Subversion Repositories ALCASAR

Rev

Rev 2705 | Rev 2715 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 2705 Rev 2714
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
 
2
 
3
# $Id: alcasar-ldap.sh 2705 2019-03-05 22:30:50Z tom.houdayer $
3
# $Id: alcasar-ldap.sh 2714 2019-03-10 23:43:22Z tom.houdayer $
4
 
4
 
5
# alcasar-ldap.sh
5
# alcasar-ldap.sh
6
# by Rexy
6
# by Rexy
7
# This script is distributed under the Gnu General Public License (GPL)
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
8
 
Line 18... Line 18...
18
LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE | cut -d"=" -f2)                # hostname/IP address of the LDAP server
18
LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE | cut -d"=" -f2)                # hostname/IP address of the LDAP server
19
LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE | cut -d"=" -f2-)                   # LDAP username used by ALCASAR to read the remote directory
19
LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE | cut -d"=" -f2-)                   # LDAP username used by ALCASAR to read the remote directory
20
LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE | cut -d"=" -f2-)           # its password
20
LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE | cut -d"=" -f2-)           # its password
21
LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE | cut -d"=" -f2-)                   # Where to find the users (cn=**,dc=**,dc=**)
21
LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE | cut -d"=" -f2-)                   # Where to find the users (cn=**,dc=**,dc=**)
22
LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE | cut -d"=" -f2)                      # 'samaccountname' for A.D. - 'UID' for LDAP
22
LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE | cut -d"=" -f2)                      # 'samaccountname' for A.D. - 'UID' for LDAP
-
 
23
LDAP_FILTER=$(grep '^LDAP_FILTER=' $CONF_FILE | cut -d"=" -f2-)               # LDAP filter
23
LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE | cut -d"=" -f2-)                     # LDAP SSL status
24
LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE | cut -d"=" -f2-)                     # LDAP SSL status
24
LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE | cut -d"=" -f2-) # LDAP SSL certificate verifying
25
LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE | cut -d"=" -f2-) # LDAP SSL certificate verifying
25
 
26
 
26
nb_args=$#
27
nb_args=$#
27
args=$1
28
args=$1
Line 49... Line 50...
49
                        echo  '' > $OPENLDAP_CONF
50
                        echo  '' > $OPENLDAP_CONF
50
                fi
51
                fi
51
                $SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
52
                $SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
52
                $SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
53
                $SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
53
                $SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
54
                $SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
-
 
55
                [ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
54
                $SED "s/^\t\tfilter =.*/\t\tfilter = \"(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
56
                $SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})($filter))\"/g" $LDAP_MODULE
55
                if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
57
                if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
56
                        ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
58
                        ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
57
                fi
59
                fi
58
                [ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar
60
                [ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar
59
                ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
61
                ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
Line 102... Line 104...
102
                        export LDAPTLS_REQCERT="$require_cert"
104
                        export LDAPTLS_REQCERT="$require_cert"
103
                        [ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"
105
                        [ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"
104
                else
106
                else
105
                        protocol='ldap'
107
                        protocol='ldap'
106
                fi
108
                fi
-
 
109
                [ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
107
                /usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "($LDAP_UID=*)" 1.1
110
                /usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "(&($LDAP_UID=*)($filter))" 1.1
108
                ;;
111
                ;;
109
        *)
112
        *)
110
                echo "Argument inconnu : $1";
113
                echo "Argument inconnu : $1";
111
                echo "$usage"
114
                echo "$usage"
112
                exit 1
115
                exit 1