#include "ldapconf_defs.h" #include static char ID_AUTH[]="auth"; /* LDAP System client config Used by NSS/PAM LDAP */ void ldap_system_config() { VIEWITEMS v_ldap_sec; v_ldap_sec.setcasevar(true); LDAPPROFILE profile; /* Set default */ SSTRING client_host = "ldap"; SSTRING client_port= "389"; SSTRING client_suffix = "dc=your,dc=domain"; SSTRING client_binddn = "cn=root,dc=your,dc=domain"; SSTRING client_bindpw = ""; SSTRING client_scope = "sub"; SSTRING nss_crypt = "des"; SSTRING pam_filter = "objectclass=account"; SSTRING pam_login = "uid"; SSTRING pam_lookup = "no"; SSTRING pam_group = "cn=PAM,ou=Groups,dc=your,dc=domain"; SSTRING pam_member = "uniquemember"; SSTRING pam_crypt = "local"; char buf[256]; /* Default base */ gethostname(buf,sizeof(buf)); dns2dc(buf,sizeof(buf),1); /* Read conf */ v_ldap_sec.read (f_ldap_sec); profile.host.setfrom (get_keyval(v_ldap_sec,"host","ldap")); profile.port.setfrom (get_keyval(v_ldap_sec,"port","389")); profile.base.setfrom (get_keyval(v_ldap_sec,"base",buf)); profile.dn.setfrom (get_keyval(v_ldap_sec,"rootbinddn")); profile.pw.setfrom (get_keyval(v_ldap_sec,"bindpw")); profile.scope.setfrom (get_keyval(v_ldap_sec,"scope")); nss_crypt.setfrom (get_keyval(v_ldap_sec,"crypt")); pam_filter.setfrom (get_keyval(v_ldap_sec,"pam_filter")); pam_login.setfrom (get_keyval(v_ldap_sec,"pam_login_attribute")); pam_lookup.setfrom (get_keyval(v_ldap_sec,"pam_lookup_policy")); pam_group.setfrom (get_keyval(v_ldap_sec,"pam_groupdn")); pam_member.setfrom (get_keyval(v_ldap_sec,"pam_member_attribute")); pam_crypt.setfrom (get_keyval(v_ldap_sec,"pam_crypt")); /* Draw dialog */ DIALOG dia; dia.set_registry_id (ID_AUTH); dia.newf_title (MSG_R(I_GENERAL),1,"",""); dia.newf_str (MSG_R(F_API_HOST),profile.host); dia.newf_str (MSG_R(F_API_BASE),profile.base); dia.newf_title (MSG_R(I_LDAPBIND),1,"",""); dia.newf_str (MSG_R(F_API_DN),profile.dn); dia.newf_str (MSG_R(F_API_PW),profile.pw); dia.newf_str (MSG_R(F_API_PORT),profile.port); FIELD_COMBO *scopelist = dia.newf_combo(MSG_R(F_API_SCOPE),profile.scope); scopelist->addopt ("one"); scopelist->addopt ("base"); scopelist->addopt ("sub"); dia.newf_title (MSG_U(I_NSS_OPTIONS,"NSS"),1,"",""); FIELD_COMBO *cryptlist = dia.newf_combo(MSG_U(F_NSS_CRYPT,"libc hash"),nss_crypt); cryptlist->addopt ("des"); cryptlist->addopt ("sha"); cryptlist->addopt ("md5"); dia.newf_title (MSG_U(I_PAM_OPTIONS,"PAM"),1,"",""); dia.newf_str (MSG_U(F_PAM_FILTER,"PAM filter"),pam_filter); dia.newf_str (MSG_U(F_PAM_LOGIN,"PAM login attr"),pam_login); dia.newf_str (MSG_U(F_PAM_LOOKUP,"PAM lookup policy"),pam_lookup); dia.newf_str (MSG_U(F_PAM_GRUOP,"PAM group"),pam_group); dia.newf_str (MSG_U(F_PAM_MEMBER,"PAM member attr"),pam_member); dia.newf_str (MSG_U(F_PAM_CRYPT,"PAM crypt"),pam_crypt); /* Wait for dialog */ int nof = 0; while (1){ MENU_STATUS code = dia.edit (MSG_U(T_SYSTEM_MENU,"LDAP auth") ,MSG_U(I_SYSTEM_MENU ,"This is the binding for the system client.\nThey will be used by the system\nif you enable the LDAP NSS/PAM system.\nBe careful when configuring this.") ,help_ldapsystem ,nof); /* Exit */ if (code == MENU_CANCEL || code == MENU_ESCAPE){ break; } /* Save */ else if (code == MENU_ACCEPT){ set_keyval(v_ldap_sec,"host",profile.host.get()); set_keyval(v_ldap_sec,"port",profile.port.get()); set_keyval(v_ldap_sec,"base",profile.base.get()); set_keyval(v_ldap_sec,"rootbinddn",profile.dn.get()); set_keyval(v_ldap_sec,"bindpw",profile.pw.get()); set_keyval(v_ldap_sec,"scope",profile.scope.get()); set_keyval(v_ldap_sec,"crypt",nss_crypt.get()); set_keyval(v_ldap_sec,"pam_filter",pam_filter.get()); set_keyval(v_ldap_sec,"pam_login_attribute",pam_login.get()); set_keyval(v_ldap_sec,"pam_lookup_policy",pam_lookup.get()); set_keyval(v_ldap_sec,"pam_groupdn",pam_group.get()); set_keyval(v_ldap_sec,"pam_member_attribute",pam_member.get()); set_keyval(v_ldap_sec,"pam_crypt",pam_crypt.get()); v_ldap_sec.write (f_ldap_sec,&p_ldap_admin); break; } } } #include "modregister.h" static REGISTER_VARIABLE_LOOKUP_MSG ldapconf_var_list[]={ {"auth.host",ID_AUTH,P_MSG_R(F_API_HOST),ldap_system_config,NULL}, {"auth.base",ID_AUTH,P_MSG_R(F_API_BASE),ldap_system_config,NULL}, { NULL, NULL, NULL, NULL } }; static REGISTER_VARIABLES ldapconf_registry("ldapconf",ldapconf_var_list);