|
|
|---|
| 117 |
done |
117 |
done |
| 118 |
|
118 |
|
| 119 |
# display header only if username and password are not provided #29432 |
119 |
# display header only if username and password are not provided #29432 |
| 120 |
if [[ -z "$DCACCOUNT" && -z "$DCPWD" ]] ; then |
120 |
if [ -z "$DCACCOUNT" ] && [ -z "$DCPWD" ] ; then |
| 121 |
display_header |
121 |
display_header |
| 122 |
fi |
122 |
fi |
| 123 |
|
123 |
|
| 124 |
if [ ! -e /var/univention-join/joined ]; then |
124 |
if [ ! -e /var/univention-join/joined ]; then |
| 125 |
echo "The system hasn't been joined yet. univention-run-join-scripts can only be" |
125 |
echo "The system hasn't been joined yet. univention-run-join-scripts can only be" |
| 126 |
echo "used after an initial, successful join. You should run univention-join instead." |
126 |
echo "used after an initial, successful join. You should run univention-join instead." |
| 127 |
exit 1 |
127 |
exit 1 |
| 128 |
fi |
128 |
fi |
| 129 |
|
129 |
|
| 130 |
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then |
130 |
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then |
|
Lines 137-143
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then
|
Link Here
|
|---|
|
|---|
| 137 |
read -s password |
137 |
read -s password |
| 138 |
DCPWD=$(mktemp) |
138 |
DCPWD=$(mktemp) |
| 139 |
trap "rm -f '$DCPWD'" EXIT |
139 |
trap "rm -f '$DCPWD'" EXIT |
| 140 |
echo "$password" >>$DCPWD |
140 |
echo -n "$password" >>"$DCPWD" |
| 141 |
echo "" |
141 |
echo "" |
| 142 |
echo "" |
142 |
echo "" |
| 143 |
fi |
143 |
fi |
|
Lines 145-177
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then
|
Link Here
|
|---|
|
|---|
| 145 |
echo -n "Search LDAP binddn " |
145 |
echo -n "Search LDAP binddn " |
| 146 |
|
146 |
|
| 147 |
# First use udm to search the user DN |
147 |
# First use udm to search the user DN |
| 148 |
binddn="$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
148 |
OLDIFS="$IFS" IFS=" |
| 149 |
/usr/sbin/udm users/user list --filter uid=$DCACCOUNT --logfile /dev/null | sed -ne 's|DN: ||p')" |
149 |
" |
| 150 |
|
150 |
binddn=($(univention-ssh --no-split "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
|
|
151 |
/usr/sbin/udm users/user list --filter "'uid=$DCACCOUNT'" --logfile /dev/null | |
| 152 |
sed -ne 's|DN: ||p')) |
| 151 |
if [ -z "$binddn" ]; then |
153 |
if [ -z "$binddn" ]; then |
| 152 |
# Next check is the local ldapi interface |
154 |
# Next check is the local ldapi interface |
| 153 |
binddn="$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
155 |
binddn=($(univention-ssh --no-split "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
| 154 |
ldapsearch -x LLL -H ldapi:/// "(&(uid=$DCACCOUNT)(objectClass=person))" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
156 |
ldapsearch -x -LLL -H ldapi:/// "'(&(uid=$DCACCOUNT)(objectClass=person))'" dn | |
|
|
157 |
ldapsearch-wrapper | |
| 158 |
ldapsearch-decode64 | |
| 159 |
sed -ne 's|^dn: ||p')) |
| 155 |
fi |
160 |
fi |
| 156 |
|
|
|
| 157 |
if [ -z "$binddn" ]; then |
161 |
if [ -z "$binddn" ]; then |
| 158 |
# Check with anonymous bind |
162 |
# Check with anonymous bind |
| 159 |
ldap_result=$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
163 |
binddn=($(univention-ssh --no-split "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
| 160 |
"ldapsearch -x -LLL \'\(\&\(uid=$DCACCOUNT\)\(objectClass=person\)\)\' dn") |
164 |
ldapsearch -x -LLL "'(&(uid=$DCACCOUNT)(objectClass=person))'" dn | |
| 161 |
for i in $(echo "$ldap_result" | ldapsearch-wrapper | sed -n 's/^dn: \(.*\)/\1/p'); do |
165 |
ldapsearch-wrapper | |
| 162 |
if [ -n "$binddn" ]; then |
166 |
ldapsearch-decode64 | |
| 163 |
failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn" |
167 |
sed -ne 's|^dn: ||p')) |
| 164 |
fi |
|
|
| 165 |
binddn="$i" |
| 166 |
done |
| 167 |
|
| 168 |
fi |
168 |
fi |
|
|
169 |
[ ${#binddn[@]} -gt 1 ] && |
| 170 |
failed_message "binddn for user $DCACCOUNT not unique: ${binddn[*]}" |
| 171 |
IFS="$OLDIFS" |
| 169 |
|
172 |
|
| 170 |
if [ -z "$binddn" ]; then |
173 |
if [ -z "$binddn" ]; then |
| 171 |
failed_message "binddn for user $DCACCOUNT not found" |
174 |
failed_message "binddn for user $DCACCOUNT not found" |
| 172 |
else |
175 |
else |
| 173 |
ldapsearch -x -LLL -b "$ldap_base" -D "$binddn" -w `cat $DCPWD` -LLL -s base >/dev/null 2>&1 |
176 |
if ! ldapsearch -x -LLL -b "$ldap_base" -D "$binddn" -y "$DCPWD" -LLL -s base >/dev/null 2>&1 |
| 174 |
if [ $? != 0 ]; then |
177 |
then |
| 175 |
failed_message "Invalid credentials" |
178 |
failed_message "Invalid credentials" |
| 176 |
else |
179 |
else |
| 177 |
echo -e "\033[60Gdone" |
180 |
echo -e "\033[60Gdone" |
|
Lines 186-194
SCRIPTS=(/usr/lib/univention-install/*.{inst,uinst})
|
Link Here
|
|---|
|
|---|
| 186 |
if [ -n "$RUN_SCRIPTS" ]; then |
189 |
if [ -n "$RUN_SCRIPTS" ]; then |
| 187 |
# evaluate specified join scripts |
190 |
# evaluate specified join scripts |
| 188 |
SCRIPTS=() |
191 |
SCRIPTS=() |
| 189 |
for iscript in $@; do |
192 |
for iscript in "$@" |
|
|
193 |
do |
| 190 |
# guess full path of join script |
194 |
# guess full path of join script |
| 191 |
iscript=/usr/lib/univention-install/$iscript |
195 |
iscript="/usr/lib/univention-install/$iscript" |
| 192 |
if [ ! -e "$iscript" ]; then |
196 |
if [ ! -e "$iscript" ]; then |
| 193 |
# expand .inst or .uinst suffix if not specified |
197 |
# expand .inst or .uinst suffix if not specified |
| 194 |
test -e "$iscript.uinst" && iscript=$iscript.uinst |
198 |
test -e "$iscript.uinst" && iscript=$iscript.uinst |
|
Lines 198-204
if [ -n "$RUN_SCRIPTS" ]; then
|
Link Here
|
|---|
|
|---|
| 198 |
# error ... join script does not exist |
202 |
# error ... join script does not exist |
| 199 |
failed_message "The given joinscript '$iscript' does not exists" |
203 |
failed_message "The given joinscript '$iscript' does not exists" |
| 200 |
fi |
204 |
fi |
| 201 |
SCRIPTS[${#SCRIPTS[@]}]=$iscript |
205 |
SCRIPTS+=("$iscript") |
| 202 |
done |
206 |
done |
| 203 |
fi |
207 |
fi |
| 204 |
|
208 |
|