#endif
-#define MAXSETUP 6 /* How many setup questions to ask */
+#define MAXSETUP 11 /* How many setup questions to ask */
#define UI_TEXT 0 /* Default setup type -- text only */
#define UI_DIALOG 2 /* Use the 'dialog' program */
"Citadel User ID",
"Server IP address",
"Server port number",
- "Authentication mode"
+ "Authentication mode",
+ "LDAP host",
+ "LDAP port number",
+ "LDAP base DN",
+ "LDAP bind DN",
+ "LDAP bind password"
};
/**
"of Citadel on the same computer and there is something else\n"
"already using port 504.\n",
-"Normally, a Citadel system uses a \"black box\" authentication mode.\n"
-"This means that users do not have accounts or home directories on\n"
-"the underlying host system -- Citadel manages its own user database.\n"
-"However, if you wish to override this behavior, you can enable the\n"
-"host based authentication mode which is traditional for Unix systems.\n"
+
+
+"How would you like to authenticate users on your Citadel system?\n"
+"\n"
+" 0. Self contained authentication - Citadel maintains its own user database\n"
+" (This mode is *strongly* recommended)\n"
+"\n"
+" 1. Authenticate users against the host system (unix or linux accounts)\n"
+"\n"
+" 2. Authenticate users against an external LDAP directory (RFC 2307 compliant)\n"
+"\n"
+" 3. Authenticate users against nonstandard MS Active Directory LDAP\n"
+"\n"
"WARNING: do *not* change this setting once your system is installed.\n"
"\n"
-"(Answer \"no\" unless you completely understand this option)\n"
-"Do you want to enable host based authentication mode?\n"
+"(Answer \"0\" unless you completely understand this option)\n"
+"Which authentication mode do you want to use?\n",
+
+"Please enter the host name or IP address of your LDAP server.\n",
+
+"Please enter the port number of the LDAP service (usually 389).\n",
+
+"Please enter the Base DN to search for authentication\n"
+"(for example: dc=example,dc=com)\n",
+
+"Please enter the DN of an account to use for binding to the LDAP server\n"
+"for performing queries. The account does not require any other\n"
+"privileges. If your LDAP server allows anonymous queries, you can.\n"
+"leave this blank.\n",
+
+"If you entered a Bind DN in the previous question, you must now enter\n"
+"the password associated with that account. Otherwise, you can leave this\n"
+"blank.\n"
};
answer = 0;
}
break;
+ case UI_SILENT:
+ break;
}
return (answer);
}
}
break;
+ case UI_SILENT:
+ break;
}
}
unlink(dialog_result);
}
break;
-
+ case UI_SILENT:
+ break;
}
}
}
}
else {
- set_bool_val(curr, &config.c_auth_mode);
+ set_int_val(curr, &config.c_auth_mode);
+ }
+ break;
+
+ case 7:
+ if (setup_type == UI_SILENT)
+ {
+ if (getenv("LDAP_HOST")) {
+ strcpy(config.c_ldap_host, getenv("LDAP_HOST"));
+ }
+ }
+ else
+ {
+ set_str_val(curr, config.c_ldap_host);
+ }
+ break;
+
+ case 8:
+ if (setup_type == UI_SILENT)
+ {
+ if (getenv("LDAP_PORT")) {
+ config.c_ldap_port = atoi(getenv("LDAP_PORT"));
+ }
+ }
+ else
+ {
+ set_int_val(curr, &config.c_ldap_port);
+ }
+ break;
+
+ case 9:
+ if (setup_type == UI_SILENT)
+ {
+ if (getenv("LDAP_BASE_DN")) {
+ strcpy(config.c_ldap_base_dn, getenv("LDAP_BASE_DN"));
+ }
+ }
+ else
+ {
+ set_str_val(curr, config.c_ldap_base_dn);
+ }
+ break;
+
+ case 10:
+ if (setup_type == UI_SILENT)
+ {
+ if (getenv("LDAP_BIND_DN")) {
+ strcpy(config.c_ldap_bind_dn, getenv("LDAP_BIND_DN"));
+ }
+ }
+ else
+ {
+ set_str_val(curr, config.c_ldap_bind_dn);
+ }
+ break;
+
+ case 11:
+ if (setup_type == UI_SILENT)
+ {
+ if (getenv("LDAP_BIND_PW")) {
+ strcpy(config.c_ldap_bind_pw, getenv("LDAP_BIND_PW"));
+ }
+ }
+ else
+ {
+ set_str_val(curr, config.c_ldap_bind_pw);
}
break;
}
+
}
/*
if (yesno(question, 1)) {
sprintf(buf, "/bin/mv -f %s %s", new_filename, NSSCONF);
system(buf);
+ chmod(NSSCONF, 0644);
}
unlink(new_filename);
}
/* Go through a series of dialogs prompting for config info */
for (curr = 1; curr <= MAXSETUP; ++curr) {
edit_value(curr);
+ if ((curr == 6) && (config.c_auth_mode != AUTHMODE_LDAP) && (config.c_auth_mode != AUTHMODE_LDAP_AD)) {
+ curr += 5; /* skip LDAP questions if we're not authenticating against LDAP */
+ }
}
/***** begin version update section ***** */