|
35 |
# ==> 20110622112559Z |
35 |
# ==> 20110622112559Z |
36 |
# |
36 |
# |
37 |
ucs_getAttrOfDN () { # <attr> <dn> [<ldapsearch-credentials>] |
37 |
ucs_getAttrOfDN () { # <attr> <dn> [<ldapsearch-credentials>] |
38 |
local attr="$1" |
38 |
local attr="${1:?missing attribute name}" |
39 |
local base="$2" |
39 |
local base="${2:?missing base DN}" |
40 |
if ! shift 2 |
|
|
41 |
then |
42 |
echo "ucs_getAttrOfDN: wrong number of arguments" >&2 |
43 |
return 2 |
44 |
fi |
45 |
if [ -n "$attr" ]; then |
46 |
univention-ldapsearch -x "$@" -s base -b "$base" -LLL "$attr" \ |
40 |
univention-ldapsearch -x "$@" -s base -b "$base" -LLL "$attr" \ |
47 |
| ldapsearch-wrapper | ldapsearch-decode64 | sed -ne "s/^$attr: //p" |
41 |
| ldapsearch-wrapper | ldapsearch-decode64 | sed -ne "s/^$attr: //p" |
48 |
fi |
|
|
49 |
} |
42 |
} |
50 |
|
43 |
|
51 |
# |
44 |
# |
Lines 54-68
ucs_getAttrOfDN () { # <attr> <dn> [<ldapsearch-credentials>]
|
Link Here
|
---|
|
54 |
# e.g. ucs_convertUID2DN "testuser" |
47 |
# e.g. ucs_convertUID2DN "testuser" |
55 |
# |
48 |
# |
56 |
ucs_convertUID2DN () { # <uid> [<ldapsearch-credentials>] |
49 |
ucs_convertUID2DN () { # <uid> [<ldapsearch-credentials>] |
57 |
local uid="$1" |
50 |
local uid="${1:?missing UID}" |
58 |
if ! shift 1 |
|
|
59 |
then |
60 |
echo "ucs_convertUID2DN: wrong number of arguments" >&2 |
61 |
return 2 |
62 |
fi |
63 |
if [ -n "$uid" ]; then |
64 |
univention-ldapsearch -x "$@" -LLL "(&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=univentionMail)(objectClass=sambaSamAccount)(objectClass=simpleSecurityObject)(&(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)))(!(uidNumber=0))(!(uid=*\$))(uid=$uid))" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's/dn: //p' |
51 |
univention-ldapsearch -x "$@" -LLL "(&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=univentionMail)(objectClass=sambaSamAccount)(objectClass=simpleSecurityObject)(&(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)))(!(uidNumber=0))(!(uid=*\$))(uid=$uid))" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's/dn: //p' |
65 |
fi |
|
|
66 |
} |
52 |
} |
67 |
|
53 |
|
68 |
# |
54 |
# |
Lines 71-82
ucs_convertUID2DN () { # <uid> [<ldapsearch-credentials>]
|
Link Here
|
---|
|
71 |
# e.g. ucs_convertDN2UID "uid=testuser,cn=users,dc=test,dc=system" |
57 |
# e.g. ucs_convertDN2UID "uid=testuser,cn=users,dc=test,dc=system" |
72 |
# |
58 |
# |
73 |
ucs_convertDN2UID () { # <userdn> [<ldapsearch-credentials>] |
59 |
ucs_convertDN2UID () { # <userdn> [<ldapsearch-credentials>] |
74 |
local userdn="$1" |
60 |
local userdn="${1:?missing user DN}" |
75 |
if ! shift 1 |
|
|
76 |
then |
77 |
echo "ucs_convertDN2UID: wrong number of arguments" >&2 |
78 |
return 2 |
79 |
fi |
80 |
ucs_getAttrOfDN "uid" "$userdn" "$@" |
61 |
ucs_getAttrOfDN "uid" "$userdn" "$@" |
81 |
} |
62 |
} |
82 |
|
63 |
|
Lines 86-97
ucs_convertDN2UID () { # <userdn> [<ldapsearch-credentials>]
|
Link Here
|
---|
|
86 |
# e.g. ucs_getGroupMembersDirect "cn=Domain Admins,cn=groups,dc=test,dc=system" |
67 |
# e.g. ucs_getGroupMembersDirect "cn=Domain Admins,cn=groups,dc=test,dc=system" |
87 |
# |
68 |
# |
88 |
ucs_getGroupMembersDirect () { # <groupDN> [<ldapsearch-credentials>] |
69 |
ucs_getGroupMembersDirect () { # <groupDN> [<ldapsearch-credentials>] |
89 |
local groupdn="$1" |
70 |
local groupdn="${1:?missing group DN}" |
90 |
if ! shift 1 |
|
|
91 |
then |
92 |
echo "ucs_getGroupMembersDirect: wrong number of arguments" >&2 |
93 |
return 2 |
94 |
fi |
95 |
ucs_getAttrOfDN "uniqueMember" "$groupdn" "$@" |
71 |
ucs_getAttrOfDN "uniqueMember" "$groupdn" "$@" |
96 |
} |
72 |
} |
97 |
|
73 |
|
Lines 105-116
ucs_getGroupMembersDirect () { # <groupDN> [<ldapsearch-credentials>]
|
Link Here
|
---|
|
105 |
ucs_getGroupMembersRecursive () { # <groupDN> [<ldapsearch-credentials>] |
81 |
ucs_getGroupMembersRecursive () { # <groupDN> [<ldapsearch-credentials>] |
106 |
local reply |
82 |
local reply |
107 |
local ldif |
83 |
local ldif |
108 |
local groupdn="$1" |
84 |
local groupdn="${1:?missing group DN}" |
109 |
if ! shift 1 |
|
|
110 |
then |
111 |
echo "ucs_getGroupMembersRecursive: wrong number of arguments" >&2 |
112 |
return 2 |
113 |
fi |
114 |
ucs_getGroupMembersDirect "$groupdn" "$@" | while read reply |
85 |
ucs_getGroupMembersDirect "$groupdn" "$@" | while read reply |
115 |
do |
86 |
do |
116 |
ldif=$(univention-ldapsearch -x "$@" -LLL -b "$reply" '(!(objectClass=univentionGroup))' dn | sed -ne "s/^dn: //p") |
87 |
ldif=$(univention-ldapsearch -x "$@" -LLL -b "$reply" '(!(objectClass=univentionGroup))' dn | sed -ne "s/^dn: //p") |
Lines 136-147
ucs_getGroupMembersRecursive () { # <groupDN> [<ldapsearch-credentials>]
|
Link Here
|
---|
|
136 |
# |
107 |
# |
137 |
ucs_addServiceToLocalhost () { # <servicename> [<udm-credentials>] |
108 |
ucs_addServiceToLocalhost () { # <servicename> [<udm-credentials>] |
138 |
local server_role ldap_hostdn |
109 |
local server_role ldap_hostdn |
139 |
local servicename="$1" |
110 |
local servicename="${1:?missing service name}" |
140 |
if ! shift 1 |
|
|
141 |
then |
142 |
echo "ucs_addServiceToLocalhost: wrong argument number" >&2 |
143 |
return 2 |
144 |
fi |
145 |
eval "$(ucr shell server/role ldap/hostdn)" |
111 |
eval "$(ucr shell server/role ldap/hostdn)" |
146 |
ucs_addServiceToHost "$servicename" "$server_role" "$ldap_hostdn" "$@" |
112 |
ucs_addServiceToHost "$servicename" "$server_role" "$ldap_hostdn" "$@" |
147 |
} |
113 |
} |
Lines 154-168
ucs_addServiceToLocalhost () { # <servicename> [<udm-credentials>]
|
Link Here
|
---|
|
154 |
# e.g. ucs_addServiceToHost "nagios-server" "domaincontroller_slave" "cn=myslave,cn=dc,cn=computers,dc=test,dc=system" "$@" |
120 |
# e.g. ucs_addServiceToHost "nagios-server" "domaincontroller_slave" "cn=myslave,cn=dc,cn=computers,dc=test,dc=system" "$@" |
155 |
# |
121 |
# |
156 |
ucs_addServiceToHost () { # <servicename> <udm-module-name> <dn> [options] |
122 |
ucs_addServiceToHost () { # <servicename> <udm-module-name> <dn> [options] |
157 |
local servicename="$1" |
123 |
local servicename="${1:?missing service name}" |
158 |
local modulename="$2" |
124 |
local modulename="${2:?missing module name}" |
159 |
local hostdn="$3" |
125 |
local hostdn="${3:?missing host DN}" |
160 |
local ldap_base="$(ucr get ldap/base)" |
126 |
local ldap_base="$(ucr get ldap/base)" |
161 |
if ! shift 3 |
|
|
162 |
then |
163 |
echo "ucs_addServiceToHost: wrong argument number" >&2 |
164 |
return 2 |
165 |
fi |
166 |
univention-directory-manager container/cn create "$@" --ignore_exists \ |
127 |
univention-directory-manager container/cn create "$@" --ignore_exists \ |
167 |
--set name="services" --position "cn=univention,$ldap_base" |
128 |
--set name="services" --position "cn=univention,$ldap_base" |
168 |
univention-directory-manager settings/service create "$@" --ignore_exists \ |
129 |
univention-directory-manager settings/service create "$@" --ignore_exists \ |
Lines 181-192
ucs_addServiceToHost () { # <servicename> <udm-module-name> <dn> [options]
|
Link Here
|
---|
|
181 |
# |
142 |
# |
182 |
ucs_removeServiceFromLocalhost () { # <servicename> [<udm-credentials>] |
143 |
ucs_removeServiceFromLocalhost () { # <servicename> [<udm-credentials>] |
183 |
local server_role ldap_hostdn |
144 |
local server_role ldap_hostdn |
184 |
local servicename="$1" |
145 |
local servicename="${1:?missing serive name}" |
185 |
if ! shift 1 |
|
|
186 |
then |
187 |
echo "ucs_removeServiceFromLocalhost: wrong argument number" >&2 |
188 |
return 2 |
189 |
fi |
190 |
eval "$(ucr shell server/role ldap/hostdn)" |
146 |
eval "$(ucr shell server/role ldap/hostdn)" |
191 |
ucs_removeServiceFromHost "$servicename" "$server_role" "$ldap_hostdn" "$@" |
147 |
ucs_removeServiceFromHost "$servicename" "$server_role" "$ldap_hostdn" "$@" |
192 |
} |
148 |
} |
Lines 199-213
ucs_removeServiceFromLocalhost () { # <servicename> [<udm-credentials>]
|
Link Here
|
---|
|
199 |
# e.g. ucs_removeServiceFromHost "nagios-server" "domaincontroller_slave" "cn=myslave,cn=dc,cn=computers,dc=test,dc=system" "$@" |
155 |
# e.g. ucs_removeServiceFromHost "nagios-server" "domaincontroller_slave" "cn=myslave,cn=dc,cn=computers,dc=test,dc=system" "$@" |
200 |
# |
156 |
# |
201 |
ucs_removeServiceFromHost () { # <servicename> <udm-module-name> <dn> [options] |
157 |
ucs_removeServiceFromHost () { # <servicename> <udm-module-name> <dn> [options] |
202 |
local servicename="$1" |
158 |
local servicename="${1:?missing service name}" |
203 |
local modulename="$2" |
159 |
local modulename="${2:?missing module name}" |
204 |
local hostdn="$3" |
160 |
local hostdn="${3:?missing host DN}" |
205 |
local ldap_base="$(ucr get ldap/base)" |
161 |
local ldap_base="$(ucr get ldap/base)" |
206 |
if ! shift 3 |
|
|
207 |
then |
208 |
echo "ucs_removeServiceFromHost: wrong argument number" >&2 |
209 |
return 2 |
210 |
fi |
211 |
univention-directory-manager "computers/$modulename" modify "$@" \ |
162 |
univention-directory-manager "computers/$modulename" modify "$@" \ |
212 |
--dn "$hostdn" --remove service="$servicename" |
163 |
--dn "$hostdn" --remove service="$servicename" |
213 |
if ucs_isServiceUnused "$servicename" "$@" && |
164 |
if ucs_isServiceUnused "$servicename" "$@" && |
Lines 255-270
ucs_parseCredentials () {
|
Link Here
|
---|
|
255 |
# e.g. if ucs_isServiceUnused "DNS" "$@"; then uninstall DNS; fi |
206 |
# e.g. if ucs_isServiceUnused "DNS" "$@"; then uninstall DNS; fi |
256 |
# |
207 |
# |
257 |
ucs_isServiceUnused () { # <servicename> |
208 |
ucs_isServiceUnused () { # <servicename> |
258 |
local servicename="$1" |
209 |
local servicename="${1?:missing service name}" |
259 |
local master="$(ucr get ldap/master)" |
210 |
local master="$(ucr get ldap/master)" |
260 |
local port="$(ucr get ldap/master/port)" |
211 |
local port="$(ucr get ldap/master/port)" |
261 |
|
212 |
|
262 |
if ! shift 1 |
|
|
263 |
then |
264 |
echo "ucs_lastHostWithService: wrong argument number" >&2 |
265 |
return 2 |
266 |
fi |
267 |
|
268 |
if [ -z "$port" ] |
213 |
if [ -z "$port" ] |
269 |
then |
214 |
then |
270 |
port=7389 |
215 |
port=7389 |
Lines 287-294
ucs_isServiceUnused () { # <servicename>
|
Link Here
|
---|
|
287 |
# create a tempfile to get the real return code of the ldapsearch command, |
232 |
# create a tempfile to get the real return code of the ldapsearch command, |
288 |
# otherwise we get only the code of the sed command |
233 |
# otherwise we get only the code of the sed command |
289 |
local tempfile="$(mktemp)" |
234 |
local tempfile="$(mktemp)" |
290 |
univention-ldapsearch univentionService="${servicename}" "$@" cn >"$tempfile" |
235 |
if ! univention-ldapsearch univentionService="${servicename}" "$@" cn >"$tempfile" |
291 |
if [ $? != 0 ]; then |
236 |
then |
292 |
rm -f "$tempfile" |
237 |
rm -f "$tempfile" |
293 |
echo "ucs_isServiceUnused: search failed" >&2 |
238 |
echo "ucs_isServiceUnused: search failed" >&2 |
294 |
return 2 |
239 |
return 2 |
Lines 371-388
ucs_unregisterLDAPExtension () {
|
Link Here
|
---|
|
371 |
# e.g. ucs_registerLDAPSchema /usr/share/univention-fetchmail-schema/univention-fetchmail.schema |
316 |
# e.g. ucs_registerLDAPSchema /usr/share/univention-fetchmail-schema/univention-fetchmail.schema |
372 |
# |
317 |
# |
373 |
ucs_registerLDAPSchema () { |
318 |
ucs_registerLDAPSchema () { |
374 |
local schemaFile="$1" |
319 |
local schemaFile="${1:?missing LDAP schema file name}" |
375 |
|
320 |
|
376 |
if [ ! -d /var/lib/univention-ldap/local-schema ]; then |
321 |
if [ ! -d /var/lib/univention-ldap/local-schema ]; then |
377 |
mkdir -p /var/lib/univention-ldap/local-schema |
322 |
mkdir -p /var/lib/univention-ldap/local-schema |
378 |
chmod 755 /var/lib/univention-ldap/local-schema |
323 |
chmod 755 /var/lib/univention-ldap/local-schema |
379 |
fi |
324 |
fi |
380 |
|
325 |
|
381 |
if [ ! -e "$schemaFile" ]; then |
|
|
382 |
echo "ucs_registerLDAPSchema: missing schema file" >&2 |
383 |
return 2 |
384 |
fi |
385 |
|
386 |
cp "$schemaFile" /var/lib/univention-ldap/local-schema/ |
326 |
cp "$schemaFile" /var/lib/univention-ldap/local-schema/ |
387 |
|
327 |
|
388 |
ucr commit /etc/ldap/slapd.conf |
328 |
ucr commit /etc/ldap/slapd.conf |