Subversion Repositories ALCASAR

Rev

Rev 2474 | Rev 2705 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2447 richard 1
#!/bin/bash
2
 
2490 tom.houday 3
# $Id: alcasar-ldap.sh 2490 2018-02-26 00:49:37Z tom.houdayer $
4
 
2447 richard 5
# alcasar-ldap.sh
6
# by Rexy
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
9
# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe
10
# enable / disable authentication of users via an extern LDAP server
11
 
12
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
13
SED="/bin/sed -i"
14
CONF_FILE="/usr/local/etc/alcasar.conf"
2465 richard 15
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
2467 richard 16
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2`		# IP address of the LDAP server
17
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-`			# Where to find the users (cn=**,dc=**,dc=**)
18
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2`				# 'samaccuntname' for A.D. - 'UID' for LDAP
2474 tom.houday 19
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2-`		# Filter to limit users search (not used for now)
2467 richard 20
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2-`			# LDAP username used by ALCASAR to read the remote directory
2474 tom.houday 21
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2-`	# its password
2447 richard 22
nb_args=$#
23
args=$1
24
if [ $nb_args -eq 0 ]
25
then
26
	nb_args=1
27
	args="-h"
28
fi
29
case $args in
30
	-\? | -h* | --h*)
31
		echo "$usage"
32
		exit 0
33
		;;
34
	--on | -on)	
2465 richard 35
		$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
2490 tom.houday 36
		$SED "s/^\tserver =.*/\tserver = \"ldap:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
37
		$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
38
		$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
39
		$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
40
		$SED "s/^\tfilter =.*/\tfilter = \"(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
2466 richard 41
		if [ ! -e /etc/raddb/mods-enabled/ldap ]
42
		then
43
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
44
		fi
2467 richard 45
		if [ -e /etc/raddb/sites-enabled/alcasar ]
46
		then
47
			rm /etc/raddb/sites-enabled/alcasar
48
		fi
49
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
2465 richard 50
		/usr/bin/systemctl restart radiusd.service
2447 richard 51
		;;
52
	--off | -off)
2465 richard 53
		$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
54
		rm -f /etc/raddb/mods-enabled/ldap
2467 richard 55
		if [ -e /etc/raddb/sites-enabled/alcasar ]
56
		then
57
			rm /etc/raddb/sites-enabled/alcasar
58
		fi
59
		ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
2465 richard 60
		/usr/bin/systemctl restart radiusd.service
2474 tom.houday 61
		;;
2447 richard 62
	*)
2474 tom.houday 63
		echo "Argument inconnu : $1";
2447 richard 64
		echo "$usage"
65
		exit 1
66
		;;
67
esac