WebSVN – ALCASAR – Diff – /scripts/alcasar-ldap.sh


#!/bin/bash
 
# $Id: alcasar-ldap.sh 2490 2018-02-26 00:49:37Z tom.houdayer $
 
# alcasar-ldap.sh
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe
# enable / disable authentication of users via an extern LDAP server
 
usage="Usage: alcasar-ldap.sh {--on or -on } | {--off or -off}"
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"
LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE|cut -d"=" -f2`		# IP address of the LDAP server
LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE|cut -d"=" -f2-`			# Where to find the users (cn=**,dc=**,dc=**)
LDAP_UID=`grep ^LDAP_UID= $CONF_FILE|cut -d"=" -f2`				# 'samaccuntname' for A.D. - 'UID' for LDAP
LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE|cut -d"=" -f2-`		# Filter to limit users search (not used for now)
LDAP_USER=`grep ^LDAP_USER= $CONF_FILE|cut -d"=" -f2-`			# LDAP username used by ALCASAR to read the remote directory
LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE|cut -d"=" -f2-`	# its password
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	nb_args=1
	args="-h"
fi
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	--on | -on)	
		$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE
		$SED "s/^\tserver =.*/\tserver = \"ldap:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
		$SED "s/^\tfilter =.*/\tfilter = \"(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
		if [ ! -e /etc/raddb/mods-enabled/ldap ]
		then
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
		fi
		if [ -e /etc/raddb/sites-enabled/alcasar ]
		then
			rm /etc/raddb/sites-enabled/alcasar
		fi
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
		/usr/bin/systemctl restart radiusd.service
		;;
	--off | -off)
		$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE
		rm -f /etc/raddb/mods-enabled/ldap
		if [ -e /etc/raddb/sites-enabled/alcasar ]
		then
			rm /etc/raddb/sites-enabled/alcasar
		fi
		ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
		/usr/bin/systemctl restart radiusd.service
		;;
	*)
		echo "Argument inconnu : $1";
		echo "$usage"
		exit 1
		;;
esac
 

Rev 2474	Rev 2490
1	`#!/bin/bash`	1	`#!/bin/bash`
2		2
-		3	`# $Id: alcasar-ldap.sh 2490 2018-02-26 00:49:37Z tom.houdayer $`
-		4
3	`# alcasar-ldap.sh`	5	`# alcasar-ldap.sh`
4	`# by Rexy`	6	`# by Rexy`
5	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
6		8
7	`# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe`	9	`# activation / désactivation de l'authentification des utilisateurs via un serveur LDAP externe`
8	`# enable / disable authentication of users via an extern LDAP server`	10	`# enable / disable authentication of users via an extern LDAP server`
9		11
10	`usage="Usage: alcasar-ldap.sh {--on or -on } \| {--off or -off}"`	12	`usage="Usage: alcasar-ldap.sh {--on or -on } \| {--off or -off}"`
11	`SED="/bin/sed -i"`	13	`SED="/bin/sed -i"`
12	`CONF_FILE="/usr/local/etc/alcasar.conf"`	14	`CONF_FILE="/usr/local/etc/alcasar.conf"`
13	`LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"`	15	`LDAP_MODULE="/etc/raddb/mods-available/ldap-alcasar"`
14	LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE\|cut -d"=" -f2` # IP address of the LDAP server	16	LDAP_SERVER=`grep ^LDAP_SERVER= $CONF_FILE\|cut -d"=" -f2` # IP address of the LDAP server
15	LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE\|cut -d"=" -f2-` # Where to find the users (cn=,dc=,dc=**)	17	LDAP_BASE=`grep ^LDAP_BASE= $CONF_FILE\|cut -d"=" -f2-` # Where to find the users (cn=,dc=,dc=**)
16	LDAP_UID=`grep ^LDAP_UID= $CONF_FILE\|cut -d"=" -f2` # 'samaccuntname' for A.D. - 'UID' for LDAP	18	LDAP_UID=`grep ^LDAP_UID= $CONF_FILE\|cut -d"=" -f2` # 'samaccuntname' for A.D. - 'UID' for LDAP
17	LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE\|cut -d"=" -f2-` # Filter to limit users search (not used for now)	19	LDAP_FILTER=`grep ^LDAP_FILTER= $CONF_FILE\|cut -d"=" -f2-` # Filter to limit users search (not used for now)
18	LDAP_USER=`grep ^LDAP_USER= $CONF_FILE\|cut -d"=" -f2-` # LDAP username used by ALCASAR to read the remote directory	20	LDAP_USER=`grep ^LDAP_USER= $CONF_FILE\|cut -d"=" -f2-` # LDAP username used by ALCASAR to read the remote directory
19	LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE\|cut -d"=" -f2-` # its password	21	LDAP_PASSWORD=`grep ^LDAP_PASSWORD= $CONF_FILE\|cut -d"=" -f2-` # its password
20	`nb_args=$#`	22	`nb_args=$#`
21	`args=$1`	23	`args=$1`
22	`if [ $nb_args -eq 0 ]`	24	`if [ $nb_args -eq 0 ]`
23	`then`	25	`then`
24	`nb_args=1`	26	`nb_args=1`
25	`args="-h"`	27	`args="-h"`
26	`fi`	28	`fi`
27	`case $args in`	29	`case $args in`
28	`-\? \| -h* \| --h*)`	30	`-\? \| -h* \| --h*)`
29	`echo "$usage"`	31	`echo "$usage"`
30	`exit 0`	32	`exit 0`
31	`;;`	33	`;;`
32	`--on \| -on)`	34	`--on \| -on)`
33	`$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE`	35	`$SED "s/^LDAP=.*/LDAP=on/g" $CONF_FILE`
34	`$SED "s/^server =.*/server = ldap:\/\/$LDAP_SERVER/g" $LDAP_MODULE`	36	`$SED "s/^\tserver =.*/\tserver = \"ldap:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
35	`$SED "s/^identity =.*/identity = $LDAP_USER/g" $LDAP_MODULE`	37	`$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
36	`$SED "s/^password =.*/password = $LDAP_PASSWORD/g" $LDAP_MODULE`	38	`$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
37	`$SED "s/^base_dn =.*/base_dn = \"$LDAP_BASE\"/g" $LDAP_MODULE`	39	`$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE`
38	`$SED "s/^filter =.*/filter = \"($LDAP_UID=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE`	40	`$SED "s/^\tfilter =.*/\tfilter = \"(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE`
39	`if [ ! -e /etc/raddb/mods-enabled/ldap ]`	41	`if [ ! -e /etc/raddb/mods-enabled/ldap ]`
40	`then`	42	`then`
41	`ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap`	43	`ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap`
42	`fi`	44	`fi`
43	`if [ -e /etc/raddb/sites-enabled/alcasar ]`	45	`if [ -e /etc/raddb/sites-enabled/alcasar ]`
44	`then`	46	`then`
45	`rm /etc/raddb/sites-enabled/alcasar`	47	`rm /etc/raddb/sites-enabled/alcasar`
46	`fi`	48	`fi`
47	`ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar`	49	`ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar`
48	`/usr/bin/systemctl restart radiusd.service`	50	`/usr/bin/systemctl restart radiusd.service`
49	`;;`	51	`;;`
50	`--off \| -off)`	52	`--off \| -off)`
51	`$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE`	53	`$SED "s/^LDAP=.*/LDAP=off/g" $CONF_FILE`
52	`rm -f /etc/raddb/mods-enabled/ldap`	54	`rm -f /etc/raddb/mods-enabled/ldap`
53	`if [ -e /etc/raddb/sites-enabled/alcasar ]`	55	`if [ -e /etc/raddb/sites-enabled/alcasar ]`
54	`then`	56	`then`
55	`rm /etc/raddb/sites-enabled/alcasar`	57	`rm /etc/raddb/sites-enabled/alcasar`
56	`fi`	58	`fi`
57	`ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar`	59	`ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar`
58	`/usr/bin/systemctl restart radiusd.service`	60	`/usr/bin/systemctl restart radiusd.service`
59	`;;`	61	`;;`
60	`*)`	62	`*)`
61	`echo "Argument inconnu : $1";`	63	`echo "Argument inconnu : $1";`
62	`echo "$usage"`	64	`echo "$usage"`
63	`exit 1`	65	`exit 1`
64	`;;`	66	`;;`
65	`esac`	67	`esac`
66		68

Subversion Repositories ALCASAR

(root)/scripts/alcasar-ldap.sh @ 2705 – Rev 2474 → 2490