#include #include #include "ldap_configuration.hpp" #include "config.h" #include #include namespace phosphor { namespace ldap { constexpr auto nslcdService = "nslcd.service"; Config::Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath, bool secureLDAP, std::string lDAPServerURI, std::string lDAPBindDN, std::string lDAPBaseDN, std::string lDAPBindDNpassword, ldap_base::Config::SearchScope lDAPSearchScope, ldap_base::Config::Type lDAPType, ConfigMgr& parent) : ConfigIface(bus, path, true), configFilePath(filePath), bus(bus), parent(parent) { ConfigIface::secureLDAP(secureLDAP); ConfigIface::lDAPServerURI(lDAPServerURI); ConfigIface::lDAPBindDN(lDAPBindDN); ConfigIface::lDAPBaseDN(lDAPBaseDN); ConfigIface::lDAPBINDDNpassword(lDAPBindDNpassword); ConfigIface::lDAPSearchScope(lDAPSearchScope); ConfigIface::lDAPType(lDAPType); writeConfig(); parent.restartService(nslcdService); // Emit deferred signal. this->emit_object_added(); } void Config::writeConfig() { std::fstream stream(configFilePath.c_str(), std::fstream::out); std::stringstream confData; confData << "uid root\n"; confData << "gid root\n\n"; confData << "ldap_version 3\n\n"; confData << "timelimit 30\n"; confData << "bind_timelimit 30\n"; confData << "pagesize 1000\n"; confData << "referrals off\n\n"; confData << "uri " << lDAPServerURI() << "\n\n"; confData << "base " << lDAPBaseDN() << "\n\n"; confData << "binddn " << lDAPBindDN() << "\n"; confData << "bindpw " << lDAPBINDDNpassword() << "\n\n"; switch (lDAPSearchScope()) { case ldap_base::Config::SearchScope::sub: confData << "scope sub\n\n"; break; case ldap_base::Config::SearchScope::one: confData << "scope one\n\n"; break; case ldap_base::Config::SearchScope::base: confData << "scope base\n\n"; break; } confData << "base passwd " << lDAPBaseDN() << "\n"; confData << "base shadow " << lDAPBaseDN() << "\n\n"; if (secureLDAP() == true) { confData << "ssl on\n"; confData << "tls_reqcert allow\n"; confData << "tls_cert /etc/nslcd/certs/cert.pem\n"; } else { confData << "ssl off\n\n"; } if (lDAPType() == ldap_base::Config::Type::ActiveDirectory) { confData << "filter passwd (&(objectClass=user)(objectClass=person)" "(!(objectClass=computer)))\n"; confData << "filter group (|(objectclass=group)(objectclass=groupofnames) " "(objectclass=groupofuniquenames))\n"; confData << "map passwd uid sAMAccountName\n"; confData << "map passwd uidNumber " "objectSid:S-1-5-21-3623811015-3361044348-30300820\n"; confData << "map passwd gidNumber primaryGroupID\n"; confData << "map passwd homeDirectory \"/home/$sAMAccountName\"\n"; confData << "map passwd gecos displayName\n"; confData << "map passwd loginShell \"/bin/bash\"\n"; confData << "map group gidNumber primaryGroupID\n"; confData << "map group gidNumber " "objectSid:S-1-5-21-3623811015-3361044348-30300820\n"; confData << "map group cn sAMAccountName\n"; } else if (lDAPType() == ldap_base::Config::Type::OpenLdap) { confData << "filter passwd (objectclass=*)\n"; confData << "map passwd uid cn\n"; confData << "map passwd gecos displayName\n"; } stream << confData.str(); stream.flush(); stream.close(); return; } bool Config::secureLDAP(bool value) { if (value == secureLDAP()) { return value; } auto val = ConfigIface::secureLDAP(value); writeConfig(); parent.restartService(nslcdService); return val; } std::string Config::lDAPServerURI(std::string value) { if (value == lDAPServerURI()) { return value; } auto val = ConfigIface::lDAPServerURI(value); writeConfig(); parent.restartService(nslcdService); return val; } std::string Config::lDAPBindDN(std::string value) { if (value == lDAPBindDN()) { return value; } auto val = ConfigIface::lDAPBindDN(value); writeConfig(); parent.restartService(nslcdService); return val; } std::string Config::lDAPBaseDN(std::string value) { if (value == lDAPBaseDN()) { return value; } auto val = ConfigIface::lDAPBaseDN(value); writeConfig(); parent.restartService(nslcdService); return val; } std::string Config::lDAPBINDDNpassword(std::string value) { if (value == lDAPBINDDNpassword()) { return value; } auto val = ConfigIface::lDAPBINDDNpassword(value); writeConfig(); parent.restartService(nslcdService); return val; } ldap_base::Config::SearchScope Config::lDAPSearchScope(ldap_base::Config::SearchScope value) { if (value == lDAPSearchScope()) { return value; } auto val = ConfigIface::lDAPSearchScope(value); writeConfig(); parent.restartService(nslcdService); return val; } ldap_base::Config::Type Config::lDAPType(ldap_base::Config::Type value) { if (value == lDAPType()) { return value; } auto val = ConfigIface::lDAPType(value); writeConfig(); parent.restartService(nslcdService); return val; } void ConfigMgr::restartService(const std::string& service) { auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH, SYSTEMD_INTERFACE, "RestartUnit"); method.append(service.c_str(), "replace"); bus.call_noreply(method); } std::string ConfigMgr::createConfig(bool secureLDAP, std::string lDAPServerURI, std::string lDAPBindDN, std::string lDAPBaseDN, std::string lDAPBINDDNpassword, ldap_base::Create::SearchScope lDAPSearchScope, ldap_base::Create::Type lDAPType) { // With current implementation we support only one LDAP server. configPtr.reset(nullptr); auto objPath = std::string(LDAP_CONFIG_DBUS_OBJ_PATH); configPtr = std::make_unique( bus, objPath.c_str(), LDAP_CONFIG_FILE, secureLDAP, lDAPServerURI, lDAPBindDN, lDAPBaseDN, lDAPBINDDNpassword, static_cast(lDAPSearchScope), static_cast(lDAPType), *this); return objPath; } } // namespace ldap } // namespace phosphor