Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2446 → Rev 2447

/alcasar.sh
1102,7 → 1102,7
# Set modules
# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
rm -rf /etc/raddb/mods-enabled/*
for mods in sql sqlcounter attr_filter expiration logintime pap expr ldap
for mods in sql sqlcounter attr_filter expiration logintime pap expr
do
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
done
2098,8 → 2098,13
echo "SSH=on" >> $CONF_FILE
echo "SSH_ADMIN_FROM=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "LDAP=off" >> $CONF_FILE
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "LDAP_SERVER=127.0.0.1" >> $CONF_FILE
echo "LDAP_BASE=ou=my_lan;dc=server_name;dc=localdoamin" >> $CONF_FILE
echo "LDAP_UID=sAMAccountName" >> $CONF_FILE
echo "LDAP_FILTER=" >> $CONF_FILE
echo "LDAP_USER=alcasar" >> $CONF_FILE
echo "LDAP_PASSWORD=" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
/scripts/alcasar-ldap.sh
0,0 → 1,61
#!/bin/bash
 
# alcasar-ldap.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe
# enable / disable authentication of users via an extern LDAP server
 
# TODO
# - modif files "site-enabled/alcasar" + "mods-available/ldap"
# - add / remove "ln -s mods-available/ldap mods-enabled/ldap"
# - /usr/local/bin/alcasar-iptables.sh");
# - /usr/bin/systemctl restart radiusd");
 
# Modif "sites-enabled/alcasar"
# Configure autorize section with:
# ldap {
# fail=1
# }
# Configure authenticate section with
# Auth-Type LDAP {
# ldap
# }
 
# Modif "mods-available/ldap"
# host = $ldap_server;
# identity = $ldap_user;
# password = $ldap_password;
# basedn = $ldap_base_dn;
# filter = $ldap_filter;
# uid = $ldap_filter;
# base_filter = $ldap_base_filter;
 
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
--on | -on)
;;
--off | -off)
;;
*)
echo "Argument inconnu :$1";
echo "$usage"
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
/web/acc/admin/update_ldap.php
59,58 → 59,24
exit("Vous n'avez pas les droits d'écriture sur le fichier /etc/raddb/mods-available/ldap");
}
 
/****************************************************************
* File sites-enabled/alcasar *
*****************************************************************/
/*
ON ACTIVE LE LDAP
*/
/*
Configure autorize section with:
ldap {
fail=1
}
*/
/*
Configure authenticate section with
Auth-Type LDAP {
ldap
}
*/
/*
 
/****************************************************************
* File mods/available/ldap *
*****************************************************************/
//$ldap->host = $ldap_server;
//$ldap->identity = $ldap_user;
//$ldap->password = $ldap_password;
//$ldap->basedn = $ldap_base_dn;
//$ldap->filter = $ldap_filter;
//$ldap->uid = $ldap_filter;
//$ldap->base_filter = $ldap_base_filter;
 
/********************************************************
* File modification & services restart *
* Conf file modification & ldap script call *
*********************************************************/
//test d'accès au serveur
//si réussite
// - écriture config ldap complète dans alcasar.conf
// - appel script-shell (alcasar-ldap.sh)
// - modif des 2 fichier ci-dessus
// - actions si dessous
// After testing serveur access
if ($auth_enable == "1") {
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=off', 'LDAP=on', file_get_contents(ALCASAR_CONF_FILE)));
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ".ALCASAR_CONF_FILE);
exec("ln -s /etc/raddb/mods-available/ldap /etc/raddb/mods-enabled/ldap");
exec("sed -i \"s/^LDAP=.*/LDAP=on/g\" ".ALCASAR_CONF_FILE);
exec("sed -i \"s/^LDAP_SERVER=.*/LDAP_SERVER=$ldap_server/g\" ".ALCASAR_CONF_FILE);
exec("sed -i \"s/^LDAP_BASE=.*/LDAP_BASE=$ldap_base_dn/g\" ".ALCASAR_CONF_FILE);
exec("sed -i \"s/^LDAP_UID=.*/LDAP_UID=$ldap_filter/g\" ".ALCASAR_CONF_FILE);
exec("sed -i \"s/^LDAP_FILTER=.*/LDAP_FILTER=$ldap_filter/g\" ".ALCASAR_CONF_FILE);
exec("sed -i \"s/^LDAP_USER=.*/LDAP_USER=$ldap_user/g\" ".ALCASAR_CONF_FILE);
exec("sed -i \"s/^LDAP_PASSWORD=.*/LDAP_PASSWORD=$ldap_password/g\" ".ALCASAR_CONF_FILE);
exec("sudo /usr/local/bin/alcasar-ldap.sh -on");
}
else {
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=on', 'LDAP=off', file_get_contents(ALCASAR_CONF_FILE)));
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ".ALCASAR_CONF_FILE);
exec("rm -f /etc/raddb/mods-enabled/ldap");
exec("sed -i \"s/^LDAP=.*/LDAP=off/g\" ".ALCASAR_CONF_FILE);
exec("sudo /usr/local/bin/alcasar-ldap.sh -off");
}
#exec("sudo /usr/local/bin/alcasar-iptables.sh");
#exec("sudo /usr/bin/systemctl restart radiusd");
 
/****************************************************************
* Redirection vers la page de configuration LDAP *