| Line 5... |
Line 5... |
| 5 |
# This script is distributed under the Gnu General Public License (GPL)
|
5 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 6 |
|
6 |
|
| 7 |
# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe
|
7 |
# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe
|
| 8 |
# enable / disable authentication of users via an extern LDAP server
|
8 |
# enable / disable authentication of users via an extern LDAP server
|
| 9 |
|
9 |
|
| 10 |
# TODO
|
- |
|
| 11 |
# - modif files "site-enabled/alcasar"
|
- |
|
| 12 |
|
- |
|
| 13 |
# Modif "sites-enabled/alcasar"
|
- |
|
| 14 |
# Configure autorize section with:
|
- |
|
| 15 |
# ldap {
|
- |
|
| 16 |
# fail=1
|
- |
|
| 17 |
# }
|
- |
|
| 18 |
# Configure authenticate section with
|
- |
|
| 19 |
# Auth-Type LDAP {
|
- |
|
| 20 |
# ldap
|
- |
|
| 21 |
# }
|
- |
|
| 22 |
|
- |
|
| 23 |
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
|
10 |
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
|
| 24 |
SED="/bin/sed -i"
|
11 |
SED="/bin/sed -i"
|
| 25 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
12 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
| 26 |
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
|
13 |
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
|
| 27 |
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2` # IP address of the LDAP server
|
14 |
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2` # IP address of the LDAP server
|
| 28 |
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-` # Where to find the users (cn=**,dc=**,dc=**)
|
15 |
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-` # Where to find the users (cn=**,dc=**,dc=**)
|
| 29 |
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2` # 'samaccuntname' for A.D. - 'UID' for LDAP
|
16 |
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2` # 'samaccuntname' for A.D. - 'UID' for LDAP
|
| 30 |
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2` # Filter to limit users search (not used for now)
|
17 |
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2` # Filter to limit users search (not used for now)
|
| 31 |
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2` # User name enable to list the directory
|
18 |
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2-` # LDAP username used by ALCASAR to read the remote directory
|
| 32 |
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2` #
|
19 |
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2` # its password
|
| 33 |
nb_args=$#
|
20 |
nb_args=$#
|
| 34 |
args=$1
|
21 |
args=$1
|
| 35 |
if [ $nb_args -eq 0 ]
|
22 |
if [ $nb_args -eq 0 ]
|
| 36 |
then
|
23 |
then
|
| 37 |
nb_args=1
|
24 |
nb_args=1
|
| Line 45... |
Line 32... |
| 45 |
--on | -on)
|
32 |
--on | -on)
|
| 46 |
$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
|
33 |
$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
|
| 47 |
$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE
|
34 |
$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE
|
| 48 |
$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE
|
35 |
$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE
|
| 49 |
$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE
|
36 |
$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE
|
| 50 |
$SED "s/^base_dn =.*/base_dn = $LDAP_BASE/g" $LDAP_MODULE
|
37 |
$SED "s/^base_dn =.*/base_dn = \"$LDAP_BASE\"/g" $LDAP_MODULE
|
| 51 |
$SED "s/^filter =.*/filter = ($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})/g" $LDAP_MODULE
|
38 |
$SED "s/^filter =.*/filter = \"($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
|
| 52 |
if [ ! -e /etc/raddb/mods-enabled/ldap ]
|
39 |
if [ ! -e /etc/raddb/mods-enabled/ldap ]
|
| 53 |
then
|
40 |
then
|
| 54 |
ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
|
41 |
ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
|
| 55 |
fi
|
42 |
fi
|
| - |
|
43 |
if [ -e /etc/raddb/sites-enabled/alcasar ]
|
| - |
|
44 |
then
|
| - |
|
45 |
rm /etc/raddb/sites-enabled/alcasar
|
| - |
|
46 |
fi
|
| - |
|
47 |
ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
|
| 56 |
/usr/local/bin/alcasar-iptables.sh
|
48 |
/usr/local/bin/alcasar-iptables.sh
|
| 57 |
/usr/bin/systemctl restart radiusd.service
|
49 |
/usr/bin/systemctl restart radiusd.service
|
| 58 |
;;
|
50 |
;;
|
| 59 |
--off | -off)
|
51 |
--off | -off)
|
| 60 |
$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
|
52 |
$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
|
| 61 |
rm -f /etc/raddb/mods-enabled/ldap
|
53 |
rm -f /etc/raddb/mods-enabled/ldap
|
| - |
|
54 |
if [ -e /etc/raddb/sites-enabled/alcasar ]
|
| - |
|
55 |
then
|
| - |
|
56 |
rm /etc/raddb/sites-enabled/alcasar
|
| - |
|
57 |
fi
|
| - |
|
58 |
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
|
| 62 |
/usr/local/bin/alcasar-iptables.sh
|
59 |
/usr/local/bin/alcasar-iptables.sh
|
| 63 |
/usr/bin/systemctl restart radiusd.service
|
60 |
/usr/bin/systemctl restart radiusd.service
|
| 64 |
;;
|
61 |
;;
|
| 65 |
*)
|
62 |
*)
|
| 66 |
echo "Argument inconnu :$1";
|
63 |
echo "Argument inconnu :$1";
|