2 # Should I do something for /etc/pam_ldap.conf ?
5 # Check/Modify /etc/libnss-ldap.conf
8 # Check if DN is correct
9 if ! grep -q "^base.[ ]*$dn" /etc/libnss-ldap.conf ; then
10 echo "WARNING: Probably incorrect base line in /etc/libnss-ldap.conf"
13 # Should contain the secret
14 # All users can see ldap stored gid/uid
15 chmod 644 /etc/libnss-ldap.conf
16 # It doesn't seem to be necessary, only rootbinddn is necessary
17 # if ! grep -q "^bindpw" /etc/libnss-ldap.conf ; then
18 # echo "# Next line added by Sourceforge install" >>/etc/libnss-ldap.conf
19 # echo "bindpw secret" >>/etc/libnss-ldap.conf
22 # This seems to be necessary to display uid/gid
23 # Should be cn=admin,ou=People,dc=...
24 if ! grep -q "^rootbinddn" /etc/libnss-ldap.conf ; then
25 echo "# Next line added by Sourceforge install" >>/etc/libnss-ldap.conf
26 echo "rootbinddn cn=admin,ou=People,$dn" >>/etc/libnss-ldap.conf
30 # Purge /etc/libnss-ldap.conf
32 perl -pi -e "s/^# Next line added by Sourceforge install\n/#SF#/g" /etc/libnss-ldap.conf
33 perl -pi -e "s/^#SF#.*\n//g" /etc/libnss-ldap.conf
36 # Modify /etc/lapd/slapd.conf
39 # Maybe should comment referral line too
40 echo "WARNING: Please check referal line in /etc/ldap/slapd.conf"
42 # Debian config by default only include core schema
43 if ! grep -q "Sourceforge" /etc/ldap/slapd.conf ; then
44 rm -f /etc/ldap/slapd.conf.sourceforge
45 for schema in /etc/ldap/schema/core.schema \
46 /etc/ldap/schema/cosine.schema \
47 /etc/ldap/schema/inetorgperson.schema \
48 /etc/ldap/schema/nis.schema \
49 /etc/sourceforge/sourceforge.schema
51 if ! grep -q "^include.[ ]*$schema" /etc/ldap/slapd.conf ; then
52 echo "include $schema #Added by Sourceforge install" >>/etc/ldap/slapd.conf.sourceforge
55 echo "Commenting $schema"
57 perl -pi -e "s/^include.[ ]*\$schema/#Comment by Sourceforge install#include \$schema/g" /etc/ldap/slapd.conf
58 echo "include $schema #Added by Sourceforge install" >>/etc/ldap/slapd.conf.sourceforge
62 cat /etc/ldap/slapd.conf >>/etc/ldap/slapd.conf.sourceforge
63 mv /etc/ldap/slapd.conf.sourceforge /etc/ldap/slapd.conf
64 /etc/init.d/slapd restart
68 # Purge /etc/ldap/slapd.conf
70 perl -pi -e "s/^.*#Added by Sourceforge install\n//" /etc/ldap/slapd.conf
71 perl -pi -e "s/#Comment by Sourceforge install#//" /etc/ldap/slapd.conf
74 # Modify /etc/nsswitch.conf
77 # This is sensitive file
78 if ! grep -q "Sourceforge" /etc/nsswitch.conf ; then
79 # By security i let priority to files
80 # Should maybe enhance this to take in account nis
81 # Maybe ask the order db/files/nis/ldap
82 perl -pi -e "s/^passwd/passwd files ldap #Added by Sourceforge install\n#Comment by Sourceforge install#passwd/g" /etc/nsswitch.conf
83 perl -pi -e "s/^group/group files ldap #Added by Sourceforge install\n#Comment by Sourceforge install#group/g" /etc/nsswitch.conf
84 perl -pi -e "s/^shadow/shadow files ldap #Added by Sourceforge install\n#Comment by Sourceforge install#shadow/g" /etc/nsswitch.conf
88 # Purge /etc/nsswitch.conf
91 perl -pi -e "s/^.*#Added by Sourceforge install\n//" /etc/nsswitch.conf
92 perl -pi -e "s/#Comment by Sourceforge install#//" /etc/nsswitch.conf
95 # Load ldap database from sourceforge database
99 if [ "x$secret" != "x" ]
101 # This load the ldap database
102 echo "Distinguished Name is $naming_context"
103 echo "Creating ldif file from database"
104 tmpldif="/tmp/ldif$$"
105 /usr/lib/sourceforge/bin/sql2ldif.pl >$tmpldif
106 echo "Filling LDAP with database"
107 # Only if the ldap server is local
108 # Maybe ask for the password, but will simple athentication
109 # Be allowed on remote server ?
111 # -v Use verbose mode, with many diagnostics written to
113 # -c Continuous operation mode. Errors are reported,
114 # but ldapmodify will continue with modifications.
115 # The default is to exit after reporting an error.
116 # -x Use simple authentication instead of SASL.
117 # -w passwd Use passwd as the password for simple
119 # -r Replace existing values by default.
120 # add with -r don't modify and modify don't add so i do add and modify
122 ldapadd $VERBOSE -r -c -D "cn=admin,ou=People,$naming_context" -x -w$secret -f $tmpldif
123 ldapmodify $VERBOSE -r -c -D "cn=admin,ou=People,$naming_context" -x -w$secret -f $tmpldif
126 echo "WARNING: Can't load ldap table without /etc/slapd.secret file"
127 echo "AFAIK : This file should be installed by libpam-ldap"
131 print_ldif_default(){
142 objectClass: organizationalUnit
145 dn: cn=admin, ou=People, $dn
147 userPassword: $cryptedpasswd
152 objectCLass: organizationalUnit
162 if [ $(id -u) != 0 -a "x$target" != "xlist" ] #-a "x$target" != "xclean" ]
164 echo "You must be root to run this, please enter passwd"
170 # This initialize LDAP
172 dn=$(grep sys_ldap_base_dn /etc/sourceforge/local.pl | cut -d\' -f2)
173 # This secret file comes from libpam-ldap
174 # It is probably the value asked
175 # by slapd install. If no value is supplied
176 # it will be prompted
177 [ -f /etc/ldap.secret ] && secret=$(cat /etc/ldap.secret)
178 [ -f /etc/ldap.secret ] || secret=""
180 echo "Modifying /etc/ldap/slapd.conf"
182 echo "Modifying /etc/libnss-ldap.conf"
183 modify_libnss_ldap $dn
184 echo "Modifying /etc/nsswitch.conf"
187 load_ldap $dn $secret
190 dn=$(grep sys_ldap_base_dn /etc/sourceforge/local.pl | cut -d\' -f2)
191 [ -f /etc/ldap.secret ] && secret=$(cat /etc/ldap.secret) && load_ldap $dn $secret &>/dev/null
192 [ -f /etc/ldap.secret ] || load_ldap $dn $secret
195 echo "Purging /etc/ldap/slapd.conf"
197 echo "Purging /etc/nsswitch.conf"
199 echo "Purging /etc/libnss-ldap.conf"
203 naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
204 # Display what is now in the database
205 ldapsearch -x -b "$naming_context" '(objectclass=*)'
208 [ -f /etc/ldap.secret ] && secret=$(cat /etc/ldap.secret)
209 naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
210 # This should work with SASL auth if i find how to make it work
211 # See saslpasswd, /usr/share/doc/libsasl7/sysadmin.html
212 # The command will be
213 # ldapdelete -D "cn=admin,ou=People,$naming_context" -W -r "$naming_context"
215 for target in Aliases Hosts Roaming Group cvsGroup People
217 echo "Destroying LDAP database ou=$target, $naming_context ..."
218 ldapdelete -D "cn=admin,ou=People,$naming_context" -x -w$secret -r "ou=$target, $naming_context"
219 #ldapdelete -D "cn=admin,ou=People,$naming_context" -W -w$secret -r "ou=$target, $naming_context"
223 naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
224 [ -f /etc/ldap.secret ] && secret=$(cat /etc/ldap.secret) && cryptedpasswd=`slappasswd -s $secret -h {CRYPT}`
225 [ -f /etc/ldap.secret ] || secret=""
226 print_ldif_default $naming_context $cryptedpasswd > /tmp/ldif$$
227 slapadd -l /tmp/ldif$$
229 /etc/init.d/slapd restart
237 # Ancient ldaptest follow
239 # All info found in /usr/share/doc/openldap-guide
241 # This is testing local ldap server
242 ##echo "============ LDAP SEARCH ==================="
243 ##ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
244 ##echo "============ LDAP SEARCH ==================="
246 # Then you need LDIF file and run ldapadd
247 # To fill this you need to get your namingContexts
248 # This do this and should be used a the sourceforge base DN
249 ##naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
250 ##echo "Naming Context is: ===>$naming_context<=="
252 # Un fichier ldif d'exemple
253 ##echo "============ Example ldif file =============="
254 ##tee /tmp/example.ldif <<-FIN
255 ##dn: cn=Bob Smith,ou=People,$naming_context
256 ##objectClass: person
260 ##echo "============ Example ldif file =============="
261 ##echo "============ Adding this to the database ===="
262 #/usr/sbin/slapadd -v -d2 -l /tmp/example.ldif
263 #ldapadd -U admin -D "cn=admin,ou=People,$naming_context" -W -f /tmp/example.ldif
264 #ldapadd -v -D "cn=admin,ou=People,$naming_context" -X u:admin -f /tmp/example.ldif
265 ##ldapadd -v -D "cn=admin,ou=People,$naming_context" -x -W -f /tmp/example.ldif
266 ##echo "============ Checking the database =========="
267 ##ldapsearch -x -b "$naming_context" '(objectclass=*)'