|
|
|---|
| 106 |
} |
106 |
} |
| 107 |
|
107 |
|
| 108 |
failed_message () { |
108 |
failed_message () { |
|
|
109 |
{ |
| 109 |
echo "" |
110 |
echo "" |
| 110 |
echo "" |
111 |
echo "" |
| 111 |
echo "**************************************************************************" |
112 |
echo "**************************************************************************" |
|
|
|---|
| 114 |
echo "**************************************************************************" |
115 |
echo "**************************************************************************" |
| 115 |
echo "* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- $@" |
116 |
echo "* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- $@" |
| 116 |
echo "**************************************************************************" |
117 |
echo "**************************************************************************" |
|
|
118 |
} | tee -a /var/log/univention/join.log |
| 117 |
exit 1 |
119 |
exit 1 |
| 118 |
} |
120 |
} |
| 119 |
|
121 |
|
|
Lines 572-589
echo -n "Search LDAP binddn "
|
Link Here
|
|---|
|
|---|
| 572 |
|
574 |
|
| 573 |
# First use udm to search the user DN |
575 |
# First use udm to search the user DN |
| 574 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
576 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
| 575 |
/usr/sbin/udm users/user list --filter uid="$DCACCOUNT" --logfile /dev/null | sed -ne 's|^DN: ||p')" |
577 |
/usr/sbin/udm users/user list --filter uid="$DCACCOUNT" --logfile /dev/null 2> >(tee -a /var/log/univention/join.log >&2) | sed -ne 's|^DN: ||p')" |
| 576 |
|
578 |
|
| 577 |
if [ -z "$binddn" ]; then |
579 |
if [ -z "$binddn" ]; then |
| 578 |
# Next check is the local ldapi interface |
580 |
echo "binddn search on ${DCNAME} with UDM failed" >>/var/log/univention/join.log |
|
|
581 |
# Next try ldapsearch with GSSAPI against OpenLDAP |
| 579 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
582 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
| 580 |
ldapsearch -x -LLL -H ldapi:/// "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
583 |
kinit --password-file=STDIN "${DCACCOUNT}" ldapsearch -Y GSSAPI -LLL -o ldif-wrap=no "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn <"$DCPWD" 2>/dev/null | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
| 581 |
fi |
584 |
fi |
| 582 |
|
585 |
|
| 583 |
if [ -z "$binddn" ]; then |
586 |
if [ -z "$binddn" ]; then |
| 584 |
# Check with anonymous bind |
587 |
echo "binddn search on ${DCNAME} with GSSAPI failed" >>/var/log/univention/join.log |
|
|
588 |
# Next try the local ldapi interface, unlikely to succeed because only accessible for root |
| 585 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
589 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
| 586 |
ldapsearch -x -LLL "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-wrapper | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
590 |
ldapsearch -x -LLL -o ldif-wrap=no -H ldapi:/// "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
|
|
591 |
fi |
| 592 |
|
| 593 |
if [ -z "$binddn" ]; then |
| 594 |
echo "binddn search on ${DCNAME} via LDAPI failed" >>/var/log/univention/join.log |
| 595 |
# Finally try anonymous bind, unlikely to succeed because anonymous bind is disabled by default |
| 596 |
binddn="$(univention-ssh "$DCPWD" "${DCACCOUNT}@${DCNAME}" \ |
| 597 |
ldapsearch -x -LLL -o ldif-wrap=no "\'(&(uid=$DCACCOUNT)(objectClass=person))\'" dn | ldapsearch-decode64 | sed -ne 's|^dn: ||p;s|^DN: ||p')" |
| 587 |
fi |
598 |
fi |
| 588 |
|
599 |
|
| 589 |
if [ -z "$binddn" ]; then |
600 |
if [ -z "$binddn" ]; then |