Subversion Repositories ALCASAR

Rev

Rev 2467 | Rev 2474 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2467 Rev 2470
1
#!/bin/bash
1
#!/bin/bash
2
 
2
 
3
# alcasar-ldap.sh
3
# alcasar-ldap.sh
4
# by Rexy
4
# by Rexy
5
# This script is distributed under the Gnu General Public License (GPL)
5
# This script is distributed under the Gnu General Public License (GPL)
6
 
6
 
7
# activation / d├ęsactivation de l'authentification des utilisateurs via un serveur LDAP externe
7
# activation / d├ęsactivation de l'authentification des utilisateurs via un serveur LDAP externe
8
# enable / disable authentication of users via an extern LDAP server
8
# enable / disable authentication of users via an extern LDAP server
9
 
9
 
10
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
10
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
11
SED="/bin/sed -i"
11
SED="/bin/sed -i"
12
CONF_FILE="/usr/local/etc/alcasar.conf"
12
CONF_FILE="/usr/local/etc/alcasar.conf"
13
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
13
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
14
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2`		# IP address of the LDAP server
14
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2`		# IP address of the LDAP server
15
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-`			# Where to find the users (cn=**,dc=**,dc=**)
15
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-`			# Where to find the users (cn=**,dc=**,dc=**)
16
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2`				# 'samaccuntname' for A.D. - 'UID' for LDAP
16
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2`				# 'samaccuntname' for A.D. - 'UID' for LDAP
17
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2`		# Filter to limit users search (not used for now)
17
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2`		# Filter to limit users search (not used for now)
18
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2-`			# LDAP username used by ALCASAR to read the remote directory
18
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2-`			# LDAP username used by ALCASAR to read the remote directory
19
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2`	# its password
19
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2`	# its password
20
nb_args=$#
20
nb_args=$#
21
args=$1
21
args=$1
22
if [ $nb_args -eq 0 ]
22
if [ $nb_args -eq 0 ]
23
then
23
then
24
	nb_args=1
24
	nb_args=1
25
	args="-h"
25
	args="-h"
26
fi
26
fi
27
case $args in
27
case $args in
28
	-\? | -h* | --h*)
28
	-\? | -h* | --h*)
29
		echo "$usage"
29
		echo "$usage"
30
		exit 0
30
		exit 0
31
		;;
31
		;;
32
	--on | -on)	
32
	--on | -on)	
33
		$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
33
		$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
34
		$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE
34
		$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE
35
		$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE
35
		$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE
36
		$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE
36
		$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE
37
		$SED "s/^base_dn =.*/base_dn = \"$LDAP_BASE\"/g" $LDAP_MODULE
37
		$SED "s/^base_dn =.*/base_dn = \"$LDAP_BASE\"/g" $LDAP_MODULE
38
		$SED "s/^filter =.*/filter = \"($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
38
		$SED "s/^filter =.*/filter = \"($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
39
		if [ ! -e /etc/raddb/mods-enabled/ldap ]
39
		if [ ! -e /etc/raddb/mods-enabled/ldap ]
40
		then
40
		then
41
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
41
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
42
		fi
42
		fi
43
		if [ -e /etc/raddb/sites-enabled/alcasar ]
43
		if [ -e /etc/raddb/sites-enabled/alcasar ]
44
		then
44
		then
45
			rm /etc/raddb/sites-enabled/alcasar
45
			rm /etc/raddb/sites-enabled/alcasar
46
		fi
46
		fi
47
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
47
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
48
		/usr/local/bin/alcasar-iptables.sh
-
 
49
		/usr/bin/systemctl restart radiusd.service
48
		/usr/bin/systemctl restart radiusd.service
50
		;;
49
		;;
51
	--off | -off)
50
	--off | -off)
52
		$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
51
		$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
53
		rm -f /etc/raddb/mods-enabled/ldap
52
		rm -f /etc/raddb/mods-enabled/ldap
54
		if [ -e /etc/raddb/sites-enabled/alcasar ]
53
		if [ -e /etc/raddb/sites-enabled/alcasar ]
55
		then
54
		then
56
			rm /etc/raddb/sites-enabled/alcasar
55
			rm /etc/raddb/sites-enabled/alcasar
57
		fi
56
		fi
58
		ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
57
		ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
59
		/usr/local/bin/alcasar-iptables.sh
-
 
60
		/usr/bin/systemctl restart radiusd.service
58
		/usr/bin/systemctl restart radiusd.service
61
;;
59
;;
62
	*)
60
	*)
63
		echo "Argument inconnu :$1";
61
		echo "Argument inconnu :$1";
64
		echo "$usage"
62
		echo "$usage"
65
		exit 1
63
		exit 1
66
		;;
64
		;;
67
esac
65
esac
68
 
66