Skip to content

Commit

Permalink
Remove ca usages in directory services
Browse files Browse the repository at this point in the history 
This commit removes all ca usages in directory services.
  • Loading branch information
@sonicaj
sonicaj committed Mar 1, 2019
1 parent fe056d3 commit 4e53118
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 23 deletions.
4 changes: 2 additions & 2 deletions gui/common/freenasldap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -615,7 +615,7 @@ def __init__(self, **kwargs):
if ldap.ldap_certificate:
with client as c:
cert = c.call(
'certificateauthority.query',
'certificate.query',
[['id', '=', ldap.ldap_certificate.id]],
{'get': True}
)
Expand Down Expand Up @@ -1624,7 +1624,7 @@ def set_kwargs(self):
if ad.ad_certificate:
with client as c:
cert = c.call(
'certificateauthority.query',
'certificate.query',
[['id', '=', ad.ad_certificate.id]],
{'get': True}
)
Expand Down
6 changes: 3 additions & 3 deletions gui/directoryservice/forms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,7 @@ def clean(self):
if certificate:
with client as c:
certificate = c.call(
'certificateauthority.query',
'certificate.query',
[['id', '=', certificate.id]],
{'get': True}
)
Expand Down Expand Up @@ -845,7 +845,7 @@ def check_for_samba_schema(self):
if certificate:
with client as c:
certificate = c.call(
'certificateauthority.query',
'certificate.query',
[['id', '=', certificate.id]],
{'get': True}
)
Expand Down Expand Up @@ -917,7 +917,7 @@ def clean(self):
else:
with client as c:
certificate = c.call(
'certificateauthority.query',
'certificate.query',
[['id', '=', certificate.id]],
{'get': True}
)
Expand Down
8 changes: 4 additions & 4 deletions src/freenas/usr/local/libexec/nas/generate_sssd_conf.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -674,15 +674,15 @@ def add_ldap_section(client, sc):
)

if ldap.ldap_ssl == 'on':
ca = client.call('certificateauthority.query', [('id', '=', ldap.ldap_certificate.id)], {'get': True})
certpath = ca['certificate_path']
cert = client.call('certificate.query', [('id', '=', ldap.ldap_certificate.id)], {'get': True})
certpath = cert['certificate_path']
if certpath:
ldap_section.ldap_tls_cacert = certpath

elif ldap.ldap_ssl == 'start_tls':
ldap_section.tls_reqcert = 'allow'
ca = client.call('certificateauthority.query', [('id', '=', ldap.ldap_certificate.id)], {'get': True})
certpath = ca['certificate_path']
cert = client.call('certificate.query', [('id', '=', ldap.ldap_certificate.id)], {'get': True})
certpath = cert['certificate_path']
if certpath:
ldap_section.ldap_tls_cacert = certpath
ldap_section.ldap_id_use_start_tls = 'true'
Expand Down
10 changes: 5 additions & 5 deletions src/middlewared/middlewared/etc_files/local/nslcd.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@
ldap = safe_call('datastore.query', 'directoryservice.LDAP')
if ldap and ldap[0]:
ldap = ldap[0]
capath = None
certpath = None
if ldap['ldap_certificate']:
cert = safe_call('certificateauthority.query', [('id', '=', ldap['ldap_certificate']['id'])], {'get': True})
cert = safe_call('certificate.query', [('id', '=', ldap['ldap_certificate']['id'])], {'get': True})
if cert:
capath = cert['certificate_path']
certpath = cert['certificate_path']
else:
ldap = None

Expand All @@ -27,8 +27,8 @@ uri ${ldap_uri}
base ${ldap['ldap_basedn']}
% if ldap['ldap_ssl'] in ('start_tls', 'on'):
ssl ${ldap['ldap_ssl']}
% if capath:
tls_cacert ${capath}
% if certpath:
tls_cacert ${certpath}
% endif
tls_reqcert allow
% endif
Expand Down
10 changes: 5 additions & 5 deletions src/middlewared/middlewared/etc_files/local/nss_ldap.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@
ldap = safe_call('datastore.query', 'directoryservice.LDAP')
if ldap and ldap[0]:
ldap = ldap[0]
capath = None
certpath = None
if ldap['ldap_certificate']:
cert = safe_call('certificateauthority.query', [('id', '=', ldap['ldap_certificate']['id'])], {'get': True})
cert = safe_call('certificate.query', [('id', '=', ldap['ldap_certificate']['id'])], {'get': True})
if cert:
capath = cert['certificate_path']
certpath = cert['certificate_path']
else:
ldap = None

Expand All @@ -27,8 +27,8 @@ uri ${ldap_uri}
base ${ldap['ldap_basedn']}
% if ldap['ldap_ssl'] in ('start_tls', 'on'):
ssl ${ldap['ldap_ssl']}
% if capath:
tls_cacert ${capath}
% if certpath:
tls_cacert ${certpath}
% endif
tls_reqcert allow
% endif
Expand Down
8 changes: 4 additions & 4 deletions src/middlewared/middlewared/etc_files/local/openldap/ldap.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,17 +56,17 @@
# Recursive inception
#
if idmap['ssl'] in ('start_tls', 'on'):
ca = safe_call('certificateauthority.query', [('id', '=', idmap['certificate']['id'])], {'get': True})
tls_cacert = ca['cert_ceritifcate_path']
cert = safe_call('certificate.query', [('id', '=', idmap['certificate']['id'])], {'get': True})
tls_cacert = cert['certificate_path']
ssl = idmap['ssl']

elif ldap_enabled and ldap:
uri = "%s://%s" % ("ldaps" if ldap['ldap_ssl'] == "on" else "ldap", ldap['ldap_hostname'])
base = ldap['ldap_basedn']

if ldap['ldap_ssl'] in ("start_tls", "on"):
ca = safe_call('certificateauthority.query', [('id', '=', ldap['ldap_certificate']['id'])], {'get': True})
tls_cacert = ca['certificate_path']
cert = safe_call('certificate.query', [('id', '=', ldap['ldap_certificate']['id'])], {'get': True})
tls_cacert = cert['certificate_path']
ssl = ldap['ldap_ssl']
%>
% if (ldap_enabled and ldap) or (ad_enabled and ad):
Expand Down

0 comments on commit 4e53118

Please sign in to comment.