|
88 |
|
88 |
|
89 |
test -x /usr/sbin/nscd && nscd -i passwd |
89 |
test -x /usr/sbin/nscd && nscd -i passwd |
90 |
if is_ucr_true nss/group/cachefile; then |
90 |
if is_ucr_true nss/group/cachefile; then |
91 |
/usr/lib/univention-pam/ldap-group-to-file.py |
91 |
/usr/lib/univention-pam/ldap-group-to-file.py || die |
92 |
else |
92 |
else |
93 |
test -x /usr/sbin/nscd && nscd -i group |
93 |
test -x /usr/sbin/nscd && nscd -i group |
94 |
fi |
94 |
fi |
|
96 |
sleep 2 |
96 |
sleep 2 |
97 |
|
97 |
|
98 |
if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" -o "$server_role" = "domaincontroller_slave" ]; then |
98 |
if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" -o "$server_role" = "domaincontroller_slave" ]; then |
99 |
test -e /etc/backup-join.secret && chgrp "Backup Join" /etc/backup-join.secret && chmod 640 /etc/backup-join.secret |
99 |
test -e /etc/backup-join.secret && (chgrp "Backup Join" /etc/backup-join.secret && chmod 640 /etc/backup-join.secret || die) |
100 |
test -e /etc/slave-join.secret && chgrp "Slave Join" /etc/slave-join.secret && chmod 640 /etc/slave-join.secret |
100 |
test -e /etc/slave-join.secret && (chgrp "Slave Join" /etc/slave-join.secret && chmod 640 /etc/slave-join.secret || die) |
101 |
|
101 |
|
102 |
chgrp "DC Backup Hosts" /etc/univention/ssl/ |
102 |
chgrp "DC Backup Hosts" /etc/univention/ssl/ || die |
103 |
|
103 |
|
104 |
test -e /etc/univention/ssl/openssl.cnf && chgrp "DC Backup Hosts" /etc/univention/ssl/openssl.cnf && chmod g+rw /etc/univention/ssl/openssl.cnf |
104 |
test -e /etc/univention/ssl/openssl.cnf && (chgrp "DC Backup Hosts" /etc/univention/ssl/openssl.cnf && chmod g+rw /etc/univention/ssl/openssl.cnf || die) |
105 |
|
105 |
|
106 |
test -e /etc/univention/ssl/password && chgrp "DC Backup Hosts" /etc/univention/ssl/password && chmod g+rw /etc/univention/ssl/password |
106 |
test -e /etc/univention/ssl/password && (chgrp "DC Backup Hosts" /etc/univention/ssl/password && chmod g+rw /etc/univention/ssl/password || die) |
107 |
|
107 |
|
108 |
test -d "/etc/univention/ssl/$hostname" && chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$hostname" && chmod g+rwx "/etc/univention/ssl/$hostname" && find "/etc/univention/ssl/$hostname/" -type f | xargs chmod g+rw |
108 |
test -d "/etc/univention/ssl/$hostname" && (chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$hostname" && chmod g+rwx "/etc/univention/ssl/$hostname" && find "/etc/univention/ssl/$hostname/" -type f | xargs chmod g+rw || die) |
109 |
|
109 |
|
110 |
if [ -d /etc/univention/ssl/ucsCA ]; then |
110 |
if [ -d /etc/univention/ssl/ucsCA ]; then |
111 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/ucsCA |
111 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/ucsCA || die |
112 |
find /etc/univention/ssl/ucsCA/ -type d | xargs chmod g+rwx |
112 |
find /etc/univention/ssl/ucsCA/ -type d | xargs chmod g+rwx || die |
113 |
find /etc/univention/ssl/ucsCA/ -type f | xargs chmod g+rw |
113 |
find /etc/univention/ssl/ucsCA/ -type f | xargs chmod g+rw || die |
114 |
fi |
114 |
fi |
115 |
|
115 |
|
116 |
test -e /etc/ldap-backup.secret && chgrp "DC Backup Hosts" /etc/ldap-backup.secret && chmod 640 /etc/ldap-backup.secret |
116 |
test -e /etc/ldap-backup.secret && (chgrp "DC Backup Hosts" /etc/ldap-backup.secret && chmod 640 /etc/ldap-backup.secret || die) |
117 |
test -e /etc/univention/ssl/ucsCA/CAcert.pem && chgrp "DC Slave Hosts" /etc/univention/ssl/ucsCA/CAcert.pem && chmod 644 /etc/univention/ssl/ucsCA/CAcert.pem |
117 |
test -e /etc/univention/ssl/ucsCA/CAcert.pem && (chgrp "DC Slave Hosts" /etc/univention/ssl/ucsCA/CAcert.pem && chmod 644 /etc/univention/ssl/ucsCA/CAcert.pem || die) |
118 |
|
118 |
|
119 |
if [ -d "/etc/univention/ssl/univention-directory-manager" ]; then |
119 |
if [ -d "/etc/univention/ssl/univention-directory-manager" ]; then |
120 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/univention-directory-manager |
120 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/univention-directory-manager || die |
121 |
find /etc/univention/ssl/univention-directory-manager/ -type d | xargs chmod g+rwx |
121 |
find /etc/univention/ssl/univention-directory-manager/ -type d | xargs chmod g+rwx || die |
122 |
find /etc/univention/ssl/univention-directory-manager/ -type f | xargs chmod g+rw |
122 |
find /etc/univention/ssl/univention-directory-manager/ -type f | xargs chmod g+rw || die |
123 |
fi |
123 |
fi |
124 |
|
124 |
|
125 |
test -e /etc/ldap.secret && chgrp "DC Backup Hosts" /etc/ldap.secret && chmod 640 /etc/ldap.secret |
125 |
test -e /etc/ldap.secret && (chgrp "DC Backup Hosts" /etc/ldap.secret && chmod 640 /etc/ldap.secret || die) |
126 |
|
126 |
|
127 |
if [ -d /var/lib/heimdal-kdc ]; then |
127 |
if [ -d /var/lib/heimdal-kdc ]; then |
128 |
chgrp -R "DC Backup Hosts" /var/lib/heimdal-kdc |
128 |
chgrp -R "DC Backup Hosts" /var/lib/heimdal-kdc || die |
129 |
find /var/lib/heimdal-kdc/ -type d | xargs chmod g+rwx |
129 |
find /var/lib/heimdal-kdc/ -type d | xargs chmod g+rwx || die |
130 |
find /var/lib/heimdal-kdc/ -type f | xargs chmod g+rw |
130 |
find /var/lib/heimdal-kdc/ -type f | xargs chmod g+rw || die |
131 |
fi |
131 |
fi |
132 |
|
132 |
|
133 |
if [ -e /etc/univention/ssl ]; then |
133 |
if [ -e /etc/univention/ssl ]; then |
134 |
res=`find /etc/univention/ssl/ -group root` |
134 |
res="$(find /etc/univention/ssl/ -group root)" |
135 |
if [ -n "$res" ]; then |
135 |
if [ -n "$res" ]; then |
136 |
find /etc/univention/ssl/ -group root | xargs chown root."DC Backup Hosts" |
136 |
find /etc/univention/ssl/ -group root | xargs chown root."DC Backup Hosts" || die |
137 |
fi |
137 |
fi |
138 |
fi |
138 |
fi |
139 |
fi |
139 |
fi |
Lines 144-150
udm computers/$server_role modify "$@" --dn "$ldap_hostdn" \
|
Link Here
|
---|
|
144 |
|
144 |
|
145 |
# create ssl/validity/... to avoid nagios UNIVENTION_SSL warnings |
145 |
# create ssl/validity/... to avoid nagios UNIVENTION_SSL warnings |
146 |
if [ -x /usr/sbin/univention-certificate-check-validity ]; then |
146 |
if [ -x /usr/sbin/univention-certificate-check-validity ]; then |
147 |
/usr/sbin/univention-certificate-check-validity |
147 |
/usr/sbin/univention-certificate-check-validity || die |
148 |
fi |
148 |
fi |
149 |
|
149 |
|
150 |
joinscript_save_current_version |
150 |
joinscript_save_current_version |