[Fedora-directory-commits] dsgw/orgbin org.in,1.2,1.3

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Wed Jan 30 02:22:49 UTC 2008 

Author: rmeggins

Update of /cvs/dirsec/dsgw/orgbin
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15541/dsgw/orgbin

Modified Files:
	org.in 
Log Message:
Renamed setup to setup-ds-dsgw to be consistent with other setup scripts
setup-ds-dsgw will attempt to use settings from pre-configured admin server
and directory server
Config files will use an ldap url and http url - this is so that we can use
http or https and ldap or ldaps - previously, dsgw was configured during
regular DS setup, which did not allow TLS/SSL setup - we must be able to
configure the dsgw for TLS/SSL during setup now
Changed XP_GetClientStr back to just always return a malloc'd string - there
are cases where we cannot use a static
There were some places where we were using a form with POST + a query string
Use SERVER_NAME instead of HTTP_HOST because the latter has the port number
already in it



Index: org.in
===================================================================
RCS file: /cvs/dirsec/dsgw/orgbin/org.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- org.in	28 Jan 2008 21:22:48 -0000	1.2
+++ org.in	30 Jan 2008 02:22:46 -0000	1.3
@@ -56,6 +56,7 @@
 
 use Mozilla::LDAP::Conn;
 use Mozilla::LDAP::Utils qw(:all);
+use Mozilla::LDAP::API qw(:constant ldap_url_parse ldap_explode_dn);
 
 use CGI;
 $cg = new CGI;
@@ -407,13 +408,26 @@
     local ($search) = "$config_tokens{'attrib-manager'}=$manager";
     local ($entry);
     local ($conn);
+    my $h = ldap_url_parse($config_tokens{"ldap-url"});
+    my $host = $h->{host};
+    my $port = $h->{port};
+    my $securitydir;
+    if ($h->{options} & LDAP_URL_OPT_SECURE) {
+		$securitydir = $config_tokens{"securitydir"};
+		if ($securitydir eq "none") {
+			&output_html_header("no-javascript");
+			print "<BR><BR>The orgchart config specifies to use TLS/SSL $config_tokens{\"ldap-url\"} but no securitydir has been configured <BR><BR>";
+			print "\n</BODY></HTML>";
+			exit (0);
+		}
+    }
 
-    $conn = new Mozilla::LDAP::Conn($config_tokens{"ldap-host"}, $config_tokens{"ldap-port"}, $config_tokens{"ldap-bind-dn"}, $config_tokens{"ldap-bind-pass"});
-    die "Could't connect to LDAP server $config_tokens{\"ldap-host\"}" unless $conn;
+    $conn = new Mozilla::LDAP::Conn($host, $port, $config_tokens{"ldap-bind-dn"}, $config_tokens{"ldap-bind-pass"}, $securitydir);
+    die "Could't connect to LDAP server $config_tokens{\"ldap-url\"}" unless $conn;
     $entry = $conn->search($config_tokens{"ldap-search-base"}, "subtree", $search, 0, @return_attribs);
 
     $display_indent += 1;
-		
+
     while ($entry) 
 	{
 		if (not_terminated($entry) && not_own_manager($entry))
@@ -980,9 +994,11 @@
 	exit;
 }
 
-%config_tokens = ( 	"ldap-host","none", 
+%config_tokens = (	"ldap-url","none",
+					"ldap-host","none", 
 					"ldap-port","none",
 					"ldap-search-base","none",
+					"securitydir","none",
 					"ldap-bind-dn","",
 					"ldap-bind-pass","",
 					"icons-aim-visible","no",
@@ -1012,21 +1028,37 @@
 
 close (FILE);
 
+my $haveurl = 1;
+my $havehost = 1;
+my $haveport = 1;
+
+if ( $config_tokens{"ldap-url"} eq "none" )
+{
+	$haveurl = 0;
+}
 
 if ( $config_tokens{"ldap-host"} eq "none" )
 {
-	&output_html_header("no-javascript");
-	print "<BR><BR>The administrator of this application needs to configure an LDAP host to use.<BR><BR>";
-	print "\n</BODY></HTML>";
-	exit(0);
+	$havehost = 0;
 }
+
 if ( $config_tokens{"ldap-port"} eq "none" )
 {
+	$haveport = 0;
+}
+
+if ( !$haveurl and (!$havehost or !$haveport) )
+{
 	&output_html_header("no-javascript");
-	print "<BR><BR>The administrator of this application needs to configure an LDAP port number to use.<BR><BR>";
+	print "<BR><BR>The administrator of this application needs to configure an LDAP URL, or an LDAP host and port number to use.<BR><BR>";
 	print "\n</BODY></HTML>";
 	exit(0);
 }
+
+if ( !$haveurl ) {
+	$config_tokens{"ldap-url"} = "ldap://" . $config_tokens{"ldap-host"} . ":" . $config_tokens{"ldap-port"};
+}
+
 if ( $config_tokens{"ldap-search-base"} eq "none" )
 {
 	&output_html_header("no-javascript");
@@ -1258,8 +1290,21 @@
 
 	$search = "$config_tokens{'attrib-farleft-rdn'}=" . $uid;
 
-	$conn = new Mozilla::LDAP::Conn($config_tokens{"ldap-host"}, $config_tokens{"ldap-port"}, $config_tokens{"ldap-bind-dn"}, $config_tokens{"ldap-bind-pass"});
-	die	"Couldn't connect to LDAP server $config_tokens{\"ldap-host\"}" unless $conn;
+	my $h = ldap_url_parse($config_tokens{"ldap-url"});
+	my $host = $h->{host};
+	my $port = $h->{port};
+	my $securitydir;
+	if ($h->{options} & LDAP_URL_OPT_SECURE) {
+		$securitydir = $config_tokens{"securitydir"};
+		if ($securitydir eq "none") {
+			&output_html_header("no-javascript");
+			print "<BR><BR>The orgchart config specifies to use TLS/SSL $config_tokens{\"ldap-url\"} but no securitydir has been configured <BR><BR>";
+			print "\n</BODY></HTML>";
+			exit (0);
+		}
+	}
+	$conn = new Mozilla::LDAP::Conn($host, $port, $config_tokens{"ldap-bind-dn"}, $config_tokens{"ldap-bind-pass"}, $securitydir);
+	die	"Couldn't connect to LDAP server $config_tokens{\"ldap-url\"}" unless $conn;
 	$entry = $conn->search($config_tokens{"ldap-search-base"}, "subtree", $search, 0 , @return_attribs);
 
 	#
@@ -1289,8 +1334,6 @@
 
 		$search = "(|(cn=*$uid*)(mail=*$uid*))";
 
-		$conn = new Mozilla::LDAP::Conn($config_tokens{"ldap-host"}, $config_tokens{"ldap-port"}, $config_tokens{"ldap-bind-dn"}, $config_tokens{"ldap-bind-pass"});
-		die	"Couldn't connect to LDAP server $config_tokens{\"ldap-host\"}" unless $conn;
 		$entry = $conn->search($config_tokens{"ldap-search-base"}, "subtree", $search, 0, @return_attribs);
 
 		$anothertempnum = 0;

More information about the Fedora-directory-commits mailing list