Handle new format diretives for the root DN and password

ldap-client/edit_server.cgi

@@ -62,12 +62,17 @@ print &ui_table_row($text{'server_bindpw'},
 	&ui_opt_textbox("bindpw", &find_svalue("bindpw", $conf), 20,
 			$text{'server_none'}));
 
+my $rootbindbn = &find_svalue("rootpwmoddn", $conf, 2) ?
+			&find_svalue("rootpwmoddn", $conf) :
+			&find_svalue("rootbinddn", $conf);
 print &ui_table_row($text{'server_rootbinddn'},
-	&ui_opt_textbox("rootbinddn", &find_svalue("rootbinddn", $conf), 40,
-			$text{'server_same'}));
+	&ui_opt_textbox("rootbinddn", $rootbindbn, 40, $text{'server_same'}));
 
+my $rootsecret = &find_svalue("rootpwmoddn", $conf, 2) ?
+			&find_svalue("rootpwmodpw", $conf) :
+			&get_rootbinddn_secret();
 print &ui_table_row($text{'server_rootbindpw'},
-	&ui_opt_textbox("rootbindpw", &get_rootbinddn_secret(), 20,
+	&ui_opt_textbox("rootbindpw", $rootsecret, 20,
 			$text{'server_none'}));
 
 # SSL options

ldap-client/ldap-client-lib.pl

@@ -29,13 +29,14 @@ if (!scalar(@get_config_cache)) {
 	&open_readfile(CONF, $file);
 	while(<CONF>) {
 		s/\r|\n//g;
-                s/#.*$//;
 		if (/^(#?)(\S+)\s*(.*)/) {
-			push(@get_config_cache, { 'name' => lc($2),
-						  'value' => $3,
-						  'enabled' => !$1,
-						  'line' => $lnum,
-						  'file' => $file });
+			my $dir = { 'name' => lc($2),
+				    'value' => $3,
+				    'enabled' => !$1,
+				    'line' => $lnum,
+				    'file' => $file };
+			$dir->{'value'} =~ s/\s+#.*$//;   # Trailing comments
+			push(@get_config_cache, $dir);
 			}
 		$lnum++;
 		}
@@ -44,7 +45,7 @@ if (!scalar(@get_config_cache)) {
 return \@get_config_cache;
 }
 
-# find(name, &conf, disabled-mode)
+# find(name, &conf, disabled-mode(0=enabled, 1=disabled, 2=both))
 # Returns the directive objects with some name
 sub find
 {
@@ -337,7 +338,8 @@ if ($err) {
 	}
 
 local ($dn, $password);
-local $rootbinddn = &find_svalue("rootbinddn", $conf);
+local $rootbinddn = &find_svalue("rootpwmoddn", $conf) ||
+		    &find_svalue("rootbinddn", $conf);
 if ($ldap_user) {
 	# Use login from config
 	$dn = $ldap_user;
@@ -346,7 +348,8 @@ if ($ldap_user) {
 elsif ($rootbinddn) {
 	# Use the root login if we have one
 	$dn = $rootbinddn;
-	$password = &get_rootbinddn_secret();
+	$password = &find_svalue("rootpwmodpw", $conf) ||
+		    &get_rootbinddn_secret();
 	}
 else {
 	# Use the normal login

ldap-client/save_server.cgi

@@ -83,21 +83,32 @@ else {
 	}
 
 # Save root login
+my $rootdir = &find_svalue("rootpwmoddn", $conf, 2) ?
+		"rootpwmoddn" : "rootbinddn";
 if ($in{'rootbinddn_def'}) {
-	&save_directive($conf, "rootbinddn", undef);
+	&save_directive($conf, $rootdir, undef);
 	}
 else {
 	$in{'rootbinddn'} =~ /\S/ || &error($text{'server_erootbinddn'});
-	&save_directive($conf, "rootbinddn", $in{'rootbinddn'});
+	&save_directive($conf, $rootdir, $in{'rootbinddn'});
 	}
 
 # Save root password
-if ($in{'rootbindpw_def'}) {
-	&save_rootbinddn_secret(undef);
+$in{'rootbindpw_def'} || $in{'rootbindpw'} =~ /\S/ ||
+	&error($text{'server_erootbindpw'});
+if (&find_svalue("rootpwmoddn", $conf), 2) {
+	# New format can put the password in the config file
+	&save_directive($conf, "rootpwmodpw",
+		$in{'rootbindpw_def'} ? undef : $in{'rootbindpw'});
 	}
 else {
-	$in{'rootbindpw'} =~ /\S/ || &error($text{'server_erootbindpw'});
-	&save_rootbinddn_secret($in{'rootbindpw'});
+	# Old format uses a separate secret file
+	if ($in{'rootbindpw_def'}) {
+		&save_rootbinddn_secret(undef);
+		}
+	else {
+		&save_rootbinddn_secret($in{'rootbindpw'});
+		}
 	}
 
 # SSL mode