Attachment #5841 for bug #34414

View | Details | Raw Unified | Return to bug 34414
Collapse All | Expand All




# ==> 20110622112559Z
#
ucs_getAttrOfDN () { # <attr> <dn> [<ldapsearch-credentials>]
	local attr="${1:?missing attribute name}"
	local base="${2:?missing base DN}"
	if ! shift 2
	then
		echo "ucs_getAttrOfDN: wrong number of arguments" >&2
		return 2
	fi
	if [ -n "$attr" ]; then
		univention-ldapsearch -x "$@" -s base -b "$base" -LLL "$attr" \
			| ldapsearch-wrapper | ldapsearch-decode64 | sed -ne "s/^$attr: //p"
	fi
}

#

# e.g. ucs_convertUID2DN "testuser"
#
ucs_convertUID2DN () { # <uid> [<ldapsearch-credentials>]
	local uid="${1:?missing UID}"
	if ! shift 1
	then
		echo "ucs_convertUID2DN: wrong number of arguments" >&2
		return 2
	fi
	if [ -n "$uid" ]; then
		univention-ldapsearch -x "$@" -LLL "(&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=univentionMail)(objectClass=sambaSamAccount)(objectClass=simpleSecurityObject)(&(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)))(!(uidNumber=0))(!(uid=*\$))(uid=$uid))" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's/dn: //p'
	fi
}

#

# e.g. ucs_convertDN2UID "uid=testuser,cn=users,dc=test,dc=system"
#
ucs_convertDN2UID () { # <userdn> [<ldapsearch-credentials>]
	local userdn="${1:?missing user DN}"
	if ! shift 1
	then
		echo "ucs_convertDN2UID: wrong number of arguments" >&2
		return 2
	fi
	ucs_getAttrOfDN "uid" "$userdn" "$@"
}


# e.g. ucs_getGroupMembersDirect "cn=Domain Admins,cn=groups,dc=test,dc=system"
#
ucs_getGroupMembersDirect () { # <groupDN> [<ldapsearch-credentials>]
	local groupdn="${1:?missing group DN}"
	if ! shift 1
	then
		echo "ucs_getGroupMembersDirect: wrong number of arguments" >&2
		return 2
	fi
	ucs_getAttrOfDN "uniqueMember" "$groupdn" "$@"
}


ucs_getGroupMembersRecursive () { # <groupDN> [<ldapsearch-credentials>]
	local reply
	local ldif
	local groupdn="${1:?missing group DN}"
	if ! shift 1
	then
		echo "ucs_getGroupMembersRecursive: wrong number of arguments" >&2
		return 2
	fi
	ucs_getGroupMembersDirect "$groupdn" "$@" | while read reply
	do
		ldif=$(univention-ldapsearch -x "$@" -LLL -b "$reply" '(!(objectClass=univentionGroup))' dn | sed -ne "s/^dn: //p")

#
ucs_addServiceToLocalhost () { # <servicename> [<udm-credentials>]
	local server_role ldap_hostdn
	local servicename="${1:?missing service name}"
	if ! shift 1
	then
		echo "ucs_addServiceToLocalhost: wrong argument number" >&2
		return 2
	fi
	eval "$(ucr shell server/role ldap/hostdn)"
	ucs_addServiceToHost "$servicename" "$server_role" "$ldap_hostdn" "$@"
}

# e.g. ucs_addServiceToHost "nagios-server" "domaincontroller_slave" "cn=myslave,cn=dc,cn=computers,dc=test,dc=system" "$@"
#
ucs_addServiceToHost () { # <servicename> <udm-module-name> <dn> [options]
	local servicename="${1:?missing service name}"
	local modulename="${2:?missing module name}"
	local hostdn="${3:?missing host DN}"
	local ldap_base="$(ucr get ldap/base)"
	if ! shift 3
	then
		echo "ucs_addServiceToHost: wrong argument number" >&2
		return 2
	fi
	univention-directory-manager container/cn create "$@" --ignore_exists \
		--set name="services" --position "cn=univention,$ldap_base"
	univention-directory-manager settings/service create "$@" --ignore_exists \

#
ucs_removeServiceFromLocalhost () { # <servicename> [<udm-credentials>]
	local server_role ldap_hostdn
	local servicename="${1:?missing serive name}"
	if ! shift 1
	then
		echo "ucs_removeServiceFromLocalhost: wrong argument number" >&2
		return 2
	fi
	eval "$(ucr shell server/role ldap/hostdn)"
	ucs_removeServiceFromHost "$servicename" "$server_role" "$ldap_hostdn" "$@"
}

# e.g. ucs_removeServiceFromHost "nagios-server" "domaincontroller_slave" "cn=myslave,cn=dc,cn=computers,dc=test,dc=system" "$@"
#
ucs_removeServiceFromHost () { # <servicename> <udm-module-name> <dn> [options]
	local servicename="${1:?missing service name}"
	local modulename="${2:?missing module name}"
	local hostdn="${3:?missing host DN}"
	local ldap_base="$(ucr get ldap/base)"
	if ! shift 3
	then
		echo "ucs_removeServiceFromHost: wrong argument number" >&2
		return 2
	fi
	univention-directory-manager "computers/$modulename" modify "$@" \
		--dn "$hostdn" --remove service="$servicename"
	if ucs_isServiceUnused "$servicename" "$@" &&

# e.g.  if ucs_isServiceUnused "DNS" "$@"; then uninstall DNS; fi
#
ucs_isServiceUnused () { # <servicename>
	local servicename="${1?:missing service name}"
	local master="$(ucr get ldap/master)"
	local port="$(ucr get ldap/master/port)"

	if ! shift 1
	then
		echo "ucs_lastHostWithService: wrong argument number" >&2
		return 2
	fi

	if [ -z "$port" ]
	then
		port=7389

	# create a tempfile to get the real return code of the ldapsearch command,
	# otherwise we get only the code of the sed command
	local tempfile="$(mktemp)"
	if ! univention-ldapsearch univentionService="${servicename}" "$@" cn >"$tempfile"
	then
		rm -f "$tempfile"
		echo "ucs_isServiceUnused: search failed" >&2
		return 2

# e.g. ucs_registerLDAPSchema /usr/share/univention-fetchmail-schema/univention-fetchmail.schema
#
ucs_registerLDAPSchema () {
	local schemaFile="${1:?missing LDAP schema file name}"

	if [ ! -d /var/lib/univention-ldap/local-schema ]; then
		mkdir -p /var/lib/univention-ldap/local-schema
		chmod 755 /var/lib/univention-ldap/local-schema
	fi

	if [ ! -e "$schemaFile" ]; then
		echo "ucs_registerLDAPSchema: missing schema file" >&2
		return 2
	fi

	cp "$schemaFile" /var/lib/univention-ldap/local-schema/

	ucr commit /etc/ldap/slapd.conf

Return to bug 34414