#!/bin/dash # # Copyright 2004-2012 Univention GmbH # # http://www.univention.de/ # # All rights reserved. # # The source code of this program is made available # under the terms of the GNU Affero General Public License version 3 # (GNU AGPL V3) as published by the Free Software Foundation. # # Binary versions of this program provided by Univention to you as # well as other copyrighted, protected or trademarked materials like # Logos, graphics, fonts, specific documentations and configurations, # cryptographic keys etc. are subject to a license agreement between # you and Univention and not subject to the GNU AGPL V3. # # In the case you use this program under the terms of the GNU AGPL V3, # the program is provided in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public # License with the Debian GNU/Linux or Univention distribution in file # /usr/share/common-licenses/AGPL-3; if not, see # . eval "$(univention-config-registry shell ldap/server/name windows/domain hostname connector/s4/ldap/.*)" LDB_MODULES_PATH=/usr/lib/ldb; export LDB_MODULES_PATH; ## currently necessary for ldbtools ## check for option -U to avoid letting --simple-bind-dn taking precedence optspec=":-:d:k:A:PU:" while getopts "$optspec" option; do case "${option}" in d) debug=true;; k) credentials_given=true;; A) credentials_given=true;; P) credentials_given=true;; U) credentials_given=true;; -) case "${OPTARG}" in authentication-file|authentication-file=*) credentials_given=true;; machine-pass|machine-pass=*) credentials_given=true;; password|password=*) credentials_given=true;; simple-bind-dn|simple-bind-dn=*) credentials_given=true;; user|user=*) credentials_given=true;; esac;; esac done if ! [ "$credentials_given" = 'true' ]; then if [ -r '/etc/machine.secret' ]; then ## currently the password in the secrets.ldb is set to machine.secret only on provision host, so we need to look it up from the secrets.ldb # sampassword=$(cat /etc/machine.secret) sampassword=$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName="${hostname}\$" secret | ldapsearch-wrapper | sed -n 's/secret: \(.*\)/\1/p') samaccount="${windows_domain}/${hostname}\$" fi if [ -n "$samaccount" ]; then option_samcredentials="-U$samaccount%$sampassword" set -- "$option_samcredentials" "$@" fi fi ldbsearch --debug-stderr -H "ldaps://$ldap_server_name" "$@" rc=$? if [ "$debug" = 'true' ]; then echo "### Output of: ldbsearch -H ldaps://$ldap_server_name $@" fi exit $rc