Attachment #2697 for bug #19430




#!/bin/bash
#
# Univention Join
#  joins a server to an univention domain


export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin"

declare -a ADMINOPTIONS
LOGFILE="/var/log/univention/server-join.log"
if [ "$USER" != "root" ]; then
	if [ "$HOME" ]; then
		LOGFILE="$HOME/.univention-server-join.log"
	else
		USERTMP="$(mktemp -d)"
		LOGFILE="$USERTMP/.univention-server-join.log"
	fi
	ADMINOPTIONS+=(--logfile "$LOGFILE")
fi

display_help() {



log() {
	if [ "$1" = 1 ]; then
		shift
		echo "$@"				>>"$LOGFILE"
		echo "$@"

do
	case "$1" in
		"-role")
			ROLE="${2:?missing role}"
			shift 2
			shift
			;;
		"-hostname")
			HOSTNAME="${2:?missing host name}"
			shift 2
			shift
			;;
		"-domainname")
			DOMAINNAME="${2:?missing domain name}"
			shift 2
			shift
			;;
		"-ip")
			IP="${2:?missing IP address}"
			shift 2
			shift
			;;
		"-certs")
			CERTS="${2:?missing certificate}"
			shift 2
			shift
			;;
		"-mac")
			MAC="${2:?missing ethernec MAC address}"
			shift 2
			shift
			;;
		"-bindaccount")
			BINDACCOUNT="${2:?missing account name for bind}"
			shift 2
			shift
			;;
		"-bindpwfile")
			BINDPWFILE="${2:?missing password file for bind}"
			shift 2
			shift
			;;
		"-position")
			POSITION="${2:?missing LDAP position}"
			shift 2
			shift
			;;
		"--version")
			display_version

done

# extend options for univention-admin
if [ -n "$BINDACCOUNT" ]
then
	BINDDN="$(ldapsearch -x "(&(uid=$BINDACCOUNT)(objectclass=posixAccount))" dn | ldapsearch-wrapper | sed -ne '^s|dn: ||p')"
	log 0 "found BINDDN: $BINDDN" >>$LOGFILE
	if [ -z "$BINDDN" ]; then
		log 1 "failed to get binddn for $BINDACCOUNT"
		exit 1
	fi
fi

if [ -n "$BINDDN" ]
then
	ADMINOPTIONS+=(--binddn "$BINDDN")
fi
if [ -n "$BINDPWFILE" ]
then
	ADMINOPTIONS+=(--bindpw "$(<"$BINDPWFILE")")
fi


eval "$(univention-config-registry shell)"
if [ -z "$ROLE" ]; then
	log 1 "E: 	-role is missing"
	display_help


display_header
create_entry () {
	local desc="${1?:missing description}"
	local module="${2?:missing computer module}"
	local position="${3?:missing LDAP position}"
	local primaryGroup="$4"
	local group="$5"
	log 0 "Join $desc"

	old_dn="$(univention-admin "$module" list --filter name="$HOSTNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne "s|.*DN: ||p")"
	if [ $? = 1 ]; then
		log 1 "E: failed search $desc [$old_dn]"
		exit 1
	fi

	declare -a args
	if [ -z "$old_dn" ]; then
		log 0 "	Create new $desc "

		if [ -n "$MAC" -a -n "$dhcpEntry" -a "$module" = "computers/managedclient" ]; then
			args+=(--set mac="$MAC" --set dhcpEntryZone="$dhcpEntry")
		elif [ -n "$MAC" -a -n "$dhcpEntry" -a "$module" = "computers/mobileclient" ]; then
			args+=(--set mac="$MAC" --set dhcpEntryZone="$dhcpEntry")
		elif [ -n "$MAC" ]; then
			args+=(--set mac="$MAC")
		fi

		if [ -n "$IP" ]; then
			args+=(--set ip="$IP")
			if [ -n "$forwardZone" ]; then
				args+=(--set dnsEntryZoneForward="$forwardZone")
				if [ -n "$reverseZone" ]; then
					args+=(--set dnsEntryZoneReverse="$reverseZone")
				fi
			fi
		fi

		rc="$(univention-admin "$module" create --position "$position"\
			--set name="$HOSTNAME" \
			--set domain="$DOMAINNAME" \
			--set password="$computerPassword" --set unixhome=/dev/null --set shell=/bin/sh --set primaryGroup="$primaryGroup" "${args[@]}" "${ADMINOPTIONS[@]}")"
		if [ $? -ne 0 ]; then
			log 1 "E: failed to create $desc (1) [$rc]"
			exit 1
		fi

		if [ -z "$rc" ]; then
			log 1 "E: failed to create $desc: no result"
			exit 1
		fi

		ldap_dn="$(echo $rc | sed -ne 's|Object created: ||p')"
		if [ -z "$ldap_dn" ]; then
			log 1 "E: failed to create $desc (2) [$rc]"
			exit 1
		fi

		echo "ldap_dn=\"$ldap_dn\""

		if [ -n "$group" ]; then
			rc="$(univention-admin groups/group modify --dn="$group" --append users="$ldap_dn" "${ADMINOPTIONS[@]}")"
		fi
	else
		log 0 "Modify $desc [$old_dn]"

		if [ -n "$MAC" ]; then
			args+=(--set mac="$MAC")
		fi
		if [ -n "$IP" ]; then
			args+=(--set ip="$IP")
		fi
		rc="$(univention-admin "$module" modify --dn "$old_dn" --set password="$computerPassword" --set domain="$DOMAINNAME" "${args[@]}" "${ADMINOPTIONS[@]}")"

		if [ $? -ne 0 ]; then
			log 1 "E: failed to modify $desc $old_dn [$rc]"
		fi

		echo "ldap_dn=\"$old_dn\" "

	fi


}

if [ -n "$IP" ]; then
	subnet="$(univention-ipcalc --ip "$IP" --netmask "$interfaces_eth0_netmask" --output network --calcdns)"
	log 0 "	Calculated subnet = $subnet"

	forwardZone="$(univention-admin dns/forward_zone list --filter zone="$DOMAINNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')"
	reverseZone="$(univention-admin dns/reverse_zone list --filter subnet="$subnet" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')"
	dhcpEntry="$(univention-admin dhcp/service list --filter name="$DOMAINNAME" "${ADMINOPTIONS[@]}" | ldapsearch-wrapper | sed -ne 's/DN: //gp')"

	log 0 "	forwardZone $forwardZone "
	log 0 "	reverseZone $reverseZone "
fi

computerPassword="$(makepasswd --chars=8)"

if [ "$ROLE" = "domaincontroller_master" ]; then
	if [ -n "$POSITION" ]; then

	else
		create_entry "DC Backup" "computers/domaincontroller_backup" "cn=dc,cn=computers,$ldap_base" "cn=DC Backup Hosts,cn=groups,$ldap_base" "cn=DC Slave Hosts,cn=groups,$ldap_base"
	fi
	kadmin -l add --random-key --use-defaults "ldap/$HOSTNAME.$DOMAINNAME"
elif [ "$ROLE" = "domaincontroller_slave" ]; then
	if [ -n "$POSITION" ]; then
		create_entry "DC Slave" "computers/domaincontroller_slave" "$POSITION" "cn=DC Slave Hosts,cn=groups,$ldap_base"
	else
		create_entry "DC Slave" "computers/domaincontroller_slave" "cn=dc,cn=computers,$ldap_base" "cn=DC Slave Hosts,cn=groups,$ldap_base"
	fi
	kadmin -l add --random-key --use-defaults "ldap/$HOSTNAME.$DOMAINNAME"
elif [ "$ROLE" = "memberserver" ]; then
	if [ -n "$POSITION" ]; then
		create_entry "Member Server" "computers/memberserver" "$POSITION" "cn=Computers,cn=groups,$ldap_base"

fi

echo "KerberosPasswd=\"$computerPassword\" "
# vim:set ts=8 sw=8:

(-)debian/changelog (+2 lines)

Lines 1-5	Link Here

univention-join (3.0.4-3) unstable; urgency=low

univention-join (3.0.4-3) unstable; urgency=low

  * Fix spelling (Bug #9861)

  * Fix error test (Bug #16214)

  * Improve check for join status (Bug #19361,#13495,#13497,#18120)

  * Improve check for join status (Bug #19361,#13495,#13497,#18120)

 -- Philipp Hahn <hahn@univention.de>  Thu, 12 Aug 2010 19:38:02 +0200

 -- Philipp Hahn <hahn@univention.de>  Thu, 12 Aug 2010 19:38:02 +0200

(-)univention-run-join-scripts (-1 / +1 lines)

Lines 33-39	Link Here

export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin"

export PATH="$PATH:/sbin:/usr/sbin:/bin:/usr/bin"

eval `univention-config-registry shell`

eval "$(univention-config-registry shell)"

display_help() {

display_help() {

	display_header

	display_header

+ *

+ *

(-)univention-join (-159 / +183 lines)

Lines 1-4	Link Here

#!/bin/sh

#!/bin/bash

# Univention Join

# Univention Join

#  joins a system into a UCS domain

#  joins a system into a UCS domain

Lines 37-44	Link Here

eval "$(univention-config-registry shell)"

eval "$(univention-config-registry shell)"

TYPE=

TYPE=

REMOVE_PWD_FILE=""

USERTMP="$(mktemp -d)"

DCPWD="$USERTMP/dcpwd"

trap "rm -rf '$USERTMP'" EXIT

display_help() {

display_help() {

	display_header

	display_header

	cat <<-EOL

	cat <<-EOL

Lines 76-82	Link Here

	echo "univention-join @%@package_version@%@"

	echo "univention-join @%@package_version@%@"

failed_message () {

failed_message () {

	echo ""

	echo ""

	echo ""

	echo ""

Lines 86-108	Link Here

	echo "**************************************************************************"

	echo "**************************************************************************"

	echo "* Message:  $@"

	echo "* Message:  $@"

	echo "**************************************************************************"

	echo "**************************************************************************"

	if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then

		rm -f $DCPWD

fi

	exit 1

	exit 1

download_host_certificate () {

download_host_certificate () {

	echo -n "Download host certificate "

	echo -n "Download host certificate "

	HOSTPWD="/etc/machine.secret"

	local HOSTPWD="/etc/machine.secret"

	HOSTACCOUNT="$hostname\$"

	local HOSTACCOUNT="$hostname\$"

	univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1

	univention-scp "$HOSTPWD" -q -r "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1

100

	univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1

101

	while [ ! -d "/etc/univention/ssl/$hostname" ] &&  [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; do

	while [ ! -d "/etc/univention/ssl/$hostname" ] &&  [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; do

102

		echo -n "."

100

		echo -n "."

103

		sleep 20

101

		sleep 20

104

		univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1

102

		univention-scp "$HOSTPWD" -q -r "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname" "$HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1

105

		univention-scp $HOSTPWD "-r $HOSTACCOUNT@$DCNAME:/etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/" >>/var/log/univention/join.log 2>&1

106

	done

103

	done

107

104

108

	echo -e "\033[60Gdone"

105

	echo -e "\033[60Gdone"

Lines 111-118	Link Here

111

check_ldap_tls_connection () {

108

check_ldap_tls_connection () {

112

	echo -n "Check TLS connection "

109

	echo -n "Check TLS connection "

113

110

114

	ldapsearch -x -ZZ -s base -h "$DCNAME" dn >/dev/null

111

	if ! ldapsearch -x -ZZ -s base -h "$DCNAME" dn >/dev/null

115

	if  [ $? != 0 ]; then

112

	then

116

 		failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN."

113

 		failed_message "Establishing a TLS connection with $DCNAME failed. Maybe you didn't specify a FQDN."

117

fi

114

fi

118

115

Lines 123-156	Link Here

123

do

120

do

124

	case "$1" in

121

	case "$1" in

125

		"-dcname")

122

		"-dcname")

126

			shift

123

			DCNAME="${2:?missing DC master FQDN}"

127

			DCNAME=$1

124

			shift 2

128

			shift

129

;;

125

;;

130

		"-dcaccount")

126

		"-dcaccount")

131

			shift

127

			DCACCOUNT="${2:?missing DC master account}"

132

			DCACCOUNT=$1

128

			shift 2

133

			shift

134

;;

129

;;

135

		"-dcpwd")

130

		"-dcpwd")

136

			shift

131

			dcpwd="${2:?missing DC password file}"

137

			DCPWD=$1

132

			cp "$dcpwd" "$DCPWD"

138

			shift

133

			shift 2

139

;;

134

;;

140

		"-ldapbase")

135

		"-ldapbase")

141

			shift

136

			LDAPBASE="${2:?missing LDAP base}"

142

			LDAPBASE="$1"

137

			shift 2

143

			shift

144

;;

138

;;

145

		"-realm")

139

		"-realm")

146

			shift

140

			REALM="${2:?missing Kerberos real}"

147

			REALM="$1"

141

			shift 2

148

			shift

149

;;

142

;;

150

		"-type")

143

		"-type")

151

			shift

144

			TYPE="${2:?missing computer role}"

152

			TYPE=$1

145

			shift 2

153

			shift

154

;;

146

;;

155

		"--version")

147

		"--version")

156

			display_version

148

			display_version

Lines 171-191	Link Here

171

fi

163

fi

172

164

173

if [ -z "$DCACCOUNT" ]; then

165

if [ -z "$DCACCOUNT" ]; then

174

	echo -n "Insert DC Master Account : "

166

	echo -n "Enter DC Master Account : "

175

	read DCACCOUNT

167

	read DCACCOUNT

176

fi

168

fi

177

if [ -z "$DCPWD" ]; then

169

if [ ! -f "$DCPWD" ]; then

178

	echo -n "Insert DC Master Password: "

170

	echo -n "Enter DC Master Password: "

179

	read -s password

171

	read -s password

180

	DCPWD=`mktemp`

172

	echo -n "$password" >"$DCPWD"

181

	echo "$password" >>$DCPWD

182

	REMOVE_PWD_FILE="1"

183

	echo ""

173

	echo ""

184

	echo ""

174

	echo ""

185

fi

175

fi

186

176

177

declare -a args

178

187

if [ "$DCACCOUNT" != "root" ]; then

179

if [ "$DCACCOUNT" != "root" ]; then

188

    auth_cmd="-bindaccount \"$DCACCOUNT\" -bindpwfile \"$DCPWD\""

180

	args+=(-bindaccount "$DCACCOUNT")

189

fi

181

fi

190

182

191

if [ -z "$server_role" ]; then

183

if [ -z "$server_role" ]; then

Lines 193-199	Link Here

193

		echo "try: -type"

185

		echo "try: -type"

194

		display_help

186

		display_help

195

	else

187

	else

196

		server_role=$TYPE

188

		server_role="$TYPE"

197

fi

189

fi

198

fi

190

fi

199

191

Lines 201-223	Link Here

201

	server_role="client"

193

	server_role="client"

202

fi

194

fi

203

195

204

mac_addr=`/sbin/ifconfig  eth0 | grep HWaddr | sed -e "s|.*HWaddr ||"`

196

mac_addr="$(LC_ALL=C /sbin/ifconfig eth0 | sed -ne "s|.*HWaddr ||p")"

205

if [ -n "$mac_addr" ]; then

197

if [ -n "$mac_addr" ]; then

206

	mac_cmd="-mac $mac_addr"

198

	args+=(-mac "$mac_addr")

207

fi

199

fi

208

200

209

201

210

if [ -z "$DCNAME" ]; then

202

if [ -z "$DCNAME" ]; then

211

	echo -n "Search DC Master: "

203

	echo -n "Search DC Master: "

212

	if [ "$interfaces_eth0_type" = "dhcp" ]; then

204

	if [ "$interfaces_eth0_type" = "dhcp" ]; then

213

		DCNAME=`host -t SRV _domaincontroller_master._tcp.$domainname | grep -v "not found" | grep -v "reached" | tail -1 | sed -e 's|.* ||g' | sed -e 's|\.$||'`

205

		DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')"

214

		if [ -n "$DCNAME" ]; then

206

		if [ -n "$DCNAME" ]; then

215

			echo -e "\033[60Gdone"

207

			echo -e "\033[60Gdone"

216

fi

208

fi

217

	else

209

	else

218

		for i in "$nameserver" "$nameserver1" "$nameserver2" "$nameserver3" "$dns_forwarder1" "$dns_forwarder2" "$dns_forwarder3"; do

210

		for i in "$nameserver" "$nameserver1" "$nameserver2" "$nameserver3" "$dns_forwarder1" "$dns_forwarder2" "$dns_forwarder3"; do

219

			if [ -z "$i" ]; then continue; fi

211

			if [ -z "$i" ]; then continue; fi

220

			DCNAME=`host -t SRV _domaincontroller_master._tcp.$domainname $i | grep -v "not found" | grep -v "reached" | tail -1 | sed -e 's|.* ||g' | sed -e 's|\.$||'`

212

			DCNAME="$(host -t SRV "_domaincontroller_master._tcp.$domainname" "$i" | sed -ne '$s/.* \([^ ]\+\)\.$/\1/p')"

221

			if [ -n "$DCNAME" ]; then

213

			if [ -n "$DCNAME" ]; then

222

				echo -e "\033[60Gdone"

214

				echo -e "\033[60Gdone"

223

				echo "domain $domainname" >/etc/resolv.conf

215

				echo "domain $domainname" >/etc/resolv.conf

Lines 236-249	Link Here

236

228

237

echo -n "Check DC Master: "

229

echo -n "Check DC Master: "

238

230

239

ping -c 1 $DCNAME >/dev/null 2>&1

231

if ! ping -c 1 "$DCNAME" >/dev/null 2>&1

240

232

then

241

if [ $? != 0 ]; then

242

	failed_message "ping to $DCNAME failed"

233

	failed_message "ping to $DCNAME failed"

243

fi

234

fi

244

235

245

univention-ssh "$DCPWD" "$DCACCOUNT"@"$DCNAME" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check

236

if ! univention-ssh "$DCPWD" "$DCACCOUNT"@"$DCNAME" echo ssh-check 2>>/var/log/univention/join.log | grep -qs ssh-check

246

if [ $? != 0 ]; then

237

then

247

	failed_message "ssh-login for $DCACCOUNT@$DCNAME failed. Maybe you entered a wrong password."

238

	failed_message "ssh-login for $DCACCOUNT@$DCNAME failed. Maybe you entered a wrong password."

248

fi

239

fi

249

240

Lines 257-263	Link Here

257

248

258

if [ -z "$LDAPBASE" ]; then

249

if [ -z "$LDAPBASE" ]; then

259

	echo -n "Search ldap/base"

250

	echo -n "Search ldap/base"

260

	ldap_base=`ldapsearch -x  -h $DCNAME -b "" -s base 'objectclass=*' NamingContexts -LLL | grep namingContexts | sed -e 's|namingContexts: ||'`

251

	ldap_base=$(ldapsearch -x -h "$DCNAME" -b "" -s base 'objectclass=*' NamingContexts -LLL | ldapsearch-wrapper | sed -ne 's|namingContexts: ||p')

261

else

252

else

262

	ldap_base="$LDAPBASE"

253

	ldap_base="$LDAPBASE"

263

fi

254

fi

Lines 272-278	Link Here

272

263

273

echo -n "Search LDAP binddn "

264

echo -n "Search LDAP binddn "

274

binddn=""

265

binddn=""

275

for i in `ldapsearch -x -h $DCNAME -LLL -b $ldap_base "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | grep ^dn | sed -e 's|dn: ||'`; do

266

for i in $(ldapsearch -x -h "$DCNAME" -LLL -b "$ldap_base" "(&(uid=$DCACCOUNT)(objectClass=person))" | ldapsearch-wrapper | sed -ne 's|^dn: ||p')

267

do

276

	if [ -n "$binddn" ]; then

268

	if [ -n "$binddn" ]; then

277

		failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn"

269

		failed_message "binddn for user $DCACCOUNT not unique, $i and $binddn"

278

fi

270

fi

Lines 282-316	Link Here

282

if [ -z "$binddn" ]; then

274

if [ -z "$binddn" ]; then

283

	failed_message "binddn for user $DCACCOUNT not found"

275

	failed_message "binddn for user $DCACCOUNT not found"

284

else

276

else

285

	ldapsearch -x -h $DCNAME -LLL -b "$ldap_base" -D "$binddn" -w `cat $DCPWD` -LLL -s base >/dev/null 2>&1

277

	if ! ldapsearch -x -h "$DCNAME" -LLL -b "$ldap_base" -D "$binddn" -w "$(<"$DCPWD")" -LLL -s base >/dev/null 2>&1

286

	if [ $? != 0 ]; then

278

	then

287

		failed_message "Invalid credentials"

279

		failed_message "Invalid credentials"

288

fi

280

fi

289

fi

281

fi

290

282

291

if [ $server_role != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]; then

283

if [ "$server_role" != "domaincontroller_master" -a "$server_role" != "domaincontroller_backup" -a -z "$binddn" ]

284

then

292

	failed_message "binddn for user $DCACCOUNT not found"

285

	failed_message "binddn for user $DCACCOUNT not found"

293

fi

286

fi

294

287

295

if [ -x /usr/bin/rdate ]; then

288

if [ -x /usr/bin/rdate ]; then

296

	echo -n "Sync time "

289

	echo -n "Sync time "

297

	/usr/bin/rdate $DCNAME >/dev/null 2>&1

290

	/usr/bin/rdate "$DCNAME" >/dev/null 2>&1

298

	echo -e "\033[60Gdone"

291

	echo -e "\033[60Gdone"

299

fi

292

fi

300

293

301

if [ -n "$ldap_position" ]; then

294

if [ -n "$ldap_position" ]; then

302

	position_cmd="-position \"$ldap_position\""

295

	args+=(-position "$ldap_position")

303

fi

296

fi

304

297

298

bashquote () { # quote arguments for eval

299

	declare -a escaped

300

	declare -r quote=\\\'

301

	local arg

302

	for arg in "$@"

303

do

304

		escaped+=("'${arg//\'/'$quote'}'")

305

	done

306

	echo -n "${escaped[@]}"

307

308

305

if [ -n "$server_role" ]; then

309

if [ -n "$server_role" ]; then

306

	if [ -n "$interfaces_eth0_address" ]; then

310

	if [ -n "$interfaces_eth0_address" ]; then

307

		ip_cmd="-ip $interfaces_eth0_address"

311

		args+=(-ip "$interfaces_eth0_address")

308

fi

312

fi

309

	echo -n "Join Computer Account: "

313

	echo -n "Join Computer Account: "

310

	univention-scp "$DCPWD" "$DCPWD" "$DCACCOUNT@$DCNAME:$DCPWD" >>/var/log/univention/join.log 2>&1

314

	args+=(-role "$server_role" -hostname "$hostname" -domainname "$domainname")

311

	res=`univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/share/univention-join/univention-server-join -role $server_role -hostname $hostname -domainname $domainname $ip_cmd $mac_cmd $position_cmd $auth_cmd 2>>/var/log/univention/join.log`

315

	# Copy local $DCPWD to remote $DCPWD' and invoke univention-join remotely

312

	univention-ssh $DCPWD $DCACCOUNT@$DCNAME "rm $DCPWD" >>/var/log/univention/join.log 2>&1

316

	univention-ssh --no-split "$DCPWD" "$DCACCOUNT@$DCNAME" 'DCPWD=$(mktemp) && trap "rm -f \"$DCPWD\"" EXIT && cat >"$DCPWD" && /usr/share/univention-join/univention-server-join -bindpwfile "$DCPWD"' "$(bashquote "${args[@]}")" <"$DCPWD" 2>&1 | tee "$USERTMP/log" >>/var/log/univention/join.log

313

	res_message=`echo $res | grep uexception | sed -e 's|.*univention.admin.uexceptions.||'g`

317

	res_message="$(grep uexception "$USERTMP/log" | sed -e 's|.*univention.admin.uexceptions.||'g)"

314

	if [ -z "$res_message" ]; then

318

	if [ -z "$res_message" ]; then

315

		echo -e "\033[60Gdone"

319

		echo -e "\033[60Gdone"

316

fi

320

fi

Lines 318-332	Link Here

318

	failed_message "No server role defined"

322

	failed_message "No server role defined"

319

fi

323

fi

320

324

321

if [ -n "$res" ]; then

325

if [ -s "$USERTMP/log" ]

322

	echo "Join result = [$res]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log

326

then

327

	echo "Join result = [$(<"$USERTMP/log")]" | sed -e 's/KerberosPasswd="[^"]*"//' | fromdos -fa >>/var/log/univention/join.log

323

328

324

	#try to get password

329

	#try to get password

325

	pwd=`echo $res | grep -i KerberosPasswd | sed -e 's|.*KerberosPasswd="||;s|".*||g'`

330

	pwd="$(sed -ne 's|^KerberosPasswd="\(.*\)" *|\1|p' <"$USERTMP/log")"

326

331

327

328

	if [ -n "$pwd" ]; then

332

	if [ -n "$pwd" ]; then

329

330

		if [ -e /etc/machine.secret ]; then

333

		if [ -e /etc/machine.secret ]; then

331

			cat /etc/machine.secret >>/etc/machine.secret.SAVE

334

			cat /etc/machine.secret >>/etc/machine.secret.SAVE

332

fi

335

fi

Lines 335-351	Link Here

335

		fromdos /etc/machine.secret

338

		fromdos /etc/machine.secret

336

		chmod 600 /etc/machine.secret

339

		chmod 600 /etc/machine.secret

337

		if [ -e /etc/machine.secret.SAVE ]; then

340

		if [ -e /etc/machine.secret.SAVE ]; then

338

		    chmod 600 /etc/machine.secret.SAVE

341

			chmod 600 /etc/machine.secret.SAVE

339

fi

342

fi

340

	else

343

	else

341

		if [ -n "$res_message" ]; then

344

		if [ -n "$res_message" ]; then

342

			failed_message "$res_message"

345

			failed_message "$res_message"

343

		else

346

		else

344

			failed_message "$res"

347

			failed_message "$(<"$USERTMP/log")"

345

fi

348

fi

346

fi

349

fi

347

350

348

	ldap_dn="`echo $res | grep ldap_dn | sed -e 's|.*ldap_dn="||;s|".*||'`"

351

	ldap_dn="$(sed -ne 's|^ldap_dn="\(.*\)" *|\1|p' <"$USERTMP/log")"

349

	if [ -n "$ldap_dn" ]; then

352

	if [ -n "$ldap_dn" ]; then

350

		univention-config-registry set ldap/hostdn="$ldap_dn" >>/var/log/univention/join.log 2>&1

353

		univention-config-registry set ldap/hostdn="$ldap_dn" >>/var/log/univention/join.log 2>&1

351

	else

354

	else

Lines 357-405	Link Here

357

fi

360

fi

358

361

359

if [ -e "/usr/lib/univention-install/.index.txt" ]; then

362

if [ -e "/usr/lib/univention-install/.index.txt" ]; then

360

   	mkdir -p /var/univention-join/

363

	mkdir -p /var/univention-join/

361

	rm -rf /var/univention-join/status

364

	rm -rf /var/univention-join/status

362

	rm /usr/lib/univention-install/.index.txt

365

	rm /usr/lib/univention-install/.index.txt

363

	touch /var/univention-join/status

366

	touch /var/univention-join/status

364

fi

367

fi

365

368

366

if [ ! -e "/usr/lib/univention-install/.index.txt" ]; then

369

if [ ! -e "/usr/lib/univention-install/.index.txt" ]; then

367

   	mkdir -p /var/univention-join/

370

	mkdir -p /var/univention-join/

368

	touch /var/univention-join/status

371

	touch /var/univention-join/status

369

	ln -sf /var/univention-join/status /usr/lib/univention-install/.index.txt

372

	ln -sf /var/univention-join/status /usr/lib/univention-install/.index.txt

370

fi

373

fi

371

374

372

375

373

if [ -e "/etc/univention/ssl" ]; then

376

if [ -e "/etc/univention/ssl" ]; then

374

	mv /etc/univention/ssl "/etc/univention/ssl_`date +"%y%m%d%H%M"`"

377

	mv /etc/univention/ssl "/etc/univention/ssl_$(date +"%y%m%d%H%M")"

375

	mkdir /etc/univention/ssl

378

	mkdir /etc/univention/ssl

376

fi

379

fi

377

380

378

# Stop Notifier

381

# Stop Notifier

379

notifier_pid=`pidof univention-directory-notifier`

382

notifier_pid="$(pidof univention-directory-notifier)"

380

if [ -n "$notifier_pid" -a -e /etc/runit/univention/univention-directory-notifier ]; then

383

if [ -n "$notifier_pid" -a -e /etc/runit/univention/univention-directory-notifier ]; then

381

	echo -n "Stopping univention-directory-notifier daemon: "

384

	echo -n "Stopping univention-directory-notifier daemon: "

382

	/etc/init.d/univention-directory-notifier stop >/dev/null 2>&1

385

	/etc/init.d/univention-directory-notifier stop >/dev/null 2>&1

383

	while ! sv status univention-directory-notifier | grep "^down" >/dev/null ; do sleep 1; /etc/init.d/univention-directory-notifier stop >/dev/null 2>&1; echo -n "." ;done; echo "" done

386

	while ! sv status univention-directory-notifier | grep -q "^down"

387

do

388

		sleep 1

389

		/etc/init.d/univention-directory-notifier stop >/dev/null 2>&1

390

		echo -n "."

391

	done

392

	echo " done"

384

fi

393

fi

385

394

386

# Stop Listener

395

# Stop Listener

387

listener_pid=`pidof univention-directory-listener`

396

listener_pid="$(pidof univention-directory-listener)"

388

if [ -e /etc/runit/univention/univention-directory-listener ]; then

397

if [ -e /etc/runit/univention/univention-directory-listener ]; then

389

	echo -n "Stopping univention-directory-listener daemon: "

398

	echo -n "Stopping univention-directory-listener daemon: "

390

	/etc/init.d/univention-directory-listener stop >/dev/null 2>&1

399

	/etc/init.d/univention-directory-listener stop >/dev/null 2>&1

391

	while ! sv status univention-directory-listener | grep "^down" >/dev/null ; do sleep 1; /etc/init.d/univention-directory-listener stop >/dev/null 2>&1; echo -n "." ;done; echo "" done

400

	while ! sv status univention-directory-listener | grep -q "^down"

401

do

402

		sleep 1

403

		/etc/init.d/univention-directory-listener stop >/dev/null 2>&1

404

		echo -n "."

405

	done

406

	echo " done"

392

fi

407

fi

393

rm -Rf /var/lib/univention-directory-listener/*

408

rm -Rf /var/lib/univention-directory-listener/*

394

409

395

set_kerberos_realm ()

410

set_kerberos_realm () {

396

411

	local DCPWD="${1:?missing DC password file}"

397

	DCPWD="$1"

412

	local DCACCOUNT="${2:?missing DC master account}"

398

	DCACCOUNT="$2"

413

	local DCNAME="${3:?missing DC master FQDN}"

399

	DCNAME="$3"

414

	local realm="$4"

400

	realm="$4"

401

	if [ -z "$realm" ]; then

415

	if [ -z "$realm" ]; then

402

		realm=$(univention-ssh $DCPWD $DCACCOUNT@$DCNAME /usr/sbin/univention-config-registry get kerberos/realm | sed -e 's, ,,g' | grep [A-Za-z0-9] ) >>/var/log/univention/join.log 2>&1

416

		realm=$(univention-ssh "$DCPWD" "$DCACCOUNT@$DCNAME" /usr/sbin/univention-config-registry get kerberos/realm) >>/var/log/univention/join.log 2>&1

403

		if [ $? != 0 -o -z "$realm" ]; then

417

		if [ $? != 0 -o -z "$realm" ]; then

404

			echo "Unable to retrieve the kerberos realm. Try to use option -realm <kerberos/realm>"

418

			echo "Unable to retrieve the kerberos realm. Try to use option -realm <kerberos/realm>"

405

			exit 1

419

			exit 1

Lines 414-447	Link Here

414

	if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi

428

	if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi

415

429

416

	echo -n "Sync ldap.secret: "

430

	echo -n "Sync ldap.secret: "

417

	univention-scp $DCPWD $DCACCOUNT@$DCNAME:/etc/ldap.secret /etc/ldap.secret >>/var/log/univention/join.log 2>&1

431

	univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap.secret" /etc/ldap.secret >>/var/log/univention/join.log 2>&1

418

	if [ ! -e "/etc/ldap.secret" ]; then

432

	if [ ! -e "/etc/ldap.secret" ]; then

419

		failed_message "/etc/ldap.secret not found"

433

		failed_message "/etc/ldap.secret not found"

420

fi

434

fi

421

	echo -e "\033[60Gdone"

435

	echo -e "\033[60Gdone"

422

436

423

	echo -n "Sync ldap-backup.secret: "

437

	echo -n "Sync ldap-backup.secret: "

424

	univention-scp $DCPWD $DCACCOUNT@$DCNAME:/etc/ldap-backup.secret /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1

438

	univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret" /etc/ldap-backup.secret >>/var/log/univention/join.log 2>&1

425

	if [ ! -e "/etc/ldap-backup.secret" ]; then

439

	if [ ! -e "/etc/ldap-backup.secret" ]; then

426

		failed_message "/etc/ldap-backup.secret not found"

440

		failed_message "/etc/ldap-backup.secret not found"

427

fi

441

fi

428

	echo -e "\033[60Gdone"

442

	echo -e "\033[60Gdone"

429

443

430

	univention-config-registry set ldap/server/name=$hostname.$domainname >>/var/log/univention/join.log 2>&1

444

	univention-config-registry set \

431

	univention-config-registry set ldap/server/ip=$interfaces_eth0_address >>/var/log/univention/join.log 2>&1

445

		ldap/server/name="$hostname.$domainname" \

432

	univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1

446

		ldap/server/ip="$interfaces_eth0_address" \

433

	univention-config-registry set ldap/server/type=slave >>/var/log/univention/join.log 2>&1

447

		ldap/master="$DCNAME" \

448

		ldap/server/type=slave \

449

		>>/var/log/univention/join.log 2>&1

434

450

435

436

	echo -n "Sync SSL directory: "

451

	echo -n "Sync SSL directory: "

437

	univention-ssh-rsync $DCPWD -az -e ssh $DCACCOUNT@$DCNAME:/etc/univention/ssl/* /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1

452

	univention-ssh-rsync "$DCPWD" -az "$DCACCOUNT@$DCNAME:/etc/univention/ssl/*" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1

438

	echo -e "\033[60Gdone"

453

	echo -e "\033[60Gdone"

439

454

440

	check_ldap_tls_connection

455

	check_ldap_tls_connection

441

456

442

	download_host_certificate

457

	download_host_certificate

443

458

444

	if [ ! -d "/etc/univention/ssl/$hostname" ] &&  [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then

459

	if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then

445

		echo "failed to get host certificate"

460

		echo "failed to get host certificate"

446

		failed_message "failed to get host certificate"

461

		failed_message "failed to get host certificate"

447

fi

462

fi

Lines 465-484	Link Here

465

480

466

	#TODO: implement a real sync

481

	#TODO: implement a real sync

467

	echo -n "Sync Kerberos settings: "

482

	echo -n "Sync Kerberos settings: "

468

	univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/* /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1

483

	univention-scp "$DCPWD" -q -r "$DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1

469

	echo -e "\033[60Gdone"

484

	echo -e "\033[60Gdone"

470

485

471

486

472

	# invalidate the nscd hosts cache

487

	# invalidate the nscd hosts cache

473

	nscd -i hosts

488

	nscd -i hosts

474

489

475

	univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1

490

	univention-config-registry set \

476

	univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1

491

		ldap/server/name?"$DCNAME" \

477

	univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1

492

		ldap/master?"$DCNAME" \

493

		kerberos/adminserver?"$DCNAME" \

494

		>>/var/log/univention/join.log 2>&1

478

495

479

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

496

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

480

497

481

	eval `univention-config-registry shell`

498

	eval "$(univention-config-registry shell)"

482

499

483

	mkdir -p /var/lib/univention-ldap/notify/

500

	mkdir -p /var/lib/univention-ldap/notify/

484

501

Lines 488-516	Link Here

488

	echo -n "0" >/var/lib/univention-ldap/schema/id/id

505

	echo -n "0" >/var/lib/univention-ldap/schema/id/id

489

	chown listener /var/lib/univention-ldap/schema/id/id

506

	chown listener /var/lib/univention-ldap/schema/id/id

490

507

491

	if test -e "/usr/lib/univention-install/"; then

508

	if test -d "/usr/lib/univention-install/"

509

	then

492

		for i in /usr/lib/univention-install/*.inst; do

510

		for i in /usr/lib/univention-install/*.inst; do

493

			echo -n "Configure `basename $i` "

511

			echo -n "Configure ${i##*/} "

494

			echo "Configure `basename $i` " >>/var/log/univention/join.log

512

			echo "Configure ${i##*/} " >>/var/log/univention/join.log

495

			$i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1

513

			if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1

496

			if [ $? != 0 ]; then

514

			then

497

				echo -e "\033[60Gfailed"

515

				echo -e "\033[60Gfailed"

498

				failed_message "FAILED: `basename $i`"

516

				failed_message "FAILED: ${i##*/}"

499

			else

517

			else

500

				echo -e "\033[60Gdone"

518

				echo -e "\033[60Gdone"

501

fi

519

fi

502

520

503

			if [ "`basename $i`" = "03univention-directory-listener.inst" ]; then

521

			if [ "${i##*/}" = "03univention-directory-listener.inst" ]

522

			then

504

				if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then

523

				if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then

505

					failed_message "FAILED: failed.ldif exists."

524

					failed_message "FAILED: failed.ldif exists."

506

fi

525

fi

507

				univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction /tmp/ >/dev/null 2>&1

526

				univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction" /tmp/ >/dev/null 2>&1

508

				if [ ! -e /tmp/transaction ]; then

527

				if [ ! -e /tmp/transaction ]; then

509

					failed_message " FAILED: failed do copy /var/lib/univention-ldap/notify/transaction from the dc master. Please try again."

528

					failed_message " FAILED: failed to copy /var/lib/univention-ldap/notify/transaction from the dc master. Please try again."

510

fi

529

fi

511

530

512

				id=`cat /var/lib/univention-directory-listener/notifier_id`

531

				read id < /var/lib/univention-directory-listener/notifier_id

513

				cat /tmp/transaction | awk -F ' ' '{ if ( $1 <= '$id') print }' >/var/lib/univention-ldap/notify/transaction

532

				awk -F ' ' '{ if ( $1 <= '$id') print }' </tmp/transaction >/var/lib/univention-ldap/notify/transaction

514

				rm /tmp/transaction

533

				rm /tmp/transaction

515

				echo "">/var/lib/univention-ldap/replog/replog

534

				echo "">/var/lib/univention-ldap/replog/replog

516

fi

535

fi

Lines 524-549	Link Here

524

543

525

	if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi

544

	if [ -e "/etc/ldap-backup.secret" ]; then cat /etc/ldap-backup.secret >>/etc/ldap-backup.secret.SAVE; fi

526

545

527

	univention-scp $DCPWD "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret /etc/ldap-backup.secret" >/var/log/univention/join.log 2>&1

546

	univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/ldap-backup.secret" /etc/ldap-backup.secret >/var/log/univention/join.log 2>&1

528

547

529

	echo -e "\033[60Gdone"

548

	echo -e "\033[60Gdone"

530

549

531

	univention-config-registry set ldap/server/name=$hostname.$domainname >>/var/log/univention/join.log 2>&1

550

	univention-config-registry set \

532

	univention-config-registry set ldap/server/ip=$interfaces_eth0_address >>/var/log/univention/join.log 2>&1

551

		ldap/server/name="$hostname.$domainname" \

533

	univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1

552

		ldap/server/ip="$interfaces_eth0_address" \

534

	univention-config-registry set ldap/server/type=slave >>/var/log/univention/join.log 2>&1

553

		ldap/master="$DCNAME" \

554

		ldap/server/type=slave \

555

		>>/var/log/univention/join.log 2>&1

535

556

536

	mkdir -p /etc/univention/ssl/ucsCA

557

	mkdir -p /etc/univention/ssl/ucsCA

537

	univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1

558

	univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1

538

	if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then

559

	if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then

539

		univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1

560

		univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1

540

fi

561

fi

541

562

542

	check_ldap_tls_connection

563

	check_ldap_tls_connection

543

564

544

	download_host_certificate

565

	download_host_certificate

545

566

546

	if [ ! -d "/etc/univention/ssl/$hostname" ] &&  [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then

567

	if [ ! -d "/etc/univention/ssl/$hostname" ] && [ ! -d "/etc/univention/ssl/$hostname.$domainname" ]; then

547

		failed_message "failed to get host certificate"

568

		failed_message "failed to get host certificate"

548

fi

569

fi

549

570

Lines 552-558	Link Here

552

	echo -e "\033[60Gdone"

573

	echo -e "\033[60Gdone"

553

574

554

	echo -n "Sync Kerberos settings: "

575

	echo -n "Sync Kerberos settings: "

555

	univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/* /var/lib/heimdal-kdc/" >>/var/log/univention/join.log 2>&1

576

	univention-scp "$DCPWD" -q -r "$DCACCOUNT@$DCNAME:/var/lib/heimdal-kdc/*" /var/lib/heimdal-kdc/ >>/var/log/univention/join.log 2>&1

556

	echo -e "\033[60Gdone"

577

	echo -e "\033[60Gdone"

557

578

558

	mkdir -p /var/lib/univention-ldap/notify/

579

	mkdir -p /var/lib/univention-ldap/notify/

Lines 560-568	Link Here

560

	# invalidate the nscd hosts cache

581

	# invalidate the nscd hosts cache

561

	nscd -i hosts

582

	nscd -i hosts

562

583

563

	univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1

584

	univention-config-registry set \

564

	univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1

585

		ldap/server/name?"$DCNAME" \

565

	univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1

586

		ldap/master?"$DCNAME" \

587

		kerberos/adminserver?"$DCNAME" \

588

		>>/var/log/univention/join.log 2>&1

566

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

589

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

567

590

568

	echo -n "0" >/var/lib/univention-ldap/schema/id/id

591

	echo -n "0" >/var/lib/univention-ldap/schema/id/id

Lines 573-595	Link Here

573

596

574

	if test -e "/usr/lib/univention-install/"; then

597

	if test -e "/usr/lib/univention-install/"; then

575

		for i in /usr/lib/univention-install/*.inst; do

598

		for i in /usr/lib/univention-install/*.inst; do

576

			echo -n "Configure `basename $i` "

599

			echo -n "Configure ${i##*/} "

577

			echo "Configure `basename $i` " >>/var/log/univention/join.log

600

			echo "Configure ${i##*/} " >>/var/log/univention/join.log

578

			$i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1

601

			if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1

579

			if [ $? != 0 ]; then

602

			then

580

				echo -e "\033[60Gfailed"

603

				echo -e "\033[60Gfailed"

581

				failed_message "FAILED: `basename $i`"

604

				failed_message "FAILED: ${i##*/}"

582

			else

605

			else

583

				echo -e "\033[60Gdone"

606

				echo -e "\033[60Gdone"

584

fi

607

fi

585

			if [ "`basename $i`" = "03univention-directory-listener.inst" ]; then

608

			if [ "${i##*/}" = "03univention-directory-listener.inst" ]

609

			then

586

				if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then

610

				if [ -e /var/lib/univention-directory-replication/failed.ldif ]; then

587

					failed_message "FAILED: failed.ldif exists."

611

					failed_message "FAILED: failed.ldif exists."

588

fi

612

fi

589

				if [ -n "$listener_supply_notifier" -a "$listener_supply_notifier" = "yes" ]; then

613

				if [ -n "$listener_supply_notifier" -a "$listener_supply_notifier" = "yes" ]; then

590

					univention-scp $DCPWD -r $DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction /tmp/ >/dev/null 2>&1

614

					univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/var/lib/univention-ldap/notify/transaction" /tmp/ >/dev/null 2>&1

591

					id=`cat /var/lib/univention-directory-listener/notifier_id`

615

					read id < /var/lib/univention-directory-listener/notifier_id

592

					cat /tmp/transaction | awk -F ' ' '{ if ( $1 <= '$id') print }' >/var/lib/univention-ldap/notify/transaction

616

					awk -F ' ' '{ if ( $1 <= '$id') print }' </tmp/transaction >/var/lib/univention-ldap/notify/transaction

593

					rm /tmp/transaction

617

					rm /tmp/transaction

594

					echo "">/var/lib/univention-ldap/replog/replog

618

					echo "">/var/lib/univention-ldap/replog/replog

595

fi

619

fi

Lines 600-623	Link Here

600

624

601

elif [ "$server_role" = "memberserver" ]; then

625

elif [ "$server_role" = "memberserver" ]; then

602

	mkdir -p /etc/univention/ssl/ucsCA

626

	mkdir -p /etc/univention/ssl/ucsCA

603

	univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1

627

	univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1

604

	if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then

628

	if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then

605

		univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1

629

		univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1

606

fi

630

fi

607

631

608

	check_ldap_tls_connection

632

	check_ldap_tls_connection

609

633

610

	download_host_certificate

634

	download_host_certificate

611

635

612

	univention-config-registry set ldap/master=$DCNAME >>/var/log/univention/join.log 2>&1

636

	univention-config-registry set ldap/master="$DCNAME" >>/var/log/univention/join.log 2>&1

613

	cat /etc/ldap/ldap.conf  | sed -e "s|#.*||g" | grep -q TLS_CACERT || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf

637

	grep -q ^TLS_CACERT /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf

614

638

615

	# invalidate the nscd hosts cache

639

	# invalidate the nscd hosts cache

616

	nscd -i hosts

640

	nscd -i hosts

617

641

618

	univention-config-registry set ldap/server/name?"$DCNAME" >>/var/log/univention/join.log 2>&1

642

	univention-config-registry set \

619

	univention-config-registry set ldap/master?"$DCNAME" >>/var/log/univention/join.log 2>&1

643

		ldap/server/name?"$DCNAME" \

620

	univention-config-registry set kerberos/adminserver?"$DCNAME" >>/var/log/univention/join.log 2>&1

644

		ldap/master?"$DCNAME" \

645

		kerberos/adminserver?"$DCNAME" \

646

		>>/var/log/univention/join.log 2>&1

621

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

647

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

622

648

623

	touch /var/univention-join/joined

649

	touch /var/univention-join/joined

Lines 625-637	Link Here

625

651

626

	if test -e "/usr/lib/univention-install/"; then

652

	if test -e "/usr/lib/univention-install/"; then

627

		for i in /usr/lib/univention-install/*.inst; do

653

		for i in /usr/lib/univention-install/*.inst; do

628

			echo -n "Configure `basename $i` "

654

			echo -n "Configure ${i##*/} "

629

			echo "Configure `basename $i` " >>/var/log/univention/join.log

655

			echo "Configure ${i##*/} " >>/var/log/univention/join.log

630

			$i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1

656

			if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1

631

			if [ $? != 0 ]; then

657

			then

632

				echo -e "\033[60Gfailed"

658

				echo -e "\033[60Gfailed"

633

				echo "FAILED: `basename $i`"

659

				echo "FAILED: ${i##*/}"

634

				failed_message "FAILED: `basename $i`"

660

				failed_message "FAILED: ${i##*/}"

635

			else

661

			else

636

				echo -e "\033[60Gdone"

662

				echo -e "\033[60Gdone"

637

fi

663

fi

Lines 644-652	Link Here

644

670

645

	mkdir -p /etc/univention/ssl/ucsCA

671

	mkdir -p /etc/univention/ssl/ucsCA

646

672

647

	univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1

673

	univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/ucsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1

648

	if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then

674

	if [ ! -e /etc/univention/ssl/ucsCA/CAcert.pem ]; then

649

		univention-scp $DCPWD "-r $DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem /etc/univention/ssl/ucsCA/" >>/var/log/univention/join.log 2>&1

675

		univention-scp "$DCPWD" -q "$DCACCOUNT@$DCNAME:/etc/univention/ssl/udsCA/CAcert.pem" /etc/univention/ssl/ucsCA/ >>/var/log/univention/join.log 2>&1

650

fi

676

fi

651

677

652

	check_ldap_tls_connection

678

	check_ldap_tls_connection

Lines 656-682	Link Here

656

	# invalidate the nscd hosts cache

682

	# invalidate the nscd hosts cache

657

	nscd -i hosts

683

	nscd -i hosts

658

684

659

	univention-config-registry set ldap/server/name="$DCNAME" >>/var/log/univention/join.log 2>&1

685

	univention-config-registry set \

660

	univention-config-registry set ldap/master="$DCNAME" >>/var/log/univention/join.log 2>&1

686

		ldap/server/name="$DCNAME" \

661

	univention-config-registry set kerberos/adminserver="$DCNAME" >>/var/log/univention/join.log 2>&1

687

		ldap/master="$DCNAME" \

688

		kerberos/adminserver="$DCNAME" \

689

		>>/var/log/univention/join.log 2>&1

662

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

690

	set_kerberos_realm "$DCPWD" "$DCACCOUNT" "$DCNAME" "$REALM"

663

	cat /etc/ldap/ldap.conf  | sed -e "s|#.*||g" | grep -q TLS_CACERT || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf

691

	grep -q ^TLS_CACERT /etc/ldap/ldap.conf || echo "TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem" >>/etc/ldap/ldap.conf

664

692

665

	touch /var/univention-join/joined

693

	touch /var/univention-join/joined

666

	ln -sf /var/univention-join/joined /usr/share/univention-join/.joined

694

	ln -sf /var/univention-join/joined /usr/share/univention-join/.joined

667

695

668

	univention-config-registry set nsswitch/ldap=yes >>/var/log/univention/join.log 2>&1

696

	univention-config-registry set nsswitch/ldap=yes >>/var/log/univention/join.log 2>&1

669

	eval `univention-config-registry shell`

697

	eval "$(univention-config-registry shell)"

670

698

671

	if test -e "/usr/lib/univention-install/"; then

699

	if test -e "/usr/lib/univention-install/"; then

672

		for i in /usr/lib/univention-install/*.inst; do

700

		for i in /usr/lib/univention-install/*.inst; do

673

			echo -n "Configure `basename $i` "

701

			echo -n "Configure ${i##*/} "

674

			echo "Configure `basename $i` " >>/var/log/univention/join.log

702

			echo "Configure ${i##*/} " >>/var/log/univention/join.log

675

			$i --binddn $binddn --bindpwd `cat $DCPWD` >>/var/log/univention/join.log 2>&1

703

			if ! "$i" --binddn "$binddn" --bindpwd "$(<"$DCPWD")" >>/var/log/univention/join.log 2>&1

676

			if [ $? != 0 ]; then

704

			then

677

				echo -e "\033[60Gfailed"

705

				echo -e "\033[60Gfailed"

678

				echo "FAILED: `basename $i`"

706

				echo "FAILED: ${i##*/}"

679

				failed_message "FAILED: `basename $i`"

707

				failed_message "FAILED: ${i##*/}"

680

			else

708

			else

681

				echo -e "\033[60Gdone"

709

				echo -e "\033[60Gdone"

682

fi

710

fi

Lines 694-703	Link Here

694

	/etc/init.d/univention-directory-listener restart >>/var/log/univention/join.log 2>&1

722

	/etc/init.d/univention-directory-listener restart >>/var/log/univention/join.log 2>&1

695

fi

723

fi

696

724

697

if [ -n "$REMOVE_PWD_FILE" -a -n "$DCPWD" ]; then

698

	rm -f $DCPWD

699

fi

700

701

if [ "$interfaces_eth0_type" != "dhcp" ]; then

725

if [ "$interfaces_eth0_type" != "dhcp" ]; then

702

	univention-config-registry commit /etc/resolv.conf >>/var/log/univention/join.log 2>&1

726

	univention-config-registry commit /etc/resolv.conf >>/var/log/univention/join.log 2>&1

703

fi

727

fi

Return to bug 19430