| 62a8d5e8 | 2015-09-03 01:32:03 | Timothy Pearson |
Store CRL expiry in LDAP |
||
|
M confskel/openldap/ldif/tde-core.ldif M src/ldapcontroller.cpp |
||
diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif
index d2647c6..4859b63 100644
--- a/confskel/openldap/ldif/tde-core.ldif
+++ b/confskel/openldap/ldif/tde-core.ldif
@@ -29,10 +29,11 @@
# Used for storing PKI user certificates and certificate status
olcAttributeTypes: {20} ( 1.3.6.1.4.1.40364.1.1.21 NAME 'pkiCertificate' DESC 'User PKI certificate and status encoded with text mode TQDataStream TQPair<uint32_t, TQByteArray>' SUP name )
olcAttributeTypes: {21} ( 1.3.6.1.4.1.40364.1.1.22 NAME 'publicRootCertificateRevocationList' DESC 'Certificate authority root certificate revocation list' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )
+olcAttributeTypes: {22} ( 1.3.6.1.4.1.40364.1.1.23 NAME 'publicRootCRLIntervalDays' DESC 'Certificate authority root CRL update interval in days' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcObjectClasses: {0} ( 1.3.6.1.4.1.40364.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website
URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) )
olcObjectClasses: {1} ( 1.3.6.1.4.1.40364.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ pkiCertificate ) )
-olcObjectClasses: {2} ( 1.3.6.1.4.1.40364.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey $ publicRootCertificateRevocationList $ publicRootCertificateOriginServer ) )
+olcObjectClasses: {2} ( 1.3.6.1.4.1.40364.1.2.3 NAME 'tdeCertificateStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ publicRootCertificate $ privateRootCertificateKey $ publicRootCertificateRevocationList $ publicRootCRLIntervalDays $ publicRootCertificateOriginServer ) )
olcObjectClasses: {3} ( 1.3.6.1.4.1.40364.1.2.4 NAME 'tdeBuiltinStore' SUP top AUXILIARY MAY ( tdeBuiltinAccount $ builtinRealmAdminAccount $ builtinRealmAdminGroup $ builtinMachineAdminGroup $ builtinStandardUserGroup ) )
structuralObjectClass: olcSchemaConfig
creatorsName: cn=config
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index ceb4c52..9575f0b 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -147,7 +147,7 @@
connect(m_base->multiMasterReplicationMappings, TQT_SIGNAL(executed(TQListViewItem*)), this, TQT_SLOT(modifySelectedMultiMasterReplication()));
connect(m_base->advancedCaCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCertExpiryChanged()));
- connect(m_base->advancedCaCrlExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCrlCertExpiryChanged()));
+ connect(m_base->advancedCaCrlExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(caCrlExpiryChanged()));
connect(m_base->advancedKerberosCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(kerberosCertExpiryChanged()));
connect(m_base->advancedLdapCertExpiry, TQT_SIGNAL(valueChanged(int)), this, TQT_SLOT(ldapCertExpiryChanged()));
@@ -767,7 +767,7 @@
credentials->realm = realmname;
LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials);
- if (ldap_mgr->generatePKICRL(m_certconfig.caCrlExpiryDays, m_realmconfig[m_defaultRealm], KERBEROS_PKI_PEMKEY_FILE, KERBEROS_PKI_CRLDB_FILE, &errstr) != 0) {
+ if (ldap_mgr->generatePKICRL(m_certconfig.caCrlExpiryDays, m_realmconfig[m_defaultRealm], KERBEROS_PKI_CRL_FILE, KERBEROS_PKI_PEMKEY_FILE, KERBEROS_PKI_CRLDB_FILE, &errstr) != 0) {
KMessageBox::error(this, i18n("<qt><b>Unable to regenerate CRL</b><p>Details: %1</qt>").arg(errstr), i18n("Unable to Regenerate CRL"));
}
@@ -1039,17 +1039,21 @@
m_systemconfig->sync();
+ TQString errorstring;
+ TQString realmname = m_defaultRealm.upper();
+ LDAPCredentials* credentials = new LDAPCredentials;
+ credentials->username = "";
+ credentials->password = "";
+ credentials->realm = realmname;
+ LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials);
+
+ if (ldap_mgr->setLdapCertificateStoreAttribute("publicRootCRLIntervalDays", TQString("%1").arg(m_certconfig.caCrlExpiryDays), &errorstring) != 0) {
+ KMessageBox::error(this, i18n("<qt><b>Unable to update CRL interval entry in LDAP database</b><p>Details: %1</qt>").arg(errorstring), i18n("LDAP Update Failure"));
+ }
+
// If role was not changed, update any role-specific advanced settings
if (prevRole == m_systemconfig->readEntry("LDAPRole", "Workstation")) {
if (m_base->systemRole->currentItem() == ROLE_PRIMARY_REALM_CONTROLLER) {
- TQString realmname = m_defaultRealm.upper();
- LDAPCredentials* credentials = new LDAPCredentials;
- credentials->username = "";
- credentials->password = "";
- credentials->realm = realmname;
- LDAPManager* ldap_mgr = new LDAPManager(realmname, "ldapi://", credentials);
- TQString errorstring;
-
// Write multi-master replication settings
LDAPMasterReplicationInfo replicationSettings;
replicationSettings.enabled = m_base->advancedEnableMultiMasterReplication->isChecked();
@@ -1079,6 +1083,8 @@
}
}
+ delete ldap_mgr;
+
load();
}
|
||