#!/bin/bash
# net/ldap - LDAP Support
set -e
lib_load 'net/tool/openldap'
######
# Native Dependencies
net_ldap_client_packages=(
libpam-ccreds
libpam-cracklib
libpam-ck-connector
libpam-krb5
libpam-ldap
libnss-db
nslcd
nss-updatedb
ldap-utils
ldap-auth-client
auth-client-config
libsasl2-modules-ldap
)
######
# LDAP Settings
net_ldap_config_init() {
lib_setting_vars \
ldap_realm ldap_base_dn \
ldap_host ldap_server \
ldap_admin ldap_passwd \
ldap_hosts_ou ldap_users_ou ldap_groups_ou \
ldap_hosts_dn ldap_users_dn ldap_groups_dn
}
net_ldap_config_check() {
if [ -z "$ldap_base_dn" ]; then
local part
for part in $(IFS='.'; echo $ldap_realm); do
ldap_base_dn="$ldap_base_dn${ldap_base_dn:+,}dc=$part"
done
debug "set \$ldap_base_dn to $ldap_base_dn"
fi
ldap_hosts_dn="ou=$ldap_hosts_ou,$ldap_base_dn"
ldap_users_dn="ou=$ldap_users_ou,$ldap_base_dn"
ldap_groups_dn="ou=$ldap_groups_ou,$ldap_base_dn"
ldap_sort_order=${ldap_sort_order:-id}
case "$ldap_sort_order" in
name) ldap_sort_field=1 ;;
id) ldap_sort_field=2; ldap_sort_opts=( -n ) ;;
gid) ldap_sort_field=3; ldap_sort_opts=( -n ) ;;
*) error "$ldap_sort_order: unknown sort order" ;;
esac
}
######
# LDAP Functions
ldap_sort() { sort -k $ldap_sort_field "${ldap_sort_opts[@]}"; }
ldap_uri_for_host() {
case "$host" in
$ldap_host|$ldap_server)
echo "ldapi:///"
;;
*)
echo "ldap://$ldap_host/"
esac
}
host_dn() { has_args 1 "$@"; echo "dn: cn=$1,$ldap_hosts_dn"; }
user_dn() { has_args 1 "$@"; echo "dn: uid=$1,$ldap_users_dn"; }
group_dn() { has_args 1 "$@"; echo "dn: cn=$1,$ldap_groups_dn"; }
ldif_extract() { grep "^$1:" | cut -d' ' -f2-; }
entity_exists() {
local etype=$1
shift
has_args 1 "$@"
local name=$1 id
id=$(l4_${etype}_id "$name")
test "$id"
}
entity_extract() {
has_args 3 "$@"
local etype=$1
local name=$2
local field=$3
l4_${etype}_show "$name" | ldif_extract "$field"
}
entity_ids() {
local etype=$1
local field=$2
shift 2
if [ -z "$*" ]; then
with_all_${etype}s l4_${etype}_ids "$@"
return
fi
for g in "$@"; do
l4_${etype}_extract "$g" "${field}"
done
}
entity_next_id() {
local -a ids
ids=($(l4_${1}_ids))
local max=0
for i in ${ids[@]}; do
if [ $i -gt $max ]; then
max=$i
fi
done
echo $((max + 1))
}
entity_delete() {
local etype=$1
shift 1
min_args 1 "$@"
for i in "$@"; do
(
${etype}_dn "$i"
echo "changetype: delete"
) | openldap_modify
done
}
entity_dn_usage() {
cat<<USAGE
{add|edit|delete} <rdn> [...]
Commands:
add <rdn> <newrdn>+ Add an RDN
edit <rdn> <newrdn> Change an RDN
delete <rdn> Remove an RDN
USAGE
}
entity_dn_modify() {
local entitytype=$1
local attr=$2
local action=$3
shift 3
min_args 1 "$@"
local old=$1
shift 1
(
"${entitytype}_dn" "$old"
echo "changetype: moddn"
case "$action" in
add)
min_args 1 "$@"
for i in "$@"; do
echo "newrdn: $attr=$i"
done
echo "deleteoldrdn: 0"
;;
modify)
min_args 1 "$@"
for i in "$@"; do
echo "newrdn: $attr=$i"
done
echo "deleteoldrdn: 1"
;;
delete)
has_args 0 "$@"
echo "newrdn: $attr=$old"
echo "deleteoldrdn: 1"
;;
esac
) | openldap_modify
}
entity_attr_usage() {
local cn=$1
cat <<USAGE
{add|edit|delete} <$cn> <attr> [<value> ...]
Commands:
add <$cn> <attr> <value>+ Add an attribute value
edit <$cn> <attr> <value>+ Change an attribute value
delete <$cn> <attr> Remove an attribute value
USAGE
}
entity_attr_modify() {
local entitytype=$1
local changetype=$2
local action=$3
shift 3
min_args 3 "$@"
local cn=$1
local field=$2
shift 2
(
"${entitytype}_dn" "$cn"
echo "changetype: $changetype"
if [ "$action" ]; then
echo "$action: $field"
fi
for value in "$@"; do
echo "$field: $value"
done
) | openldap_modify
}
with_all_entities() {
local etype=$1
local func=$2
local -a items
items=($(l4_${etype}_list))
$func "${items[@]}"
}
_for_each_entity() {
local e=$1
if ! entity_exists $etype "$e"; then
warn "$e: $etype not found"
return
fi
$efunc "$e"
}
for_each_entity() {
min_args 2 "$@"
local etype=$1
local efunc=$2
shift 2
for_each _for_each_entity "$@"
}
with_all_hosts() { with_all_entities host "$@"; }
for_each_host() { for_each_entity host "$@"; }
with_all_users() { with_all_entities user "$@"; }
for_each_user() { for_each_entity user "$@"; }
with_all_groups() { with_all_entities group "$@"; }
for_each_group() { for_each_entity group "$@"; }
Generated on Fri Jul 28 14:35:49 PDT 2017 by mcsh d14 v0.23.0.