Subversion Repositories ALCASAR

Rev

Rev 2705 | Rev 2715 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2705 Rev 2714
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
 
2
 
3
# $Id: alcasar-ldap.sh 2705 2019-03-05 22:30:50Z tom.houdayer $
3
# $Id: alcasar-ldap.sh 2714 2019-03-10 23:43:22Z tom.houdayer $
4
 
4
 
5
# alcasar-ldap.sh
5
# alcasar-ldap.sh
6
# by Rexy
6
# by Rexy
7
# This script is distributed under the Gnu General Public License (GPL)
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
8
 
Line 18... Line 18...
18
LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE | cut -d"=" -f2)                # hostname/IP address of the LDAP server
18
LDAP_SERVER=$(grep '^LDAP_SERVER=' $CONF_FILE | cut -d"=" -f2)                # hostname/IP address of the LDAP server
19
LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE | cut -d"=" -f2-)                   # LDAP username used by ALCASAR to read the remote directory
19
LDAP_USER=$(grep '^LDAP_USER=' $CONF_FILE | cut -d"=" -f2-)                   # LDAP username used by ALCASAR to read the remote directory
20
LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE | cut -d"=" -f2-)           # its password
20
LDAP_PASSWORD=$(grep '^LDAP_PASSWORD=' $CONF_FILE | cut -d"=" -f2-)           # its password
21
LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE | cut -d"=" -f2-)                   # Where to find the users (cn=**,dc=**,dc=**)
21
LDAP_BASE=$(grep '^LDAP_BASE=' $CONF_FILE | cut -d"=" -f2-)                   # Where to find the users (cn=**,dc=**,dc=**)
22
LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE | cut -d"=" -f2)                      # 'samaccountname' for A.D. - 'UID' for LDAP
22
LDAP_UID=$(grep '^LDAP_UID=' $CONF_FILE | cut -d"=" -f2)                      # 'samaccountname' for A.D. - 'UID' for LDAP
-
 
23
LDAP_FILTER=$(grep '^LDAP_FILTER=' $CONF_FILE | cut -d"=" -f2-)               # LDAP filter
23
LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE | cut -d"=" -f2-)                     # LDAP SSL status
24
LDAP_SSL=$(grep '^LDAP_SSL=' $CONF_FILE | cut -d"=" -f2-)                     # LDAP SSL status
24
LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE | cut -d"=" -f2-) # LDAP SSL certificate verifying
25
LDAP_CERT_REQUIRED=$(grep '^LDAP_CERT_REQUIRED=' $CONF_FILE | cut -d"=" -f2-) # LDAP SSL certificate verifying
25
 
26
 
26
nb_args=$#
27
nb_args=$#
27
args=$1
28
args=$1
Line 49... Line 50...
49
			echo  '' > $OPENLDAP_CONF
50
			echo  '' > $OPENLDAP_CONF
50
		fi
51
		fi
51
		$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
52
		$SED "s/^\tidentity =.*/\tidentity = \"${LDAP_USER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
52
		$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
53
		$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
53
		$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
54
		$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
-
 
55
		[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
54
		$SED "s/^\t\tfilter =.*/\t\tfilter = \"(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})\"/g" $LDAP_MODULE
56
		$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})($filter))\"/g" $LDAP_MODULE
55
		if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
57
		if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
56
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
58
			ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
57
		fi
59
		fi
58
		[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar
60
		[ -e /etc/raddb/sites-enabled/alcasar ] && rm /etc/raddb/sites-enabled/alcasar
59
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
61
		ln -s /etc/raddb/sites-available/alcasar-with-ldap /etc/raddb/sites-enabled/alcasar
Line 102... Line 104...
102
			export LDAPTLS_REQCERT="$require_cert"
104
			export LDAPTLS_REQCERT="$require_cert"
103
			[ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"
105
			[ -f "$LDAPS_CERT_LOC" ] && export LDAPTLS_CACERT="$LDAPS_CERT_LOC"
104
		else
106
		else
105
			protocol='ldap'
107
			protocol='ldap'
106
		fi
108
		fi
-
 
109
		[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
107
		/usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "($LDAP_UID=*)" 1.1
110
		/usr/bin/ldapsearch $debugOpt -LLL -H "$protocol://$LDAP_SERVER" -x -D "$LDAP_USER" -w "$LDAP_PASSWORD" -b "$LDAP_BASE" "(&($LDAP_UID=*)($filter))" 1.1
108
		;;
111
		;;
109
	*)
112
	*)
110
		echo "Argument inconnu : $1";
113
		echo "Argument inconnu : $1";
111
		echo "$usage"
114
		echo "$usage"
112
		exit 1
115
		exit 1