WebSVN – ALCASAR – Diff – //scripts/alcasar-ldap.sh



#!/bin/bash
 
# $Id: alcasar-ldap.sh 2714 2019-03-10 23:43:22Z tom.houdayer $
 
# alcasar-ldap.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 

LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE | cut -d"=" -f2)                # hostname/IP address of the LDAP server
LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE | cut -d"=" -f2-)                   # LDAP username used by ALCASAR to read the remote directory
LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE | cut -d"=" -f2-)           # its password
LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE | cut -d"=" -f2-)                   # Where to find the users (cn=**,dc=**,dc=**)
LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE | cut -d"=" -f2)                      # 'samaccountname' for A.D. - 'UID' for LDAP
LDAP_FILTER=$(grep '^LDAP_FILTER=' $CONF_FILE | cut -d"=" -f2-)               # LDAP filter
LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE | cut -d"=" -f2-)                     # LDAP SSL status
LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE | cut -d"=" -f2-) # LDAP SSL certificate verifying
 
nb_args=$#
args=$1

			echo  '' > $OPENLDAP_CONF
		fi
		$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
		$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})($filter))\"/g" $LDAP_MODULE
		if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
		fi
		[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar

			export LDAPTLS_REQCERT="$require_cert"
			[ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"
		else
			protocol='ldap'
		fi
		[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
		/usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "(&($LDAP_UID=*)($filter))" 1.1
		;;
	*)
		echo "Argument inconnu : $1";
		echo "$usage"
		exit 1

Rev 2705	Rev 2714
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2		2
3	`# $Id: alcasar-ldap.sh 2705 2019-03-05 22:30:50Z tom.houdayer $`	3	`# $Id: alcasar-ldap.sh 2714 2019-03-10 23:43:22Z tom.houdayer $`
4		4
5	`# alcasar-ldap.sh`	5	`# alcasar-ldap.sh`
6	`# by Rexy`	6	`# by Rexy`
7	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
8		8
Line 18...	Line 18...
18	`LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE \| cut -d"=" -f2) # hostname/IP address of the LDAP server`	18	`LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE \| cut -d"=" -f2) # hostname/IP address of the LDAP server`
19	`LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE \| cut -d"=" -f2-) # LDAP username used by ALCASAR to read the remote directory`	19	`LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE \| cut -d"=" -f2-) # LDAP username used by ALCASAR to read the remote directory`
20	`LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE \| cut -d"=" -f2-) # its password`	20	`LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE \| cut -d"=" -f2-) # its password`
21	`LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE \| cut -d"=" -f2-) # Where to find the users (cn=,dc=,dc=**)`	21	`LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE \| cut -d"=" -f2-) # Where to find the users (cn=,dc=,dc=**)`
22	`LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE \| cut -d"=" -f2) # 'samaccountname' for A.D. - 'UID' for LDAP`	22	`LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE \| cut -d"=" -f2) # 'samaccountname' for A.D. - 'UID' for LDAP`
-		23	`LDAP_FILTER=$(grep '^LDAP_FILTER=' $CONF_FILE \| cut -d"=" -f2-) # LDAP filter`
23	`LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE \| cut -d"=" -f2-) # LDAP SSL status`	24	`LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE \| cut -d"=" -f2-) # LDAP SSL status`
24	`LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE \| cut -d"=" -f2-) # LDAP SSL certificate verifying`	25	`LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE \| cut -d"=" -f2-) # LDAP SSL certificate verifying`
25		26
26	`nb_args=$#`	27	`nb_args=$#`
27	`args=$1`	28	`args=$1`
Line 49...	Line 50...
49	`echo '' > $OPENLDAP_CONF`	50	`echo '' > $OPENLDAP_CONF`
50	`fi`	51	`fi`
51	`$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE`	52	`$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
52	`$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE`	53	`$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
53	`$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE`	54	`$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
-		55	`[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" \|\| filter='&'`
54	`$SED "s/^\t\tfilter =.*/\t\tfilter = \"(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE`	56	`$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})($filter))\"/g" $LDAP_MODULE`
55	`if [ ! -e /etc/raddb/mods-enabled/ldap ]; then`	57	`if [ ! -e /etc/raddb/mods-enabled/ldap ]; then`
56	`ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap`	58	`ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap`
57	`fi`	59	`fi`
58	`[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar`	60	`[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar`
59	`ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar`	61	`ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar`
Line 102...	Line 104...
102	`export LDAPTLS_REQCERT="$require_cert"`	104	`export LDAPTLS_REQCERT="$require_cert"`
103	`[ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"`	105	`[ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"`
104	`else`	106	`else`
105	`protocol='ldap'`	107	`protocol='ldap'`
106	`fi`	108	`fi`
-		109	`[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" \|\| filter='&'`
107	`/usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "($LDAP_UID=*)" 1.1`	110	`/usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "(&($LDAP_UID=*)($filter))" 1.1`
108	`;;`	111	`;;`
109	`*)`	112	`*)`
110	`echo "Argument inconnu : $1";`	113	`echo "Argument inconnu : $1";`
111	`echo "$usage"`	114	`echo "$usage"`
112	`exit 1`	115	`exit 1`

Subversion Repositories ALCASAR

(root)//scripts/alcasar-ldap.sh – Rev 2705 → 2714