|
|
|---|
| 88 |
|
88 |
|
| 89 |
test -x /usr/sbin/nscd && nscd -i passwd |
89 |
test -x /usr/sbin/nscd && nscd -i passwd |
| 90 |
if is_ucr_true nss/group/cachefile; then |
90 |
if is_ucr_true nss/group/cachefile; then |
| 91 |
/usr/lib/univention-pam/ldap-group-to-file.py |
91 |
/usr/lib/univention-pam/ldap-group-to-file.py || die |
| 92 |
else |
92 |
else |
| 93 |
test -x /usr/sbin/nscd && nscd -i group |
93 |
test -x /usr/sbin/nscd && nscd -i group |
| 94 |
fi |
94 |
fi |
|
|
|---|
| 96 |
sleep 2 |
96 |
sleep 2 |
| 97 |
|
97 |
|
| 98 |
if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" -o "$server_role" = "domaincontroller_slave" ]; then |
98 |
if [ "$server_role" = "domaincontroller_master" -o "$server_role" = "domaincontroller_backup" -o "$server_role" = "domaincontroller_slave" ]; then |
| 99 |
test -e /etc/backup-join.secret && chgrp "Backup Join" /etc/backup-join.secret && chmod 640 /etc/backup-join.secret |
99 |
test -e /etc/backup-join.secret && (chgrp "Backup Join" /etc/backup-join.secret && chmod 640 /etc/backup-join.secret || die) |
| 100 |
test -e /etc/slave-join.secret && chgrp "Slave Join" /etc/slave-join.secret && chmod 640 /etc/slave-join.secret |
100 |
test -e /etc/slave-join.secret && (chgrp "Slave Join" /etc/slave-join.secret && chmod 640 /etc/slave-join.secret || die) |
| 101 |
|
101 |
|
| 102 |
chgrp "DC Backup Hosts" /etc/univention/ssl/ |
102 |
chgrp "DC Backup Hosts" /etc/univention/ssl/ || die |
| 103 |
|
103 |
|
| 104 |
test -e /etc/univention/ssl/openssl.cnf && chgrp "DC Backup Hosts" /etc/univention/ssl/openssl.cnf && chmod g+rw /etc/univention/ssl/openssl.cnf |
104 |
test -e /etc/univention/ssl/openssl.cnf && (chgrp "DC Backup Hosts" /etc/univention/ssl/openssl.cnf && chmod g+rw /etc/univention/ssl/openssl.cnf || die) |
| 105 |
|
105 |
|
| 106 |
test -e /etc/univention/ssl/password && chgrp "DC Backup Hosts" /etc/univention/ssl/password && chmod g+rw /etc/univention/ssl/password |
106 |
test -e /etc/univention/ssl/password && (chgrp "DC Backup Hosts" /etc/univention/ssl/password && chmod g+rw /etc/univention/ssl/password || die) |
| 107 |
|
107 |
|
| 108 |
test -d "/etc/univention/ssl/$hostname" && chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$hostname" && chmod g+rwx "/etc/univention/ssl/$hostname" && find "/etc/univention/ssl/$hostname/" -type f | xargs chmod g+rw |
108 |
test -d "/etc/univention/ssl/$hostname" && (chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$hostname" && chmod g+rwx "/etc/univention/ssl/$hostname" && find "/etc/univention/ssl/$hostname/" -type f | xargs chmod g+rw || die) |
| 109 |
|
109 |
|
| 110 |
if [ -d /etc/univention/ssl/ucsCA ]; then |
110 |
if [ -d /etc/univention/ssl/ucsCA ]; then |
| 111 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/ucsCA |
111 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/ucsCA || die |
| 112 |
find /etc/univention/ssl/ucsCA/ -type d | xargs chmod g+rwx |
112 |
find /etc/univention/ssl/ucsCA/ -type d | xargs chmod g+rwx || die |
| 113 |
find /etc/univention/ssl/ucsCA/ -type f | xargs chmod g+rw |
113 |
find /etc/univention/ssl/ucsCA/ -type f | xargs chmod g+rw || die |
| 114 |
fi |
114 |
fi |
| 115 |
|
115 |
|
| 116 |
test -e /etc/ldap-backup.secret && chgrp "DC Backup Hosts" /etc/ldap-backup.secret && chmod 640 /etc/ldap-backup.secret |
116 |
test -e /etc/ldap-backup.secret && (chgrp "DC Backup Hosts" /etc/ldap-backup.secret && chmod 640 /etc/ldap-backup.secret || die) |
| 117 |
test -e /etc/univention/ssl/ucsCA/CAcert.pem && chgrp "DC Slave Hosts" /etc/univention/ssl/ucsCA/CAcert.pem && chmod 644 /etc/univention/ssl/ucsCA/CAcert.pem |
117 |
test -e /etc/univention/ssl/ucsCA/CAcert.pem && (chgrp "DC Slave Hosts" /etc/univention/ssl/ucsCA/CAcert.pem && chmod 644 /etc/univention/ssl/ucsCA/CAcert.pem || die) |
| 118 |
|
118 |
|
| 119 |
if [ -d "/etc/univention/ssl/univention-directory-manager" ]; then |
119 |
if [ -d "/etc/univention/ssl/univention-directory-manager" ]; then |
| 120 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/univention-directory-manager |
120 |
chgrp -R "DC Backup Hosts" /etc/univention/ssl/univention-directory-manager || die |
| 121 |
find /etc/univention/ssl/univention-directory-manager/ -type d | xargs chmod g+rwx |
121 |
find /etc/univention/ssl/univention-directory-manager/ -type d | xargs chmod g+rwx || die |
| 122 |
find /etc/univention/ssl/univention-directory-manager/ -type f | xargs chmod g+rw |
122 |
find /etc/univention/ssl/univention-directory-manager/ -type f | xargs chmod g+rw || die |
| 123 |
fi |
123 |
fi |
| 124 |
|
124 |
|
| 125 |
test -e /etc/ldap.secret && chgrp "DC Backup Hosts" /etc/ldap.secret && chmod 640 /etc/ldap.secret |
125 |
test -e /etc/ldap.secret && (chgrp "DC Backup Hosts" /etc/ldap.secret && chmod 640 /etc/ldap.secret || die) |
| 126 |
|
126 |
|
| 127 |
if [ -d /var/lib/heimdal-kdc ]; then |
127 |
if [ -d /var/lib/heimdal-kdc ]; then |
| 128 |
chgrp -R "DC Backup Hosts" /var/lib/heimdal-kdc |
128 |
chgrp -R "DC Backup Hosts" /var/lib/heimdal-kdc || die |
| 129 |
find /var/lib/heimdal-kdc/ -type d | xargs chmod g+rwx |
129 |
find /var/lib/heimdal-kdc/ -type d | xargs chmod g+rwx || die |
| 130 |
find /var/lib/heimdal-kdc/ -type f | xargs chmod g+rw |
130 |
find /var/lib/heimdal-kdc/ -type f | xargs chmod g+rw || die |
| 131 |
fi |
131 |
fi |
| 132 |
|
132 |
|
| 133 |
if [ -e /etc/univention/ssl ]; then |
133 |
if [ -e /etc/univention/ssl ]; then |
| 134 |
res=`find /etc/univention/ssl/ -group root` |
134 |
res="$(find /etc/univention/ssl/ -group root)" |
| 135 |
if [ -n "$res" ]; then |
135 |
if [ -n "$res" ]; then |
| 136 |
find /etc/univention/ssl/ -group root | xargs chown root."DC Backup Hosts" |
136 |
find /etc/univention/ssl/ -group root | xargs chown root."DC Backup Hosts" || die |
| 137 |
fi |
137 |
fi |
| 138 |
fi |
138 |
fi |
| 139 |
fi |
139 |
fi |
|
Lines 144-150
udm computers/$server_role modify "$@" --dn "$ldap_hostdn" \
|
Link Here
|
|---|
|
|---|
| 144 |
|
144 |
|
| 145 |
# create ssl/validity/... to avoid nagios UNIVENTION_SSL warnings |
145 |
# create ssl/validity/... to avoid nagios UNIVENTION_SSL warnings |
| 146 |
if [ -x /usr/sbin/univention-certificate-check-validity ]; then |
146 |
if [ -x /usr/sbin/univention-certificate-check-validity ]; then |
| 147 |
/usr/sbin/univention-certificate-check-validity |
147 |
/usr/sbin/univention-certificate-check-validity || die |
| 148 |
fi |
148 |
fi |
| 149 |
|
149 |
|
| 150 |
joinscript_save_current_version |
150 |
joinscript_save_current_version |