[Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel BlankPanel.java, 1.2, 1.3 ChainingInstanceAuthPanel.java, 1.1.1.1, 1.2 DSEntry.java, 1.1.1.1, 1.2 NewChainingInstancePanel.java, 1.1.1.1, 1.2 NewChainingPanel.java, 1.1.1.1, 1.2
Richard Allen Megginson
rmeggins at fedoraproject.org
Tue Dec 2 15:27:40 UTC 2008
Author: rmeggins
Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv764/directoryconsole/src/com/netscape/admin/dirserv/panel
Modified Files:
BlankPanel.java ChainingInstanceAuthPanel.java DSEntry.java
NewChainingInstancePanel.java NewChainingPanel.java
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console chaining, server cleanup
Reviewed by: nkinder (Thanks!)
Fix Description: There are two sets of diffs here. The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console. I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time. We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button.
The second set of diffs is for the server.
1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism. This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values).
2) Added some more debugging/tracing code
3) The server to server SSL code would only work if the server were configured to be an SSL server. But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert. It also needs to configured some of the SSL settings and install the correct policy. I changed the server code to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes
Index: BlankPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/BlankPanel.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- BlankPanel.java 2 Jul 2007 19:44:09 -0000 1.2
+++ BlankPanel.java 2 Dec 2008 15:27:37 -0000 1.3
@@ -339,6 +339,31 @@
}
}
+ /**
+ * Reverts all DSEntries registered with the panel
+ * Mainly used by the panels that us DSEntry for
+ * display management rather than data transfer
+ * Usually, the remoteToLocal is used to refresh
+ * the model from the server, but this takes the
+ * short cut of using revert to just replace the
+ * model with the original model stored in the DSEntry
+ * then to use show to "flush" the model to the view
+ */
+ protected void revertAll () {
+ Enumeration values = _componentMapDSEntryTable.elements();
+ while ( values.hasMoreElements() ) {
+ Vector v = (Vector)values.nextElement();
+ Enumeration entries = v.elements();
+ while( entries.hasMoreElements() ) {
+ DSEntry entry = (DSEntry)entries.nextElement();
+ if (entry != null) {
+ entry.revert();
+ entry.show();
+ }
+ }
+ }
+ }
+
/* Validates all elements of the panel */
private void validateAll () {
int result;
Index: ChainingInstanceAuthPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/ChainingInstanceAuthPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ChainingInstanceAuthPanel.java 18 Jul 2005 00:55:53 -0000 1.1.1.1
+++ ChainingInstanceAuthPanel.java 2 Dec 2008 15:27:37 -0000 1.2
@@ -28,8 +28,6 @@
import javax.swing.event.*;
import com.netscape.admin.dirserv.*;
import com.netscape.management.client.*;
-import com.netscape.management.client.util.AbstractDialog;
-import com.netscape.management.client.util.Debug;
import com.netscape.management.client.util.*;
import netscape.ldap.*;
import netscape.ldap.util.DN;
@@ -71,6 +69,7 @@
createComment( _myPanel );
checkComment();
addBottomGlue();
+ showAll();
_isInitialized = true;
}
@@ -153,8 +152,6 @@
_lcommentAciLabel = makeJLabel( _section,
"proxy-help-aci" );
- _lcommentAci = new JLabel();
-
_tfaCommentAci = new JTextArea( 3, 10);
_lcommentAciLabel.setLabelFor(_tfaCommentAci);
_tfaCommentAci.setWrapStyleWord( true );
@@ -220,6 +217,29 @@
pgbc.weightx = 1;
panel.add( _lSuffixText, pgbc);
+ pgbc.gridy++;
+ pgbc.gridx = 0;
+ pgbc.fill = pgbc.NONE;
+ pgbc.weightx = 0;
+ pgbc.anchor = pgbc.EAST;
+ panel.add( _lConnType, pgbc);
+
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _noEncrypt, pgbc);
+
+ pgbc.gridy++;
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _sslEncrypt, pgbc);
+
+ pgbc.gridy++;
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _tlsEncrypt, pgbc);
pgbc.gridy++;
pgbc.gridx = 0;
@@ -228,7 +248,37 @@
_lnsfarmserverurl,
_tfnsfarmserverurl);
- pgbc.gridy++;
+ pgbc.gridy++;
+ pgbc.gridx = 0;
+ pgbc.fill = pgbc.NONE;
+ pgbc.weightx = 0;
+ pgbc.anchor = pgbc.EAST;
+ panel.add( _authMechLabel, pgbc);
+
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _sslAuth, pgbc);
+
+ pgbc.gridy++;
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _gssapiAuth, pgbc);
+
+ pgbc.gridy++;
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _digestAuth, pgbc);
+
+ pgbc.gridy++;
+ pgbc.gridx = 1;
+ pgbc.anchor = pgbc.WEST;
+ pgbc.weightx = 1;
+ panel.add( _simpleAuth, pgbc);
+
+ pgbc.gridy++;
pgbc.gridx = 0;
addEntryField( panel,
pgbc,
@@ -266,10 +316,12 @@
STRETCH_FIELDS ? ((label2 != null) ? label2 : field) : endGlue;
gbc.fill = gbc.NONE;
gbc.weightx = 0.0;
+ int gridwidth = gbc.gridwidth;
gbc.gridwidth = 1;
// gbc.gridx = 0;
gbc.anchor = gbc.EAST;
int space = UIFactory.getComponentSpace();
+ Insets insets = gbc.insets;
gbc.insets = new Insets( space, space, 0, space/2 );
panel.add( label, gbc );
@@ -300,6 +352,9 @@
gbc.gridwidth = gbc.REMAINDER;
panel.add( endGlue, gbc );
}
+ // restore previous values
+ gbc.insets = insets;
+ gbc.gridwidth = gridwidth;
}
/**
@@ -328,24 +383,112 @@
entries = new DSEntrySet( false );
setDSEntrySet( entries );
+
+ _lConnType = makeJLabel( _comsection, "conntype" );
- /* nsmultiplexorbinddn */
+ ButtonGroup connGroup = new ButtonGroup();
+ _noEncrypt = makeJRadioButton( _comsection, "url-ldap" );
+ _noEncrypt.setSelected(true); // default is on
+ connGroup.add(_noEncrypt);
+
+ _sslEncrypt = makeJRadioButton( _comsection, "url-ldaps" );
+ connGroup.add(_sslEncrypt);
+
+ _tlsEncrypt = makeJRadioButton( _comsection, "url-starttls" );
+ connGroup.add(_tlsEncrypt);
+
+ /* add DSEntry to correctly update field
+ coloring and buttons enabling/disabling */
+ _ldapDSEntry = new DSEntryBoolean ("on", _noEncrypt);
+ setComponentTable(_noEncrypt, _ldapDSEntry);
+ _sslDSEntry = new DSEntryBoolean ("off", _sslEncrypt);
+ setComponentTable(_sslEncrypt, _sslDSEntry);
+ _tlsDSEntry = new DSEntryBoolean ("off", _tlsEncrypt);
+ setComponentTable(_tlsEncrypt, _tlsDSEntry);
+
+ entryurl = getAttrVal( NSFARMSERVERURL_ATTR );
+ boolean ssl = (entryurl != null) &&
+ entryurl.toLowerCase().startsWith("ldaps");
+ _sslEncrypt.setSelected(ssl);
+ _sslDSEntry.fakeInitModel(ssl ? "on" : "off");
+ // set starttls initial value
+ useStartTLS = getAttrVal( NSUSESTARTTLS_ATTR );
+ // cannot use starttls with ldaps
+ boolean tls = !ssl && (useStartTLS != null) &&
+ useStartTLS.equalsIgnoreCase("on");
+ _tlsEncrypt.setSelected(tls);
+ _tlsDSEntry.fakeInitModel(tls ? "on" : "off");
+ _noEncrypt.setSelected(!ssl && !tls);
+ _ldapDSEntry.fakeInitModel((!ssl && !tls) ? "on" : "off");
+
+ _authMechLabel = makeJLabel( _comsection, "authmech" );
+
+ //ssl auth radio button
+ ButtonGroup authGroup = new ButtonGroup();
+ _sslAuth = makeJRadioButton( _comsection, "authmech-sslcert" );
+ _sslAuth.setEnabled(false); // because default is plain ldap
+ authGroup.add(_sslAuth);
+
+ _gssapiAuth = makeJRadioButton( _comsection, "authmech-gssapi" );
+ authGroup.add(_gssapiAuth);
+
+ _digestAuth = makeJRadioButton( _comsection, "authmech-digest" );
+ authGroup.add(_digestAuth);
+
+ _simpleAuth = makeJRadioButton( _comsection, "authmech-simple" );
+ _simpleAuth.setSelected(true); // default auth mech
+ authGroup.add(_simpleAuth);
+
+ /* add DSEntry to correctly update field
+ coloring and buttons enabling/disabling */
+ _sslAuthDSEntry = new DSEntryBoolean ("off", _sslAuth);
+ setComponentTable(_sslAuth, _sslAuthDSEntry);
+ _gssapiAuthDSEntry = new DSEntryBoolean ("off", _gssapiAuth);
+ setComponentTable(_gssapiAuth, _gssapiAuthDSEntry);
+ _digestAuthDSEntry = new DSEntryBoolean ("off", _digestAuth);
+ setComponentTable(_digestAuth, _digestAuthDSEntry);
+ _simpAuthDSEntry = new DSEntryBoolean ("on", _simpleAuth);
+ setComponentTable(_simpleAuth, _simpAuthDSEntry);
+
+ bindMech = getAttrVal( NSBINDMECHANISM_ATTR );
+ boolean simpauth = (bindMech == null) || bindMech.equalsIgnoreCase("SIMPLE");
+ boolean sslauth = (bindMech != null) && bindMech.equalsIgnoreCase("EXTERNAL");
+ boolean gssapi = (bindMech != null) && bindMech.equalsIgnoreCase("GSSAPI");
+ boolean digest = (bindMech != null) && bindMech.equalsIgnoreCase("DIGEST-MD5");
+ if (!ssl && !tls) {
+ sslauth = false;
+ _sslAuth.setEnabled(false);
+ }
+ if (ssl || tls) {
+ gssapi = false;
+ _gssapiAuth.setEnabled(false);
+ }
+ _sslAuth.setSelected(sslauth);
+ _sslAuthDSEntry.fakeInitModel(sslauth ? "on" : "off");
+ _gssapiAuth.setSelected(gssapi);
+ _gssapiAuthDSEntry.fakeInitModel(gssapi ? "on" : "off");
+ _digestAuth.setSelected(digest);
+ _digestAuthDSEntry.fakeInitModel(digest ? "on" : "off");
+ // if one of the other auth was selected, but it would be
+ // invalid to use them, just default to simple auth
+ simpauth = simpauth || (!sslauth && !gssapi && !digest);
+ _simpleAuth.setSelected(simpauth);
+ _simpAuthDSEntry.fakeInitModel(simpauth ? "on" : "off");
+
+ /* nsmultiplexorbinddn */
_tfnsmultiplexorbinddn = makeJTextField( _section,
"nsmultiplexorbinddn" );
_lnsmultiplexorbinddn = makeJLabel( _section,
"nsmultiplexorbinddn" );
_lnsmultiplexorbinddn.setLabelFor(_tfnsmultiplexorbinddn);
- LDAPAttribute binddn =
- _chEntry.getAttribute( NSMULTIPLEXORBINDDN_ATTR );
- _isBindDNExist = ( binddn != null );
-
- DSEntryDN _nsmultiplexorbinddn =
- new DSEntryDN("",
+ AbstractButton ary[] = {_sslAuth, _gssapiAuth};
+ bindDSEntry _nsmultiplexorbinddn =
+ new bindDSEntry("",
_tfnsmultiplexorbinddn,
_lnsmultiplexorbinddn,
NSMULTIPLEXORBINDDN_ATTR,
- _model );
+ _model, ary );
entries.add( _dnEntry,
NSMULTIPLEXORBINDDN_ATTR,
_nsmultiplexorbinddn );
@@ -364,23 +507,20 @@
makeJLabel( _section,
"confirmcredentials" );
_lConfirmPassword.setLabelFor(_pfConfirmPassword);
- LDAPAttribute passwd =
- _chEntry.getAttribute( NSMULTIPLEXORCREDENTIALS_ATTR );
- _isPasswdExist = ( passwd != null );
- DSEntryConfirmPassword dsEntryConfirm =
- new DSEntryConfirmPassword("",
+ confirmPwdDSEntry dsEntryConfirm =
+ new confirmPwdDSEntry("",
_pfConfirmPassword,
_lConfirmPassword,
_pfnsmultiplexorcredentials,
- 1);
+ 1, ary);
setComponentTable(_pfConfirmPassword, dsEntryConfirm);
- DSEntryPassword dsEntryPwd =
- new DSEntryPassword("",
+ pwdDSEntry dsEntryPwd =
+ new pwdDSEntry("",
_pfnsmultiplexorcredentials,
_lnsmultiplexorcredentials,
dsEntryConfirm,
- 1);
+ 1, ary);
setComponentTable(_pfConfirmPassword, dsEntryPwd);
entries.add(_dnEntry,
NSMULTIPLEXORCREDENTIALS_ATTR,
@@ -392,8 +532,8 @@
_lnsfarmserverurl = makeJLabel( _section,
"nsfarmserverurl" );
_lnsfarmserverurl.setLabelFor(_tfnsfarmserverurl);
- DSEntryText _nsfarmserverurl =
- new DSEntryText("",
+ urlDSEntry _nsfarmserverurl =
+ new urlDSEntry("",
_tfnsfarmserverurl,
_lnsfarmserverurl );
entries.add( _dnEntry,
@@ -404,11 +544,88 @@
entrybind = getAttrVal( NSMULTIPLEXORBINDDN_ATTR );
entrypwd = getAttrVal( NSMULTIPLEXORCREDENTIALS_ATTR );
- entryurl = getAttrVal( NSFARMSERVERURL_ATTR );
}
- private void checkComment() {
+ private void enableSimpleAuth (boolean enable){
+ _lnsmultiplexorbinddn.setEnabled(enable);
+ _tfnsmultiplexorbinddn.setEnabled(enable);
+ _lnsmultiplexorcredentials.setEnabled(enable);
+ _pfnsmultiplexorcredentials.setEnabled(enable);
+ _pfnsmultiplexorcredentials.setBackground(_tfnsmultiplexorbinddn.getBackground());
+ _lConfirmPassword.setEnabled(enable);
+ _pfConfirmPassword.setEnabled(enable);
+ _pfConfirmPassword.setBackground(_tfnsmultiplexorbinddn.getBackground());
+ }
+
+ /* We need to intercept the conn type and auth type buttons in order
+ * to enable/disable various combinations of them
+ * @see com.netscape.admin.dirserv.panel.BlankPanel#actionPerformed(java.awt.event.ActionEvent)
+ */
+ public void actionPerformed(ActionEvent e) {
+ if (e.getSource().equals(_sslAuth) && _sslAuth.isSelected()) {
+ //disable
+ enableSimpleAuth (false);
+ }
+ if (e.getSource().equals(_gssapiAuth) && _gssapiAuth.isSelected()) {
+ // enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_simpleAuth) && _simpleAuth.isSelected()) {
+ //enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_digestAuth) && _digestAuth.isSelected()) {
+ //enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) {
+ //disable
+ _sslAuth.setEnabled(false);
+ if (_sslAuth.isSelected()) {
+ // have to select something else
+ _simpleAuth.setSelected(true);
+ }
+ enableSimpleAuth(true);
+ _gssapiAuth.setEnabled(true);
+ _digestAuth.setEnabled(true);
+ String url = _tfnsfarmserverurl.getText();
+ if (url.startsWith("ldaps://")) {
+ url = url.replaceFirst("ldaps://", "ldap://");
+ _tfnsfarmserverurl.setText(url);
+ }
+ }
+ boolean ssl_selected = false;
+ if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) {
+ ssl_selected = true;
+ String url = _tfnsfarmserverurl.getText();
+ if (url.startsWith("ldap://")) {
+ url = url.replaceFirst("ldap://", "ldaps://");
+ _tfnsfarmserverurl.setText(url);
+ }
+ }
+ if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) {
+ ssl_selected = true;
+ String url = _tfnsfarmserverurl.getText();
+ if (url.startsWith("ldaps://")) {
+ url = url.replaceFirst("ldaps://", "ldap://");
+ _tfnsfarmserverurl.setText(url);
+ }
+ }
+ if (ssl_selected) {
+ _sslAuth.setEnabled(true);
+ _gssapiAuth.setEnabled(false);
+ if (_gssapiAuth.isSelected()) {
+ // have to select something else
+ _simpleAuth.setSelected(true);
+ enableSimpleAuth(true);
+ }
+ }
+
+ super.actionPerformed(e);
+ }
+
+ private void checkComment() {
String usr = _tfnsmultiplexorbinddn.getText();
String suf = _chEntry.getAttribute( SUFFIX_ATTR_NAM ).getStringValueArray()[0];
String aci = "(targetattr = \"*\")" +
@@ -422,121 +639,57 @@
_tfaCommentAci.setText( aci );
}
+
+ private void checkURL(DocumentEvent e) {
+ if (!e.getDocument().equals(_tfnsfarmserverurl.getDocument())) {
+ return;
+ }
+ String url = _tfnsfarmserverurl.getText();
+ if (url != null) {
+ // user typed in ldap url
+ if (url.startsWith("ldap://") && _sslEncrypt.isSelected()) {
+ if (_sslAuth.isSelected()) {
+ _tlsEncrypt.setSelected(true); // preserve security setting
+ } else {
+ _noEncrypt.setSelected(true);
+ _sslAuth.setEnabled(false);
+ _gssapiAuth.setEnabled(true);
+ enableSimpleAuth(true);
+ }
+ }
+ // user typed in ldaps url
+ if (url.startsWith("ldaps://") && !_sslEncrypt.isSelected()) {
+ _sslEncrypt.setSelected(true);
+ if (!_sslAuth.isSelected()) {
+ _sslAuth.setEnabled(true);
+ _gssapiAuth.setEnabled(false);
+ enableSimpleAuth(true);
+ }
+ }
+ }
+ }
public void changedUpdate(DocumentEvent e) {
+ checkURL(e);
super.changedUpdate( e );
- if((e.getDocument() ==
- _pfnsmultiplexorcredentials.getDocument()) ||
- (e.getDocument() ==
- _pfConfirmPassword.getDocument())) {
- _isPasswdExist = true;
- }
modelUpdate();
}
public void insertUpdate(DocumentEvent e) {
- super.changedUpdate( e );
+ checkURL(e);
+ super.insertUpdate( e );
modelUpdate();
}
public void removeUpdate(DocumentEvent e) {
+ checkURL(e);
super.removeUpdate( e );
modelUpdate();
}
private void modelUpdate(){
- checkValues();
- checkOkay();
checkComment();
}
- private void checkValues() {
-
- _isBindDNValid = DN.isDN( _tfnsmultiplexorbinddn.getText());
-
- if( entrybind == null ) {
- _isBindDNDirty = ( _tfnsmultiplexorbinddn.getText().trim().length() != 0);
- } else {
- _isBindDNDirty = (entrybind.compareTo( _tfnsmultiplexorbinddn.getText()) != 0 );
- }
-
- if(_isBindDNValid){
- if(_isBindDNDirty){
- setChangeState( _lnsmultiplexorbinddn, CHANGE_STATE_MODIFIED );
- } else {
- setChangeState( _lnsmultiplexorbinddn, CHANGE_STATE_UNMODIFIED );
- }
- } else {
- setChangeState( _lnsmultiplexorbinddn,
- CHANGE_STATE_ERROR);
- }
-
- String pwd = new String( _pfnsmultiplexorcredentials.getPassword());
- String confpwd = new String( _pfConfirmPassword.getPassword());
- _isPasswdValid = ( pwd.compareTo( confpwd ) == 0);
- if ( entrypwd == null ) {
- _isPasswdDirty = (pwd.trim().compareTo("") != 0);
- } else {
- _isPasswdDirty = (entrypwd.compareTo( pwd ) != 0);
- }
-
- if(_isPasswdValid) {
- if ( _isPasswdDirty ){
- setChangeState( _lnsmultiplexorcredentials,
- CHANGE_STATE_MODIFIED);
- setChangeState( _lConfirmPassword,
- CHANGE_STATE_MODIFIED);
- } else {
- setChangeState( _lnsmultiplexorcredentials,
- CHANGE_STATE_UNMODIFIED );
- setChangeState( _lConfirmPassword,
- CHANGE_STATE_UNMODIFIED );
- }
- } else {
- setChangeState( _lnsmultiplexorcredentials,
- CHANGE_STATE_ERROR);
- setChangeState( _lConfirmPassword,
- CHANGE_STATE_ERROR);
- }
-
- _isURLDirty = (entryurl.compareTo( _tfnsfarmserverurl.getText()) != 0);
- _isURLValid = valideChainingURL( _tfnsfarmserverurl.getText() );
- if(_isURLValid){
- if(_isURLDirty) {
- setChangeState( _lnsfarmserverurl,
- CHANGE_STATE_MODIFIED);
- } else {
- setChangeState( _lnsfarmserverurl,
- CHANGE_STATE_UNMODIFIED );
- }
- } else {
- setChangeState( _lnsfarmserverurl,
- CHANGE_STATE_ERROR);
- }
- }
-
- public boolean valideChainingURL( String url ){
- boolean ok;
- if(( url == null) || (url.length() == 0)){
- return false;
- }
- ok = ( url.startsWith("ldap://") || url.startsWith("ldaps://") );
- ok = ok && ( url.endsWith("/"));
- return( ok );
- }
-
- /**
- * Enable/disable OK button
- *
- * @param ok true to enable the OK button
- */
- private void setOkay( boolean ok ) {
- if( ok ) {
- setValidFlag();
- } else {
- clearValidFlag();
- }
- }
-
private String getAttrVal( String attrName ) {
if ( _chEntry != null ) {
LDAPAttribute attr = _chEntry.getAttribute( attrName );
@@ -548,166 +701,226 @@
}
return null;
}
-
- private void checkDirtyFlag(){
- boolean dirty = _isBindDNDirty || _isPasswdDirty || _isURLDirty;
- if ( dirty ) {
- setDirtyFlag();
- } else {
- clearDirtyFlag();
- }
- }
-
- private void checkOkay() {
- boolean ok = (_isBindDNValid && _isPasswdValid && _isURLValid );
- checkDirtyFlag();
- setOkay( ok);
+
+ public void resetCallback() {
+ revertAll();
+ if (_noEncrypt.isSelected()) {
+ //disable
+ _sslAuth.setEnabled(false);
+ if (_sslAuth.isSelected()) {
+ // have to select something else
+ _simpleAuth.setSelected(true);
+ }
+ enableSimpleAuth(true);
+ _gssapiAuth.setEnabled(true);
+ _digestAuth.setEnabled(true);
+ String url = _tfnsfarmserverurl.getText();
+ if (url.startsWith("ldaps://")) {
+ url = url.replaceFirst("ldaps://", "ldap://");
+ _tfnsfarmserverurl.setText(url);
+ }
+ }
+ boolean ssl_selected = false;
+ if (_sslEncrypt.isSelected()) {
+ ssl_selected = true;
+ String url = _tfnsfarmserverurl.getText();
+ if (url.startsWith("ldap://")) {
+ url = url.replaceFirst("ldap://", "ldaps://");
+ _tfnsfarmserverurl.setText(url);
+ }
+ }
+ if (_tlsEncrypt.isSelected()) {
+ ssl_selected = true;
+ String url = _tfnsfarmserverurl.getText();
+ if (url.startsWith("ldaps://")) {
+ url = url.replaceFirst("ldaps://", "ldap://");
+ _tfnsfarmserverurl.setText(url);
+ }
+ }
+ if (ssl_selected) {
+ _sslAuth.setEnabled(true);
+ _gssapiAuth.setEnabled(false);
+ if (_gssapiAuth.isSelected()) {
+ // have to select something else
+ _simpleAuth.setSelected(true);
+ enableSimpleAuth(true);
+ }
+ }
+ super.resetCallback();
}
-
public void okCallback() {
LDAPConnection ldc = _model.getServerInfo().getLDAPConnection();
- if( _isBindDNDirty){
- String bindn = _tfnsmultiplexorbinddn.getText();
- String bindnL[] = { bindn };
- boolean deleted = false;
- LDAPModificationSet attrs = new LDAPModificationSet();
-
- if(( bindn == null) ||
- ( bindn.length() == 0)) {
- deleted = true;
- attrs.add(LDAPModification.DELETE,
- new LDAPAttribute(NSMULTIPLEXORBINDDN_ATTR));
-
- } else if( ! _isBindDNExist) {
- attrs.add(LDAPModification.ADD,
- new LDAPAttribute( NSMULTIPLEXORBINDDN_ATTR,
- bindnL));
- } else {
- attrs.add(LDAPModification.REPLACE,
- new LDAPAttribute( NSMULTIPLEXORBINDDN_ATTR,
- bindnL));
- }
- try {
- ldc.modify( _chEntry.getDN(), attrs );
- clearDirtyFlag();
- _isBindDNDirty = false;
- _isBindDNExist = !deleted;
- entrybind = bindn;
- /*
- DSEntryDN _nsmultiplexorbinddn =
- new DSEntryDN("",
- _tfnsmultiplexorbinddn,
- _lnsmultiplexorbinddn,
- NSMULTIPLEXORBINDDN_ATTR,
- _model );
- entries.add( _dnEntry,
- NSMULTIPLEXORBINDDN_ATTR,
- _nsmultiplexorbinddn );
- setComponentTable( _tfnsmultiplexorbinddn,
- _nsmultiplexorbinddn );
- */
- } catch (LDAPException e) {
- String[] args_m = { _chEntry.getDN(), e.toString() };
- DSUtil.showErrorDialog( getModel().getFrame(),
- "update-binddn-error",
- args_m,
- _section );
- }
- }
+ int errors = 0;
- if( _isPasswdDirty ){
- String pwd = new String( _pfnsmultiplexorcredentials.getPassword());
- String pwdL[] = { pwd };
- boolean deleted = false;
- LDAPModificationSet attrs = new LDAPModificationSet();
- if (( pwd == null) || ( pwd.length() == 0)){
- deleted = true;
- attrs.add(LDAPModification.DELETE,
- new LDAPAttribute( NSMULTIPLEXORCREDENTIALS_ATTR));
- } else if( !_isPasswdExist ) {
- attrs.add(LDAPModification.ADD,
- new LDAPAttribute( NSMULTIPLEXORCREDENTIALS_ATTR,
- pwdL ));
- } else {
- attrs.add(LDAPModification.REPLACE,
- new LDAPAttribute( NSMULTIPLEXORCREDENTIALS_ATTR,
- pwdL ));
- }
- try {
- ldc.modify( _chEntry.getDN(), attrs );
- clearDirtyFlag();
- _isPasswdDirty = false;
- _isPasswdExist = ! deleted;
- entrypwd = pwd;
- /*
- DSEntryConfirmPassword dsEntryConfirm =
- new DSEntryConfirmPassword("",
- _pfConfirmPassword,
- _lConfirmPassword,
- _pfnsmultiplexorcredentials,
- 1);
- setComponentTable(_pfConfirmPassword, dsEntryConfirm);
-
- DSEntryPassword dsEntryPwd =
- new DSEntryPassword("",
- _pfnsmultiplexorcredentials,
- _lnsmultiplexorcredentials,
- dsEntryConfirm,
- 1);
- setComponentTable(_pfConfirmPassword, dsEntryPwd);
- entries.add(_dnEntry,
- NSMULTIPLEXORCREDENTIALS_ATTR,
- dsEntryPwd);
- */
- } catch (LDAPException e) {
- String[] args_m = { _chEntry.getDN(), e.toString() };
- DSUtil.showErrorDialog( getModel().getFrame(),
- "update-passwd-error",
- args_m,
- _section );
-
- }
- }
+ // need to update nsUseStartTLS?
+ if (_tlsDSEntry.getDirty()) {
+ useStartTLS = _tlsEncrypt.isSelected() ? "on" : "off";
+ LDAPModificationSet attrs = new LDAPModificationSet();
+ attrs.add(LDAPModification.REPLACE,
+ new LDAPAttribute( NSUSESTARTTLS_ATTR,
+ useStartTLS ));
+ try {
+ ldc.modify( _chEntry.getDN(), attrs );
+ _ldapDSEntry.reset();
+ _sslDSEntry.reset();
+ _tlsDSEntry.reset();
+ } catch (LDAPException e) {
+ errors++;
+ String[] args_m = { _chEntry.getDN(), e.toString() };
+ DSUtil.showErrorDialog( getModel().getFrame(),
+ "update-starttls-error",
+ args_m,
+ _section );
+ }
+ }
+
+ if (_simpAuthDSEntry.getDirty() || _sslAuthDSEntry.getDirty() ||
+ _gssapiAuthDSEntry.getDirty() || _digestAuthDSEntry.getDirty()) {
+ if (_sslAuth.isSelected()) {
+ bindMech = "EXTERNAL";
+ }
+ if (_gssapiAuth.isSelected()) {
+ bindMech = "GSSAPI";
+ }
+ if (_digestAuth.isSelected()) {
+ bindMech = "DIGEST-MD5";
+ }
+ if (_simpleAuth.isSelected()) {
+ bindMech = "SIMPLE";
+ }
+ LDAPModificationSet attrs = new LDAPModificationSet();
+ attrs.add( LDAPModification.REPLACE,
+ new LDAPAttribute ( NSBINDMECHANISM_ATTR,
+ bindMech ));
+ try {
+ ldc.modify( _chEntry.getDN(), attrs );
+ _simpAuthDSEntry.reset();
+ _sslAuthDSEntry.reset();
+ _gssapiAuthDSEntry.reset();
+ _digestAuthDSEntry.reset();
+ } catch (LDAPException e) {
+ errors++;
+ String[] args_m = { _chEntry.getDN(), e.toString() };
+ DSUtil.showErrorDialog( getModel().getFrame(),
+ "update-bindmech-error",
+ args_m,
+ _section );
+ }
+ }
+ super.okCallback();
+ // clear dirty flag if all changes saved successfully
+ if (errors == 0) {
+ clearDirtyFlag();
+ }
+ }
+
+ class urlDSEntry extends DSEntryTextStrict
+ {
+ urlDSEntry(String model, JComponent view1, JComponent view2) {
+ super (model, view1, view2);
+ }
+
+ public int validate (){
+ JTextField tf = (JTextField) getView (0);
+ String url = tf.getText ();
+
+ boolean ok = (url != null) && (url.length() > 0);
+ ok = ok && ( url.startsWith("ldap://") || url.startsWith("ldaps://") );
+ ok = ok && ( url.endsWith("/"));
+ return ok ? 0 : 1;
+ }
+ }
- String url = _tfnsfarmserverurl.getText();
- String urlL[] = { url };
- if ( _isURLDirty ) {
- LDAPModificationSet attrs = new LDAPModificationSet();
- attrs.add(LDAPModification.REPLACE,
- new LDAPAttribute( NSFARMSERVERURL_ATTR,
- urlL ));
- try {
- ldc.modify( _chEntry.getDN(), attrs );
- clearDirtyFlag();
- _isURLDirty = false;
- _isURLValid = true;
- entryurl = url;
- } catch (LDAPException e) {
- String[] args_m = { _chEntry.getDN(), e.toString() };
- DSUtil.showErrorDialog( getModel().getFrame(),
- "update-passwd-error",
- args_m,
- _section );
- }
-
- }
- // super.okCallback();
- }
-
- public void resetCallback() {
- _isPasswdDirty = false;
- if( ! _isBindDNExist ){
- _tfnsmultiplexorbinddn.setText("");
- }
- if( ! _isPasswdExist ){
- _pfnsmultiplexorcredentials.setText("");
- _pfConfirmPassword.setText("");
- }
- super.resetCallback();
- }
-
- private IDSModel _model = null;
+ class bindDSEntry extends DSEntryDN
+ {
+ private AbstractButton ary[];
+
+ bindDSEntry( String model, JComponent view1, JComponent view2,
+ String attrName, IDSModel dsModel, AbstractButton ary[] ) {
+ super (model, view1, view2, attrName, dsModel);
+ this.ary = ary;
+ }
+
+ public int validate (){
+ JTextField tf = (JTextField) getView (0);
+
+ /* disabled field is always valid */
+ if (!tf.isEnabled ())
+ return 0;
+
+ // skip check if any of these buttons are
+ // selected
+ for (int ii = 0; ii < ary.length; ++ii) {
+ if (ary[ii].isSelected()) {
+ return 0;
+ }
+ }
+
+ return super.validate();
+ }
+ }
+
+ class pwdDSEntry extends DSEntryPassword
+ {
+ private AbstractButton ary[];
+
+ pwdDSEntry(String model, JPasswordField pfPwd,
+ JLabel lPwd,
+ DSEntryConfirmPassword dsEntryConfirm,
+ int minLength, AbstractButton ary[]) {
+ super (model, pfPwd, lPwd, dsEntryConfirm, minLength);
+ this.ary = ary;
+ }
+
+ public int validate (){
+ JTextField tf = (JTextField) getView (0);
+
+ /* disabled field is always valid */
+ if (!tf.isEnabled ())
+ return 0;
+
+ // skip check if any of these buttons are
+ // selected
+ for (int ii = 0; ii < ary.length; ++ii) {
+ if (ary[ii].isSelected()) {
+ return 0;
+ }
+ }
+
+ return super.validate();
+ }
+ }
+
+ class confirmPwdDSEntry extends DSEntryConfirmPassword {
+ private AbstractButton ary[];
+
+ confirmPwdDSEntry(String model, JPasswordField pfConfirm,
+ JLabel confirm, JPasswordField pfPwd, int minLength, AbstractButton ary[]) {
+ super(model, pfConfirm, confirm, pfPwd, minLength);
+ this.ary = ary;
+ }
+
+ public int validate (){
+ JTextField tf = (JTextField) getView (0);
+
+ /* disabled field is always valid */
+ if (!tf.isEnabled ())
+ return 0;
+
+ // skip check if any of these buttons are
+ // selected
+ for (int ii = 0; ii < ary.length; ++ii) {
+ if (ary[ii].isSelected()) {
+ return 0;
+ }
+ }
+
+ return super.validate();
+ }
+ }
+
+ private IDSModel _model = null;
private LDAPEntry _chEntry = null;
private String _dnEntry;
@@ -727,32 +940,40 @@
private JLabel _lcommentUsrLabel;
private JLabel _lcommentUsr;
private JLabel _lcommentAciLabel;
- private JLabel _lcommentAci;
private JTextArea _tfaCommentAci;
-
- private boolean _isPasswdExist;
- private boolean _isBindDNExist;
- private boolean _isPasswdValid = true;
- private boolean _isBindDNValid = true;
- private boolean _isPasswdDirty = false;
- private boolean _isBindDNDirty = false;
- private boolean _isURLValid = true;
- private boolean _isURLDirty = false;
+ private JLabel _lConnType;
+ private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt;
+ private JLabel _authMechLabel;
+ private JRadioButton _simpleAuth, _sslAuth, _gssapiAuth, _digestAuth;
private DSEntrySet entries;
+ private DSEntryBoolean _ldapDSEntry;
+ private DSEntryBoolean _sslDSEntry;
+ private DSEntryBoolean _tlsDSEntry;
+ private DSEntryBoolean _sslAuthDSEntry = null;
+ private DSEntryBoolean _simpAuthDSEntry = null;
+ private DSEntryBoolean _gssapiAuthDSEntry = null;
+ private DSEntryBoolean _digestAuthDSEntry = null;
private String entrybind;
private String entrypwd;
private String entryurl;
+ private String bindMech;
+ private String useStartTLS;
private static final String _section = "chaining-instance-auth";
+ private static final String _comsection = "newchaining";
private static final String NSMULTIPLEXORBINDDN_ATTR =
"nsmultiplexorbinddn";
private static final String NSMULTIPLEXORCREDENTIALS_ATTR =
"nsmultiplexorcredentials" ;
private static final String NSFARMSERVERURL_ATTR =
"nsfarmserverurl";
+ private static final String NSUSESTARTTLS_ATTR =
+ "nsusestarttls";
+ private static final String NSBINDMECHANISM_ATTR =
+ "nsbindmechanism";
private static final String SUFFIX_ATTR_NAM= "nsslapd-suffix";
private static final String SUFFIX_ATTR_NULL="";
Index: DSEntry.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/DSEntry.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DSEntry.java 18 Jul 2005 00:55:54 -0000 1.1.1.1
+++ DSEntry.java 2 Dec 2008 15:27:37 -0000 1.2
@@ -408,6 +408,19 @@
}
/**
+ * This function can be called from a panel Reset button, to revert
+ * the model back to the original model. After calling this, the
+ * panel should show() to change the UI components back to their
+ * original states
+ */
+
+ public void revert () {
+ dirty = false;
+ _model=null;
+ _model = (Vector)_origModel.clone();
+ }
+
+ /**
* This method updates the view to reflect the contents of the
* local model. This must be defined for the particular model/view combo
*
Index: NewChainingInstancePanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/NewChainingInstancePanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- NewChainingInstancePanel.java 18 Jul 2005 00:56:01 -0000 1.1.1.1
+++ NewChainingInstancePanel.java 2 Dec 2008 15:27:37 -0000 1.2
@@ -121,6 +121,15 @@
_instanceNameText.setText( "New Chaining" );
HostPanel.add( _instanceNameText, HLgbc );
+ _authMechLabel = makeJLabel( _section, "authmech" );
+ HLgbc.gridy++;
+ HLgbc.gridx = 0;
+ HLgbc.gridwidth = 1;
+ HLgbc.fill = HLgbc.NONE;
+ HLgbc.weightx = 0;
+ HLgbc.anchor = HLgbc.EAST;
+ HostPanel.add( _authMechLabel, HLgbc );
+
_bindDNLabel = makeJLabel( _section, "bind-DN" );
HLgbc.gridy++;
HLgbc.gridx = 0;
@@ -1074,7 +1083,7 @@
}
private JTextField _instanceNameText;
- private JLabel _instanceNameLabel;
+ private JLabel _instanceNameLabel, _authMechLabel;
private JTextField _mappingNameText;
private JLabel _mappingNameLabel;
private JTextField _NewNodeText;
Index: NewChainingPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/NewChainingPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- NewChainingPanel.java 18 Jul 2005 00:56:01 -0000 1.1.1.1
+++ NewChainingPanel.java 2 Dec 2008 15:27:37 -0000 1.2
@@ -26,13 +26,14 @@
import javax.swing.border.*;
import javax.swing.event.*;
import javax.swing.text.*;
-import netscape.ldap.LDAPUrl;
import netscape.ldap.*;
import netscape.ldap.util.*;
import com.netscape.management.client.util.*;
import com.netscape.admin.dirserv.*;
import com.netscape.admin.dirserv.task.ListDB;
import com.netscape.admin.dirserv.panel.MappingUtils;
+import com.netscape.admin.dirserv.panel.replication.ReplicationTool;
+
import netscape.ldap.*;
import netscape.ldap.util.*;
import com.netscape.management.nmclf.SuiConstants;
@@ -141,7 +142,62 @@
_instanceNameText.setColumns( 10 );
HostPanel.add( _instanceNameText, HLgbc );
- _bindDNLabel = makeJLabel( _section, "bind-DN" );
+ _authMechLabel = makeJLabel( _section, "authmech" );
+ HLgbc.gridy++;
+ HLgbc.gridx = 0;
+ HLgbc.gridwidth = 1;
+ HLgbc.fill = HLgbc.NONE;
+ HLgbc.weightx = 0;
+ HLgbc.anchor = HLgbc.EAST;
+ HostPanel.add( _authMechLabel, HLgbc );
+
+ //ssl auth radio button
+ ButtonGroup authGroup = new ButtonGroup();
+ _sslAuth = makeJRadioButton( _section, "authmech-sslcert" );
+ _sslAuth.addActionListener(this);
+ _sslAuth.setEnabled(false); // because default is plain ldap
+ authGroup.add(_sslAuth);
+ HLgbc.gridx = 1;
+ HLgbc.fill = HLgbc.HORIZONTAL;
+ HLgbc.gridwidth = HLgbc.REMAINDER;
+ HLgbc.weightx = 1;
+ HostPanel.add( _sslAuth, HLgbc );
+
+ //gssapi auth radio button
+ _gssapiAuth = makeJRadioButton( _section, "authmech-gssapi" );
+ _gssapiAuth.addActionListener(this);
+ authGroup.add(_gssapiAuth);
+ HLgbc.gridy++;
+ HLgbc.gridx = 1;
+ HLgbc.fill = HLgbc.HORIZONTAL;
+ HLgbc.gridwidth = HLgbc.REMAINDER;
+ HLgbc.weightx = 1;
+ HostPanel.add( _gssapiAuth, HLgbc );
+
+ //digest auth radio button
+ _digestAuth = makeJRadioButton( _section, "authmech-digest" );
+ _digestAuth.addActionListener(this);
+ authGroup.add(_digestAuth);
+ HLgbc.gridy++;
+ HLgbc.gridx = 1;
+ HLgbc.fill = HLgbc.HORIZONTAL;
+ HLgbc.gridwidth = HLgbc.REMAINDER;
+ HLgbc.weightx = 1;
+ HostPanel.add( _digestAuth, HLgbc );
+
+ //simple auth radio button
+ _simpleAuth = makeJRadioButton( _section, "authmech-simple" );
+ _simpleAuth.setSelected(true); // default auth mech
+ _simpleAuth.addActionListener(this);
+ authGroup.add(_simpleAuth);
+ HLgbc.gridy++;
+ HLgbc.gridx = 1;
+ HLgbc.fill = HLgbc.HORIZONTAL;
+ HLgbc.gridwidth = HLgbc.REMAINDER;
+ HLgbc.weightx = 1;
+ HostPanel.add( _simpleAuth, HLgbc );
+
+ _bindDNLabel = makeJLabel( _section, "bind-DN" );
HLgbc.gridy++;
HLgbc.gridx = 0;
HLgbc.gridwidth = 1;
@@ -157,8 +213,7 @@
HLgbc.gridwidth = HLgbc.REMAINDER;
HLgbc.weightx = 1;
HostPanel.add( _bindDNText, HLgbc );
-
-
+
_bindPasswdLabel = makeJLabel( _section, "bind-Passwd" );
HLgbc.gridy++;
HLgbc.gridx = 0;
@@ -175,51 +230,7 @@
HLgbc.gridwidth = 1;
HLgbc.weightx = 1;
HostPanel.add( _bindPasswdText, HLgbc );
- /*
- _cbUrlLdapSecureMode = makeJCheckBox( _section, "ldap-url-secu" );
- HLgbc.gridy++;
- HLgbc.gridx = 0;
- HLgbc.anchor = HLgbc.WEST;
- HLgbc.fill = HLgbc.NONE;
- HLgbc.gridwidth = HLgbc.REMAINDER;
- HLgbc.weightx = 0;
- _cbUrlLdapSecureMode.setSelected( false );
- HostPanel.add( _cbUrlLdapSecureMode, HLgbc );
-
- _urlLdapHostLabel = makeJLabel( _section, "ldap-url-host" );
- HLgbc.gridy++;
- HLgbc.gridx = 0;
- HLgbc.gridwidth = 1;
- HLgbc.fill = HLgbc.NONE;
- HLgbc.anchor = HLgbc.EAST;
- HLgbc.weightx = 0;
- HostPanel.add( _urlLdapHostLabel, HLgbc );
-
- _urlLdapHostText = makeJTextField( _section, "ldap-url-host" );
- HLgbc.fill = HLgbc.HORIZONTAL;
- HLgbc.gridx = 1;
- HLgbc.gridwidth = 1;
- HLgbc.weightx = 1;
- _urlLdapHostText.setColumns( 12 );
- HostPanel.add( _urlLdapHostText, HLgbc );
-
- _urlLdapPortLabel = makeJLabel( _section, "ldap-url-port" );
- HLgbc.gridx = 2;
- HLgbc.gridwidth = 1;
- HLgbc.fill = HLgbc.NONE;
- HLgbc.anchor = HLgbc.EAST;
- HLgbc.weightx = 0;
- HostPanel.add( _urlLdapPortLabel, HLgbc );
-
- _urlLdapPortText = makeJTextField( _section, "ldap-url-port" );
- HLgbc.fill = HLgbc.HORIZONTAL;
- HLgbc.gridx = 3;
- HLgbc.gridwidth = 1;
- HLgbc.weightx = 0; // doesn't need to extend when screen is resized
- _urlLdapPortText.setColumns( 5 );
- _urlLdapPortText.setText( _sDefaultPort );
- HostPanel.add( _urlLdapPortText, HLgbc );
- */
+
createRemoteServers( HostPanel, HLgbc );
createURLArea( HostPanel, HLgbc );
@@ -329,16 +340,40 @@
AlternatePanel.setLayout(HLbag);
- //
- _cbUrlLdapSecureMode = makeJCheckBox( _section, "ldap-url-secu" );
+ ButtonGroup connGroup = new ButtonGroup();
+ _noEncrypt = makeJRadioButton( _section, "url-ldap" );
+ _noEncrypt.setSelected(true); // default is on
+ _noEncrypt.addActionListener(this);
+ connGroup.add(_noEncrypt);
HLgbc.gridy++;
HLgbc.gridx = 0;
HLgbc.anchor = HLgbc.WEST;
HLgbc.fill = HLgbc.NONE;
HLgbc.gridwidth = HLgbc.REMAINDER;
HLgbc.weightx = 0;
- _cbUrlLdapSecureMode.setSelected( false );
- AlternatePanel.add( _cbUrlLdapSecureMode, HLgbc );
+ AlternatePanel.add( _noEncrypt, HLgbc );
+
+ _sslEncrypt = makeJRadioButton( _section, "url-ldaps" );
+ _sslEncrypt.addActionListener(this);
+ connGroup.add(_sslEncrypt);
+ HLgbc.gridy++;
+ HLgbc.gridx = 0;
+ HLgbc.anchor = HLgbc.WEST;
+ HLgbc.fill = HLgbc.NONE;
+ HLgbc.gridwidth = HLgbc.REMAINDER;
+ HLgbc.weightx = 0;
+ AlternatePanel.add( _sslEncrypt, HLgbc );
+
+ _tlsEncrypt = makeJRadioButton( _section, "url-starttls" );
+ _tlsEncrypt.addActionListener(this);
+ connGroup.add(_tlsEncrypt);
+ HLgbc.gridy++;
+ HLgbc.gridx = 0;
+ HLgbc.anchor = HLgbc.WEST;
+ HLgbc.fill = HLgbc.NONE;
+ HLgbc.gridwidth = HLgbc.REMAINDER;
+ HLgbc.weightx = 0;
+ AlternatePanel.add( _tlsEncrypt, HLgbc );
_urlLdapHostLabel = makeJLabel( _section, "ldap-url-host" );
HLgbc.gridy++;
@@ -509,7 +544,20 @@
return;
} // getChainingLoc
-
+ private boolean checkConnAndAuth() {
+ boolean ret = true;
+ if (_simpleAuth.isSelected() || _digestAuth.isSelected()) {
+ // dn & pwd required
+ ret = ( _bindDNText.getText() != null ) &&
+ ( _bindDNText.getText().trim().length() > 0 ) &&
+ DN.isDN(_bindDNText.getText()) &&
+ ( _bindPasswdText.getText() != null ) &&
+ ( _bindPasswdText.getText().trim().length() > 0 );
+
+ }
+
+ return ret;
+ }
/**
* Enable/disable OK button
@@ -531,36 +579,81 @@
boolean ok = ( (chname != null) &&
(chname.length() > 0) &&
(DSUtil.isValidBckName (chname)) &&
- _isBindDNValid &&
+ checkConnAndAuth() &&
(chserver != null) &&
(chserver.length() > 0));
setOkay( ok );
}
+ private void enableSimpleAuth (boolean enable){
+ _bindDNLabel.setEnabled(enable);
+ _bindDNText.setEnabled(enable);
+ _bindPasswdLabel.setEnabled(enable);
+ _bindPasswdText.setEnabled(enable);
+ _bindPasswdText.setBackground(_bindDNText.getBackground());
+ }
+
/**
* handle incoming event
*
* @param e event
*/
public void actionPerformed(ActionEvent e) {
- if (e.getSource().equals( _cbUrlLdapSecureMode )) {
- if ( _cbUrlLdapSecureMode.isSelected() ) {
- _sDefaultPort = DEFAULT_LDAPS_PORT;
- } else {
- _sDefaultPort = DEFAULT_LDAP_PORT;
- }
- if ( ! _bHostModified ) {
- _urlLdapPortText.setText( _sDefaultPort );
+ if (e.getSource().equals(_sslAuth) && _sslAuth.isSelected()) {
+ //disable
+ enableSimpleAuth (false);
+ }
+ if (e.getSource().equals(_gssapiAuth) && _gssapiAuth.isSelected()) {
+ // enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_simpleAuth) && _simpleAuth.isSelected()) {
+ //enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_digestAuth) && _digestAuth.isSelected()) {
+ //enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) {
+ /* set to use non-SSL port LDAP */
+ _sDefaultPort = DEFAULT_LDAP_PORT;
+ //disable
+ _sslAuth.setEnabled(false);
+ if (_sslAuth.isSelected()) {
+ // have to select something else
+ _simpleAuth.setSelected(true);
}
- if ( ! _bAlterModified ) {
- _urlAltPortText.setText( _sDefaultPort );
+ enableSimpleAuth(true);
+ _gssapiAuth.setEnabled(true);
+ _digestAuth.setEnabled(true);
+ }
+ boolean ssl_selected = false;
+ if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) {
+ /* set to use SSL port */
+ _sDefaultPort = DEFAULT_LDAPS_PORT;
+ ssl_selected = true;
+ }
+ if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) {
+ /* set to use non-SSL port for startTLS */
+ _sDefaultPort = DEFAULT_LDAP_PORT;
+ ssl_selected = true;
+ }
+ if (ssl_selected) {
+ _sslAuth.setEnabled(true);
+ _gssapiAuth.setEnabled(false);
+ if (_gssapiAuth.isSelected()) {
+ // have to select something else
+ _simpleAuth.setSelected(true);
+ enableSimpleAuth(true);
}
- } else if (e.getSource().equals( _bAddAlternateServer )) {
+ }
+ if (e.getSource().equals( _bAddAlternateServer )) {
StringBuffer nalt = new StringBuffer();
nalt.append( _urlAltHostText.getText() );
if (( _urlAltPortText.getText() != null ) &&
- ( _urlAltPortText.getText().trim().length() > 0)) {
+ ( _urlAltPortText.getText().trim().length() > 0)) {
nalt.append( ":" );
nalt.append( _urlAltPortText.getText().trim() );
}
@@ -585,7 +678,7 @@
private String getUrlVal() {
StringBuffer nurl = new StringBuffer();
- if ( _cbUrlLdapSecureMode.isSelected() ) {
+ if ( _sslEncrypt.isSelected() ) {
nurl.append( "ldaps://");
} else {
nurl.append( "ldap://");
@@ -672,6 +765,25 @@
}
+ String mech = null;
+ if (_sslAuth.isSelected()) {
+ mech = "EXTERNAL";
+ }
+ if (_gssapiAuth.isSelected()) {
+ mech = "GSSAPI";
+ }
+ if (_digestAuth.isSelected()) {
+ mech = "DIGEST-MD5";
+ }
+ if (mech != null) {
+ attrs.add( new LDAPAttribute ( "nsBindMechanism",
+ mech ));
+ }
+ if (_tlsEncrypt.isSelected()) {
+ attrs.add( new LDAPAttribute ( "nsUseStartTLS",
+ "on" ));
+ }
+
String ldapurl = getUrlVal();
if(( ldapurl != null ) &&
( ldapurl.trim().length() > 0)) {
@@ -859,7 +971,9 @@
if( e.getDocument() == _bindDNText.getDocument() ) {
if(( _bindDNText.getText() != null) &&
( _bindDNText.getText().trim().length() > 0 )){
- if ( DN.isDN ( _bindDNText.getText() )) {
+ // depends on auth type
+ boolean required = _simpleAuth.isSelected() || _digestAuth.isSelected();
+ if ( !required || DN.isDN ( _bindDNText.getText() )) {
setChangeState( _bindDNLabel, CHANGE_STATE_UNMODIFIED );
_isBindDNValid = true;
} else {
@@ -966,7 +1080,6 @@
private String _PluginLoc = "";
- private JCheckBox _cbUrlLdapSecureMode;
private JTextField _urlLdapHostText;
private JLabel _urlLdapHostLabel;
private JTextField _urlLdapPortText;
@@ -977,10 +1090,13 @@
private JTextField _urlAltPortText;
private JLabel _urlAltPortLabel;
+ private JLabel _authMechLabel;
+ private JRadioButton _sslAuth, _gssapiAuth, _digestAuth, _simpleAuth;
private JLabel _bindDNLabel;
private JTextField _bindDNText;
private JLabel _bindPasswdLabel;
private JTextField _bindPasswdText;
+ private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt;
private JComboBox _comboNewNodeMapping;
private JLabel _comboNewNodeLabel;
More information about the Fedora-directory-commits
mailing list