|
117 |
done |
117 |
done |
118 |
|
118 |
|
119 |
# display header only if username and password are not provided #29432 |
119 |
# display header only if username and password are not provided #29432 |
120 |
if [[ -z "$DCACCOUNT" && -z "$DCPWD" ]] ; then |
120 |
if [ -z "$DCACCOUNT" ] && [ -z "$DCPWD" ] ; then |
121 |
display_header |
121 |
display_header |
122 |
fi |
122 |
fi |
123 |
|
123 |
|
124 |
if [ ! -e /var/univention-join/joined ]; then |
124 |
if [ ! -e /var/univention-join/joined ]; then |
125 |
echo "The system hasn't been joined yet. univention-run-join-scripts can only be" |
125 |
echo "The system hasn't been joined yet. univention-run-join-scripts can only be" |
126 |
echo "used after an initial, successful join. You should run univention-join instead." |
126 |
echo "used after an initial, successful join. You should run univention-join instead." |
127 |
exit 1 |
127 |
exit 1 |
128 |
fi |
128 |
fi |
129 |
|
129 |
|
130 |
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then |
130 |
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then |
Lines 137-143
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then
|
Link Here
|
---|
|
137 |
read -s password |
137 |
read -s password |
138 |
DCPWD=$(mktemp) |
138 |
DCPWD=$(mktemp) |
139 |
trap "rm -f '$DCPWD'" EXIT |
139 |
trap "rm -f '$DCPWD'" EXIT |
140 |
echo "$password" >>$DCPWD |
140 |
echo -n "$password" >>"$DCPWD" |
141 |
echo "" |
141 |
echo "" |
142 |
echo "" |
142 |
echo "" |
143 |
fi |
143 |
fi |
Lines 145-177
if [ ! "$server_role" = "domaincontroller_master" ] || [ -n "$ASK_PASS" ] ; then
|
Link Here
|
---|
|
145 |
echo -n "Search LDAP binddn " |
145 |
echo -n "Search LDAP binddn " |
146 |
|
146 |
|
147 |
# First use udm to search the user DN |
147 |
# First use udm to search the user DN |
148 |
binddn="$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
148 |
OLDIFS="$IFS" IFS=" |
149 |
/usr/sbin/udm users/user list --filter uid=$DCACCOUNT --logfile /dev/null | sed -ne 's|DN: ||p')" |
149 |
" |
150 |
|
150 |
binddn=($(univention-ssh --no-split "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
|
|
151 |
/usr/sbin/udm users/user list --filter "'uid=$DCACCOUNT'" --logfile /dev/null | |
152 |
sed -ne 's|DN: ||p')) |
151 |
if [ -z "$binddn" ]; then |
153 |
if [ -z "$binddn" ]; then |
152 |
# Next check is the local ldapi interface |
154 |
# Next check is the local ldapi interface |
153 |
binddn="$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
155 |
binddn=($(univention-ssh --no-split "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
154 |
ldapsearch -x LLL -H ldapi:/// "(&(uid=$DCACCOUNT)(objectClass=person))" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
156 |
ldapsearch -x -LLL -H ldapi:/// "'(&(uid=$DCACCOUNT)(objectClass=person))'" dn | |
|
|
157 |
ldapsearch-wrapper | |
158 |
ldapsearch-decode64 | |
159 |
sed -ne 's|^dn: ||p')) |
155 |
fi |
160 |
fi |
156 |
|
|
|
157 |
if [ -z "$binddn" ]; then |
161 |
if [ -z "$binddn" ]; then |
158 |
# Check with anonymous bind |
162 |
# Check with anonymous bind |
159 |
ldap_result=$(univention-ssh "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
163 |
binddn=($(univention-ssh --no-split "$DCPWD" "$DCACCOUNT"@"$ldap_master" \ |
160 |
"ldapsearch -x -LLL \'\(\&\(uid=$DCACCOUNT\)\(objectClass=person\)\)\' dn") |
164 |
ldapsearch -x -LLL "'(&(uid=$DCACCOUNT)(objectClass=person))'" dn | |
161 |
for i in $(echo "$ldap_result" | ldapsearch-wrapper | sed -n 's/^dn: \(.*\)/\1/p'); do |
165 |
ldapsearch-wrapper | |
162 |
if [ -n "$binddn" ]; then |
166 |
ldapsearch-decode64 | |
163 |
failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn" |
167 |
sed -ne 's|^dn: ||p')) |
164 |
fi |
|
|
165 |
binddn="$i" |
166 |
done |
167 |
|
168 |
fi |
168 |
fi |
|
|
169 |
[ ${#binddn[@]} -gt 1 ] && |
170 |
failed_message "binddn for user $DCACCOUNT not unique: ${binddn[*]}" |
171 |
IFS="$OLDIFS" |
169 |
|
172 |
|
170 |
if [ -z "$binddn" ]; then |
173 |
if [ -z "$binddn" ]; then |
171 |
failed_message "binddn for user $DCACCOUNT not found" |
174 |
failed_message "binddn for user $DCACCOUNT not found" |
172 |
else |
175 |
else |
173 |
ldapsearch -x -LLL -b "$ldap_base" -D "$binddn" -w `cat $DCPWD` -LLL -s base >/dev/null 2>&1 |
176 |
if ! ldapsearch -x -LLL -b "$ldap_base" -D "$binddn" -y "$DCPWD" -LLL -s base >/dev/null 2>&1 |
174 |
if [ $? != 0 ]; then |
177 |
then |
175 |
failed_message "Invalid credentials" |
178 |
failed_message "Invalid credentials" |
176 |
else |
179 |
else |
177 |
echo -e "\033[60Gdone" |
180 |
echo -e "\033[60Gdone" |
Lines 186-194
SCRIPTS=(/usr/lib/univention-install/*.{inst,uinst})
|
Link Here
|
---|
|
186 |
if [ -n "$RUN_SCRIPTS" ]; then |
189 |
if [ -n "$RUN_SCRIPTS" ]; then |
187 |
# evaluate specified join scripts |
190 |
# evaluate specified join scripts |
188 |
SCRIPTS=() |
191 |
SCRIPTS=() |
189 |
for iscript in $@; do |
192 |
for iscript in "$@" |
|
|
193 |
do |
190 |
# guess full path of join script |
194 |
# guess full path of join script |
191 |
iscript=/usr/lib/univention-install/$iscript |
195 |
iscript="/usr/lib/univention-install/$iscript" |
192 |
if [ ! -e "$iscript" ]; then |
196 |
if [ ! -e "$iscript" ]; then |
193 |
# expand .inst or .uinst suffix if not specified |
197 |
# expand .inst or .uinst suffix if not specified |
194 |
test -e "$iscript.uinst" && iscript=$iscript.uinst |
198 |
test -e "$iscript.uinst" && iscript=$iscript.uinst |
Lines 198-204
if [ -n "$RUN_SCRIPTS" ]; then
|
Link Here
|
---|
|
198 |
# error ... join script does not exist |
202 |
# error ... join script does not exist |
199 |
failed_message "The given joinscript '$iscript' does not exists" |
203 |
failed_message "The given joinscript '$iscript' does not exists" |
200 |
fi |
204 |
fi |
201 |
SCRIPTS[${#SCRIPTS[@]}]=$iscript |
205 |
SCRIPTS+=("$iscript") |
202 |
done |
206 |
done |
203 |
fi |
207 |
fi |
204 |
|
208 |
|