# # Install LDAP Settings. # #################################################################### # Patrick Finnegan 29/01/2007. V1. #################################################################### ###################################### # List current ldap settings. ###################################### proc installLdap { propertiesFile } { global AdminConfig # display procedure arguments. putsLog "proc - [info level 0 ]" foreach i [ info args installLdap ] { upvar 0 $i ilocal set propertiesArray($i) $ilocal } putsLog "properties are.................." foreach { a b } [ array get propertiesArray ] { putsLog [ format "%-35s %s" "$a" "$b" ] } # call the hashMapList proc which extracts the java hashmap into a tcl list. putsLog "new ldap properties are:............" if { [ catch { hashMapList $propertiesFile } r ] == 0 } { set propertiesList $r foreach a $propertiesList { putsLog [ format "%-50s %-s" "[ lindex $a 0 ]" "[ lindex $a 1 ]" ] } } else { return -code error $r } # get the ldap user registry object and display the current ldap setting. if { [ catch { $AdminConfig list LDAPUserRegistry } LDAPUserRegistryId ] == 0 } { showldapSettings $LDAPUserRegistryId } else { putsLog "problem accessing LDAP user registry ID." putsLog $r putsLog "************************************" return -code error $r } # modify the ldap settings. if { [ catch { modifyLdap $LDAPUserRegistryId $propertiesFile } r ] != 0 } { putsLog "************************************" putsLog "ERROR: problem setting ldap parameters." putsLog $r putsLog "************************************" return -code error $r } } ###################################### # List current ldap settings. ###################################### proc showldapSettings { LDAPUserRegistryId } { global AdminConfig putsLog "proc - [info level 0 ]" foreach i [ info args showldapSettings ] { upvar 0 $i ilocal set propertiesArray($i) $ilocal } putsLog "properties are.................." foreach { a b } [ array get propertiesArray ] { putsLog [ format "%-35s %s" "$a" "$b" ] } putsLog "************************" putsLog "Current LDAP properties" putsLog "************************" catch { $AdminConfig showAttribute $LDAPUserRegistryId baseDN } r putsLog [ format "%-5s %-20s %-50s" " " baseDN $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId bindDN } r putsLog [ format "%-5s %-20s %-50s" " " bindDN $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId bindPassword } r putsLog [ format "%-5s %-20s %-50s" " " bindPassword $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId primaryAdminId } r putsLog [ format "%-5s %-20s %-50s" " " primaryAdminId $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId serverId } r putsLog [ format "%-5s %-20s %-50s" " " serverId $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId serverPassword } r putsLog [ format "%-5s %-20s %-50s" " " serverPassword $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId useRegistryServerId } r putsLog [ format "%-5s %-20s %-50s" " " useRegistryServerId $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId limit } r putsLog [ format "%-5s %-20s %-50s" " " limit $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId monitorInterval } r putsLog [ format "%-5s %-20s %-50s" " " monitorInterval $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId realm } r putsLog [ format "%-5s %-20s %-50s" " " realm $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId type } r putsLog [ format "%-5s %-20s %-50s" " " type $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId reuseConnection } r putsLog [ format "%-5s %-20s %-50s" " " reuseConnection $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId searchTimeout } r putsLog [ format "%-5s %-20s %-50s" " " searchTimeout $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId sslConfig } r putsLog [ format "%-5s %-20s %-50s" " " sslConfig $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId sslEnabled } r putsLog [ format "%-5s %-20s %-50s" " " sslEnabled $r ] catch { $AdminConfig showAttribute $LDAPUserRegistryId ignoreCase } r putsLog [ format "%-5s %-20s %-50s" " " ignoreCase $r ] # if properties exist print out the properties. if { [ catch { $AdminConfig showAttribute $LDAPUserRegistryId properties } r ] == 0 } { # can return an empty list. if { [ llength $r ] == 0 } { set propertiesList $r puts "xxxx properties are $r" # convert each properties sublist to a sorted array and print foreach i $propertiesList { array set propertiesListArray [ join [ $AdminConfig showall $i ] ] putsLog "LDAP custom properties are.................." set listOfNames [lsort [array names propertiesListArray ] ] foreach element $listOfNames { putsLog [ format "%-5s %-10s %s" " " "$element" "$propertiesListArray($element)" ] #puts "element $LDAPUserRegistryIdlement = $arrayVarName($element)" } } } } if { [ catch { $AdminConfig showAttribute $LDAPUserRegistryId hosts } r ] == 0 } { if { [ llength $r ] == 0 } { set hostsList $r # convert each properties sublist to a sorted array and print foreach i $hostsList { array set hostsListArray [ join [ $AdminConfig showall $i ] ] putsLog "LDAP hosts are.................." set listOfNames [lsort [array names hostsListArray ] ] foreach element $listOfNames { putsLog [ format "%-5s %-10s %s" " " "$element" "$hostsListArray($element)" ] } } } } if { [ catch { $AdminConfig showAttribute $LDAPUserRegistryId searchFilter } r ] == 0 } { if { [ llength $r ] == 0 } { set searchFiltersList $r # convert each properties sublist to a sorted array and print foreach i $searchFiltersList { array set searchFiltersListArray [ join [ $AdminConfig showall $i ] ] putsLog "LDAP searchFilters are.................." set listOfNames [lsort [array names searchFiltersListArray ] ] foreach element $listOfNames { putsLog [ format "%-5s %-25s %s" " " "$element" "$searchFiltersListArray($element)" ] } } } } } ###################################### # Modify ldap settings. ###################################### proc modifyLdap { LDAPUserRegistryId propertiesFile } { global AdminConfig putsLog "proc - [info level 0 ]" foreach i [ info args modifyLdap ] { upvar 0 $i ilocal set propertiesArray($i) $ilocal } putsLog "procedure arguments are: .................." foreach { a b } [ array get propertiesArray ] { putsLog [ format "%-35s %s" "$a" "$b" ] } # call the hashMap proc which returns a Property object populated with property file values. if { [ catch { hashMap $propertiesFile } r ] == 0 } { set PropertyI $r } else { return -code error $r } # build the ldap attribute array. set attrArray(useRegistryServerId) [ $PropertyI getProperty LDAPUserRegistry.useRegistryServeId ] set attrArray(serverId) [ $PropertyI getProperty LDAPUserRegistry.serverId ] set attrArray(serverPassword) [ $PropertyI getProperty LDAPUserRegistry.serverPassword ] set attrArray(primaryAdminId) [ $PropertyI getProperty LDAPUserRegistry.primaryAdminId ] set attrArray(realm) [ $PropertyI getProperty LDAPUserRegistry.realm ] set attrArray(limit) [ $PropertyI getProperty LDAPUserRegistry.limit ] set attrArray(ignoreCase) [ $PropertyI getProperty LDAPUserRegistry.ignoreCase ] set attrArray(type) [ $PropertyI getProperty LDAPUserRegistry.type ] set attrArray(sslEnabled) [ $PropertyI getProperty LDAPUserRegistry.sslEnabled ] set attrArray(sslConfig) [ $PropertyI getProperty LDAPUserRegistry.sslConfig ] set attrArray(baseDN) [ $PropertyI getProperty LDAPUserRegistry.baseDN ] set attrArray(bindDN) [ $PropertyI getProperty LDAPUserRegistry.bindDN ] set attrArray(bindPassword) [ $PropertyI getProperty LDAPUserRegistry.bindPassword ] set attrArray(searchTimeout) [ $PropertyI getProperty LDAPUserRegistry.searchTimeout ] set attrArray(monitorInterval) [ $PropertyI getProperty LDAPUserRegistry.monitorInterval ] set attrArray(reuseConnection) [ $PropertyI getProperty LDAPUserRegistry.reuseConnection ] # modify ldap properties foreach i [ lsort [ array names attrArray ] ] { lappend attrList [ list $i $attrArray($i) ] } if { [ catch { $AdminConfig modify $LDAPUserRegistryId $attrList } r ] == 0 } { putsLog "************************************" putsLog "LdapUserRegistry $LDAPUserRegistryId modified successfully." putsLog $r putsLog "************************************" } else { putsLog "************************************" putsLog "ERROR: problem updating LdapUserRegistry $LDAPUserRegistryId. " putsLog $r putsLog "************************************" return -code error $r } # build the ldap host properties array. # assume one host. set hostId [ lindex [ $AdminConfig showAttribute $LDAPUserRegistryId hosts ] 0 ] # set the host properties set hosts [ $PropertyI getProperty LDAPUserRegistry.hosts1 ] regexp {(.*)(:)(.*)} $hosts a b c d set hostArray(host) $b set hostArray(port) $d foreach i [ lsort [ array names hostArray ] ] { lappend hostList [ list $i $hostArray($i) ] } # modify the host properties if { [ catch { $AdminConfig modify $hostId $hostList } r ] == 0 } { putsLog "************************************" putsLog "Host Id $hostId modified successfully." putsLog $r putsLog "************************************" } else { putsLog "************************************" putsLog "ERROR: problem updating Host Id $hostId." putsLog $r putsLog "************************************" return -code error $r } # modify the ldap search filters set searchFilterId [ lindex [ $AdminConfig showAttribute $LDAPUserRegistryId searchFilter ] 0 ] # build the ldap searchFilter array. set searchFilterArray(userFilter) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.userFilter ] set searchFilterArray(groupFilter) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.groupFilter ] set searchFilterArray(userIdMap) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.userIdMap ] set searchFilterArray(groupIdMap) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.groupIdMap ] set searchFilterArray(groupMemberIdMap) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.groupMemberIdMap ] set searchFilterArray(certificateMapMode) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.certificateMapMode] set searchFilterArray(certificateFilter) [ $PropertyI getProperty LDAPUserRegistry.LDAPSearchFilter.certificateFilter ] foreach i [ lsort [ array names searchFilterArray ] ] { lappend filterList [ list $i $searchFilterArray($i) ] } # set the searchFilter properties if { [ catch { $AdminConfig modify $searchFilterId $filterList } r ] == 0 } { putsLog "************************************" putsLog "Search Filter Id $searchFilterId modified successfully." putsLog $r putsLog "************************************" } else { putsLog "************************************" putsLog "ERROR: problem updating searchFilter Id $searchFilterId." putsLog $r putsLog "************************************" return -code error $r } # modify the ldap registry properties. # there may be no properties so the properties attribute object may not exist. # create the properts at the ldap object leve. #set regPropertiesId [ lindex [ $AdminConfig showAttribute $LDAPUserRegistryId properties ] 0 ] # build the properties array. #set regPropertiesArray(name) [ $PropertyI getProperty LDAPUserRegistry.property1.name ] #set regPropertiesArray(required) [ $PropertyI getProperty LDAPUserRegistry.property1.required ] #set regPropertiesArray(value) [ $PropertyI getProperty LDAPUserRegistry.property1.value ] #foreach i [ lsort [ array names regPropertiesArray ] ] { # lappend regPropertiesList [ list $i $regPropertiesArray($i) ] #} # set the ldap registry properties #if { [ catch { $AdminConfig modify $regPropertiesId $regPropertiesList } r ] == 0 } { # putsLog "************************************" # putsLog "regProperties id $regPropertiesId modified successfully." # putsLog $r # putsLog "************************************" # } else { # putsLog "************************************" # putsLog "ERROR: problem updating regProperties ID $regPropertiesId." # putsLog $r # putsLog "************************************" # return -code error $r #} #set attrs [ list properties [ list [ regPropertiesList ] ] ] #if { [ catch { $AdminConfig modify $LDAPUserRegistryId $attrs } r ] == 0 } { # putsLog "************************************" # putsLog "regProperties id $regPropertiesId modified successfully." # putsLog $r # putsLog "************************************" # } else { # putsLog "************************************" # putsLog "ERROR: problem updating regProperties ID $regPropertiesId." # putsLog $r # putsLog "************************************" # return -code error $r #} }