Realm is now almost fully online

author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2012-06-03 00:03:24 -0500
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2012-06-03 00:03:24 -0500
commit: c39d52d4c9425c45394105bebdd6f2fac29569ee (patch)
tree: e83eeaf9efbb96e9341cc40137830a0b720814b4
parent: b6e7d7b5155c2aee53b9ec2306a4400acc7c325f (diff)
download: kcmldapcontroller-c39d52d4.tar.gz
kcmldapcontroller-c39d52d4.zip
9 files changed, 101 insertions, 59 deletions
diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf
index 35e8bf2..3dce739 100644
--- a/confskel/openldap/ldap/slapd.conf
+++ b/confskel/openldap/ldap/slapd.conf
@@ -87,6 +87,7 @@ authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@
 #
 access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags
  by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+ by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
  by sockurl.regex="^ldapi:///$" write
  by anonymous auth
  by self write
diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif
index db82473..90e841b 100644
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@@ -11,7 +11,8 @@ olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName
 olcAccess: {1}to dn.base=""  by * read
 olcAccess: {2}to *  by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm
  ,@@@REALM_DCNAME@@@" write  by sockurl.regex="^ldapi:///$" write by dynacl/ac
- i write
+ i write  by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou
+ =core,ou=realm,@@@REALM_DCNAME@@@" write
 olcAddContentAcl: FALSE
 olcLastMod: TRUE
 olcMaxDerefDepth: 15
diff --git a/confskel/openldap/skel.ldif b/confskel/openldap/skel.ldif
index 2ed6f73..da66b0a 100644
--- a/confskel/openldap/skel.ldif
+++ b/confskel/openldap/skel.ldif
@@ -122,11 +122,38 @@ modifyTimestamp: @@@TIMESTAMP@@@Z
 
 dn: cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@
 cn: @@@ADMINGROUP@@@
+description: Realm Administrators
 emsdescription: Group
 emsplugins: PosixGroup
 emsplugins: KerberosGroup
 emstype: GroupEntry
-gidNumber: 999
+gidNumber: 900
+objectClass: groupOfNames
+objectClass: emsGroup
+objectClass: posixGroup
+objectClass: tdeAccountObject
+emsmodules: kerberos
+emsmodules: posix
+member: cn=placeholder,@@@REALM_DCNAME@@@
+member: uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@
+memberUid: @@@ADMINUSER@@@
+tdeBuiltinAccount: TRUE
+emsmodelclass: EMSGroup
+structuralObjectClass: groupOfNames
+creatorsName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@
+createTimestamp: @@@TIMESTAMP@@@Z
+entryCSN: @@@TIMESTAMP@@@.000000Z#000000#000#000000
+modifiersName: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@
+modifyTimestamp: @@@TIMESTAMP@@@Z
+
+dn: cn=@@@LOCALADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@
+cn: @@@LOCALADMINGROUP@@@
+description: Machine Administrators
+emsdescription: Group
+emsplugins: PosixGroup
+emsplugins: KerberosGroup
+emstype: GroupEntry
+gidNumber: 901
 objectClass: groupOfNames
 objectClass: emsGroup
 objectClass: posixGroup
@@ -166,7 +193,7 @@ cn: Realm Administrator
 emsdescription: Admin User Entry
 emsprimarygroupdn: cn=@@@ADMINUSER@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@
 emstype: UserEntry
-gidNumber: 999
+gidNumber: 900
 givenName: Realm
 homeDirectory: /home/@@@ADMINUSER@@@
 krb5KDCFlags: 586
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index ed3449f..3f553be 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -230,7 +230,7 @@ void LDAPController::save() {
 	load();
 }
 
-void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, int ldifSchemaNumber=-1, uid_t userid=-1, gid_t groupid=-1) {
+void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, int ldifSchemaNumber=-1, uid_t userid=-1, gid_t groupid=-1) {
 	SHA1 sha;
 	sha.process(rootPassword, strlen(rootPassword));
 	TQString rootpw_hash = sha.base64Hash();
@@ -271,6 +271,7 @@ void replacePlaceholdersInFile(TQString infile, TQString outfile, LDAPRealmConfi
 				line.replace("@@@ROOTPW_SHA@@@", rootpw_hash);
 				line.replace("@@@ADMINUSER@@@", adminUserName);
 				line.replace("@@@ADMINGROUP@@@", adminGroupName);
+				line.replace("@@@LOCALADMINGROUP@@@", machineAdminGroupName);
 				line.replace("@@@ADMINPW_SHA@@@", adminpw_hash);
 				line.replace("@@@PKINIT_REQUIRE_EKU@@@", (realmconfig.pkinit_require_eku)?"yes":"no");
 				line.replace("@@@PKINIT_REQUIRE_KRBTGT_OTHERNAME@@@", (realmconfig.pkinit_require_krbtgt_otherName)?"yes":"no");
@@ -420,7 +421,7 @@ int LDAPController::initializeNewKerberosRealm(TQString realmName, TQString *err
 	return 1;	// Failure
 }
 
-int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr) {
+int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr) {
 	int ldifSchemaNumber;
 
 	ProcessingDialog pdialog(dialogparent);
@@ -429,6 +430,9 @@ int LDAPController::createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig r
 	pdialog.setActiveWindow();
 	tqApp->processEvents();
 
+	// Reset improperly uninitialized variables
+	realmconfig.bonded = true;
+
 	// Find the templates
 	TQString templateDir = locate("data", "kcmldapcontroller/skel/heimdal/heimdal.defaults");
 	templateDir.replace("heimdal/heimdal.defaults", "");
@@ -471,14 +475,14 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	mkdir(TQString(destDir + "ldap/slapd.d/cn=config").ascii(), S_IRUSR|S_IWUSR|S_IXUSR);
 	mkdir(TQString(destDir + "ldap/slapd.d/cn=config/cn=schema").ascii(), S_IRUSR|S_IWUSR|S_IXUSR);
 
-	replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
-	replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "heimdal-kdc/kadmind.acl", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
-	replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
-	replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "heimdal/heimdal.defaults", destDir + "heimdal.defaults", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "heimdal/kadmind.acl", destDir + "heimdal-kdc/kadmind.acl", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "heimdal/kdc.conf", destDir + "heimdal-kdc/kdc.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "heimdal/krb5.conf", destDir + "krb5.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
 
-	replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
-	replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.conf", destDir + "ldap/slapd.conf", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
-	replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.defaults", destDir + "ldap/slapd.defaults", realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "openldap/skel.ldif", configTempDir.name() + "skel.ldif", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+// 	replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.conf", destDir + "ldap/slapd.conf", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
+	replacePlaceholdersInFile(templateDir + "openldap/ldap/slapd.defaults", destDir + "ldap/slapd.defaults", realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword);
 
 	struct stat sb;
 	uid_t slapd_uid = 0;
@@ -490,27 +494,27 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 
 	// Base database configuration
 	ldifSchemaNumber = 1;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/olcDatabase.ldif", destDir + "ldap/slapd.d/cn=config/" + TQString("olcDatabase={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 
 	// Schema files
 	ldifSchemaNumber = 0;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 1;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/cosine.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}cosine.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/cosine.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}cosine.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 2;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/inetorgperson.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}inetorgperson.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/inetorgperson.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}inetorgperson.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 3;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2307bis.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2307bis.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2307bis.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2307bis.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 4;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2739.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2739.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/rfc2739.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}rfc2739.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 5;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/ppolicy.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ppolicy.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/ppolicy.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ppolicy.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 6;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/ems-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ems-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/ems-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}ems-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 7;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 	ldifSchemaNumber = 8;
-	replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+	replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
 
 	// Set permissions
 	chmod(TQString(destDir + "heimdal.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
@@ -519,7 +523,7 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	chmod(TQString(destDir + "krb5.conf").ascii(), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
 
 	chmod(TQString(configTempDir.name() + "skel.ldif").ascii(), S_IRUSR|S_IWUSR);
-	chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR);
+// 	chmod(TQString(destDir + "ldap/slapd.conf").ascii(), S_IRUSR|S_IWUSR);
 	chmod(TQString(destDir + "ldap/slapd.defaults").ascii(), S_IRUSR|S_IWUSR|S_IRGRP);
 
 	pdialog.setStatusMessage(i18n("Loading initial database into LDAP..."));
@@ -566,9 +570,7 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 		return -1;
 	}
 
-	// RAJA FIXME
 	// Move all those new Heimdal entries to the correct tree/branch
-	// ,o=kerberos,cn=kerberos control,ou=master services,ou=core,ou=realm,dc=cluster90,dc=edu
 	TQStringList domainChunks = TQStringList::split(".", realmconfig.name.lower());
 	TQString basedcname = "dc=" + domainChunks.join(",dc=");
 	LDAPCredentials* credentials = new LDAPCredentials;
@@ -586,11 +588,15 @@ configTempDir.setAutoDelete(false);	// RAJA DEBUG ONLY FIXME
 	delete ldap_mgr;
 	delete credentials;
 
-	// RAJA FIXME
-	// Write the ldap.conf file!
+	// Write the TDE realm configuration file
+	LDAPRealmConfigList realms;
+	realms.insert(realmconfig.name, realmconfig);
+	LDAPManager::writeTDERealmList(realms, m_systemconfig);
+	m_systemconfig->writeEntry("DefaultRealm", realmconfig.name);
+	m_systemconfig->sync();
 
-	// RAJA FIXME
-	// Clean out all realms from the TDE configuration files and insert this realm ONLY!
+	pdialog.setStatusMessage(i18n("Configuring local system..."));
+	LDAPManager::writeLDAPConfFile(realmconfig);
 
 	// RAJA FIXME
 	pdialog.closeDialog();
diff --git a/src/ldapcontroller.h b/src/ldapcontroller.h
index 0531158..d831c72 100644
--- a/src/ldapcontroller.h
+++ b/src/ldapcontroller.h
@@ -30,6 +30,8 @@
 #include <tqpushbutton.h>
 #include <tqcombobox.h>
 
+#include <libtdeldap.h>
+
 #include "ldapcontrollerconfigbase.h"
 
 enum sc_command {
@@ -40,25 +42,6 @@ enum sc_command {
 	SC_SETDBPERMS
 };
 
-// PRIVATE
-class LDAPRealmConfig
-{
-	public:
-		TQString name;
-		bool bonded;
-		long uid_offset;
-		long gid_offset;
-		TQStringList domain_mappings;
-		TQString kdc;
-		int kdc_port;
-		TQString admin_server;
-		int admin_server_port;
-		bool pkinit_require_eku;
-		bool pkinit_require_krbtgt_otherName;
-		bool win2k_pkinit;
-		bool win2k_pkinit_require_binding;
-};
-
 class LDAPController: public KCModule
 {
 	Q_OBJECT
@@ -75,7 +58,7 @@ class LDAPController: public KCModule
 		virtual const KAboutData *aboutData() const { return myAboutData; };
 
 	public:
-		int createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr);
+		int createNewLDAPRealm(TQWidget* dialogparent, LDAPRealmConfig realmconfig, TQString adminUserName, TQString adminGroupName, TQString machineAdminGroupName, const char * adminPassword, TQString rootUserName, const char * rootPassword, TQString adminRealm, TQString *errstr);
 
 		// FIXME
 		// This should be moved to a TDE core library
diff --git a/src/realmfinishpage.cpp b/src/realmfinishpage.cpp
index f2fd1b6..954455a 100644
--- a/src/realmfinishpage.cpp
+++ b/src/realmfinishpage.cpp
@@ -44,6 +44,7 @@ RealmFinishPage::RealmFinishPage(TQWidget *parent, const char *name ) : RealmFin
 
 	connect(ldapAdminUsername, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
 	connect(ldapAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
+	connect(ldapMachineAdminGroupname, TQT_SIGNAL(textChanged(const TQString&)), this, TQT_SLOT(validateEntries()));
 
 	m_parentWizard = dynamic_cast<KWizard*>(parent);
 	m_parentDialog = dynamic_cast<KDialogBase*>(parent);
@@ -55,7 +56,7 @@ RealmFinishPage::~RealmFinishPage(){
 
 void RealmFinishPage::validateEntries() {
 	if (m_parentWizard) {
-		if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "")) {
+		if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "")) {
 			m_parentWizard->finishButton()->setEnabled(true);
 		}
 		else {
@@ -63,7 +64,7 @@ void RealmFinishPage::validateEntries() {
 		}
 	}
 	if (m_parentDialog) {
-		if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "")) {
+		if ((ldapAdminUsername->text() != "") && (ldapAdminGroupname->text() != "") && (ldapMachineAdminGroupname->text() != "")) {
 			m_parentDialog->enableButton(KDialogBase::Ok, true);
 		}
 		else {
diff --git a/src/realmfinishpagedlg.ui b/src/realmfinishpagedlg.ui
index 5cd11d6..e9bae3d 100644
--- a/src/realmfinishpagedlg.ui
+++ b/src/realmfinishpagedlg.ui
@@ -8,7 +8,7 @@
 			<property name="name">
 				<cstring>unnamed</cstring>
 			</property>
-			<widget class="TQLabel" row="0" column="0" rowspan="9" colspan="1">
+			<widget class="TQLabel" row="0" column="0" rowspan="10" colspan="1">
 				<property name="name">
 					<cstring>px_introSidebar</cstring>
 				</property>
@@ -99,7 +99,7 @@
 					<cstring>unnamed</cstring>
 				</property>
 				<property name="text">
-					<string>Administration Group</string>
+					<string>Realm Administration Group</string>
 				</property>
 			</widget>
 			<widget class="KLineEdit" row="5" column="2">
@@ -112,15 +112,28 @@
 					<cstring>unnamed</cstring>
 				</property>
 				<property name="text">
-					<string>LDAP Realm</string>
+					<string>Machine Administration Group</string>
 				</property>
 			</widget>
 			<widget class="KLineEdit" row="6" column="2">
 				<property name="name">
+					<cstring>ldapMachineAdminGroupname</cstring>
+				</property>
+			</widget>
+			<widget class="TQLabel" row="7" column="1">
+				<property name="name">
+					<cstring>unnamed</cstring>
+				</property>
+				<property name="text">
+					<string>LDAP Realm</string>
+				</property>
+			</widget>
+			<widget class="KLineEdit" row="7" column="2">
+				<property name="name">
 					<cstring>ldapAdminRealm</cstring>
 				</property>
 			</widget>
-			<spacer row="7" column="1">
+			<spacer row="8" column="1">
 				<property name="name">
 					<cstring>Spacer6</cstring>
 				</property>
@@ -137,7 +150,7 @@
 					</size>
 				</property>
 			</spacer>
-			<spacer row="7" column="1">
+			<spacer row="9" column="1">
 				<property name="name">
 					<cstring>Spacer5</cstring>
 				</property>
diff --git a/src/realmintropagedlg.ui b/src/realmintropagedlg.ui
index 651dd07..402df3e 100644
--- a/src/realmintropagedlg.ui
+++ b/src/realmintropagedlg.ui
@@ -99,8 +99,8 @@
 				<height>30</height>
 				</size>
 			</property>
-			</spacer>
-			<spacer row="7" column="1">
+		</spacer>
+		<spacer row="7" column="1">
 			<property name="name">
 				<cstring>Spacer5</cstring>
 			</property>
diff --git a/src/realmwizard.cpp b/src/realmwizard.cpp
index fa720c2..184fb57 100644
--- a/src/realmwizard.cpp
+++ b/src/realmwizard.cpp
@@ -88,6 +88,8 @@ RealmWizard::RealmWizard(LDAPController* controller, TQString fqdn, TQWidget *pa
 	realmpage->txtKDC->setText(m_fqdn);
 	realmpage->txtAdminServer->setText(m_fqdn);
 	realmpage->realmNameChanged();
+	finishpage->ldapAdminGroupname->setText("realmadmins");
+	finishpage->ldapMachineAdminGroupname->setText("machineadmins");
 
 	// Other setup
 	finishpage->ldapAdminRealm->setEnabled(false);
@@ -203,12 +205,20 @@ void RealmWizard::accept() {
 	TQString errorString;
 	// RAJA FIXME
 	// root account should not be locked to "admin"!
-	if (m_controller->createNewLDAPRealm(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminGroupname->text(), finishpage->ldapAdminPassword->password(), "admin", finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) {
+	backButton()->setEnabled(false);
+	nextButton()->setEnabled(false);
+	finishButton()->setEnabled(false);
+	cancelButton()->setEnabled(false);
+	if (m_controller->createNewLDAPRealm(this, m_realmconfig, finishpage->ldapAdminUsername->text(), finishpage->ldapAdminGroupname->text(), finishpage->ldapMachineAdminGroupname->text(), finishpage->ldapAdminPassword->password(), "admin", finishpage->ldapAdminPassword->password(), finishpage->ldapAdminRealm->text(), &errorString) == 0) {
 		done(0);
 	}
 	else {
 		KMessageBox::error(this, i18n("<qt><b>Unable to create new realm!</b><p>Details: %1</qt>").arg(errorString), i18n("Unable to create new realm"));
 	}
+
+	backButton()->setEnabled(true);
+	finishButton()->setEnabled(true);
+	cancelButton()->setEnabled(true);
 }
 
 /** calls all save functions after resetting all features/ OS/ theme selections to Trinity default */
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2012-06-03 00:03:24 -0500
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2012-06-03 00:03:24 -0500
commit	c39d52d4c9425c45394105bebdd6f2fac29569ee (patch)
tree	e83eeaf9efbb96e9341cc40137830a0b720814b4
parent	b6e7d7b5155c2aee53b9ec2306a4400acc7c325f (diff)
download	kcmldapcontroller-c39d52d4.tar.gz kcmldapcontroller-c39d52d4.zip