Properly set up syncrepl

author: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2013-07-02 17:10:13 +0000
committer: Timothy Pearson <kb9vqf@pearsoncomputing.net> 2013-07-02 17:10:13 +0000
commit: a9affe11023979019281627974352157767e623a (patch)
tree: 284885ec83832dd89ee662f39738e965393f306c
parent: c8902fca043da26014b6302b41b47ec85062d95a (diff)
download: libtdeldap-a9affe11.tar.gz
libtdeldap-a9affe11.zip
1 files changed, 85 insertions, 81 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 872b436..49425b8 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -3260,7 +3260,7 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
 						TQString databaseDN;
 						ridString.sprintf("%03d", rid);
 						databaseDN = "cn=config";
-						serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"allow":"demand");
+						serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand");
 						if (replicationinfo.certificateFile != "") {
 							serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
 						}
@@ -3307,7 +3307,13 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
 						TQString databaseDN;
 						ridString.sprintf("%03d", rid);
 						databaseDN = m_basedc;
-						serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout);
+						serverSyncReplString = TQString("rid=%1 provider=ldaps://%2/ binddn=\"%3\" bindmethod=simple credentials=\"%4\" searchbase=\"%5\" type=refreshAndPersist retry=\"%5\" timeout=%6 tls_reqcert=%6").arg(ridString).arg((*it).fqdn).arg(replicationinfo.syncDN).arg(replicationinfo.syncPassword).arg(databaseDN).arg(replicationinfo.retryMethod).arg(replicationinfo.timeout).arg((replicationinfo.ignore_ssl_failure)?"never":"demand");
+						if (replicationinfo.certificateFile != "") {
+							serverSyncReplString.append(TQString(" tls_cert=\"%1\"").arg(replicationinfo.certificateFile));
+						}
+						if (replicationinfo.caCertificateFile != "") {
+							serverSyncReplString.append(TQString(" tls_cacert=\"%1\"").arg(replicationinfo.caCertificateFile));
+						}
 						syncReplServerList.append(serverSyncReplString);
 						rid++;
 					}
@@ -3396,95 +3402,93 @@ int LDAPManager::setLDAPMasterReplicationSettings(LDAPMasterReplicationInfo repl
 				else KMessageBox::error(0, *readOnlyErrorString, i18n("LDAP Error"));
 				return -2;
 			}
-			if (currentReplicationInfo.enabled != replicationinfo.enabled) {
-				if (replicationinfo.enabled) {
-					// Set up replication
-					// NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
+			if (replicationinfo.enabled) {
+				// Set up replication
+				// NOTE: The syncprov module itself is already loaded by the stock TDE LDAP configuration
 
-					// Check to see if the syncprov overlay entries already exist
-					bool haveOlcOverlaySyncProv = false;
-					LDAPMessage* msg;
-					retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
-					if (retcode != LDAP_SUCCESS) {
-						if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
-						else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
-						return -2;
-					}
-			
-					// Iterate through the returned entries
-					LDAPMessage* entry;
-					for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
-						if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") {
-							haveOlcOverlaySyncProv = true;
-						}
-					}
-			
-					// clean up
-					ldap_msgfree(msg);
+				// Check to see if the syncprov overlay entries already exist
+				bool haveOlcOverlaySyncProv = false;
+				LDAPMessage* msg;
+				retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+				if (retcode != LDAP_SUCCESS) {
+					if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+					else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+					return -2;
+				}
 
-					if (!haveOlcOverlaySyncProv) {
-						// Create the base DN entry
-						int number_of_parameters = 1;				// 1 primary attribute
-						LDAPMod *mods[number_of_parameters+1];
-						set_up_attribute_operations(mods, number_of_parameters);
-	
-						// Load initial required LDAP object attributes
-						i=0;
-						TQStringList objectClassList;
-						objectClassList.append("olcOverlayConfig");
-						objectClassList.append("olcSyncProvConfig");
-						create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
-						LDAPMod *prevterm = mods[i];
-						mods[i] = NULL;
-				
-						// Add new object
-						retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
-				
-						// Clean up
-						clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
-				
-						if (retcode != LDAP_SUCCESS) {
-							if (errstr) {
-								*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
-							}
-							else {
-								KMessageBox::error(0, i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
-							}
-							return -2;
-						}
+				// Iterate through the returned entries
+				LDAPMessage* entry;
+				for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+					if (parseLDAPSyncProvOverlayConfigRecord(entry) != "") {
+						haveOlcOverlaySyncProv = true;
 					}
 				}
-				else {
-					// Check to see if the syncprov overlay entries exist
-					TQString olcOverlaySyncProvAttr;
-					LDAPMessage* msg;
-					retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
-					if (retcode != LDAP_SUCCESS) {
-						if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
-						else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
-						return -2;
-					}
+		
+				// clean up
+				ldap_msgfree(msg);
+
+				if (!haveOlcOverlaySyncProv) {
+					// Create the base DN entry
+					int number_of_parameters = 1;				// 1 primary attribute
+					LDAPMod *mods[number_of_parameters+1];
+					set_up_attribute_operations(mods, number_of_parameters);
+
+					// Load initial required LDAP object attributes
+					i=0;
+					TQStringList objectClassList;
+					objectClassList.append("olcOverlayConfig");
+					objectClassList.append("olcSyncProvConfig");
+					create_multiple_attributes_operation(mods, &i, "objectClass", objectClassList);
+					LDAPMod *prevterm = mods[i];
+					mods[i] = NULL;
+			
+					// Add new object
+					retcode = ldap_add_ext_s(m_ldap, "olcOverlay=syncprov,olcDatabase={0}config,cn=config", mods, NULL, NULL);
+			
+					// Clean up
+					clean_up_attribute_operations(i, mods, prevterm, number_of_parameters);
 			
-					// Iterate through the returned entries
-					LDAPMessage* entry;
-					for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
-						olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry);
-						if (olcOverlaySyncProvAttr != "") {
-							break;
+					if (retcode != LDAP_SUCCESS) {
+						if (errstr) {
+							*errstr = i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+						}
+						else {
+							KMessageBox::error(0, i18n("<qt>LDAP overlay configuration failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
 						}
+						return -2;
 					}
-			
-					// clean up
-					ldap_msgfree(msg);
-
+				}
+			}
+			else {
+				// Check to see if the syncprov overlay entries exist
+				TQString olcOverlaySyncProvAttr;
+				LDAPMessage* msg;
+				retcode = ldap_search_ext_s(m_ldap, "olcDatabase={0}config,cn=config", LDAP_SCOPE_SUBTREE, NULL, ldap_user_and_operational_attributes, 0, NULL, NULL, NULL, 0, &msg);
+				if (retcode != LDAP_SUCCESS) {
+					if (errstr) *errstr = i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode));
+					else KMessageBox::error(0, i18n("<qt>LDAP search failure<p>Reason: [%3] %4</qt>").arg(retcode).arg(ldap_err2string(retcode)), i18n("LDAP Error"));
+					return -2;
+				}
+		
+				// Iterate through the returned entries
+				LDAPMessage* entry;
+				for(entry = ldap_first_entry(m_ldap, msg); entry != NULL; entry = ldap_next_entry(m_ldap, entry)) {
+					olcOverlaySyncProvAttr = parseLDAPSyncProvOverlayConfigRecord(entry);
 					if (olcOverlaySyncProvAttr != "") {
-						// FIXME
-						// OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
-						// See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
-						// If it were possible, the code would look something like this:
-						// retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
+						break;
 					}
 				}
+		
+				// clean up
+				ldap_msgfree(msg);
+
+				if (olcOverlaySyncProvAttr != "") {
+					// FIXME
+					// OpenLDAP does not support removing overlays from the cn=config interface (i.e., once they are enabled above, they stay unless manually deleted from the config files)
+					// See http://www.openldap.org/lists/openldap-software/200811/msg00103.html
+					// If it were possible, the code would look something like this:
+					// retcode = ldap_delete_ext_s(m_ldap, olcOverlaySyncProvAttr + ",olcDatabase={0}config,cn=config", NULL, NULL);
+				}
 			}
 			return 0;
 		}
author	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2013-07-02 17:10:13 +0000
committer	Timothy Pearson <kb9vqf@pearsoncomputing.net>	2013-07-02 17:10:13 +0000
commit	a9affe11023979019281627974352157767e623a (patch)
tree	284885ec83832dd89ee662f39738e965393f306c
parent	c8902fca043da26014b6302b41b47ec85062d95a (diff)
download	libtdeldap-a9affe11.tar.gz libtdeldap-a9affe11.zip