BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /scripts/alcasar-ldap.sh @ 2730

  → /scripts/alcasar-ldap.sh @ 2731

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2730 → Rev 2731

/scripts/alcasar-ldap.sh
60,7 → 60,8
$SED "s/^\tport =.*/\tport = 636/g" $LDAP_MODULE
[ "$LDAP_CERT_REQUIRED" == 'on' ] && require_cert='demand' || require_cert='never'
$SED "s/^\t\t#?require_cert =.*/\t\trequire_cert = '$require_cert'/g" $LDAP_MODULE
echo -e "TLS_CACERT $LDAPS_CERT_LOC\nTLS_REQCERT $require_cert" > $OPENLDAP_CONF
echo "TLS_REQCERT $require_cert" > $OPENLDAP_CONF
[ -f "$LDAPS_CERT_LOC" ] && echo "TLS_CACERT $LDAPS_CERT_LOC" >> $OPENLDAP_CONF
else
$SED "s/^\tserver =.*/\tserver = \"ldap:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE
$SED "s/^\tport =.*/\tport = 389/g" $LDAP_MODULE
70,7 → 71,7
$SED "s/^\tpassword =.*/\tpassword = \"${LDAP_PASSWORD//\"/\\\\\\\"}\"/g" $LDAP_MODULE
$SED "s/^\tbase_dn =.*/\tbase_dn = \"${LDAP_BASE//\"/\\\\\\\"}\"/g" $LDAP_MODULE
[ -n "$LDAP_FILTER" ] && filter="$LDAP_FILTER" || filter='&'
$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})($filter))\"/g" $LDAP_MODULE
$SED "s/^\t\tfilter =.*/\t\tfilter = \"(\&(${LDAP_UID//\"/\\\\\\\"}=%{%{Stripped-User-Name}:-%{User-Name}})(${filter//&/\\&}))\"/g" $LDAP_MODULE
if [ ! -e /etc/raddb/mods-enabled/ldap ]; then
ln -s $LDAP_MODULE /etc/raddb/mods-enabled/ldap
fi
90,6 → 91,13
cert=$2
[ -z "$cert" ] && echo "$usage" && exit 1
[ ! -f "$cert" ] && { echo >&2 "ERR: certificate file \"$cert\" not found" ; exit 1; }
# TODO : convert DER format to PEM ?
cp -f "$cert" $LDAPS_CERT_LOC
chown root:radius $LDAPS_CERT_LOC
chmod 644 $LDAPS_CERT_LOC
if [ "$LDAP_CERT_REQUIRED" == 'on' ]; then
domainName=$(openssl x509 -noout -subject -in $LDAPS_CERT_LOC | cut -d' ' -f2- | sed 's@/[A-Za-z]\+=@\n@g' | tac | tr '\n' '.' | sed 's@\.\+$@@')
if [ "$domainName" != "$LDAP_SERVER" ]; then
96,10 → 104,6
echo 'WARN: the common name of the certificate is different from the server domain name'
fi
fi
# TODO : convert DER format to PEM ?
cp -f "$cert" $LDAPS_CERT_LOC
chown root:radius $LDAPS_CERT_LOC
chmod 644 $LDAPS_CERT_LOC
$SED "s/^LDAP_SSL=.*/LDAP_SSL=on/g" $CONF_FILE
$SED "s/^\tserver =.*/\tserver = \"ldaps:\/\/${LDAP_SERVER//\"/\\\\\\\"}\"/g" $LDAP_MODULE