diff --git a/services/univention-samba4/96univention-samba4.inst b/services/univention-samba4/96univention-samba4.inst index 5c61fa5..87d9cc6 100755 --- a/services/univention-samba4/96univention-samba4.inst +++ b/services/univention-samba4/96univention-samba4.inst @@ -209,20 +209,19 @@ stop_conflicting_services() { fi fi - tmp_ucr_key_value_list=() + declare -a tmp_ucr_key_value_list=() if [ "$samba_autostart" != "no" ]; then - tmp_ucr_key_value_list[0]="samba/autostart=no" + tmp_ucr_key_value_list+=("samba/autostart=no") fi if [ "$winbind_autostart" != "no" ]; then - tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="winbind/autostart=no" + tmp_ucr_key_value_list+=("winbind/autostart=no") fi if [ "$kerberos_autostart" != "no" ]; then - tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="kerberos/autostart=no" + tmp_ucr_key_value_list+=("kerberos/autostart=no") fi if [ -n "$tmp_ucr_key_value_list" ]; then univention-config-registry set "${tmp_ucr_key_value_list[@]}" fi - unset tmp_ucr_key_value_list } get_samba_role() { @@ -309,11 +308,11 @@ samba_domain_join() { fi else - # Let's try to join against the S4 Connector - s4connector_dc=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ + # Let's try to join against the S4 Connector + s4connector_dc=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(!(univentionService=S4 SlavePDC)))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') - + | sed -n 's/^cn: //p') + if [ -n "$s4connector_dc" ]; then echo "Join against S4 Connector server: $s4connector_dc" if samba-tool domain info "$s4connector_dc.$domainname"; then @@ -343,9 +342,9 @@ samba_domain_join() { if [ -z "$success" ]; then # try again with --server - cn=($(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ + cn=($(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p' )) + | sed -n 's/^cn: //p' )) for name in "${cn[@]}"; do if samba-tool domain info "$name.$domainname"; then samba-tool domain join "$domainname" "$samba4_role" --server "$name.$domainname" "${samba_join_options[@]}" @@ -392,7 +391,7 @@ disable_slapd_on_standard_port() { } backup_samba4_keytab() { - pre_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: \(.*\)/\1/p') + pre_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: //p') if [ -n "$pre_join_kvno" ]; then if ! [ -f /etc/krb5.keytab ]; then ## usually the keytab is removed during 03univention-directory-listener.inst @@ -416,7 +415,7 @@ backup_samba4_keytab() { merge_backup_samba4_keytab() { if [ -n "$pre_join_kvno" ] && [ -f "$backup_dir/krb5.keytab" ]; then - post_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: \(.*\)/\1/p') + post_join_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb sAMAccountName="$hostname\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: //p') if [ "$post_join_kvno" -gt "$pre_join_kvno" ]; then tmp_krb5_keytab=$(mktemp) cp "$backup_dir/krb5.keytab" "$tmp_krb5_keytab" @@ -461,8 +460,8 @@ set_default_fACL() { register_server_ips_with_domain() { zone="$(udm dns/forward_zone list "$@" --filter zoneName="$domainname" | sed -ne 's|^DN: ||p')" if [ -n "$zone" ]; then - IPs=$(univention-ldapsearch "(&(relativeDomainname=$hostname)(zoneName=$domainname))" aRecord aAAARecord \ - | ldapsearch-wrapper | sed -ne 's|^aRecord: ||p;s|^aAAARecord: ||p') + IPs=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(relativeDomainname=$hostname)(zoneName=$domainname))" aRecord aAAARecord \ + | sed -ne 's|^aRecord: ||p;s|^aAAARecord: ||p') for ip in $IPs; do udm dns/forward_zone modify "$@" --ignore_exists --dn "$zone" --append a="$ip" done @@ -472,9 +471,9 @@ register_server_ips_with_domain() { set_samba4_sysvol_sync_host() { ## determine default sysvol parent for this host from univentionService="S4 Connector" if [ -z "$samba4_sysvol_sync_host" ]; then - s4connectorservicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ + s4connectorservicedcs=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(!(univentionService=S4 SlavePDC)))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc + | sed -n 's/^cn: //p') ## currently there is no u-d-m module computers/dc if [ -n "$s4connectorservicedcs" ]; then univention-config-registry set samba4/sysvol/sync/host="$s4connectorservicedcs" fi @@ -521,7 +520,7 @@ get_available_s4connector_dc() { local s4connector_dc local s4connector_dc_candidates s4connector_dc=() - s4connector_dc_candidates=$(univention-ldapsearch "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') + s4connector_dc_candidates=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | sed -n 's/^cn: //p') if univention-ldapsearch -LLL univentionservice=UCS@school dn | grep -q ^dn; then for dc in "${s4connector_dc_candidates[@]}"; do if samba-tool drs showrepl "$dc" >/dev/null 2>&1; then @@ -547,7 +546,7 @@ wait_until_dc_was_replicated_to_connector_dc() { echo -n "Waiting for DRS replication: " for((i=0;i<300;i++)); do - search_result="$(ldbsearch -H "ldap://$s4connector_dc" -U"${hostname}$"%"$(/dev/null| sed -n 's/^cn: \(.*\)/\1/p')" + search_result="$(ldbsearch -H "ldap://$s4connector_dc" -U"${hostname}$"%"$(/dev/null| sed -n 's/^cn: //p')" test -n "$search_result" && break echo -n "." sleep 1 @@ -645,8 +644,8 @@ _create_group_with_special_sid() local ldif shift 3 - - group_dn="$(univention-ldapsearch "(&(objectClass=univentionGroup)(cn=$name))" | ldapsearch-wrapper | sed -ne 's|dn: ||p')" + + group_dn="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=univentionGroup)(cn=$name))" dn | sed -ne 's|^dn: ||p')" if [ -z "$group_dn" ]; then @@ -683,8 +682,8 @@ univentionSamba4SID: $sid " fi - echo "$ldif" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" - + echo "$ldif" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" + if [ "$name" = "Authenticated Users" ]; then udm groups/group modify "$@" --dn "cn=$name,$position,$ldap_base" \ --append nestedGroup="cn=DC Slave Hosts,cn=groups,$ldap_base" \ @@ -742,8 +741,8 @@ _update_pseudo_group() local name="$1" shift 1 - - group_dn="$(univention-ldapsearch "(&(objectClass=univentionGroup)(cn=$name)(!(univentionGroupType=-2147483643)))" | ldapsearch-wrapper | sed -ne 's|dn: ||p')" + + group_dn="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=univentionGroup)(cn=$name)(!(univentionGroupType=-2147483643)))" | sed -ne 's|^dn: ||p')" if [ -n "$group_dn" ]; then extract_binddn_and_bindpwd_from_args "$@" @@ -759,7 +758,7 @@ add: univentionGroupType univentionGroupType: -2147483643 - replace: sambaGroupType -sambaGroupType: 5" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" +sambaGroupType: 5" | ldapmodify -x -h "$ldap_master" -p "${ldap_master_port:-7389}" -D "$binddn" -w "$bindpwd" fi } @@ -784,9 +783,9 @@ exit_on_slave_if_no_s4_connector_on_master_or_backup() if [ "$server_role" != "domaincontroller_slave" ]; then return fi - s4connectorservicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ + s4connectorservicedcs=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=S4 Connector)(|(univentionServerRole=master)(univentionServerRole=backup)))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') + | sed -n 's/^cn: //p') if [ -z "$s4connectorservicedcs" ]; then echo "ERROR: No S4 Connector installed yet on DC Master or DC Backup." exit 1 @@ -802,8 +801,8 @@ exit_on_slave_if_no_s4_connector_on_master_or_backup extract_binddn_and_bindpwd_from_args "$@" if [ -n "$binddn" ]; then - dcaccount=$(ldapsearch -xLLL -ZZ -D "$ldap_hostdn" -y /etc/machine.secret \ - -s base -b "$binddn" uid | ldapsearch-wrapper | sed -n 's/^uid: //p') + dcaccount=$(ldapsearch -xLLLo ldif-wrap=no -ZZ -D "$ldap_hostdn" -y /etc/machine.secret \ + -s base -b "$binddn" uid | sed -n 's/^uid: //p') fi configure_samba_role @@ -864,13 +863,13 @@ if [ "$samba4_role" = 'DC' ]; then fi ## check if we there already is a **domaincontroller** providing the service "Samba 4" - samba4servicedcs=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ + samba4servicedcs=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=${NAME})(objectClass=univentionDomainController))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc + | sed -n 's/^cn: //p') ## currently there is no u-d-m module computers/dc - s4connector_is_used=$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret \ + s4connector_is_used=$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret \ "(&(univentionService=S4 Connector)(objectClass=univentionDomainController)(cn=$hostname))" cn \ - | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') + | sed -n 's/^cn: //p') /etc/init.d/samba stop @@ -1149,7 +1148,7 @@ fi /etc/init.d/samba restart -# To prevent a DRS replication conflict: +# To prevent a DRS replication conflict: # https://forge.univention.org/bugzilla/show_bug.cgi?id=32257 wait_until_dc_was_replicated_to_connector_dc diff --git a/services/univention-samba4/98univention-samba4-dns.inst b/services/univention-samba4/98univention-samba4-dns.inst index 053754a..f78dd1b 100644 --- a/services/univention-samba4/98univention-samba4-dns.inst +++ b/services/univention-samba4/98univention-samba4-dns.inst @@ -74,7 +74,7 @@ if [ $JS_LAST_EXECUTED_VERSION -lt 1 ]; then fi # Change the dns/backend to samba4 only whether a S4 Connector is installed in our domain -s4connectorservicedcs="$(ldapsearch -x -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p')" +s4connectorservicedcs="$(ldapsearch -x -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=S4 Connector)(objectClass=univentionDomainController))" cn | sed -n 's/^cn: //p')" if [ $JS_LAST_EXECUTED_VERSION = 0 ] && [ "$dns_backend" != "samba4" ] && [ -n "$s4connectorservicedcs" ]; then univention-config-registry set dns/backend=samba4 diff --git a/services/univention-samba4/debian/univention-samba4.postinst b/services/univention-samba4/debian/univention-samba4.postinst index a218785..a333753 100644 --- a/services/univention-samba4/debian/univention-samba4.postinst +++ b/services/univention-samba4/debian/univention-samba4.postinst @@ -187,16 +187,15 @@ divert_univention_heimdal_service_cfg() { if [ "$1" = "configure" ]; then - if [ -z "$2" ]; then - univention-config-registry set samba4/autostart="no" + univention-config-registry set samba4/autostart="no" # only set this for new installations if [ "$server_role" = "domaincontroller_master" ]; then univention-config-registry set samba/domain/master?yes fi - ## New installation, remove leftover samba3.x rc?.d links + ## New installation, remove leftover samba3.x rc?.d links update-rc.d -f samba remove > /dev/null divert_univention_heimdal_service_cfg @@ -248,14 +247,14 @@ secret: $machine_secret fi fi fi - + ### The following block of code may be removed after ucs_3.2-0 if dpkg --compare-versions "$2" lt-nl "2.0.44-24"; then default_domain_gpo_dir="/var/lib/samba/sysvol/$domainname/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}" if [ -d "$default_domain_gpo_dir" ]; then gpo_dir_owner=$(stat --printf '%U' "$default_domain_gpo_dir" 2>&1) if [ "$gpo_dir_owner" = "UNKNOWN" ]; then - samba-tool ntacl sysvolreset + samba-tool ntacl sysvolreset fi fi fi @@ -284,11 +283,11 @@ secret: $machine_secret backup_dir="/var/backups/samba4.$backup_id" if [ -d "$backup_dir" ]; then rm -rf "$backup_dir" - fi + fi mkdir "$backup_dir" && \ cp -a /var/lib/samba/private "$backup_dir" && \ samba-tool dbcheck --cross-ncs --fix --yes - fi + fi if ! [ -r "/etc/krb5.keytab" ]; then echo "/etc/krb5.keytab does not exist yet." @@ -321,13 +320,13 @@ secret: $machine_secret backup_dir="/var/backups/samba4_update_to_ucs4.1-4.$backup_id" if [ -d "$backup_dir" ]; then rm -rf "$backup_dir" - fi + fi service samba stop mkdir "$backup_dir" && \ cp -a /var/lib/samba/private "$backup_dir" && \ samba-tool dbcheck --cross-ncs --fix --yes service samba start - fi + fi fi fi @@ -376,7 +375,7 @@ call_joinscript 96univention-samba4.inst # Run a samba-tool ntacl sysvolreset, this is required for the rc6 upgrade if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt-nl 2.0.28; then - samba-tool ntacl sysvolreset + samba-tool ntacl sysvolreset fi exit 0 diff --git a/services/univention-samba4/debian/univention-samba4.prerm b/services/univention-samba4/debian/univention-samba4.prerm index 4e5e52c..7e154d6 100644 --- a/services/univention-samba4/debian/univention-samba4.prerm +++ b/services/univention-samba4/debian/univention-samba4.prerm @@ -82,11 +82,10 @@ if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then ucr unset kerberos/autostart test -x /etc/init.d/heimdal-kdc && invoke-rc.d heimdal-kdc start - + divert_univention_heimdal_service_cfg cp /usr/lib/univention-uninstall/04univention-samba4.uinst /usr/lib/univention-install/ fi exit 0 - diff --git a/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh b/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh index 1797952..2e3a122 100755 --- a/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh +++ b/services/univention-samba4/scripts/check_essential_samba4_dns_records.sh @@ -29,7 +29,7 @@ eval "$(univention-config-registry shell windows/domain samba4/ldap/base ldap/hostdn)" -Domain_GUID="$(ldbsearch -H /var/lib/samba/private/sam.ldb -s base objectGUID | sed -n 's/^objectGUID: \(.*\)/\1/p')" +Domain_GUID="$(ldbsearch -H /var/lib/samba/private/sam.ldb -s base objectGUID | sed -n 's/^objectGUID: //p')" ## Now lookup DNS entries host gc._msdcs @@ -51,16 +51,16 @@ kpasswd udp ## retrive DC specific GUID NTDS_objectGUIDs=() sites=() -samba4servicedcs=$(ldapsearch -ZZ -LLL -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') ## currently there is no u-d-m module computers/dc +samba4servicedcs=$(ldapsearch -ZZ -LLLo ldif-wrap=no -D "$ldap_hostdn" -y /etc/machine.secret "(&(univentionService=Samba 4)(objectClass=univentionDomainController))" cn | sed -n 's/^cn: //p') ## currently there is no u-d-m module computers/dc for s4dc in $samba4servicedcs; do server_object_dn=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="${s4dc}\$" \ - serverReferenceBL | ldapsearch-wrapper | sed -n 's/^serverReferenceBL: \(.*\)/\1/p') + serverReferenceBL | ldapsearch-wrapper | sed -n 's/^serverReferenceBL: //p') if [ -z "$server_object_dn" ]; then continue fi NTDS_objectGUID=$(ldbsearch -H /var/lib/samba/private/sam.ldb -b "$server_object_dn" \ - "CN=NTDS Settings" objectGUID | ldapsearch-wrapper | sed -n 's/^objectGUID: \(.*\)/\1/p') + "CN=NTDS Settings" objectGUID | ldapsearch-wrapper | sed -n 's/^objectGUID: //p') NTDS_objectGUIDs+=($NTDS_objectGUID) ## Determine sitename diff --git a/services/univention-samba4/scripts/create_spn_account.sh b/services/univention-samba4/scripts/create_spn_account.sh index eee1ea3..0b2de47 100755 --- a/services/univention-samba4/scripts/create_spn_account.sh +++ b/services/univention-samba4/scripts/create_spn_account.sh @@ -160,7 +160,7 @@ create_spn_account() { # get msDS-KeyVersionNumber msdsKeyVersion=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="$spn_account_name" msDS-KeyVersionNumber \ - | sed -n 's/^msDS-KeyVersionNumber: \(.*\)/\1/p') + | sed -n 's/^msDS-KeyVersionNumber: //p') if [ -z "$msdsKeyVersion" ]; then echo "ERROR: Could not determine msDS-KeyVersionNumber of $spn_account_name account!" exit 1 diff --git a/services/univention-samba4/scripts/setup-s4.sh b/services/univention-samba4/scripts/setup-s4.sh index bca1cba..2addcef 100755 --- a/services/univention-samba4/scripts/setup-s4.sh +++ b/services/univention-samba4/scripts/setup-s4.sh @@ -84,7 +84,7 @@ while getopts "h-:W:" option; do esac done -DOMAIN_SID="$(univention-ldapsearch "(&(objectclass=sambadomain)(sambaDomainName=$windows_domain))" sambaSID | ldapsearch-wrapper | sed -n 's/sambaSID: \(.*\)/\1/p')" +DOMAIN_SID="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectclass=sambadomain)(sambaDomainName=$windows_domain))" sambaSID | sed -n 's/sambaSID: //p')" ## helper function stop_conflicting_services() { @@ -105,25 +105,24 @@ stop_conflicting_services() { fi fi - tmp_ucr_key_value_list=() + declare -a tmp_ucr_key_value_list=() if [ "$samba_autostart" != "no" ]; then - tmp_ucr_key_value_list[0]="samba/autostart=no" + tmp_ucr_key_value_list+=("samba/autostart=no") fi if [ "$winbind_autostart" != "no" ]; then - tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="winbind/autostart=no" + tmp_ucr_key_value_list+=("winbind/autostart=no") fi if [ "$kerberos_autostart" != "no" ]; then - tmp_ucr_key_value_list[${#tmp_ucr_key_value_list[@]}]="kerberos/autostart=no" + tmp_ucr_key_value_list+=("kerberos/autostart=no") fi if [ -n "$tmp_ucr_key_value_list" ]; then univention-config-registry set "${tmp_ucr_key_value_list[@]}" 2>&1 | tee -a "$LOGFILE" fi - unset tmp_ucr_key_value_list } set_machine_secret() { ## 1. store password locally in secrets.ldb - old_kvno=$(ldbsearch -H "$samba_sam" samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: \(.*\)/\1/p') + old_kvno=$(ldbsearch -H "$samba_sam" samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: //p') new_kvno=$(($old_kvno + 1)) ldbmodify -H "$samba_secrets" <<-%EOF @@ -142,7 +141,7 @@ set_machine_secret() { } # Search for Samba 3 DCs -S3_DCS="$(univention-ldapsearch "(&(objectclass=univentionDomainController)(univentionService=Samba 3))" cn | ldapsearch-wrapper | sed -n 's/cn: \(.*\)/\1/p')" +S3_DCS="$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectclass=univentionDomainController)(univentionService=Samba 3))" cn | sed -n 's/^cn: //p')" if [ -n "$S3_DCS" ]; then ## safty belt if is_ucr_true samba4/ignore/mixsetup; then @@ -226,7 +225,7 @@ if [ -z "$S3_DCS" ] || [ -z "$DOMAIN_SID" ] || is_ucr_true samba4/provision/seco else ## Before starting the upgrade check for Samba accounts that are not POSIX accounts: - non_posix_sambaSamAccount_dns=$(univention-ldapsearch -LLL "(&(objectClass=sambaSamAccount)(!(objectClass=posixAccount)))" dn | ldapsearch-wrapper | sed -n 's/^dn: \(.*\)/\1/p') + non_posix_sambaSamAccount_dns=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=sambaSamAccount)(!(objectClass=posixAccount)))" dn | sed -n 's/^dn: //p') if [ -n "$non_posix_sambaSamAccount_dns" ]; then echo "ERROR: Found Samba accounts in LDAP that are not POSIX accounts, please remove these before updating to Samba 4" >&2 echo "$non_posix_sambaSamAccount_dns" | while read dn; do @@ -238,7 +237,7 @@ else ## Before starting the upgrade check for group names colliding with user names uid_ldap_check_function() { local filter="$1" - collision=$(univention-ldapsearch -LLL "(&(objectClass=posixAccount)(|$filter))" uid | ldapsearch-wrapper | sed -n 's/^uid: \(.*\)/\1/p') + collision=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(objectClass=posixAccount)(|$filter))" uid | sed -n 's/^uid: //p') if [ -n "$collision" ]; then echo "ERROR: Group names and user names must be unique, please rename these before updating to Samba 4" >&2 echo "The following user names are also present as group names:" >&2 @@ -255,7 +254,7 @@ else uid_ldap_check_function "$filter" filter="(uid=$name)" fi - done < <(univention-ldapsearch -LLL "(objectClass=posixGroup)" cn | ldapsearch-wrapper | sed -n 's/^cn: \(.*\)/\1/p') + done < <(univention-ldapsearch -LLLo ldif-wrap=no "(objectClass=posixGroup)" cn | sed -n 's/^cn: //p') if [ -n "$filter" ]; then uid_ldap_check_function "$filter" fi @@ -264,10 +263,10 @@ else extract_binddn_and_bindpwd_from_args "$@" groups=("Windows Hosts" "DC Backup Hosts" "DC Slave Hosts" "Computers" "Power Users") for group in "${groups[@]}"; do - record=$(univention-ldapsearch -LLL "(&(cn=$group)(objectClass=univentionGroup))" dn description | ldapsearch-wrapper) - description=$(echo "$record" | sed -n 's/^description: \(.*\)/\1/p') + record=$(univention-ldapsearch -LLLo ldif-wrap=no "(&(cn=$group)(objectClass=univentionGroup))" dn description) + description=$(echo "$record" | sed -n 's/^description: //p') if [ -z "$description" ]; then - dn=$(echo "$record" | sed -n 's/^dn: \(.*\)/\1/p') + dn=$(echo "$record" | sed -n 's/^dn: //p') univention-directory-manager groups/group modify "$@" --dn "$dn" --set description="$group" fi done diff --git a/services/univention-samba4/server_password_change.d/univention-samba4 b/services/univention-samba4/server_password_change.d/univention-samba4 index 734122f..8c55086 100755 --- a/services/univention-samba4/server_password_change.d/univention-samba4 +++ b/services/univention-samba4/server_password_change.d/univention-samba4 @@ -33,7 +33,7 @@ eval "$(univention-config-registry shell)" set_machine_secret() { ## 1. store password locally in secrets.ldb - old_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: \(.*\)/\1/p') + old_kvno=$(ldbsearch -H /var/lib/samba/private/sam.ldb samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/^msDS-KeyVersionNumber: //p') new_kvno=$(($old_kvno + 1)) ldbmodify -H /var/lib/samba/private/secrets.ldb <<-%EOF diff --git a/services/univention-samba4/univention-s4search b/services/univention-samba4/univention-s4search index b29244d..e08abaa 100755 --- a/services/univention-samba4/univention-s4search +++ b/services/univention-samba4/univention-s4search @@ -59,7 +59,7 @@ if ! [ "$credentials_given" = 'true' ]; then ## currently the password in the secrets.ldb is set to machine.secret only on provision host, so we need to look it up from the secrets.ldb # sampassword=$(cat /etc/machine.secret) - sampassword=$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName="${hostname}\$" secret | ldapsearch-wrapper | sed -n 's/secret: \(.*\)/\1/p') + sampassword=$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName="${hostname}\$" secret | ldapsearch-wrapper | sed -n 's/^secret: //p') samaccount="${hostname}\$" fi