Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2730 → Rev 2731

/scripts/alcasar-ldap.sh
60,7 → 60,8
$SED "s/^\tport =.*/\tport = 636/g" $LDAP_MODULE
[ "$LDAP_CERT_REQUIRED" == 'on' ] && require_cert='demand' || require_cert='never'
$SED "s/^\t\t#?require_cert =.*/\t\trequire_cert = '$require_cert'/g" $LDAP_MODULE
echo -e "TLS_CACERT $LDAPS_CERT_LOC\nTLS_REQCERT $require_cert" > $OPENLDAP_CONF
echo "TLS_REQCERT $require_cert" > $OPENLDAP_CONF
[ -f "$LDAPS_CERT_LOC" ] && echo "TLS_CACERT $LDAPS_CERT_LOC" >> $OPENLDAP_CONF
else
$SED "s/^\tserver =.*/\tserver = \"ldap:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
$SED "s/^\tport =.*/\tport = 389/g" $LDAP_MODULE
70,7 → 71,7
$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})($filter))\"/g" $LDAP_MODULE
$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})(${filter//&/\\&}))\"/g" $LDAP_MODULE
if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
fi
90,6 → 91,13
cert=$2
[ -z "$cert" ] && echo "$usage" && exit 1
 
[ ! -f "$cert" ] && { echo >&2 "ERR: certificate file \"$cert\" not found" ; exit 1; }
 
# TODO : convert DER format to PEM ?
cp -f "$cert" $LDAPS_CERT_LOC
chown root:radius $LDAPS_CERT_LOC
chmod 644 $LDAPS_CERT_LOC
 
if [ "$LDAP_CERT_REQUIRED" == 'on' ]; then
domainName=$(openssl x509 -noout -subject -in $LDAPS_CERT_LOC | cut -d' ' -f2- | sed 's@/[A-Za-z]\+=@\n@g' | tac | tr '\n' '.' | sed 's@\.\+$@@')
if [ "$domainName" != "$LDAP_SERVER" ]; then
96,10 → 104,6
echo 'WARN: the common name of the certificate is different from the server domain name'
fi
fi
# TODO : convert DER format to PEM ?
cp -f "$cert" $LDAPS_CERT_LOC
chown root:radius $LDAPS_CERT_LOC
chmod 644 $LDAPS_CERT_LOC
 
$SED "s/^LDAP_SSL=.*/LDAP_SSL=on/g" $CONF_FILE
$SED "s/^\tserver =.*/\tserver = \"ldaps:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE