[CreateAdConfig] Adapt to sssd (instead of nslcd)

5 files changed, 79 insertions, 39 deletions

diff --git a/data/ad/ldap.conf.template b/data/ad/ldap.conf.template
new file mode 100644
index 0000000..c607405
--- /dev/null
+++ b/data/ad/ldap.conf.template
@@ -0,0 +1,9 @@
+URI                  %URI%
+BASE                 %SEARCHBASE%
+BIND_TIMELIMIT       10
+TIMELIMIT            30
+TLS_REQCERT          demand
+TLS_CACERT           %CACERT%
+nss_base_passwd      %SEARCHBASE%
+nss_base_group       %SEARCHBASE%
+nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data
diff --git a/data/ad/nsswitch.conf b/data/ad/nsswitch.conf
index 1909d49..75ea9f8 100644
--- a/data/ad/nsswitch.conf
+++ b/data/ad/nsswitch.conf
@@ -1,5 +1,5 @@
-passwd:         compat ldap
-group:          compat ldap
+passwd:         compat sss
+group:          compat sss
 shadow:         compat
 
 hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
diff --git a/data/ad/sssd.conf.template b/data/ad/sssd.conf.template
new file mode 100644
index 0000000..90b25ed
--- /dev/null
+++ b/data/ad/sssd.conf.template
@@ -0,0 +1,19 @@
+[sssd]
+config_file_version = 2
+services = nss, pam
+domains = LDAP
+[nss]
+filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd,demo
+[pam]
+[domain/LDAP]
+id_provider = ldap
+auth_provider = ldap
+ldap_tls_reqcert = demand
+ldap_tls_cacert = %CACERT%
+ldap_schema = rfc2307
+ldap_uri = %URI%
+ldap_group_search_base = %SEARCHBASE%
+ldap_user_search_base = %SEARCHBASE%
+ldap_search_base = %SEARCHBASE%
+cache_credentials = true
+
diff --git a/src/main/java/org/openslx/satserver/util/Template.java b/src/main/java/org/openslx/satserver/util/Template.java
new file mode 100644
index 0000000..82d0695
--- /dev/null
+++ b/src/main/java/org/openslx/satserver/util/Template.java
@@ -0,0 +1,29 @@
+package org.openslx.satserver.util;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.io.FileUtils;
+
+public class Template
+{
+
+	private String content;
+	
+	public Template(final String filename) throws IOException
+	{
+		this.content = FileUtils.readFileToString( new File( filename ) );
+	}
+	
+	public void replace(final String search, final String replace)
+	{
+		this.content = this.content.replace( search, replace );
+	}
+	
+	@Override
+	public String toString()
+	{
+		return this.content;
+	}
+	
+}
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java
index c74b9dc..ee3bfb8 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java
@@ -10,6 +10,7 @@ import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
 import org.apache.commons.io.FileUtils;
 import org.openslx.satserver.util.Archive;
 import org.openslx.satserver.util.Exec;
+import org.openslx.satserver.util.Template;
 import org.openslx.satserver.util.Util;
 import org.openslx.taskmanager.api.AbstractTask;
 
@@ -60,6 +61,8 @@ public class CreateAdConfig extends AbstractTask
 		TarArchiveOutputStream outArchive = null;
 		String keyFile = "/opt/ldadp/configs/" + this.moduleid + ".key.pem";
 		String certFile = "/opt/ldadp/configs/" + this.moduleid + ".crt.pem";
+		String uri = "ldaps://" + this.proxyip + ":" + this.proxyport + "/";
+		String cacertPath = "/etc/ldap-proxy.pem";
 		try {
 			// Generate keys
 			{
@@ -90,6 +93,16 @@ public class CreateAdConfig extends AbstractTask
 					this.home,
 					certFile,
 					keyFile );
+			// Generic ldap config
+			final Template ldapConf = new Template( "./data/ad/ldap.conf.template" );
+			ldapConf.replace( "%URI%", uri );
+			ldapConf.replace( "%SEARCHBASE%", this.searchbase );
+			ldapConf.replace( "%CACERT%", cacertPath );
+			// sssd config
+			final Template sssdConf = new Template( "./data/ad/sssd.conf.template" );
+			sssdConf.replace( "%URI%", uri );
+			sssdConf.replace( "%SEARCHBASE%", this.searchbase );
+			sssdConf.replace( "%CACERT%", cacertPath );
 			String fileName = "/opt/ldadp/configs/" + this.moduleid + ".cfg";
 			try {
 				Files.deleteIfExists( Paths.get( this.filename ) );
@@ -107,41 +120,8 @@ public class CreateAdConfig extends AbstractTask
 				status.error = "Could not create archive at " + this.filename;
 				return false;
 			}
-			// Generic ldap config
-			String ldapConf = String
-					.format(
-							"URI                  ldaps://%s:%d/\n"
-									+ "BASE                 %s\n"
-									+ "BIND_TIMELIMIT       10\n"
-									+ "TIMELIMIT            30\n"
-									+ "TLS_REQCERT          demand\n"
-									+ "TLS_CACERT           /etc/ldap-proxy.pem\n"
-									+ "nss_base_passwd      %s\n"
-									+ "nss_base_group       %s\n"
-									+ "nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data\n",
-							this.proxyip, this.proxyport,
-							this.searchbase,
-							this.searchbase,
-							this.searchbase
-					);
-			// nslcd config
-			String nslcdConf = String
-					.format(
-							"URI                  ldaps://%s:%d/\n"
-									+ "BASE                 %s\n"
-									+ "BIND_TIMELIMIT       10\n"
-									+ "TIMELIMIT            30\n"
-									+ "TLS_REQCERT          demand\n"
-									+ "TLS_CACERTFILE       /etc/ldap-proxy.pem\n"
-									+ "scope sub\n"
-									+ "nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data\n",
-							this.proxyip, this.proxyport,
-							this.searchbase,
-							this.searchbase,
-							this.searchbase
-					);
 			// The cert we just created
-			if ( !Archive.tarAddFile( outArchive, "/etc/ldap-proxy.pem", new File( certFile ), 0644 ) ) {
+			if ( !Archive.tarAddFile( outArchive, cacertPath, new File( certFile ), 0644 ) ) {
 				status.error = "Could not add ldap-proxy.pem to module";
 				return false;
 			}
@@ -163,15 +143,18 @@ public class CreateAdConfig extends AbstractTask
 				status.error = "Could not add mount script to module";
 				return false;
 			}
-			boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf, 0644 )
-					&& Archive.tarCreateFileFromString( outArchive, "/etc/nslcd.conf", nslcdConf, 0644 )
+			boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf.toString(), 0644 )
+					&& Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0644 )
 					&& Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" )
 					&& Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" )
-					&& Archive.tarCreateSymlink( outArchive, "../nslcd.service", "/etc/systemd/system/basic.target.wants/nslcd.service" );
+					&& Archive.tarCreateSymlink( outArchive, "../sssd.service", "/etc/systemd/system/basic.target.wants/sssd.service" );
 			if ( !ret ) {
 				status.error = "Could not add ldap configs to module";
 			}
 			return ret;
+		} catch ( IOException e ) {
+			status.error = e.toString();
+			return false;
 		} finally {
 			Util.multiClose( outArchive );
 		}