Subversion Repositories ALCASAR

Rev

Rev 2466 | Rev 2470 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2466 Rev 2467
Line 5... Line 5...
5
# This script is distributed under the Gnu General Public License (GPL)
5
# This script is distributed under the Gnu General Public License (GPL)
6
 
6
 
7
# activation / d├ęsactivation de l'authentification des utilisateurs via un serveur LDAP externe
7
# activation / d├ęsactivation de l'authentification des utilisateurs via un serveur LDAP externe
8
# enable / disable authentication of users via an extern LDAP server
8
# enable / disable authentication of users via an extern LDAP server
9
 
9
 
10
# TODO
-
 
11
#	- modif files "site-enabled/alcasar"
-
 
12
 
-
 
13
# Modif "sites-enabled/alcasar"
-
 
14
#	Configure autorize section with:
-
 
15
#		ldap  { 
-
 
16
#			fail=1
-
 
17
#		}
-
 
18
#	Configure authenticate section with
-
 
19
#		Auth-Type LDAP {
-
 
20
#			ldap
-
 
21
#		}
-
 
22
 
-
 
23
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
10
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
24
SED="/bin/sed -i"
11
SED="/bin/sed -i"
25
CONF_FILE="/usr/local/etc/alcasar.conf"
12
CONF_FILE="/usr/local/etc/alcasar.conf"
26
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
13
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
27
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2`	# IP address of the LDAP server
14
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2`		# IP address of the LDAP server
28
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-`		# Where to find the users (cn=**,dc=**,dc=**)
15
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-`			# Where to find the users (cn=**,dc=**,dc=**)
29
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2`		# 'samaccuntname' for A.D. - 'UID' for LDAP
16
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2`				# 'samaccuntname' for A.D. - 'UID' for LDAP
30
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2`	# Filter to limit users search (not used for now)
17
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2`		# Filter to limit users search (not used for now)
31
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2`		# User name enable to list the directory
18
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2-`			# LDAP username used by ALCASAR to read the remote directory
32
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2`	#
19
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2`	# its password
33
nb_args=$#
20
nb_args=$#
34
args=$1
21
args=$1
35
if [ $nb_args -eq 0 ]
22
if [ $nb_args -eq 0 ]
36
then
23
then
37
	nb_args=1
24
	nb_args=1
Line 45... Line 32...
45
	--on | -on)	
32
	--on | -on)	
46
		$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
33
		$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
47
		$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE
34
		$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE
48
		$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE
35
		$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE
49
		$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE
36
		$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE
50
		$SED "s/^base_dn =.*/base_dn = $LDAP_BASE/g" $LDAP_MODULE
37
		$SED "s/^base_dn =.*/base_dn = \"$LDAP_BASE\"/g" $LDAP_MODULE
51
		$SED "s/^filter =.*/filter = ($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})/g" $LDAP_MODULE
38
		$SED "s/^filter =.*/filter = \"($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
52
		if [ ! -e /etc/raddb/mods-enabled/ldap ]
39
		if [ ! -e /etc/raddb/mods-enabled/ldap ]
53
		then
40
		then
54
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
41
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
55
		fi
42
		fi
-
 
43
		if [ -e /etc/raddb/sites-enabled/alcasar ]
-
 
44
		then
-
 
45
			rm /etc/raddb/sites-enabled/alcasar
-
 
46
		fi
-
 
47
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
56
		/usr/local/bin/alcasar-iptables.sh
48
		/usr/local/bin/alcasar-iptables.sh
57
		/usr/bin/systemctl restart radiusd.service
49
		/usr/bin/systemctl restart radiusd.service
58
		;;
50
		;;
59
	--off | -off)
51
	--off | -off)
60
		$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
52
		$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
61
		rm -f /etc/raddb/mods-enabled/ldap
53
		rm -f /etc/raddb/mods-enabled/ldap
-
 
54
		if [ -e /etc/raddb/sites-enabled/alcasar ]
-
 
55
		then
-
 
56
			rm /etc/raddb/sites-enabled/alcasar
-
 
57
		fi
-
 
58
		ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
62
		/usr/local/bin/alcasar-iptables.sh
59
		/usr/local/bin/alcasar-iptables.sh
63
		/usr/bin/systemctl restart radiusd.service
60
		/usr/bin/systemctl restart radiusd.service
64
;;
61
;;
65
	*)
62
	*)
66
		echo "Argument inconnu :$1";
63
		echo "Argument inconnu :$1";