diff --git a/ldap-client/edit_server.cgi b/ldap-client/edit_server.cgi index e73412ecc..ae16ac795 100755 --- a/ldap-client/edit_server.cgi +++ b/ldap-client/edit_server.cgi @@ -62,12 +62,17 @@ print &ui_table_row($text{'server_bindpw'}, &ui_opt_textbox("bindpw", &find_svalue("bindpw", $conf), 20, $text{'server_none'})); +my $rootbindbn = &find_svalue("rootpwmoddn", $conf, 2) ? + &find_svalue("rootpwmoddn", $conf) : + &find_svalue("rootbinddn", $conf); print &ui_table_row($text{'server_rootbinddn'}, - &ui_opt_textbox("rootbinddn", &find_svalue("rootbinddn", $conf), 40, - $text{'server_same'})); + &ui_opt_textbox("rootbinddn", $rootbindbn, 40, $text{'server_same'})); +my $rootsecret = &find_svalue("rootpwmoddn", $conf, 2) ? + &find_svalue("rootpwmodpw", $conf) : + &get_rootbinddn_secret(); print &ui_table_row($text{'server_rootbindpw'}, - &ui_opt_textbox("rootbindpw", &get_rootbinddn_secret(), 20, + &ui_opt_textbox("rootbindpw", $rootsecret, 20, $text{'server_none'})); # SSL options diff --git a/ldap-client/ldap-client-lib.pl b/ldap-client/ldap-client-lib.pl index fccb81bc7..d59224f69 100755 --- a/ldap-client/ldap-client-lib.pl +++ b/ldap-client/ldap-client-lib.pl @@ -29,13 +29,14 @@ if (!scalar(@get_config_cache)) { &open_readfile(CONF, $file); while() { s/\r|\n//g; - s/#.*$//; if (/^(#?)(\S+)\s*(.*)/) { - push(@get_config_cache, { 'name' => lc($2), - 'value' => $3, - 'enabled' => !$1, - 'line' => $lnum, - 'file' => $file }); + my $dir = { 'name' => lc($2), + 'value' => $3, + 'enabled' => !$1, + 'line' => $lnum, + 'file' => $file }; + $dir->{'value'} =~ s/\s+#.*$//; # Trailing comments + push(@get_config_cache, $dir); } $lnum++; } @@ -44,7 +45,7 @@ if (!scalar(@get_config_cache)) { return \@get_config_cache; } -# find(name, &conf, disabled-mode) +# find(name, &conf, disabled-mode(0=enabled, 1=disabled, 2=both)) # Returns the directive objects with some name sub find { @@ -337,7 +338,8 @@ if ($err) { } local ($dn, $password); -local $rootbinddn = &find_svalue("rootbinddn", $conf); +local $rootbinddn = &find_svalue("rootpwmoddn", $conf) || + &find_svalue("rootbinddn", $conf); if ($ldap_user) { # Use login from config $dn = $ldap_user; @@ -346,7 +348,8 @@ if ($ldap_user) { elsif ($rootbinddn) { # Use the root login if we have one $dn = $rootbinddn; - $password = &get_rootbinddn_secret(); + $password = &find_svalue("rootpwmodpw", $conf) || + &get_rootbinddn_secret(); } else { # Use the normal login diff --git a/ldap-client/save_server.cgi b/ldap-client/save_server.cgi index f802aaa09..07b6bd2a1 100755 --- a/ldap-client/save_server.cgi +++ b/ldap-client/save_server.cgi @@ -83,21 +83,32 @@ else { } # Save root login +my $rootdir = &find_svalue("rootpwmoddn", $conf, 2) ? + "rootpwmoddn" : "rootbinddn"; if ($in{'rootbinddn_def'}) { - &save_directive($conf, "rootbinddn", undef); + &save_directive($conf, $rootdir, undef); } else { $in{'rootbinddn'} =~ /\S/ || &error($text{'server_erootbinddn'}); - &save_directive($conf, "rootbinddn", $in{'rootbinddn'}); + &save_directive($conf, $rootdir, $in{'rootbinddn'}); } # Save root password -if ($in{'rootbindpw_def'}) { - &save_rootbinddn_secret(undef); +$in{'rootbindpw_def'} || $in{'rootbindpw'} =~ /\S/ || + &error($text{'server_erootbindpw'}); +if (&find_svalue("rootpwmoddn", $conf), 2) { + # New format can put the password in the config file + &save_directive($conf, "rootpwmodpw", + $in{'rootbindpw_def'} ? undef : $in{'rootbindpw'}); } else { - $in{'rootbindpw'} =~ /\S/ || &error($text{'server_erootbindpw'}); - &save_rootbinddn_secret($in{'rootbindpw'}); + # Old format uses a separate secret file + if ($in{'rootbindpw_def'}) { + &save_rootbinddn_secret(undef); + } + else { + &save_rootbinddn_secret($in{'rootbindpw'}); + } } # SSL mode