|
106 |
} |
106 |
} |
107 |
|
107 |
|
108 |
failed_message () { |
108 |
failed_message () { |
|
|
109 |
{ |
109 |
echo "" |
110 |
echo "" |
110 |
echo "" |
111 |
echo "" |
111 |
echo "**************************************************************************" |
112 |
echo "**************************************************************************" |
|
114 |
echo "**************************************************************************" |
115 |
echo "**************************************************************************" |
115 |
echo "* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- $@" |
116 |
echo "* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- $@" |
116 |
echo "**************************************************************************" |
117 |
echo "**************************************************************************" |
|
|
118 |
} | tee -a /var/log/univention/join.log |
117 |
exit 1 |
119 |
exit 1 |
118 |
} |
120 |
} |
119 |
|
121 |
|
Lines 572-589
echo -n "Search LDAP binddn "
|
Link Here
|
---|
|
572 |
|
574 |
|
573 |
# First use udm to search the user DN |
575 |
# First use udm to search the user DN |
574 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
576 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
575 |
/usr/sbin/udm users/user list --filter uid="$DCACCOUNT" --logfile /dev/null | sed -ne 's|^DN: ||p')" |
577 |
/usr/sbin/udm users/user list --filter uid="$DCACCOUNT" --logfile /dev/null 2> >(tee -a /var/log/univention/join.log >&2) | sed -ne 's|^DN: ||p')" |
576 |
|
578 |
|
577 |
if [ -z "$binddn" ]; then |
579 |
if [ -z "$binddn" ]; then |
578 |
# Next check is the local ldapi interface |
580 |
echo "binddn search on ${DCNAME} with UDM failed" >>/var/log/univention/join.log |
|
|
581 |
# Next try ldapsearch with GSSAPI against OpenLDAP |
579 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
582 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
580 |
ldapsearch -x -LLL -H ldapi:/// "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
583 |
kinit --password-file=STDIN "${DCACCOUNT}" ldapsearch -Y GSSAPI -LLL -o ldif-wrap=no "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn <"$DCPWD" 2>/dev/null | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
581 |
fi |
584 |
fi |
582 |
|
585 |
|
583 |
if [ -z "$binddn" ]; then |
586 |
if [ -z "$binddn" ]; then |
584 |
# Check with anonymous bind |
587 |
echo "binddn search on ${DCNAME} with GSSAPI failed" >>/var/log/univention/join.log |
|
|
588 |
# Next try the local ldapi interface, unlikely to succeed because only accessible for root |
585 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
589 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
586 |
ldapsearch -x -LLL "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
590 |
ldapsearch -x -LLL -o ldif-wrap=no -H ldapi:/// "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
|
|
591 |
fi |
592 |
|
593 |
if [ -z "$binddn" ]; then |
594 |
echo "binddn search on ${DCNAME} via LDAPI failed" >>/var/log/univention/join.log |
595 |
# Finally try anonymous bind, unlikely to succeed because anonymous bind is disabled by default |
596 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
597 |
ldapsearch -x -LLL -o ldif-wrap=no "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
587 |
fi |
598 |
fi |
588 |
|
599 |
|
589 |
if [ -z "$binddn" ]; then |
600 |
if [ -z "$binddn" ]; then |