub { $anonymous } },
+ { label => N("User allowed to browse the Active Directory"), val => \$AD_user, disabled => sub { $anonymous } },
{ label => N("Password for user"), val => \$authentication->{AD_password}, disabled => sub { $anonymous } },
{ label => N("Encryption"), val => \$authentication->{sub_kind}, list => [ map { $_->[0] } group_by2(@sub_kinds) ], format => sub { $sub_kinds{$_[0]} } },
]) or return;
@@ -145,22 +161,34 @@ sub set {
if ($kind eq 'LDAP') {
$in->do_pkgs->install(qw(openldap-clients nss_ldap pam_ldap autofs));
- my $domain = $netc->{LDAPDOMAIN} || do {
- my $s = run_program::rooted_get_stdout($::prefix, 'ldapsearch', '-x', '-h', $authentication->{LDAP_server}, '-b', '', '-s', 'base', '+');
- first($s =~ /namingContexts: (.+)/);
- } or log::l("no ldap domain found on server $authentication->{LDAP_server}"), return;
-
+ my $domain = $netc->{LDAPDOMAIN} || do {
+ my $s = run_program::rooted_get_stdout($::prefix, 'ldapsearch', '-x', '-h', $authentication->{LDAP_server}, '-b', '', '-s', 'base', '+');
+ first($s =~ /namingContexts: (.+)/);
+ } or log::l("no ldap domain found on server $authentication->{LDAP_server}"), return;
+
+ if ($authentication->{LDAP_ssl} eq 'on') {
+ my $port = '636';
+ } else {
+ my $port = '389';
+ };
+
+ my $scope = {
+ scope_base => 'base',
+ scope_one => 'one',
+ scope_sub => 'sub',
+ }->{$authentication->{LDAP_scope}};
+
set_nsswitch_priority('ldap');
set_pam_authentication('ldap');
update_ldap_conf(
host => $authentication->{LDAP_server},
- base => $domain,
- port => 636,
- ssl => 'on',
- nss_base_shadow => "ou=People,$domain",
- nss_base_passwd => "ou=People,$domain",
- nss_base_group => "ou=Group,$domain",
+ base => $authentication->{LDAP_users_db},
+ port => $port,
+ scope => $scope,
+ nss_base_shadow => $authentication->{LDAP_users_db}."?".$scope,
+ nss_base_passwd => $authentication->{LDAP_users_db}."?".$scope,
+ nss_base_group => $authentication->{LDAP_users_db}."?".$scope,
);
} elsif ($kind eq 'AD') {
$in->do_pkgs->install(qw(nss_ldap pam_krb5 libsasl2-plug-gssapi));