diff options
Diffstat (limited to 'perl-install')
-rw-r--r-- | perl-install/authentication.pm | 64 |
1 files changed, 46 insertions, 18 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm index 9b8d3ab09..50f6e60de 100644 --- a/perl-install/authentication.pm +++ b/perl-install/authentication.pm @@ -52,12 +52,28 @@ sub ask_parameters { } if ($kind eq 'LDAP') { - $authentication->{LDAP_server} ||= 'ldap.' . $netc->{DOMAINNAME}; - $netc->{LDAPDOMAIN} ||= domain_to_ldap_domain($netc->{DOMAINNAME}); + $authentication->{LDAP_server} ||= $netc->{HOSTNAME}; + $authentication->{LDAP_users_db} ||= domain_to_ldap_domain($netc->{DOMAINNAME}); + + my %scope = my @scope = ( + scope_one => "one", + scope_base => "base", + scope_sub => "sub", + ); + + #$netc->{LDAPDOMAIN} = $s; $in->ask_from('', - N("Authentication LDAP"), - [ { label => N("LDAP Base dn"), val => \$netc->{LDAPDOMAIN} }, - { label => N("LDAP Server"), val => \$authentication->{LDAP_server} }, + N("\nAuthentication LDAP\n"), + [ { label => N("\nServer Information :")}, + { label => N("\tLDAP Server\n"), val => \$authentication->{LDAP_server} }, + { label => N("\tUse SSL connection"), val => \$authentication->{LDAP_ssl}, type => 'bool' }, + { label => N("\nUser Base :")}, + { label => N("\tBase :"), val => \$authentication->{LDAP_users_db} }, + { label => N("\tScope :\n"), val => \$authentication->{LDAP_scope}, list => [map {$_->[0] } group_by2(@scope)], format => sub { $scope{$_[0]} } }, + { label => N("\nBind Server :")}, + { label => N("\tUse Anonymous Bind"), val => \$anonymous, type => 'bool' }, + { label => N("\tDistinguished Name"), val => \$authentication->{LDAP_user}, disabled => sub { $anonymous } }, + { label => N("\tPassword\n"), val => \$authentication->{LDAP_passwd}, disabled => sub { $anonymous } }, ]) or return; } elsif ($kind eq 'AD') { @@ -84,9 +100,9 @@ sub ask_parameters { [ { label => N("Domain"), val => \$authentication->{AD_domain} }, #{ label => N("Server"), val => \$authentication->{AD_server} }, { label => N("Server"), type => 'combo', val => \$authentication->{AD_server}, list => \@srvs , not_edit => 0 }, - { label => N("LDAP users database"), val => \$authentication->{AD_users_db} }, + { label => N("Users database"), val => \$authentication->{AD_users_db} }, { label => N("Use Anonymous BIND "), val => \$anonymous, type => 'bool' }, - { label => N("LDAP user allowed to browse the Active Directory"), val => \$AD_user, disabled => sub { $anonymous } }, + { label => N("User allowed to browse the Active Directory"), val => \$AD_user, disabled => sub { $anonymous } }, { label => N("Password for user"), val => \$authentication->{AD_password}, disabled => sub { $anonymous } }, { label => N("Encryption"), val => \$authentication->{sub_kind}, list => [ map { $_->[0] } group_by2(@sub_kinds) ], format => sub { $sub_kinds{$_[0]} } }, ]) or return; @@ -145,22 +161,34 @@ sub set { if ($kind eq 'LDAP') { $in->do_pkgs->install(qw(openldap-clients nss_ldap pam_ldap autofs)); - my $domain = $netc->{LDAPDOMAIN} || do { - my $s = run_program::rooted_get_stdout($::prefix, 'ldapsearch', '-x', '-h', $authentication->{LDAP_server}, '-b', '', '-s', 'base', '+'); - first($s =~ /namingContexts: (.+)/); - } or log::l("no ldap domain found on server $authentication->{LDAP_server}"), return; - + my $domain = $netc->{LDAPDOMAIN} || do { + my $s = run_program::rooted_get_stdout($::prefix, 'ldapsearch', '-x', '-h', $authentication->{LDAP_server}, '-b', '', '-s', 'base', '+'); + first($s =~ /namingContexts: (.+)/); + } or log::l("no ldap domain found on server $authentication->{LDAP_server}"), return; + + if ($authentication->{LDAP_ssl} eq 'on') { + my $port = '636'; + } else { + my $port = '389'; + }; + + my $scope = { + scope_base => 'base', + scope_one => 'one', + scope_sub => 'sub', + }->{$authentication->{LDAP_scope}}; + set_nsswitch_priority('ldap'); set_pam_authentication('ldap'); update_ldap_conf( host => $authentication->{LDAP_server}, - base => $domain, - port => 636, - ssl => 'on', - nss_base_shadow => "ou=People,$domain", - nss_base_passwd => "ou=People,$domain", - nss_base_group => "ou=Group,$domain", + base => $authentication->{LDAP_users_db}, + port => $port, + scope => $scope, + nss_base_shadow => $authentication->{LDAP_users_db}."?".$scope, + nss_base_passwd => $authentication->{LDAP_users_db}."?".$scope, + nss_base_group => $authentication->{LDAP_users_db}."?".$scope, ); } elsif ($kind eq 'AD') { $in->do_pkgs->install(qw(nss_ldap pam_krb5 libsasl2-plug-gssapi)); |