1*7c478bd9Sstevel@tonic-gate#!/bin/sh 2*7c478bd9Sstevel@tonic-gate# 3*7c478bd9Sstevel@tonic-gate# CDDL HEADER START 4*7c478bd9Sstevel@tonic-gate# 5*7c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 6*7c478bd9Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only 7*7c478bd9Sstevel@tonic-gate# (the "License"). You may not use this file except in compliance 8*7c478bd9Sstevel@tonic-gate# with the License. 9*7c478bd9Sstevel@tonic-gate# 10*7c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11*7c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 12*7c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 13*7c478bd9Sstevel@tonic-gate# and limitations under the License. 14*7c478bd9Sstevel@tonic-gate# 15*7c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 16*7c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17*7c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 18*7c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 19*7c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 20*7c478bd9Sstevel@tonic-gate# 21*7c478bd9Sstevel@tonic-gate# CDDL HEADER END 22*7c478bd9Sstevel@tonic-gate# 23*7c478bd9Sstevel@tonic-gate# 24*7c478bd9Sstevel@tonic-gate# ident "%Z%%M% %I% %E% SMI" 25*7c478bd9Sstevel@tonic-gate# 26*7c478bd9Sstevel@tonic-gate# idsconfig -- script to setup iDS 5.x for Native LDAP II. 27*7c478bd9Sstevel@tonic-gate# 28*7c478bd9Sstevel@tonic-gate# Copyright 2004 Sun Microsystems, Inc. All rights reserved. 29*7c478bd9Sstevel@tonic-gate# Use is subject to license terms. 30*7c478bd9Sstevel@tonic-gate# 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate# 33*7c478bd9Sstevel@tonic-gate# display_msg(): Displays message corresponding to the tag passed in. 34*7c478bd9Sstevel@tonic-gate# 35*7c478bd9Sstevel@tonic-gatedisplay_msg() 36*7c478bd9Sstevel@tonic-gate{ 37*7c478bd9Sstevel@tonic-gate case "$1" in 38*7c478bd9Sstevel@tonic-gate usage) cat <<EOF 39*7c478bd9Sstevel@tonic-gate $PROG: [ -v ] [ -i input file ] [ -o output file ] 40*7c478bd9Sstevel@tonic-gate i <input file> Get setup info from input file. 41*7c478bd9Sstevel@tonic-gate o <output file> Generate a server configuration output file. 42*7c478bd9Sstevel@tonic-gate v Verbose mode 43*7c478bd9Sstevel@tonic-gateEOF 44*7c478bd9Sstevel@tonic-gate ;; 45*7c478bd9Sstevel@tonic-gate backup_server) cat <<EOF 46*7c478bd9Sstevel@tonic-gateIt is strongly recommended that you BACKUP the directory server 47*7c478bd9Sstevel@tonic-gatebefore running $PROG. 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gateHit Ctrl-C at any time before the final confirmation to exit. 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gateEOF 52*7c478bd9Sstevel@tonic-gate ;; 53*7c478bd9Sstevel@tonic-gate setup_complete) cat <<EOF 54*7c478bd9Sstevel@tonic-gate 55*7c478bd9Sstevel@tonic-gate$PROG: Setup of iDS server ${IDS_SERVER} is complete. 56*7c478bd9Sstevel@tonic-gate 57*7c478bd9Sstevel@tonic-gateEOF 58*7c478bd9Sstevel@tonic-gate ;; 59*7c478bd9Sstevel@tonic-gate display_vlv_list) cat <<EOF 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gateNote: idsconfig has created entries for VLV indexes. Use the 62*7c478bd9Sstevel@tonic-gate directoryserver(1m) script on ${IDS_SERVER} to stop 63*7c478bd9Sstevel@tonic-gate the server and then enter the following vlvindex 64*7c478bd9Sstevel@tonic-gate sub-commands to create the actual VLV indexes: 65*7c478bd9Sstevel@tonic-gate 66*7c478bd9Sstevel@tonic-gateEOF 67*7c478bd9Sstevel@tonic-gate ;; 68*7c478bd9Sstevel@tonic-gate cred_level_menu) cat <<EOF 69*7c478bd9Sstevel@tonic-gateThe following are the supported credential levels: 70*7c478bd9Sstevel@tonic-gate 1 anonymous 71*7c478bd9Sstevel@tonic-gate 2 proxy 72*7c478bd9Sstevel@tonic-gate 3 proxy anonymous 73*7c478bd9Sstevel@tonic-gateEOF 74*7c478bd9Sstevel@tonic-gate ;; 75*7c478bd9Sstevel@tonic-gate auth_method_menu) cat <<EOF 76*7c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods: 77*7c478bd9Sstevel@tonic-gate 1 none 78*7c478bd9Sstevel@tonic-gate 2 simple 79*7c478bd9Sstevel@tonic-gate 3 sasl/DIGEST-MD5 80*7c478bd9Sstevel@tonic-gate 4 tls:simple 81*7c478bd9Sstevel@tonic-gate 5 tls:sasl/DIGEST-MD5 82*7c478bd9Sstevel@tonic-gateEOF 83*7c478bd9Sstevel@tonic-gate ;; 84*7c478bd9Sstevel@tonic-gate srvauth_method_menu) cat <<EOF 85*7c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods: 86*7c478bd9Sstevel@tonic-gate 1 simple 87*7c478bd9Sstevel@tonic-gate 2 sasl/DIGEST-MD5 88*7c478bd9Sstevel@tonic-gate 3 tls:simple 89*7c478bd9Sstevel@tonic-gate 4 tls:sasl/DIGEST-MD5 90*7c478bd9Sstevel@tonic-gateEOF 91*7c478bd9Sstevel@tonic-gate ;; 92*7c478bd9Sstevel@tonic-gate prompt_ssd_menu) cat <<EOF 93*7c478bd9Sstevel@tonic-gate A Add a Service Search Descriptor 94*7c478bd9Sstevel@tonic-gate D Delete a SSD 95*7c478bd9Sstevel@tonic-gate M Modify a SSD 96*7c478bd9Sstevel@tonic-gate P Display all SSD's 97*7c478bd9Sstevel@tonic-gate H Help 98*7c478bd9Sstevel@tonic-gate X Clear all SSD's 99*7c478bd9Sstevel@tonic-gate 100*7c478bd9Sstevel@tonic-gate Q Exit menu 101*7c478bd9Sstevel@tonic-gateEOF 102*7c478bd9Sstevel@tonic-gate ;; 103*7c478bd9Sstevel@tonic-gate summary_menu) cat <<EOF 104*7c478bd9Sstevel@tonic-gate Summary of Configuration 105*7c478bd9Sstevel@tonic-gate 106*7c478bd9Sstevel@tonic-gate 1 Domain to serve : $LDAP_DOMAIN 107*7c478bd9Sstevel@tonic-gate 2 Base DN to setup : $LDAP_BASEDN 108*7c478bd9Sstevel@tonic-gate 3 Profile name to create : $LDAP_PROFILE_NAME 109*7c478bd9Sstevel@tonic-gate 4 Default Server List : $LDAP_SERVER_LIST 110*7c478bd9Sstevel@tonic-gate 5 Preferred Server List : $LDAP_PREF_SRVLIST 111*7c478bd9Sstevel@tonic-gate 6 Default Search Scope : $LDAP_SEARCH_SCOPE 112*7c478bd9Sstevel@tonic-gate 7 Credential Level : $LDAP_CRED_LEVEL 113*7c478bd9Sstevel@tonic-gate 8 Authentication Method : $LDAP_AUTHMETHOD 114*7c478bd9Sstevel@tonic-gate 9 Enable Follow Referrals : $LDAP_FOLLOWREF 115*7c478bd9Sstevel@tonic-gate 10 iDS Time Limit : $IDS_TIMELIMIT 116*7c478bd9Sstevel@tonic-gate 11 iDS Size Limit : $IDS_SIZELIMIT 117*7c478bd9Sstevel@tonic-gate 12 Enable crypt password storage : $NEED_CRYPT 118*7c478bd9Sstevel@tonic-gate 13 Service Auth Method pam_ldap : $LDAP_SRV_AUTHMETHOD_PAM 119*7c478bd9Sstevel@tonic-gate 14 Service Auth Method keyserv : $LDAP_SRV_AUTHMETHOD_KEY 120*7c478bd9Sstevel@tonic-gate 15 Service Auth Method passwd-cmd: $LDAP_SRV_AUTHMETHOD_CMD 121*7c478bd9Sstevel@tonic-gate 16 Search Time Limit : $LDAP_SEARCH_TIME_LIMIT 122*7c478bd9Sstevel@tonic-gate 17 Profile Time to Live : $LDAP_PROFILE_TTL 123*7c478bd9Sstevel@tonic-gate 18 Bind Limit : $LDAP_BIND_LIMIT 124*7c478bd9Sstevel@tonic-gate 19 Service Search Descriptors Menu 125*7c478bd9Sstevel@tonic-gate 126*7c478bd9Sstevel@tonic-gateEOF 127*7c478bd9Sstevel@tonic-gate ;; 128*7c478bd9Sstevel@tonic-gate ldap_suffix_list) cat <<EOF 129*7c478bd9Sstevel@tonic-gate 130*7c478bd9Sstevel@tonic-gateNo valid suffixes (naming contexts) were found for LDAP base DN: 131*7c478bd9Sstevel@tonic-gate${LDAP_BASEDN} 132*7c478bd9Sstevel@tonic-gate 133*7c478bd9Sstevel@tonic-gateAvailable suffixes are: 134*7c478bd9Sstevel@tonic-gate${LDAP_SUFFIX_LIST} 135*7c478bd9Sstevel@tonic-gate 136*7c478bd9Sstevel@tonic-gateEOF 137*7c478bd9Sstevel@tonic-gate ;; 138*7c478bd9Sstevel@tonic-gate sorry) cat <<EOF 139*7c478bd9Sstevel@tonic-gate 140*7c478bd9Sstevel@tonic-gateHELP - No help is available for this topic. 141*7c478bd9Sstevel@tonic-gate 142*7c478bd9Sstevel@tonic-gateEOF 143*7c478bd9Sstevel@tonic-gate ;; 144*7c478bd9Sstevel@tonic-gate backup_help) cat <<EOF 145*7c478bd9Sstevel@tonic-gate 146*7c478bd9Sstevel@tonic-gateHELP - Since idsconfig modifies the directory server configuration, 147*7c478bd9Sstevel@tonic-gate it is strongly recommended that you backup the server prior 148*7c478bd9Sstevel@tonic-gate to running this utility. This is especially true if the server 149*7c478bd9Sstevel@tonic-gate being configured is a production server. 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gateEOF 152*7c478bd9Sstevel@tonic-gate ;; 153*7c478bd9Sstevel@tonic-gate port_help) cat <<EOF 154*7c478bd9Sstevel@tonic-gate 155*7c478bd9Sstevel@tonic-gateHELP - Enter the port number the directory server is configured to 156*7c478bd9Sstevel@tonic-gate use for LDAP. 157*7c478bd9Sstevel@tonic-gate 158*7c478bd9Sstevel@tonic-gateEOF 159*7c478bd9Sstevel@tonic-gate ;; 160*7c478bd9Sstevel@tonic-gate domain_help) cat <<EOF 161*7c478bd9Sstevel@tonic-gate 162*7c478bd9Sstevel@tonic-gateHELP - This is the DNS domain name this server will be serving. You 163*7c478bd9Sstevel@tonic-gate must provide this name even if the server is not going to be populated 164*7c478bd9Sstevel@tonic-gate with hostnames. Any unqualified hostname stored in the directory 165*7c478bd9Sstevel@tonic-gate will be fully qualified using this DNS domain name. 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gateEOF 168*7c478bd9Sstevel@tonic-gate ;; 169*7c478bd9Sstevel@tonic-gate basedn_help) cat <<EOF 170*7c478bd9Sstevel@tonic-gate 171*7c478bd9Sstevel@tonic-gateHELP - This parameter defines the default location in the directory tree for 172*7c478bd9Sstevel@tonic-gate the naming services entries. You can override this default by using 173*7c478bd9Sstevel@tonic-gate serviceSearchDescriptors (SSD). You will be given the option to set up 174*7c478bd9Sstevel@tonic-gate an SSD later on in the setup. 175*7c478bd9Sstevel@tonic-gate 176*7c478bd9Sstevel@tonic-gateEOF 177*7c478bd9Sstevel@tonic-gate ;; 178*7c478bd9Sstevel@tonic-gate profile_help) cat <<EOF 179*7c478bd9Sstevel@tonic-gate 180*7c478bd9Sstevel@tonic-gateHELP - Name of the configuration profile with which the clients will be 181*7c478bd9Sstevel@tonic-gate configured. A directory server can store various profiles for multiple 182*7c478bd9Sstevel@tonic-gate groups of clients. The initialization tool, (ldapclient(1M)), assumes 183*7c478bd9Sstevel@tonic-gate "default" unless another is specified. 184*7c478bd9Sstevel@tonic-gate 185*7c478bd9Sstevel@tonic-gateEOF 186*7c478bd9Sstevel@tonic-gate ;; 187*7c478bd9Sstevel@tonic-gate def_srvlist_help) cat <<EOF 188*7c478bd9Sstevel@tonic-gate 189*7c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve clients using this profile. 190*7c478bd9Sstevel@tonic-gate All these servers should contain consistent data and provide similar 191*7c478bd9Sstevel@tonic-gate functionality. This list is not ordered, and clients might change the 192*7c478bd9Sstevel@tonic-gate order given in this list. Note that this is a space separated list of 193*7c478bd9Sstevel@tonic-gate *IP addresses* (not host names). Providing port numbers is optional. 194*7c478bd9Sstevel@tonic-gate 195*7c478bd9Sstevel@tonic-gateEOF 196*7c478bd9Sstevel@tonic-gate ;; 197*7c478bd9Sstevel@tonic-gate pref_srvlist_help) cat <<EOF 198*7c478bd9Sstevel@tonic-gate 199*7c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve this client profile. 200*7c478bd9Sstevel@tonic-gate Unlike the default server list, which is not ordered, the preferred 201*7c478bd9Sstevel@tonic-gate servers must be entered IN THE ORDER you wish to have them contacted. 202*7c478bd9Sstevel@tonic-gate If you do specify a preferred server list, clients will always contact 203*7c478bd9Sstevel@tonic-gate them before attempting to contact any of the servers on the default 204*7c478bd9Sstevel@tonic-gate server list. Note that you must enter the preferred server list as a 205*7c478bd9Sstevel@tonic-gate space-separated list of *IP addresses* (not host names). Providing port 206*7c478bd9Sstevel@tonic-gate numbers is optional. 207*7c478bd9Sstevel@tonic-gate 208*7c478bd9Sstevel@tonic-gateEOF 209*7c478bd9Sstevel@tonic-gate ;; 210*7c478bd9Sstevel@tonic-gate srch_scope_help) cat <<EOF 211*7c478bd9Sstevel@tonic-gate 212*7c478bd9Sstevel@tonic-gateHELP - Default search scope to be used for all searches unless they are 213*7c478bd9Sstevel@tonic-gate overwritten using serviceSearchDescriptors. The valid options 214*7c478bd9Sstevel@tonic-gate are "one", which would specify the search will only be performed 215*7c478bd9Sstevel@tonic-gate at the base DN for the given service, or "sub", which would specify 216*7c478bd9Sstevel@tonic-gate the search will be performed through *all* levels below the base DN 217*7c478bd9Sstevel@tonic-gate for the given service. 218*7c478bd9Sstevel@tonic-gate 219*7c478bd9Sstevel@tonic-gateEOF 220*7c478bd9Sstevel@tonic-gate ;; 221*7c478bd9Sstevel@tonic-gate cred_lvl_help) cat <<EOF 222*7c478bd9Sstevel@tonic-gate 223*7c478bd9Sstevel@tonic-gateHELP - This parameter defines what credentials the clients use to 224*7c478bd9Sstevel@tonic-gate authenticate to the directory server. This list might contain 225*7c478bd9Sstevel@tonic-gate multiple credential levels and is ordered. If a proxy level 226*7c478bd9Sstevel@tonic-gate is configured, you will also be prompted to enter a bind DN 227*7c478bd9Sstevel@tonic-gate for the proxy agent along with a password. This proxy agent 228*7c478bd9Sstevel@tonic-gate will be created if it does not exist. 229*7c478bd9Sstevel@tonic-gate 230*7c478bd9Sstevel@tonic-gateEOF 231*7c478bd9Sstevel@tonic-gate ;; 232*7c478bd9Sstevel@tonic-gate auth_help) cat <<EOF 233*7c478bd9Sstevel@tonic-gate 234*7c478bd9Sstevel@tonic-gateHELP - The default authentication method(s) to be used by all services 235*7c478bd9Sstevel@tonic-gate in the client using this profile. This is a ordered list of 236*7c478bd9Sstevel@tonic-gate authentication methods separated by a ';'. The supported methods 237*7c478bd9Sstevel@tonic-gate are provided in a menu. Note that sasl/DIGEST-MD5 binds require 238*7c478bd9Sstevel@tonic-gate passwords to be stored un-encrypted on the server. 239*7c478bd9Sstevel@tonic-gate 240*7c478bd9Sstevel@tonic-gateEOF 241*7c478bd9Sstevel@tonic-gate ;; 242*7c478bd9Sstevel@tonic-gate srvauth_help) cat <<EOF 243*7c478bd9Sstevel@tonic-gate 244*7c478bd9Sstevel@tonic-gateHELP - The authentication methods to be used by a given service. Currently 245*7c478bd9Sstevel@tonic-gate 3 services support this feature: pam_ldap, keyserv, and passwd-cmd. 246*7c478bd9Sstevel@tonic-gate The authentication method specified in this attribute overrides 247*7c478bd9Sstevel@tonic-gate the default authentication method defined in the profile. This 248*7c478bd9Sstevel@tonic-gate feature can be used to select stronger authentication methods for 249*7c478bd9Sstevel@tonic-gate services which require increased security. 250*7c478bd9Sstevel@tonic-gate 251*7c478bd9Sstevel@tonic-gateEOF 252*7c478bd9Sstevel@tonic-gate ;; 253*7c478bd9Sstevel@tonic-gate pam_ldap_help) cat <<EOF 254*7c478bd9Sstevel@tonic-gate 255*7c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by pam_ldap when contacting 256*7c478bd9Sstevel@tonic-gate the directory server. This is a ordered list, and, if provided, will 257*7c478bd9Sstevel@tonic-gate override the default authentication method parameter. 258*7c478bd9Sstevel@tonic-gate 259*7c478bd9Sstevel@tonic-gateEOF 260*7c478bd9Sstevel@tonic-gate ;; 261*7c478bd9Sstevel@tonic-gate keyserv_help) cat <<EOF 262*7c478bd9Sstevel@tonic-gate 263*7c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by newkey(1M) and chkey(1) 264*7c478bd9Sstevel@tonic-gate when contacting the directory server. This is a ordered list and 265*7c478bd9Sstevel@tonic-gate if provided will override the default authentication method 266*7c478bd9Sstevel@tonic-gate parameter. 267*7c478bd9Sstevel@tonic-gate 268*7c478bd9Sstevel@tonic-gateEOF 269*7c478bd9Sstevel@tonic-gate ;; 270*7c478bd9Sstevel@tonic-gate passwd-cmd_help) cat <<EOF 271*7c478bd9Sstevel@tonic-gate 272*7c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by passwd(1) command when 273*7c478bd9Sstevel@tonic-gate contacting the directory server. This is a ordered list and if 274*7c478bd9Sstevel@tonic-gate provided will override the default authentication method parameter. 275*7c478bd9Sstevel@tonic-gate 276*7c478bd9Sstevel@tonic-gateEOF 277*7c478bd9Sstevel@tonic-gate ;; 278*7c478bd9Sstevel@tonic-gate referrals_help) cat <<EOF 279*7c478bd9Sstevel@tonic-gate 280*7c478bd9Sstevel@tonic-gateHELP - This parameter indicates whether the client should follow 281*7c478bd9Sstevel@tonic-gate ldap referrals if it encounters one during naming lookups. 282*7c478bd9Sstevel@tonic-gate 283*7c478bd9Sstevel@tonic-gateEOF 284*7c478bd9Sstevel@tonic-gate ;; 285*7c478bd9Sstevel@tonic-gate tlim_help) cat <<EOF 286*7c478bd9Sstevel@tonic-gate 287*7c478bd9Sstevel@tonic-gateHELP - The server time limit value indicates the maximum amount of time the 288*7c478bd9Sstevel@tonic-gate server would spend on a query from the client before abandoning it. 289*7c478bd9Sstevel@tonic-gate A value of '-1' indicates no limit. 290*7c478bd9Sstevel@tonic-gate 291*7c478bd9Sstevel@tonic-gateEOF 292*7c478bd9Sstevel@tonic-gate ;; 293*7c478bd9Sstevel@tonic-gate slim_help) cat <<EOF 294*7c478bd9Sstevel@tonic-gate 295*7c478bd9Sstevel@tonic-gateHELP - The server sizelimit value indicates the maximum number of entries 296*7c478bd9Sstevel@tonic-gate the server would return in respond to a query from the client. A 297*7c478bd9Sstevel@tonic-gate value of '-1' indicates no limit. 298*7c478bd9Sstevel@tonic-gate 299*7c478bd9Sstevel@tonic-gateEOF 300*7c478bd9Sstevel@tonic-gate ;; 301*7c478bd9Sstevel@tonic-gate crypt_help) cat <<EOF 302*7c478bd9Sstevel@tonic-gate 303*7c478bd9Sstevel@tonic-gateHELP - By default iDS does not store userPassword attribute values using 304*7c478bd9Sstevel@tonic-gate unix "crypt" format. If you need to keep your passwords in the crypt 305*7c478bd9Sstevel@tonic-gate format for NIS/NIS+ and pam_unix compatibility, choose 'yes'. If 306*7c478bd9Sstevel@tonic-gate passwords are stored using any other format than crypt, pam_ldap 307*7c478bd9Sstevel@tonic-gate MUST be used by clients to authenticate users to the system. Note 308*7c478bd9Sstevel@tonic-gate that if you wish to use sasl/DIGEST-MD5 in conjunction with pam_ldap, 309*7c478bd9Sstevel@tonic-gate user passwords must be stored in the clear format. 310*7c478bd9Sstevel@tonic-gate 311*7c478bd9Sstevel@tonic-gateEOF 312*7c478bd9Sstevel@tonic-gate ;; 313*7c478bd9Sstevel@tonic-gate srchtime_help) cat <<EOF 314*7c478bd9Sstevel@tonic-gate 315*7c478bd9Sstevel@tonic-gateHELP - The search time limit the client will enforce for directory 316*7c478bd9Sstevel@tonic-gate lookups. 317*7c478bd9Sstevel@tonic-gate 318*7c478bd9Sstevel@tonic-gateEOF 319*7c478bd9Sstevel@tonic-gate ;; 320*7c478bd9Sstevel@tonic-gate profttl_help) cat <<EOF 321*7c478bd9Sstevel@tonic-gate 322*7c478bd9Sstevel@tonic-gateHELP - The time to live value for profile. The client will refresh its 323*7c478bd9Sstevel@tonic-gate cached version of the configuration profile at this TTL interval. 324*7c478bd9Sstevel@tonic-gate 325*7c478bd9Sstevel@tonic-gateEOF 326*7c478bd9Sstevel@tonic-gate ;; 327*7c478bd9Sstevel@tonic-gate bindlim_help) cat <<EOF 328*7c478bd9Sstevel@tonic-gate 329*7c478bd9Sstevel@tonic-gateHELP - The time limit for the bind operation to the directory. This 330*7c478bd9Sstevel@tonic-gate value controls the responsiveness of the client in case a server 331*7c478bd9Sstevel@tonic-gate becomes unavailable. The smallest timeout value for a given 332*7c478bd9Sstevel@tonic-gate network architecture/conditions would work best. This is very 333*7c478bd9Sstevel@tonic-gate similar to setting TCP timeout, but only for LDAP bind operation. 334*7c478bd9Sstevel@tonic-gate 335*7c478bd9Sstevel@tonic-gateEOF 336*7c478bd9Sstevel@tonic-gate ;; 337*7c478bd9Sstevel@tonic-gate ssd_help) cat <<EOF 338*7c478bd9Sstevel@tonic-gate 339*7c478bd9Sstevel@tonic-gateHELP - Using Service Search Descriptors (SSD), you can override the 340*7c478bd9Sstevel@tonic-gate default configuration for a given service. The SSD can be 341*7c478bd9Sstevel@tonic-gate used to override the default search base DN, the default search 342*7c478bd9Sstevel@tonic-gate scope, and the default search filter to be used for directory 343*7c478bd9Sstevel@tonic-gate lookups. SSD are supported for all services (databases) 344*7c478bd9Sstevel@tonic-gate defined in nsswitch.conf(4). The default base DN is defined 345*7c478bd9Sstevel@tonic-gate in ldap(1). 346*7c478bd9Sstevel@tonic-gate 347*7c478bd9Sstevel@tonic-gate Note: SSD are powerful tools in defining configuration profiles 348*7c478bd9Sstevel@tonic-gate and provide a great deal of flexibility. However, care 349*7c478bd9Sstevel@tonic-gate must be taken in creating them. If you decide to make use 350*7c478bd9Sstevel@tonic-gate of SSDs, consult the documentation first. 351*7c478bd9Sstevel@tonic-gate 352*7c478bd9Sstevel@tonic-gateEOF 353*7c478bd9Sstevel@tonic-gate ;; 354*7c478bd9Sstevel@tonic-gate ssd_menu_help) cat <<EOF 355*7c478bd9Sstevel@tonic-gate 356*7c478bd9Sstevel@tonic-gateHELP - Using this menu SSD can be added, updated, or deleted from 357*7c478bd9Sstevel@tonic-gate the profile. 358*7c478bd9Sstevel@tonic-gate 359*7c478bd9Sstevel@tonic-gate A - This option creates a new SSD by prompting for the 360*7c478bd9Sstevel@tonic-gate service name, base DN, and scope. Service name is 361*7c478bd9Sstevel@tonic-gate any valid service as defined in ldap(1). base is 362*7c478bd9Sstevel@tonic-gate either the distinguished name to the container where 363*7c478bd9Sstevel@tonic-gate this service will use, or a relative DN followed 364*7c478bd9Sstevel@tonic-gate by a ','. 365*7c478bd9Sstevel@tonic-gate D - Delete a previously created SSD. 366*7c478bd9Sstevel@tonic-gate M - Modify a previously created SSD. 367*7c478bd9Sstevel@tonic-gate P - Display a list of all the previously created SSD. 368*7c478bd9Sstevel@tonic-gate X - Delete all of the previously created SSD. 369*7c478bd9Sstevel@tonic-gate 370*7c478bd9Sstevel@tonic-gate Q - Exit the menu and continue with the server configuration. 371*7c478bd9Sstevel@tonic-gate 372*7c478bd9Sstevel@tonic-gateEOF 373*7c478bd9Sstevel@tonic-gate ;; 374*7c478bd9Sstevel@tonic-gate ldap_suffix_list_help) cat <<EOF 375*7c478bd9Sstevel@tonic-gate 376*7c478bd9Sstevel@tonic-gateHELP - No valid suffixes (naming contexts) are available on server 377*7c478bd9Sstevel@tonic-gate ${IDS_SERVER}:${IDS_PORT}. 378*7c478bd9Sstevel@tonic-gate You must set an LDAP Base DN that can be contained in 379*7c478bd9Sstevel@tonic-gate an existing suffix. 380*7c478bd9Sstevel@tonic-gate 381*7c478bd9Sstevel@tonic-gateEOF 382*7c478bd9Sstevel@tonic-gate ;; 383*7c478bd9Sstevel@tonic-gate esac 384*7c478bd9Sstevel@tonic-gate} 385*7c478bd9Sstevel@tonic-gate 386*7c478bd9Sstevel@tonic-gate 387*7c478bd9Sstevel@tonic-gate# 388*7c478bd9Sstevel@tonic-gate# get_ans(): gets an answer from the user. 389*7c478bd9Sstevel@tonic-gate# $1 instruction/comment/description/question 390*7c478bd9Sstevel@tonic-gate# $2 default value 391*7c478bd9Sstevel@tonic-gate# 392*7c478bd9Sstevel@tonic-gateget_ans() 393*7c478bd9Sstevel@tonic-gate{ 394*7c478bd9Sstevel@tonic-gate if [ -z "$2" ] 395*7c478bd9Sstevel@tonic-gate then 396*7c478bd9Sstevel@tonic-gate ${ECHO} "$1 \c" 397*7c478bd9Sstevel@tonic-gate else 398*7c478bd9Sstevel@tonic-gate ${ECHO} "$1 [$2] \c" 399*7c478bd9Sstevel@tonic-gate fi 400*7c478bd9Sstevel@tonic-gate 401*7c478bd9Sstevel@tonic-gate read ANS 402*7c478bd9Sstevel@tonic-gate if [ -z "$ANS" ] 403*7c478bd9Sstevel@tonic-gate then 404*7c478bd9Sstevel@tonic-gate ANS=$2 405*7c478bd9Sstevel@tonic-gate fi 406*7c478bd9Sstevel@tonic-gate} 407*7c478bd9Sstevel@tonic-gate 408*7c478bd9Sstevel@tonic-gate 409*7c478bd9Sstevel@tonic-gate# 410*7c478bd9Sstevel@tonic-gate# get_ans_req(): gets an answer (required) from the user, NULL value not allowed. 411*7c478bd9Sstevel@tonic-gate# $@ instruction/comment/description/question 412*7c478bd9Sstevel@tonic-gate# 413*7c478bd9Sstevel@tonic-gateget_ans_req() 414*7c478bd9Sstevel@tonic-gate{ 415*7c478bd9Sstevel@tonic-gate ANS="" # Set ANS to NULL. 416*7c478bd9Sstevel@tonic-gate while [ "$ANS" = "" ] 417*7c478bd9Sstevel@tonic-gate do 418*7c478bd9Sstevel@tonic-gate get_ans "$@" 419*7c478bd9Sstevel@tonic-gate [ "$ANS" = "" ] && ${ECHO} "NULL value not allowed!" 420*7c478bd9Sstevel@tonic-gate done 421*7c478bd9Sstevel@tonic-gate} 422*7c478bd9Sstevel@tonic-gate 423*7c478bd9Sstevel@tonic-gate 424*7c478bd9Sstevel@tonic-gate# 425*7c478bd9Sstevel@tonic-gate# get_number(): Querys and verifies that number entered is numeric. 426*7c478bd9Sstevel@tonic-gate# Function will repeat prompt user for number value. 427*7c478bd9Sstevel@tonic-gate# $1 Message text. 428*7c478bd9Sstevel@tonic-gate# $2 default value. 429*7c478bd9Sstevel@tonic-gate# $3 Help argument. 430*7c478bd9Sstevel@tonic-gate# 431*7c478bd9Sstevel@tonic-gateget_number() 432*7c478bd9Sstevel@tonic-gate{ 433*7c478bd9Sstevel@tonic-gate ANS="" # Set ANS to NULL. 434*7c478bd9Sstevel@tonic-gate NUM="" 435*7c478bd9Sstevel@tonic-gate 436*7c478bd9Sstevel@tonic-gate get_ans "$1" "$2" 437*7c478bd9Sstevel@tonic-gate 438*7c478bd9Sstevel@tonic-gate # Verify that value is numeric. 439*7c478bd9Sstevel@tonic-gate while not_numeric $ANS 440*7c478bd9Sstevel@tonic-gate do 441*7c478bd9Sstevel@tonic-gate case "$ANS" in 442*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 443*7c478bd9Sstevel@tonic-gate * ) ${ECHO} "Invalid value: \"${ANS}\". \c" 444*7c478bd9Sstevel@tonic-gate ;; 445*7c478bd9Sstevel@tonic-gate esac 446*7c478bd9Sstevel@tonic-gate # Get a new value. 447*7c478bd9Sstevel@tonic-gate get_ans "Enter a numeric value:" "$2" 448*7c478bd9Sstevel@tonic-gate done 449*7c478bd9Sstevel@tonic-gate NUM=$ANS 450*7c478bd9Sstevel@tonic-gate} 451*7c478bd9Sstevel@tonic-gate 452*7c478bd9Sstevel@tonic-gate 453*7c478bd9Sstevel@tonic-gate# 454*7c478bd9Sstevel@tonic-gate# get_negone_num(): Only allows a -1 or positive integer. 455*7c478bd9Sstevel@tonic-gate# Used for values where -1 has special meaning. 456*7c478bd9Sstevel@tonic-gate# 457*7c478bd9Sstevel@tonic-gate# $1 - Prompt message. 458*7c478bd9Sstevel@tonic-gate# $2 - Default value (require). 459*7c478bd9Sstevel@tonic-gate# $3 - Optional help argument. 460*7c478bd9Sstevel@tonic-gateget_negone_num() 461*7c478bd9Sstevel@tonic-gate{ 462*7c478bd9Sstevel@tonic-gate while : 463*7c478bd9Sstevel@tonic-gate do 464*7c478bd9Sstevel@tonic-gate get_number "$1" "$2" "$3" 465*7c478bd9Sstevel@tonic-gate if is_negative $ANS 466*7c478bd9Sstevel@tonic-gate then 467*7c478bd9Sstevel@tonic-gate if [ "$ANS" = "-1" ]; then 468*7c478bd9Sstevel@tonic-gate break # -1 is OK, so break. 469*7c478bd9Sstevel@tonic-gate else # Need to re-enter number. 470*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid number: please enter -1 or positive number." 471*7c478bd9Sstevel@tonic-gate fi 472*7c478bd9Sstevel@tonic-gate else 473*7c478bd9Sstevel@tonic-gate break # Positive number 474*7c478bd9Sstevel@tonic-gate fi 475*7c478bd9Sstevel@tonic-gate done 476*7c478bd9Sstevel@tonic-gate} 477*7c478bd9Sstevel@tonic-gate 478*7c478bd9Sstevel@tonic-gate 479*7c478bd9Sstevel@tonic-gate# 480*7c478bd9Sstevel@tonic-gate# get_passwd(): Reads a password from the user and verify with second. 481*7c478bd9Sstevel@tonic-gate# $@ instruction/comment/description/question 482*7c478bd9Sstevel@tonic-gate# 483*7c478bd9Sstevel@tonic-gateget_passwd() 484*7c478bd9Sstevel@tonic-gate{ 485*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd()" 486*7c478bd9Sstevel@tonic-gate 487*7c478bd9Sstevel@tonic-gate # Temporary PASSWD variables 488*7c478bd9Sstevel@tonic-gate _PASS1="" 489*7c478bd9Sstevel@tonic-gate _PASS2="" 490*7c478bd9Sstevel@tonic-gate 491*7c478bd9Sstevel@tonic-gate /usr/bin/stty -echo # Turn echo OFF 492*7c478bd9Sstevel@tonic-gate 493*7c478bd9Sstevel@tonic-gate # Endless loop that continues until passwd and re-entered passwd 494*7c478bd9Sstevel@tonic-gate # match. 495*7c478bd9Sstevel@tonic-gate while : 496*7c478bd9Sstevel@tonic-gate do 497*7c478bd9Sstevel@tonic-gate ANS="" # Set ANS to NULL. 498*7c478bd9Sstevel@tonic-gate 499*7c478bd9Sstevel@tonic-gate # Don't allow NULL for first try. 500*7c478bd9Sstevel@tonic-gate while [ "$ANS" = "" ] 501*7c478bd9Sstevel@tonic-gate do 502*7c478bd9Sstevel@tonic-gate get_ans "$@" 503*7c478bd9Sstevel@tonic-gate [ "$ANS" = "" ] && ${ECHO} "" && ${ECHO} "NULL passwd not allowed!" 504*7c478bd9Sstevel@tonic-gate done 505*7c478bd9Sstevel@tonic-gate _PASS1=$ANS # Store first try. 506*7c478bd9Sstevel@tonic-gate 507*7c478bd9Sstevel@tonic-gate # Get second try. 508*7c478bd9Sstevel@tonic-gate ${ECHO} "" 509*7c478bd9Sstevel@tonic-gate get_ans "Re-enter passwd:" 510*7c478bd9Sstevel@tonic-gate _PASS2=$ANS 511*7c478bd9Sstevel@tonic-gate 512*7c478bd9Sstevel@tonic-gate # Test if passwords are identical. 513*7c478bd9Sstevel@tonic-gate if [ "$_PASS1" = "$_PASS2" ]; then 514*7c478bd9Sstevel@tonic-gate break 515*7c478bd9Sstevel@tonic-gate fi 516*7c478bd9Sstevel@tonic-gate 517*7c478bd9Sstevel@tonic-gate # Move cursor down to next line and print ERROR message. 518*7c478bd9Sstevel@tonic-gate ${ECHO} "" 519*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: passwords don't match; try again." 520*7c478bd9Sstevel@tonic-gate done 521*7c478bd9Sstevel@tonic-gate 522*7c478bd9Sstevel@tonic-gate /usr/bin/stty echo # Turn echo ON 523*7c478bd9Sstevel@tonic-gate 524*7c478bd9Sstevel@tonic-gate ${ECHO} "" 525*7c478bd9Sstevel@tonic-gate} 526*7c478bd9Sstevel@tonic-gate 527*7c478bd9Sstevel@tonic-gate 528*7c478bd9Sstevel@tonic-gate# 529*7c478bd9Sstevel@tonic-gate# get_passwd_nochk(): Reads a password from the user w/o check. 530*7c478bd9Sstevel@tonic-gate# $@ instruction/comment/description/question 531*7c478bd9Sstevel@tonic-gate# 532*7c478bd9Sstevel@tonic-gateget_passwd_nochk() 533*7c478bd9Sstevel@tonic-gate{ 534*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd_nochk()" 535*7c478bd9Sstevel@tonic-gate 536*7c478bd9Sstevel@tonic-gate /usr/bin/stty -echo # Turn echo OFF 537*7c478bd9Sstevel@tonic-gate 538*7c478bd9Sstevel@tonic-gate get_ans "$@" 539*7c478bd9Sstevel@tonic-gate 540*7c478bd9Sstevel@tonic-gate /usr/bin/stty echo # Turn echo ON 541*7c478bd9Sstevel@tonic-gate 542*7c478bd9Sstevel@tonic-gate ${ECHO} "" 543*7c478bd9Sstevel@tonic-gate} 544*7c478bd9Sstevel@tonic-gate 545*7c478bd9Sstevel@tonic-gate 546*7c478bd9Sstevel@tonic-gate# 547*7c478bd9Sstevel@tonic-gate# get_menu_choice(): Get a menu choice from user. Continue prompting 548*7c478bd9Sstevel@tonic-gate# till the choice is in required range. 549*7c478bd9Sstevel@tonic-gate# $1 .. Message text. 550*7c478bd9Sstevel@tonic-gate# $2 .. min value 551*7c478bd9Sstevel@tonic-gate# $3 .. max value 552*7c478bd9Sstevel@tonic-gate# $4 .. OPTIONAL: default value 553*7c478bd9Sstevel@tonic-gate# 554*7c478bd9Sstevel@tonic-gate# Return value: 555*7c478bd9Sstevel@tonic-gate# MN_CH will contain the value selected. 556*7c478bd9Sstevel@tonic-gate# 557*7c478bd9Sstevel@tonic-gateget_menu_choice() 558*7c478bd9Sstevel@tonic-gate{ 559*7c478bd9Sstevel@tonic-gate # Check for req parameter. 560*7c478bd9Sstevel@tonic-gate if [ $# -lt 3 ]; then 561*7c478bd9Sstevel@tonic-gate ${ECHO} "get_menu_choice(): Did not get required parameters." 562*7c478bd9Sstevel@tonic-gate return 1 563*7c478bd9Sstevel@tonic-gate fi 564*7c478bd9Sstevel@tonic-gate 565*7c478bd9Sstevel@tonic-gate while : 566*7c478bd9Sstevel@tonic-gate do 567*7c478bd9Sstevel@tonic-gate get_ans "$1" "$4" 568*7c478bd9Sstevel@tonic-gate MN_CH=$ANS 569*7c478bd9Sstevel@tonic-gate is_negative $MN_CH 570*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 571*7c478bd9Sstevel@tonic-gate if [ $MN_CH -ge $2 ]; then 572*7c478bd9Sstevel@tonic-gate if [ $MN_CH -le $3 ]; then 573*7c478bd9Sstevel@tonic-gate return 574*7c478bd9Sstevel@tonic-gate fi 575*7c478bd9Sstevel@tonic-gate fi 576*7c478bd9Sstevel@tonic-gate fi 577*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid choice: $MN_CH" 578*7c478bd9Sstevel@tonic-gate done 579*7c478bd9Sstevel@tonic-gate} 580*7c478bd9Sstevel@tonic-gate 581*7c478bd9Sstevel@tonic-gate 582*7c478bd9Sstevel@tonic-gate# 583*7c478bd9Sstevel@tonic-gate# get_confirm(): Get confirmation from the user. (Y/Yes or N/No) 584*7c478bd9Sstevel@tonic-gate# $1 - Message 585*7c478bd9Sstevel@tonic-gate# $2 - default value. 586*7c478bd9Sstevel@tonic-gate# 587*7c478bd9Sstevel@tonic-gateget_confirm() 588*7c478bd9Sstevel@tonic-gate{ 589*7c478bd9Sstevel@tonic-gate _ANSWER= 590*7c478bd9Sstevel@tonic-gate 591*7c478bd9Sstevel@tonic-gate while : 592*7c478bd9Sstevel@tonic-gate do 593*7c478bd9Sstevel@tonic-gate # Display Internal ERROR if $2 not set. 594*7c478bd9Sstevel@tonic-gate if [ -z "$2" ] 595*7c478bd9Sstevel@tonic-gate then 596*7c478bd9Sstevel@tonic-gate ${ECHO} "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional." 597*7c478bd9Sstevel@tonic-gate exit 2 598*7c478bd9Sstevel@tonic-gate fi 599*7c478bd9Sstevel@tonic-gate 600*7c478bd9Sstevel@tonic-gate # Display prompt. 601*7c478bd9Sstevel@tonic-gate ${ECHO} "$1 [$2] \c" 602*7c478bd9Sstevel@tonic-gate 603*7c478bd9Sstevel@tonic-gate # Get the ANSWER. 604*7c478bd9Sstevel@tonic-gate read _ANSWER 605*7c478bd9Sstevel@tonic-gate if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then 606*7c478bd9Sstevel@tonic-gate _ANSWER=$2 607*7c478bd9Sstevel@tonic-gate fi 608*7c478bd9Sstevel@tonic-gate case "$_ANSWER" in 609*7c478bd9Sstevel@tonic-gate [Yy] | yes | Yes | YES) return 1 ;; 610*7c478bd9Sstevel@tonic-gate [Nn] | no | No | NO) return 0 ;; 611*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg ${3:-sorry};; 612*7c478bd9Sstevel@tonic-gate * ) ${ECHO} "Please enter y or n." ;; 613*7c478bd9Sstevel@tonic-gate esac 614*7c478bd9Sstevel@tonic-gate done 615*7c478bd9Sstevel@tonic-gate} 616*7c478bd9Sstevel@tonic-gate 617*7c478bd9Sstevel@tonic-gate 618*7c478bd9Sstevel@tonic-gate# 619*7c478bd9Sstevel@tonic-gate# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No) 620*7c478bd9Sstevel@tonic-gate# No default value supported. 621*7c478bd9Sstevel@tonic-gate# 622*7c478bd9Sstevel@tonic-gateget_confirm_nodef() 623*7c478bd9Sstevel@tonic-gate{ 624*7c478bd9Sstevel@tonic-gate _ANSWER= 625*7c478bd9Sstevel@tonic-gate 626*7c478bd9Sstevel@tonic-gate while : 627*7c478bd9Sstevel@tonic-gate do 628*7c478bd9Sstevel@tonic-gate ${ECHO} "$@ \c" 629*7c478bd9Sstevel@tonic-gate read _ANSWER 630*7c478bd9Sstevel@tonic-gate case "$_ANSWER" in 631*7c478bd9Sstevel@tonic-gate [Yy] | yes | Yes | YES) return 1 ;; 632*7c478bd9Sstevel@tonic-gate [Nn] | no | No | NO) return 0 ;; 633*7c478bd9Sstevel@tonic-gate * ) ${ECHO} "Please enter y or n." ;; 634*7c478bd9Sstevel@tonic-gate esac 635*7c478bd9Sstevel@tonic-gate done 636*7c478bd9Sstevel@tonic-gate} 637*7c478bd9Sstevel@tonic-gate 638*7c478bd9Sstevel@tonic-gate 639*7c478bd9Sstevel@tonic-gate# 640*7c478bd9Sstevel@tonic-gate# is_numeric(): Tells is a string is numeric. 641*7c478bd9Sstevel@tonic-gate# 0 = Numeric 642*7c478bd9Sstevel@tonic-gate# 1 = NOT Numeric 643*7c478bd9Sstevel@tonic-gate# 644*7c478bd9Sstevel@tonic-gateis_numeric() 645*7c478bd9Sstevel@tonic-gate{ 646*7c478bd9Sstevel@tonic-gate # Check for parameter. 647*7c478bd9Sstevel@tonic-gate if [ $# -ne 1 ]; then 648*7c478bd9Sstevel@tonic-gate return 1 649*7c478bd9Sstevel@tonic-gate fi 650*7c478bd9Sstevel@tonic-gate 651*7c478bd9Sstevel@tonic-gate # Determine if numeric. 652*7c478bd9Sstevel@tonic-gate expr "$1" + 1 > /dev/null 2>&1 653*7c478bd9Sstevel@tonic-gate if [ $? -ge 2 ]; then 654*7c478bd9Sstevel@tonic-gate return 1 655*7c478bd9Sstevel@tonic-gate fi 656*7c478bd9Sstevel@tonic-gate 657*7c478bd9Sstevel@tonic-gate # Made it here, it's Numeric. 658*7c478bd9Sstevel@tonic-gate return 0 659*7c478bd9Sstevel@tonic-gate} 660*7c478bd9Sstevel@tonic-gate 661*7c478bd9Sstevel@tonic-gate 662*7c478bd9Sstevel@tonic-gate# 663*7c478bd9Sstevel@tonic-gate# not_numeric(): Reverses the return values of is_numeric. Useful 664*7c478bd9Sstevel@tonic-gate# for if and while statements that want to test for 665*7c478bd9Sstevel@tonic-gate# non-numeric data. 666*7c478bd9Sstevel@tonic-gate# 0 = NOT Numeric 667*7c478bd9Sstevel@tonic-gate# 1 = Numeric 668*7c478bd9Sstevel@tonic-gate# 669*7c478bd9Sstevel@tonic-gatenot_numeric() 670*7c478bd9Sstevel@tonic-gate{ 671*7c478bd9Sstevel@tonic-gate is_numeric $1 672*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 673*7c478bd9Sstevel@tonic-gate return 1 674*7c478bd9Sstevel@tonic-gate else 675*7c478bd9Sstevel@tonic-gate return 0 676*7c478bd9Sstevel@tonic-gate fi 677*7c478bd9Sstevel@tonic-gate} 678*7c478bd9Sstevel@tonic-gate 679*7c478bd9Sstevel@tonic-gate 680*7c478bd9Sstevel@tonic-gate# 681*7c478bd9Sstevel@tonic-gate# is_negative(): Tells is a Numeric value is less than zero. 682*7c478bd9Sstevel@tonic-gate# 0 = Negative Numeric 683*7c478bd9Sstevel@tonic-gate# 1 = Positive Numeric 684*7c478bd9Sstevel@tonic-gate# 2 = NOT Numeric 685*7c478bd9Sstevel@tonic-gate# 686*7c478bd9Sstevel@tonic-gateis_negative() 687*7c478bd9Sstevel@tonic-gate{ 688*7c478bd9Sstevel@tonic-gate # Check for parameter. 689*7c478bd9Sstevel@tonic-gate if [ $# -ne 1 ]; then 690*7c478bd9Sstevel@tonic-gate return 1 691*7c478bd9Sstevel@tonic-gate fi 692*7c478bd9Sstevel@tonic-gate 693*7c478bd9Sstevel@tonic-gate # Determine if numeric. Can't use expr because -0 is 694*7c478bd9Sstevel@tonic-gate # considered positive?? 695*7c478bd9Sstevel@tonic-gate if is_numeric $1; then 696*7c478bd9Sstevel@tonic-gate case "$1" in 697*7c478bd9Sstevel@tonic-gate -*) return 0 ;; # Negative Numeric 698*7c478bd9Sstevel@tonic-gate *) return 1 ;; # Positive Numeric 699*7c478bd9Sstevel@tonic-gate esac 700*7c478bd9Sstevel@tonic-gate else 701*7c478bd9Sstevel@tonic-gate return 2 702*7c478bd9Sstevel@tonic-gate fi 703*7c478bd9Sstevel@tonic-gate} 704*7c478bd9Sstevel@tonic-gate 705*7c478bd9Sstevel@tonic-gate 706*7c478bd9Sstevel@tonic-gate# 707*7c478bd9Sstevel@tonic-gate# check_domainname(): check validity of a domain name. Currently we check 708*7c478bd9Sstevel@tonic-gate# that it has at least two components. 709*7c478bd9Sstevel@tonic-gate# $1 the domain name to be checked 710*7c478bd9Sstevel@tonic-gate# 711*7c478bd9Sstevel@tonic-gatecheck_domainname() 712*7c478bd9Sstevel@tonic-gate{ 713*7c478bd9Sstevel@tonic-gate if [ ! -z "$1" ] 714*7c478bd9Sstevel@tonic-gate then 715*7c478bd9Sstevel@tonic-gate t=`expr "$1" : '[^.]\{1,\}[.][^.]\{1,\}'` 716*7c478bd9Sstevel@tonic-gate if [ "$t" = 0 ] 717*7c478bd9Sstevel@tonic-gate then 718*7c478bd9Sstevel@tonic-gate return 1 719*7c478bd9Sstevel@tonic-gate fi 720*7c478bd9Sstevel@tonic-gate fi 721*7c478bd9Sstevel@tonic-gate return 0 722*7c478bd9Sstevel@tonic-gate} 723*7c478bd9Sstevel@tonic-gate 724*7c478bd9Sstevel@tonic-gate 725*7c478bd9Sstevel@tonic-gate# 726*7c478bd9Sstevel@tonic-gate# check_baseDN(): check validity of the baseDN name. 727*7c478bd9Sstevel@tonic-gate# $1 the baseDN name to be checked 728*7c478bd9Sstevel@tonic-gate# 729*7c478bd9Sstevel@tonic-gate# NOTE: The check_baseDN function does not catch all invalid DN's. 730*7c478bd9Sstevel@tonic-gate# Its purpose is to reduce the number of invalid DN's to 731*7c478bd9Sstevel@tonic-gate# get past the input routine. The invalid DN's will be 732*7c478bd9Sstevel@tonic-gate# caught by the LDAP server when they are attempted to be 733*7c478bd9Sstevel@tonic-gate# created. 734*7c478bd9Sstevel@tonic-gate# 735*7c478bd9Sstevel@tonic-gatecheck_baseDN() 736*7c478bd9Sstevel@tonic-gate{ 737*7c478bd9Sstevel@tonic-gate ck_DN=$1 738*7c478bd9Sstevel@tonic-gate ${ECHO} " Checking LDAP Base DN ..." 739*7c478bd9Sstevel@tonic-gate if [ ! -z "$ck_DN" ]; then 740*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "Checking baseDN: $ck_DN" 741*7c478bd9Sstevel@tonic-gate # Check for = (assignment operator) 742*7c478bd9Sstevel@tonic-gate ${ECHO} "$ck_DN" | ${GREP} "=" > /dev/null 2>&1 743*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 744*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: No '=' in baseDN." 745*7c478bd9Sstevel@tonic-gate return 1 746*7c478bd9Sstevel@tonic-gate fi 747*7c478bd9Sstevel@tonic-gate 748*7c478bd9Sstevel@tonic-gate # Check all keys. 749*7c478bd9Sstevel@tonic-gate while : 750*7c478bd9Sstevel@tonic-gate do 751*7c478bd9Sstevel@tonic-gate # Get first key. 752*7c478bd9Sstevel@tonic-gate dkey=`${ECHO} $ck_DN | cut -d'=' -f1` 753*7c478bd9Sstevel@tonic-gate 754*7c478bd9Sstevel@tonic-gate # Check that the key string is valid 755*7c478bd9Sstevel@tonic-gate check_attrName $dkey 756*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 757*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: invalid key=${dkey}" 758*7c478bd9Sstevel@tonic-gate return 1 759*7c478bd9Sstevel@tonic-gate fi 760*7c478bd9Sstevel@tonic-gate 761*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: valid key=${dkey}" 762*7c478bd9Sstevel@tonic-gate 763*7c478bd9Sstevel@tonic-gate # Remove first key from DN 764*7c478bd9Sstevel@tonic-gate ck_DN=`${ECHO} $ck_DN | cut -s -d',' -f2-` 765*7c478bd9Sstevel@tonic-gate 766*7c478bd9Sstevel@tonic-gate # Break loop if nothing left. 767*7c478bd9Sstevel@tonic-gate if [ "$ck_DN" = "" ]; then 768*7c478bd9Sstevel@tonic-gate break 769*7c478bd9Sstevel@tonic-gate fi 770*7c478bd9Sstevel@tonic-gate done 771*7c478bd9Sstevel@tonic-gate fi 772*7c478bd9Sstevel@tonic-gate return 0 773*7c478bd9Sstevel@tonic-gate} 774*7c478bd9Sstevel@tonic-gate 775*7c478bd9Sstevel@tonic-gate 776*7c478bd9Sstevel@tonic-gate# 777*7c478bd9Sstevel@tonic-gate# domain_2_dc(): Convert a domain name into dc string. 778*7c478bd9Sstevel@tonic-gate# $1 .. Domain name. 779*7c478bd9Sstevel@tonic-gate# 780*7c478bd9Sstevel@tonic-gatedomain_2_dc() 781*7c478bd9Sstevel@tonic-gate{ 782*7c478bd9Sstevel@tonic-gate _DOM=$1 # Domain parameter. 783*7c478bd9Sstevel@tonic-gate _DOM_2_DC="" # Return value from function. 784*7c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 785*7c478bd9Sstevel@tonic-gate 786*7c478bd9Sstevel@tonic-gate export _DOM_2_DC # Make visible for others. 787*7c478bd9Sstevel@tonic-gate 788*7c478bd9Sstevel@tonic-gate # Convert "."'s to spaces for "for" loop. 789*7c478bd9Sstevel@tonic-gate domtmp="`${ECHO} ${_DOM} | tr '.' ' '`" 790*7c478bd9Sstevel@tonic-gate for i in $domtmp; do 791*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 792*7c478bd9Sstevel@tonic-gate _DOM_2_DC="dc=${i}" 793*7c478bd9Sstevel@tonic-gate _FIRST=0 794*7c478bd9Sstevel@tonic-gate else 795*7c478bd9Sstevel@tonic-gate _DOM_2_DC="${_DOM_2_DC},dc=${i}" 796*7c478bd9Sstevel@tonic-gate fi 797*7c478bd9Sstevel@tonic-gate done 798*7c478bd9Sstevel@tonic-gate} 799*7c478bd9Sstevel@tonic-gate 800*7c478bd9Sstevel@tonic-gate 801*7c478bd9Sstevel@tonic-gate# 802*7c478bd9Sstevel@tonic-gate# is_root_user(): Check to see if logged in as root user. 803*7c478bd9Sstevel@tonic-gate# 804*7c478bd9Sstevel@tonic-gateis_root_user() 805*7c478bd9Sstevel@tonic-gate{ 806*7c478bd9Sstevel@tonic-gate case `id` in 807*7c478bd9Sstevel@tonic-gate uid=0\(root\)*) return 0 ;; 808*7c478bd9Sstevel@tonic-gate * ) return 1 ;; 809*7c478bd9Sstevel@tonic-gate esac 810*7c478bd9Sstevel@tonic-gate} 811*7c478bd9Sstevel@tonic-gate 812*7c478bd9Sstevel@tonic-gate 813*7c478bd9Sstevel@tonic-gate# 814*7c478bd9Sstevel@tonic-gate# parse_arg(): Parses the command line arguments and sets the 815*7c478bd9Sstevel@tonic-gate# appropriate variables. 816*7c478bd9Sstevel@tonic-gate# 817*7c478bd9Sstevel@tonic-gateparse_arg() 818*7c478bd9Sstevel@tonic-gate{ 819*7c478bd9Sstevel@tonic-gate while getopts "dvhi:o:" ARG 820*7c478bd9Sstevel@tonic-gate do 821*7c478bd9Sstevel@tonic-gate case $ARG in 822*7c478bd9Sstevel@tonic-gate d) DEBUG=1;; 823*7c478bd9Sstevel@tonic-gate v) VERB="";; 824*7c478bd9Sstevel@tonic-gate i) INPUT_FILE=$OPTARG;; 825*7c478bd9Sstevel@tonic-gate o) OUTPUT_FILE=$OPTARG;; 826*7c478bd9Sstevel@tonic-gate \?) display_msg usage 827*7c478bd9Sstevel@tonic-gate exit 1;; 828*7c478bd9Sstevel@tonic-gate *) ${ECHO} "**ERROR: Supported option missing handler!" 829*7c478bd9Sstevel@tonic-gate display_msg usage 830*7c478bd9Sstevel@tonic-gate exit 1;; 831*7c478bd9Sstevel@tonic-gate esac 832*7c478bd9Sstevel@tonic-gate done 833*7c478bd9Sstevel@tonic-gate return `expr $OPTIND - 1` 834*7c478bd9Sstevel@tonic-gate} 835*7c478bd9Sstevel@tonic-gate 836*7c478bd9Sstevel@tonic-gate 837*7c478bd9Sstevel@tonic-gate# 838*7c478bd9Sstevel@tonic-gate# init(): initializes variables and options 839*7c478bd9Sstevel@tonic-gate# 840*7c478bd9Sstevel@tonic-gateinit() 841*7c478bd9Sstevel@tonic-gate{ 842*7c478bd9Sstevel@tonic-gate # General variables. 843*7c478bd9Sstevel@tonic-gate PROG=`basename $0` # Program name 844*7c478bd9Sstevel@tonic-gate PID=$$ # Program ID 845*7c478bd9Sstevel@tonic-gate VERB='> /dev/null 2>&1' # NULL or "> /dev/null" 846*7c478bd9Sstevel@tonic-gate ECHO="/bin/echo" # print message on screen 847*7c478bd9Sstevel@tonic-gate EVAL="eval" # eval or echo 848*7c478bd9Sstevel@tonic-gate EGREP="/usr/bin/egrep" 849*7c478bd9Sstevel@tonic-gate GREP="/usr/bin/grep" 850*7c478bd9Sstevel@tonic-gate DEBUG=0 # Set Debug OFF 851*7c478bd9Sstevel@tonic-gate BACKUP=no_ldap # backup suffix 852*7c478bd9Sstevel@tonic-gate HOST="" # NULL or <hostname> 853*7c478bd9Sstevel@tonic-gate 854*7c478bd9Sstevel@tonic-gate DOM="" # Set to NULL 855*7c478bd9Sstevel@tonic-gate # If DNS domain (resolv.conf) exists use that, otherwise use domainname. 856*7c478bd9Sstevel@tonic-gate if [ -f /etc/resolv.conf ]; then 857*7c478bd9Sstevel@tonic-gate DOM=`/usr/xpg4/bin/grep -i -E '^domain|^search' /etc/resolv.conf \ 858*7c478bd9Sstevel@tonic-gate | awk '{ print $2 }' | tail -1` 859*7c478bd9Sstevel@tonic-gate fi 860*7c478bd9Sstevel@tonic-gate 861*7c478bd9Sstevel@tonic-gate # If for any reason the DOM did not get set (error'd resolv.conf) set 862*7c478bd9Sstevel@tonic-gate # DOM to the domainname command's output. 863*7c478bd9Sstevel@tonic-gate if [ "$DOM" = "" ]; then 864*7c478bd9Sstevel@tonic-gate DOM=`domainname` # domain from domainname command. 865*7c478bd9Sstevel@tonic-gate fi 866*7c478bd9Sstevel@tonic-gate 867*7c478bd9Sstevel@tonic-gate STEP=1 868*7c478bd9Sstevel@tonic-gate INTERACTIVE=1 # 0 = on, 1 = off (For input file mode) 869*7c478bd9Sstevel@tonic-gate DEL_OLD_PROFILE=0 # 0 (default), 1 = delete old profile. 870*7c478bd9Sstevel@tonic-gate 871*7c478bd9Sstevel@tonic-gate # idsconfig specific variables. 872*7c478bd9Sstevel@tonic-gate INPUT_FILE="" 873*7c478bd9Sstevel@tonic-gate OUTPUT_FILE="" 874*7c478bd9Sstevel@tonic-gate NEED_PROXY=0 # 0 = No Proxy, 1 = Create Proxy. 875*7c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT="" 876*7c478bd9Sstevel@tonic-gate LDAP_SUFFIX="" 877*7c478bd9Sstevel@tonic-gate LDAP_DOMAIN=$DOM # domainname on Server (default value) 878*7c478bd9Sstevel@tonic-gate GEN_CMD="" 879*7c478bd9Sstevel@tonic-gate 880*7c478bd9Sstevel@tonic-gate # LDAP COMMANDS 881*7c478bd9Sstevel@tonic-gate LDAPSEARCH="/bin/ldapsearch -r" 882*7c478bd9Sstevel@tonic-gate LDAPMODIFY=/bin/ldapmodify 883*7c478bd9Sstevel@tonic-gate LDAPADD=/bin/ldapadd 884*7c478bd9Sstevel@tonic-gate LDAPDELETE=/bin/ldapdelete 885*7c478bd9Sstevel@tonic-gate LDAP_GEN_PROFILE=/usr/sbin/ldap_gen_profile 886*7c478bd9Sstevel@tonic-gate 887*7c478bd9Sstevel@tonic-gate # iDS specific information 888*7c478bd9Sstevel@tonic-gate IDS_SERVER="" 889*7c478bd9Sstevel@tonic-gate IDS_PORT=389 890*7c478bd9Sstevel@tonic-gate NEED_TIME=0 891*7c478bd9Sstevel@tonic-gate NEED_SIZE=0 892*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_PAM=0 893*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_KEY=0 894*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_CMD=0 895*7c478bd9Sstevel@tonic-gate IDS_TIMELIMIT="" 896*7c478bd9Sstevel@tonic-gate IDS_SIZELIMIT="" 897*7c478bd9Sstevel@tonic-gate 898*7c478bd9Sstevel@tonic-gate # LDAP PROFILE related defaults 899*7c478bd9Sstevel@tonic-gate LDAP_ROOTDN="cn=Directory Manager" # Provide common default. 900*7c478bd9Sstevel@tonic-gate LDAP_ROOTPWD="" # NULL passwd as default (i.e. invalid) 901*7c478bd9Sstevel@tonic-gate LDAP_PROFILE_NAME="default" 902*7c478bd9Sstevel@tonic-gate LDAP_BASEDN="" 903*7c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST="" 904*7c478bd9Sstevel@tonic-gate LDAP_AUTHMETHOD="" 905*7c478bd9Sstevel@tonic-gate LDAP_FOLLOWREF="FALSE" 906*7c478bd9Sstevel@tonic-gate NEED_CRYPT="" 907*7c478bd9Sstevel@tonic-gate LDAP_SEARCH_SCOPE="one" 908*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="" 909*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="" 910*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="" 911*7c478bd9Sstevel@tonic-gate LDAP_SEARCH_TIME_LIMIT=30 912*7c478bd9Sstevel@tonic-gate LDAP_PREF_SRVLIST="" 913*7c478bd9Sstevel@tonic-gate LDAP_PROFILE_TTL=43200 914*7c478bd9Sstevel@tonic-gate LDAP_CRED_LEVEL="proxy" 915*7c478bd9Sstevel@tonic-gate LDAP_BIND_LIMIT=10 916*7c478bd9Sstevel@tonic-gate 917*7c478bd9Sstevel@tonic-gate # Prevent new files from being read by group or others. 918*7c478bd9Sstevel@tonic-gate umask 077 919*7c478bd9Sstevel@tonic-gate 920*7c478bd9Sstevel@tonic-gate # Service Search Descriptors 921*7c478bd9Sstevel@tonic-gate LDAP_SERV_SRCH_DES="" 922*7c478bd9Sstevel@tonic-gate 923*7c478bd9Sstevel@tonic-gate # Set and create TMPDIR. 924*7c478bd9Sstevel@tonic-gate TMPDIR="/tmp/idsconfig.${PID}" 925*7c478bd9Sstevel@tonic-gate if mkdir -m 700 ${TMPDIR} 926*7c478bd9Sstevel@tonic-gate then 927*7c478bd9Sstevel@tonic-gate # Cleanup on exit. 928*7c478bd9Sstevel@tonic-gate trap 'rm -rf ${TMPDIR}; /usr/bin/stty echo; exit' 1 2 3 6 15 929*7c478bd9Sstevel@tonic-gate else 930*7c478bd9Sstevel@tonic-gate echo "ERROR: unable to create a safe temporary directory." 931*7c478bd9Sstevel@tonic-gate exit 1 932*7c478bd9Sstevel@tonic-gate fi 933*7c478bd9Sstevel@tonic-gate LDAP_ROOTPWF=${TMPDIR}/rootPWD 934*7c478bd9Sstevel@tonic-gate 935*7c478bd9Sstevel@tonic-gate # Set the SSD file name after setting TMPDIR. 936*7c478bd9Sstevel@tonic-gate SSD_FILE=${TMPDIR}/ssd_list 937*7c478bd9Sstevel@tonic-gate 938*7c478bd9Sstevel@tonic-gate export DEBUG VERB ECHO EVAL EGREP GREP STEP TMPDIR 939*7c478bd9Sstevel@tonic-gate export IDS_SERVER IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST 940*7c478bd9Sstevel@tonic-gate export LDAP_BASEDN LDAP_ROOTPWF 941*7c478bd9Sstevel@tonic-gate export LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED 942*7c478bd9Sstevel@tonic-gate export NEED_PROXY 943*7c478bd9Sstevel@tonic-gate export LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST 944*7c478bd9Sstevel@tonic-gate export LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT 945*7c478bd9Sstevel@tonic-gate export LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT 946*7c478bd9Sstevel@tonic-gate export NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD 947*7c478bd9Sstevel@tonic-gate export LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD 948*7c478bd9Sstevel@tonic-gate export LDAP_SERV_SRCH_DES SSD_FILE 949*7c478bd9Sstevel@tonic-gate export GEN_CMD 950*7c478bd9Sstevel@tonic-gate} 951*7c478bd9Sstevel@tonic-gate 952*7c478bd9Sstevel@tonic-gate 953*7c478bd9Sstevel@tonic-gate# 954*7c478bd9Sstevel@tonic-gate# disp_full_debug(): List of all debug variables usually interested in. 955*7c478bd9Sstevel@tonic-gate# Grouped to avoid MASSIVE code duplication. 956*7c478bd9Sstevel@tonic-gate# 957*7c478bd9Sstevel@tonic-gatedisp_full_debug() 958*7c478bd9Sstevel@tonic-gate{ 959*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_SERVER = $IDS_SERVER" 960*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_PORT = $IDS_PORT" 961*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_ROOTDN = $LDAP_ROOTDN" 962*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_ROOTPWD = $LDAP_ROOTPWD" 963*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_DOMAIN = $LDAP_DOMAIN" 964*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SUFFIX = $LDAP_SUFFIX" 965*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_BASEDN = $LDAP_BASEDN" 966*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROFILE_NAME = $LDAP_PROFILE_NAME" 967*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SERVER_LIST = $LDAP_SERVER_LIST" 968*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PREF_SRVLIST = $LDAP_PREF_SRVLIST" 969*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SEARCH_SCOPE = $LDAP_SEARCH_SCOPE" 970*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_CRED_LEVEL = $LDAP_CRED_LEVEL" 971*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_AUTHMETHOD = $LDAP_AUTHMETHOD" 972*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_FOLLOWREF = $LDAP_FOLLOWREF" 973*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_TIMELIMIT = $IDS_TIMELIMIT" 974*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_SIZELIMIT = $IDS_SIZELIMIT" 975*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_CRYPT = $NEED_CRYPT" 976*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_SRVAUTH_PAM = $NEED_SRVAUTH_PAM" 977*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_SRVAUTH_KEY = $NEED_SRVAUTH_KEY" 978*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_SRVAUTH_CMD = $NEED_SRVAUTH_CMD" 979*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SRV_AUTHMETHOD_PAM = $LDAP_SRV_AUTHMETHOD_PAM" 980*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SRV_AUTHMETHOD_KEY = $LDAP_SRV_AUTHMETHOD_KEY" 981*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SRV_AUTHMETHOD_CMD = $LDAP_SRV_AUTHMETHOD_CMD" 982*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SEARCH_TIME_LIMIT = $LDAP_SEARCH_TIME_LIMIT" 983*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROFILE_TTL = $LDAP_PROFILE_TTL" 984*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_BIND_LIMIT = $LDAP_BIND_LIMIT" 985*7c478bd9Sstevel@tonic-gate 986*7c478bd9Sstevel@tonic-gate # Only display proxy stuff if needed. 987*7c478bd9Sstevel@tonic-gate if [ $NEED_PROXY -eq 1 ]; then 988*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROXYAGENT = $LDAP_PROXYAGENT" 989*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROXYAGENT_CRED = $LDAP_PROXYAGENT_CRED" 990*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_PROXY = $NEED_PROXY" 991*7c478bd9Sstevel@tonic-gate fi 992*7c478bd9Sstevel@tonic-gate 993*7c478bd9Sstevel@tonic-gate # Service Search Descriptors are a special case. 994*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SERV_SRCH_DES = $LDAP_SERV_SRCH_DES" 995*7c478bd9Sstevel@tonic-gate} 996*7c478bd9Sstevel@tonic-gate 997*7c478bd9Sstevel@tonic-gate 998*7c478bd9Sstevel@tonic-gate# 999*7c478bd9Sstevel@tonic-gate# load_config_file(): Loads the config file. 1000*7c478bd9Sstevel@tonic-gate# 1001*7c478bd9Sstevel@tonic-gateload_config_file() 1002*7c478bd9Sstevel@tonic-gate{ 1003*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In load_config_file()" 1004*7c478bd9Sstevel@tonic-gate 1005*7c478bd9Sstevel@tonic-gate # Remove SSD lines from input file before sourcing. 1006*7c478bd9Sstevel@tonic-gate # The SSD lines must be removed because some forms of the 1007*7c478bd9Sstevel@tonic-gate # data could cause SHELL errors. 1008*7c478bd9Sstevel@tonic-gate ${GREP} -v "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} > ${TMPDIR}/inputfile.noSSD 1009*7c478bd9Sstevel@tonic-gate 1010*7c478bd9Sstevel@tonic-gate # Source the input file. 1011*7c478bd9Sstevel@tonic-gate . ${TMPDIR}/inputfile.noSSD 1012*7c478bd9Sstevel@tonic-gate 1013*7c478bd9Sstevel@tonic-gate # If LDAP_SUFFIX is no set, try to utilize LDAP_TREETOP since older 1014*7c478bd9Sstevel@tonic-gate # config files use LDAP_TREETOP 1015*7c478bd9Sstevel@tonic-gate LDAP_SUFFIX="${LDAP_SUFFIX:-$LDAP_TREETOP}" 1016*7c478bd9Sstevel@tonic-gate 1017*7c478bd9Sstevel@tonic-gate # Save password to temporary file. 1018*7c478bd9Sstevel@tonic-gate save_password 1019*7c478bd9Sstevel@tonic-gate 1020*7c478bd9Sstevel@tonic-gate # Create the SSD file. 1021*7c478bd9Sstevel@tonic-gate create_ssd_file 1022*7c478bd9Sstevel@tonic-gate 1023*7c478bd9Sstevel@tonic-gate # Display FULL debugging info. 1024*7c478bd9Sstevel@tonic-gate disp_full_debug 1025*7c478bd9Sstevel@tonic-gate} 1026*7c478bd9Sstevel@tonic-gate 1027*7c478bd9Sstevel@tonic-gate# 1028*7c478bd9Sstevel@tonic-gate# save_password(): Save password to temporary file. 1029*7c478bd9Sstevel@tonic-gate# 1030*7c478bd9Sstevel@tonic-gatesave_password() 1031*7c478bd9Sstevel@tonic-gate{ 1032*7c478bd9Sstevel@tonic-gate cat > ${LDAP_ROOTPWF} <<EOF 1033*7c478bd9Sstevel@tonic-gate${LDAP_ROOTPWD} 1034*7c478bd9Sstevel@tonic-gateEOF 1035*7c478bd9Sstevel@tonic-gate} 1036*7c478bd9Sstevel@tonic-gate 1037*7c478bd9Sstevel@tonic-gate###################################################################### 1038*7c478bd9Sstevel@tonic-gate# FUNCTIONS FOR prompt_config_info() START HERE. 1039*7c478bd9Sstevel@tonic-gate###################################################################### 1040*7c478bd9Sstevel@tonic-gate 1041*7c478bd9Sstevel@tonic-gate# 1042*7c478bd9Sstevel@tonic-gate# get_ids_server(): Prompt for iDS server name. 1043*7c478bd9Sstevel@tonic-gate# 1044*7c478bd9Sstevel@tonic-gateget_ids_server() 1045*7c478bd9Sstevel@tonic-gate{ 1046*7c478bd9Sstevel@tonic-gate while : 1047*7c478bd9Sstevel@tonic-gate do 1048*7c478bd9Sstevel@tonic-gate # Prompt for server name. 1049*7c478bd9Sstevel@tonic-gate get_ans "Enter the iPlanet Directory Server's (iDS) hostname to setup:" "$IDS_SERVER" 1050*7c478bd9Sstevel@tonic-gate IDS_SERVER=$ANS 1051*7c478bd9Sstevel@tonic-gate 1052*7c478bd9Sstevel@tonic-gate # Ping server to see if live. If valid break out of loop. 1053*7c478bd9Sstevel@tonic-gate ping $IDS_SERVER > /dev/null 2>&1 1054*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1055*7c478bd9Sstevel@tonic-gate break 1056*7c478bd9Sstevel@tonic-gate fi 1057*7c478bd9Sstevel@tonic-gate 1058*7c478bd9Sstevel@tonic-gate # Invalid server, enter a new name. 1059*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Server '${IDS_SERVER}' is invalid or unreachable." 1060*7c478bd9Sstevel@tonic-gate IDS_SERVER="" 1061*7c478bd9Sstevel@tonic-gate done 1062*7c478bd9Sstevel@tonic-gate 1063*7c478bd9Sstevel@tonic-gate # Set SERVER_ARGS and LDAP_ARGS since values might of changed. 1064*7c478bd9Sstevel@tonic-gate SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}" 1065*7c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 1066*7c478bd9Sstevel@tonic-gate export SERVER_ARGS 1067*7c478bd9Sstevel@tonic-gate 1068*7c478bd9Sstevel@tonic-gate} 1069*7c478bd9Sstevel@tonic-gate 1070*7c478bd9Sstevel@tonic-gate# 1071*7c478bd9Sstevel@tonic-gate# get_ids_port(): Prompt for iDS port number. 1072*7c478bd9Sstevel@tonic-gate# 1073*7c478bd9Sstevel@tonic-gateget_ids_port() 1074*7c478bd9Sstevel@tonic-gate{ 1075*7c478bd9Sstevel@tonic-gate # Get a valid iDS port number. 1076*7c478bd9Sstevel@tonic-gate while : 1077*7c478bd9Sstevel@tonic-gate do 1078*7c478bd9Sstevel@tonic-gate # Enter port number. 1079*7c478bd9Sstevel@tonic-gate get_number "Enter the port number for iDS (h=help):" "$IDS_PORT" "port_help" 1080*7c478bd9Sstevel@tonic-gate IDS_PORT=$ANS 1081*7c478bd9Sstevel@tonic-gate 1082*7c478bd9Sstevel@tonic-gate # Do a simple search to check hostname and port number. 1083*7c478bd9Sstevel@tonic-gate # If search returns SUCCESS, break out, host and port must 1084*7c478bd9Sstevel@tonic-gate # be valid. 1085*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} -h ${IDS_SERVER} -p ${IDS_PORT} -b "" -s base "objectclass=*" > /dev/null 2>&1 1086*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1087*7c478bd9Sstevel@tonic-gate break 1088*7c478bd9Sstevel@tonic-gate fi 1089*7c478bd9Sstevel@tonic-gate 1090*7c478bd9Sstevel@tonic-gate # Invalid host/port pair, Re-enter. 1091*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Invalid host or port: ${IDS_SERVER}:${IDS_PORT}, Please re-enter!" 1092*7c478bd9Sstevel@tonic-gate get_ids_server 1093*7c478bd9Sstevel@tonic-gate done 1094*7c478bd9Sstevel@tonic-gate 1095*7c478bd9Sstevel@tonic-gate # Set SERVER_ARGS and LDAP_ARGS since values might of changed. 1096*7c478bd9Sstevel@tonic-gate SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}" 1097*7c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 1098*7c478bd9Sstevel@tonic-gate export SERVER_ARGS 1099*7c478bd9Sstevel@tonic-gate} 1100*7c478bd9Sstevel@tonic-gate 1101*7c478bd9Sstevel@tonic-gate 1102*7c478bd9Sstevel@tonic-gate# 1103*7c478bd9Sstevel@tonic-gate# chk_ids_version(): Read the slapd config file and set variables 1104*7c478bd9Sstevel@tonic-gate# 1105*7c478bd9Sstevel@tonic-gatechk_ids_version() 1106*7c478bd9Sstevel@tonic-gate{ 1107*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()" 1108*7c478bd9Sstevel@tonic-gate 1109*7c478bd9Sstevel@tonic-gate # check iDS version number. 1110*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base \"objectclass=*\" version | ${GREP} \"^version=\" | cut -f2 -d'/' | cut -f1 -d' ' > ${TMPDIR}/checkDSver 2>&1" 1111*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 1112*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Can not determine the version number of iDS!" 1113*7c478bd9Sstevel@tonic-gate exit 1 1114*7c478bd9Sstevel@tonic-gate fi 1115*7c478bd9Sstevel@tonic-gate IDS_VER=`cat ${TMPDIR}/checkDSver` 1116*7c478bd9Sstevel@tonic-gate IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.` 1117*7c478bd9Sstevel@tonic-gate IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.` 1118*7c478bd9Sstevel@tonic-gate if [ "${IDS_MAJVER}" != "5" ]; then 1119*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: $PROG only works with iDS version 5.x, not ${IDS_VER}." 1120*7c478bd9Sstevel@tonic-gate exit 1 1121*7c478bd9Sstevel@tonic-gate fi 1122*7c478bd9Sstevel@tonic-gate if [ $DEBUG -eq 1 ]; then 1123*7c478bd9Sstevel@tonic-gate ${ECHO} " IDS_MAJVER = $IDS_MAJVER" 1124*7c478bd9Sstevel@tonic-gate ${ECHO} " IDS_MINVER = $IDS_MINVER" 1125*7c478bd9Sstevel@tonic-gate fi 1126*7c478bd9Sstevel@tonic-gate} 1127*7c478bd9Sstevel@tonic-gate 1128*7c478bd9Sstevel@tonic-gate 1129*7c478bd9Sstevel@tonic-gate# 1130*7c478bd9Sstevel@tonic-gate# get_dirmgr_dn(): Get the directory manger DN. 1131*7c478bd9Sstevel@tonic-gate# 1132*7c478bd9Sstevel@tonic-gateget_dirmgr_dn() 1133*7c478bd9Sstevel@tonic-gate{ 1134*7c478bd9Sstevel@tonic-gate get_ans "Enter the directory manager DN:" "$LDAP_ROOTDN" 1135*7c478bd9Sstevel@tonic-gate LDAP_ROOTDN=$ANS 1136*7c478bd9Sstevel@tonic-gate 1137*7c478bd9Sstevel@tonic-gate # Update ENV variables using DN. 1138*7c478bd9Sstevel@tonic-gate AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}" 1139*7c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 1140*7c478bd9Sstevel@tonic-gate export AUTH_ARGS LDAP_ARGS 1141*7c478bd9Sstevel@tonic-gate} 1142*7c478bd9Sstevel@tonic-gate 1143*7c478bd9Sstevel@tonic-gate 1144*7c478bd9Sstevel@tonic-gate# 1145*7c478bd9Sstevel@tonic-gate# get_dirmgr_pw(): Get the Root DN passwd. (Root DN found in slapd.conf) 1146*7c478bd9Sstevel@tonic-gate# 1147*7c478bd9Sstevel@tonic-gateget_dirmgr_pw() 1148*7c478bd9Sstevel@tonic-gate{ 1149*7c478bd9Sstevel@tonic-gate while : 1150*7c478bd9Sstevel@tonic-gate do 1151*7c478bd9Sstevel@tonic-gate # Get passwd. 1152*7c478bd9Sstevel@tonic-gate get_passwd_nochk "Enter passwd for ${LDAP_ROOTDN} :" 1153*7c478bd9Sstevel@tonic-gate LDAP_ROOTPWD=$ANS 1154*7c478bd9Sstevel@tonic-gate 1155*7c478bd9Sstevel@tonic-gate # Store password in file. 1156*7c478bd9Sstevel@tonic-gate save_password 1157*7c478bd9Sstevel@tonic-gate 1158*7c478bd9Sstevel@tonic-gate # Update ENV variables using DN's PW. 1159*7c478bd9Sstevel@tonic-gate AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}" 1160*7c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 1161*7c478bd9Sstevel@tonic-gate export AUTH_ARGS LDAP_ARGS 1162*7c478bd9Sstevel@tonic-gate 1163*7c478bd9Sstevel@tonic-gate # Verify that ROOTDN and ROOTPWD are valid. 1164*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1" 1165*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 1166*7c478bd9Sstevel@tonic-gate eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}" 1167*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1168*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Root DN passwd is invalid." 1169*7c478bd9Sstevel@tonic-gate else 1170*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Invalid Root DN <${LDAP_ROOTDN}>." 1171*7c478bd9Sstevel@tonic-gate get_dirmgr_dn 1172*7c478bd9Sstevel@tonic-gate fi 1173*7c478bd9Sstevel@tonic-gate else 1174*7c478bd9Sstevel@tonic-gate break # Both are valid. 1175*7c478bd9Sstevel@tonic-gate fi 1176*7c478bd9Sstevel@tonic-gate done 1177*7c478bd9Sstevel@tonic-gate 1178*7c478bd9Sstevel@tonic-gate 1179*7c478bd9Sstevel@tonic-gate} 1180*7c478bd9Sstevel@tonic-gate 1181*7c478bd9Sstevel@tonic-gate 1182*7c478bd9Sstevel@tonic-gate# 1183*7c478bd9Sstevel@tonic-gate# get_domain(): Get the Domain that will be served by the LDAP server. 1184*7c478bd9Sstevel@tonic-gate# $1 - Help argument. 1185*7c478bd9Sstevel@tonic-gate# 1186*7c478bd9Sstevel@tonic-gateget_domain() 1187*7c478bd9Sstevel@tonic-gate{ 1188*7c478bd9Sstevel@tonic-gate # Use LDAP_DOMAIN as default. 1189*7c478bd9Sstevel@tonic-gate get_ans "Enter the domainname to be served (h=help):" $LDAP_DOMAIN 1190*7c478bd9Sstevel@tonic-gate 1191*7c478bd9Sstevel@tonic-gate # Check domainname, and have user re-enter if not valid. 1192*7c478bd9Sstevel@tonic-gate check_domainname $ANS 1193*7c478bd9Sstevel@tonic-gate while [ $? -ne 0 ] 1194*7c478bd9Sstevel@tonic-gate do 1195*7c478bd9Sstevel@tonic-gate case "$ANS" in 1196*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg ${1:-sorry} ;; 1197*7c478bd9Sstevel@tonic-gate * ) ${ECHO} "Invalid domainname: \"${ANS}\"." 1198*7c478bd9Sstevel@tonic-gate ;; 1199*7c478bd9Sstevel@tonic-gate esac 1200*7c478bd9Sstevel@tonic-gate get_ans "Enter domainname to be served (h=help):" $DOM 1201*7c478bd9Sstevel@tonic-gate 1202*7c478bd9Sstevel@tonic-gate check_domainname $ANS 1203*7c478bd9Sstevel@tonic-gate done 1204*7c478bd9Sstevel@tonic-gate 1205*7c478bd9Sstevel@tonic-gate # Set the domainname to valid name. 1206*7c478bd9Sstevel@tonic-gate LDAP_DOMAIN=$ANS 1207*7c478bd9Sstevel@tonic-gate} 1208*7c478bd9Sstevel@tonic-gate 1209*7c478bd9Sstevel@tonic-gate 1210*7c478bd9Sstevel@tonic-gate# 1211*7c478bd9Sstevel@tonic-gate# get_basedn(): Query for the Base DN. 1212*7c478bd9Sstevel@tonic-gate# 1213*7c478bd9Sstevel@tonic-gateget_basedn() 1214*7c478bd9Sstevel@tonic-gate{ 1215*7c478bd9Sstevel@tonic-gate # Set the $_DOM_2_DC and assign to LDAP_BASEDN as default. 1216*7c478bd9Sstevel@tonic-gate # Then call get_basedn(). This method remakes the default 1217*7c478bd9Sstevel@tonic-gate # each time just in case the domain changed. 1218*7c478bd9Sstevel@tonic-gate domain_2_dc $LDAP_DOMAIN 1219*7c478bd9Sstevel@tonic-gate LDAP_BASEDN=$_DOM_2_DC 1220*7c478bd9Sstevel@tonic-gate 1221*7c478bd9Sstevel@tonic-gate # Get Base DN. 1222*7c478bd9Sstevel@tonic-gate while : 1223*7c478bd9Sstevel@tonic-gate do 1224*7c478bd9Sstevel@tonic-gate get_ans_req "Enter LDAP Base DN (h=help):" "$LDAP_BASEDN" 1225*7c478bd9Sstevel@tonic-gate check_baseDN "$ANS" 1226*7c478bd9Sstevel@tonic-gate while [ $? -ne 0 ] 1227*7c478bd9Sstevel@tonic-gate do 1228*7c478bd9Sstevel@tonic-gate case "$ANS" in 1229*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg basedn_help ;; 1230*7c478bd9Sstevel@tonic-gate * ) ${ECHO} "Invalid base DN: \"${ANS}\"." 1231*7c478bd9Sstevel@tonic-gate ;; 1232*7c478bd9Sstevel@tonic-gate esac 1233*7c478bd9Sstevel@tonic-gate 1234*7c478bd9Sstevel@tonic-gate # Re-Enter the BaseDN 1235*7c478bd9Sstevel@tonic-gate get_ans_req "Enter LDAP Base DN (h=help):" "$LDAP_BASEDN" 1236*7c478bd9Sstevel@tonic-gate check_baseDN "$ANS" 1237*7c478bd9Sstevel@tonic-gate done 1238*7c478bd9Sstevel@tonic-gate 1239*7c478bd9Sstevel@tonic-gate # Set base DN. 1240*7c478bd9Sstevel@tonic-gate LDAP_BASEDN=${ANS} 1241*7c478bd9Sstevel@tonic-gate 1242*7c478bd9Sstevel@tonic-gate check_basedn_suffix 1243*7c478bd9Sstevel@tonic-gate case $? in 1244*7c478bd9Sstevel@tonic-gate 0) break ;; 1245*7c478bd9Sstevel@tonic-gate 1) cleanup; exit 1 ;; 1246*7c478bd9Sstevel@tonic-gate 2) continue ;; 1247*7c478bd9Sstevel@tonic-gate esac 1248*7c478bd9Sstevel@tonic-gate done 1249*7c478bd9Sstevel@tonic-gate} 1250*7c478bd9Sstevel@tonic-gate 1251*7c478bd9Sstevel@tonic-gate 1252*7c478bd9Sstevel@tonic-gate# 1253*7c478bd9Sstevel@tonic-gate# get_profile_name(): Enter the profile name. 1254*7c478bd9Sstevel@tonic-gate# 1255*7c478bd9Sstevel@tonic-gateget_profile_name() 1256*7c478bd9Sstevel@tonic-gate{ 1257*7c478bd9Sstevel@tonic-gate # Reset Delete Old Profile since getting new profile name. 1258*7c478bd9Sstevel@tonic-gate DEL_OLD_PROFILE=0 1259*7c478bd9Sstevel@tonic-gate 1260*7c478bd9Sstevel@tonic-gate # Loop until valid profile name, or replace. 1261*7c478bd9Sstevel@tonic-gate while : 1262*7c478bd9Sstevel@tonic-gate do 1263*7c478bd9Sstevel@tonic-gate # Prompt for profile name. 1264*7c478bd9Sstevel@tonic-gate get_ans "Enter the profile name (h=help):" "$LDAP_PROFILE_NAME" 1265*7c478bd9Sstevel@tonic-gate 1266*7c478bd9Sstevel@tonic-gate # Check for Help. 1267*7c478bd9Sstevel@tonic-gate case "$ANS" in 1268*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg profile_help 1269*7c478bd9Sstevel@tonic-gate continue ;; 1270*7c478bd9Sstevel@tonic-gate * ) ;; 1271*7c478bd9Sstevel@tonic-gate esac 1272*7c478bd9Sstevel@tonic-gate 1273*7c478bd9Sstevel@tonic-gate # Search to see if profile name already exists. 1274*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${ANS},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 1275*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1276*7c478bd9Sstevel@tonic-gate get_confirm_nodef "Are you sure you want to overwire profile cn=${ANS}?" 1277*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1278*7c478bd9Sstevel@tonic-gate DEL_OLD_PROFILE=1 1279*7c478bd9Sstevel@tonic-gate return 0 # Replace old profile name. 1280*7c478bd9Sstevel@tonic-gate else 1281*7c478bd9Sstevel@tonic-gate ${ECHO} "Please re-enter a new profile name." 1282*7c478bd9Sstevel@tonic-gate fi 1283*7c478bd9Sstevel@tonic-gate else 1284*7c478bd9Sstevel@tonic-gate break # Unique profile name. 1285*7c478bd9Sstevel@tonic-gate fi 1286*7c478bd9Sstevel@tonic-gate done 1287*7c478bd9Sstevel@tonic-gate 1288*7c478bd9Sstevel@tonic-gate # Set Profile Name. 1289*7c478bd9Sstevel@tonic-gate LDAP_PROFILE_NAME=$ANS 1290*7c478bd9Sstevel@tonic-gate} 1291*7c478bd9Sstevel@tonic-gate 1292*7c478bd9Sstevel@tonic-gate 1293*7c478bd9Sstevel@tonic-gate# 1294*7c478bd9Sstevel@tonic-gate# get_srv_list(): Get the default server list. 1295*7c478bd9Sstevel@tonic-gate# 1296*7c478bd9Sstevel@tonic-gateget_srv_list() 1297*7c478bd9Sstevel@tonic-gate{ 1298*7c478bd9Sstevel@tonic-gate # If LDAP_SERVER_LIST is NULL, then set, otherwise leave alone. 1299*7c478bd9Sstevel@tonic-gate if [ -z "${LDAP_SERVER_LIST}" ]; then 1300*7c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST=`getent hosts ${IDS_SERVER} | awk '{print $1}'` 1301*7c478bd9Sstevel@tonic-gate if [ ${IDS_PORT} -ne 389 ]; then 1302*7c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST="${LDAP_SERVER_LIST}:${IDS_PORT}" 1303*7c478bd9Sstevel@tonic-gate fi 1304*7c478bd9Sstevel@tonic-gate fi 1305*7c478bd9Sstevel@tonic-gate 1306*7c478bd9Sstevel@tonic-gate # Prompt for new LDAP_SERVER_LIST. 1307*7c478bd9Sstevel@tonic-gate while : 1308*7c478bd9Sstevel@tonic-gate do 1309*7c478bd9Sstevel@tonic-gate get_ans "Default server list (h=help):" $LDAP_SERVER_LIST 1310*7c478bd9Sstevel@tonic-gate 1311*7c478bd9Sstevel@tonic-gate # If help continue, otherwise break. 1312*7c478bd9Sstevel@tonic-gate case "$ANS" in 1313*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg def_srvlist_help ;; 1314*7c478bd9Sstevel@tonic-gate * ) break ;; 1315*7c478bd9Sstevel@tonic-gate esac 1316*7c478bd9Sstevel@tonic-gate done 1317*7c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST=$ANS 1318*7c478bd9Sstevel@tonic-gate} 1319*7c478bd9Sstevel@tonic-gate 1320*7c478bd9Sstevel@tonic-gate 1321*7c478bd9Sstevel@tonic-gate# 1322*7c478bd9Sstevel@tonic-gate# get_pref_srv(): The preferred server list (Overrides the server list) 1323*7c478bd9Sstevel@tonic-gate# 1324*7c478bd9Sstevel@tonic-gateget_pref_srv() 1325*7c478bd9Sstevel@tonic-gate{ 1326*7c478bd9Sstevel@tonic-gate while : 1327*7c478bd9Sstevel@tonic-gate do 1328*7c478bd9Sstevel@tonic-gate get_ans "Preferred server list (h=help):" $LDAP_PREF_SRVLIST 1329*7c478bd9Sstevel@tonic-gate 1330*7c478bd9Sstevel@tonic-gate # If help continue, otherwise break. 1331*7c478bd9Sstevel@tonic-gate case "$ANS" in 1332*7c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg pref_srvlist_help ;; 1333*7c478bd9Sstevel@tonic-gate * ) break ;; 1334*7c478bd9Sstevel@tonic-gate esac 1335*7c478bd9Sstevel@tonic-gate done 1336*7c478bd9Sstevel@tonic-gate LDAP_PREF_SRVLIST=$ANS 1337*7c478bd9Sstevel@tonic-gate} 1338*7c478bd9Sstevel@tonic-gate 1339*7c478bd9Sstevel@tonic-gate 1340*7c478bd9Sstevel@tonic-gate# 1341*7c478bd9Sstevel@tonic-gate# get_search_scope(): Get the search scope from the user. 1342*7c478bd9Sstevel@tonic-gate# 1343*7c478bd9Sstevel@tonic-gateget_search_scope() 1344*7c478bd9Sstevel@tonic-gate{ 1345*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_search_scope()" 1346*7c478bd9Sstevel@tonic-gate 1347*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 1348*7c478bd9Sstevel@tonic-gate while : 1349*7c478bd9Sstevel@tonic-gate do 1350*7c478bd9Sstevel@tonic-gate get_ans "Choose desired search scope (one, sub, h=help): " "one" 1351*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 1352*7c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 1353*7c478bd9Sstevel@tonic-gate one) LDAP_SEARCH_SCOPE="one" 1354*7c478bd9Sstevel@tonic-gate return 1 ;; 1355*7c478bd9Sstevel@tonic-gate sub) LDAP_SEARCH_SCOPE="sub" 1356*7c478bd9Sstevel@tonic-gate return 2 ;; 1357*7c478bd9Sstevel@tonic-gate h) display_msg srch_scope_help ;; 1358*7c478bd9Sstevel@tonic-gate *) ${ECHO} "Please enter \"one\", \"sub\", or \"h\"." ;; 1359*7c478bd9Sstevel@tonic-gate esac 1360*7c478bd9Sstevel@tonic-gate done 1361*7c478bd9Sstevel@tonic-gate 1362*7c478bd9Sstevel@tonic-gate} 1363*7c478bd9Sstevel@tonic-gate 1364*7c478bd9Sstevel@tonic-gate 1365*7c478bd9Sstevel@tonic-gate# 1366*7c478bd9Sstevel@tonic-gate# get_cred_level(): Function to display menu to user and get the 1367*7c478bd9Sstevel@tonic-gate# credential level. 1368*7c478bd9Sstevel@tonic-gate# 1369*7c478bd9Sstevel@tonic-gateget_cred_level() 1370*7c478bd9Sstevel@tonic-gate{ 1371*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_cred_level()" 1372*7c478bd9Sstevel@tonic-gate 1373*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 1374*7c478bd9Sstevel@tonic-gate display_msg cred_level_menu 1375*7c478bd9Sstevel@tonic-gate while : 1376*7c478bd9Sstevel@tonic-gate do 1377*7c478bd9Sstevel@tonic-gate get_ans "Choose Credential level [h=help]:" "1" 1378*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 1379*7c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 1380*7c478bd9Sstevel@tonic-gate 1) LDAP_CRED_LEVEL="anonymous" 1381*7c478bd9Sstevel@tonic-gate return 1 ;; 1382*7c478bd9Sstevel@tonic-gate 2) LDAP_CRED_LEVEL="proxy" 1383*7c478bd9Sstevel@tonic-gate return 2 ;; 1384*7c478bd9Sstevel@tonic-gate 3) LDAP_CRED_LEVEL="proxy anonymous" 1385*7c478bd9Sstevel@tonic-gate return 3 ;; 1386*7c478bd9Sstevel@tonic-gate h) display_msg cred_lvl_help ;; 1387*7c478bd9Sstevel@tonic-gate *) ${ECHO} "Please enter 1, 2 or 3." ;; 1388*7c478bd9Sstevel@tonic-gate esac 1389*7c478bd9Sstevel@tonic-gate done 1390*7c478bd9Sstevel@tonic-gate} 1391*7c478bd9Sstevel@tonic-gate 1392*7c478bd9Sstevel@tonic-gate 1393*7c478bd9Sstevel@tonic-gate# 1394*7c478bd9Sstevel@tonic-gate# srvauth_menu_handler(): Enter the Service Authentication method. 1395*7c478bd9Sstevel@tonic-gate# 1396*7c478bd9Sstevel@tonic-gatesrvauth_menu_handler() 1397*7c478bd9Sstevel@tonic-gate{ 1398*7c478bd9Sstevel@tonic-gate # Display Auth menu 1399*7c478bd9Sstevel@tonic-gate display_msg srvauth_method_menu 1400*7c478bd9Sstevel@tonic-gate 1401*7c478bd9Sstevel@tonic-gate # Get a Valid choice. 1402*7c478bd9Sstevel@tonic-gate while : 1403*7c478bd9Sstevel@tonic-gate do 1404*7c478bd9Sstevel@tonic-gate # Display appropriate prompt and get answer. 1405*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 1406*7c478bd9Sstevel@tonic-gate get_ans "Choose Service Authentication Method:" "1" 1407*7c478bd9Sstevel@tonic-gate else 1408*7c478bd9Sstevel@tonic-gate get_ans "Choose Service Authentication Method (0=reset):" 1409*7c478bd9Sstevel@tonic-gate fi 1410*7c478bd9Sstevel@tonic-gate 1411*7c478bd9Sstevel@tonic-gate # Determine choice. 1412*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 1413*7c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 1414*7c478bd9Sstevel@tonic-gate 1) _AUTHMETHOD="simple" 1415*7c478bd9Sstevel@tonic-gate break ;; 1416*7c478bd9Sstevel@tonic-gate 2) _AUTHMETHOD="sasl/DIGEST-MD5" 1417*7c478bd9Sstevel@tonic-gate break ;; 1418*7c478bd9Sstevel@tonic-gate 3) _AUTHMETHOD="tls:simple" 1419*7c478bd9Sstevel@tonic-gate break ;; 1420*7c478bd9Sstevel@tonic-gate 4) _AUTHMETHOD="tls:sasl/DIGEST-MD5" 1421*7c478bd9Sstevel@tonic-gate break ;; 1422*7c478bd9Sstevel@tonic-gate 0) _AUTHMETHOD="" 1423*7c478bd9Sstevel@tonic-gate _FIRST=1 1424*7c478bd9Sstevel@tonic-gate break ;; 1425*7c478bd9Sstevel@tonic-gate *) ${ECHO} "Please enter 1-4 or 0 to reset." ;; 1426*7c478bd9Sstevel@tonic-gate esac 1427*7c478bd9Sstevel@tonic-gate done 1428*7c478bd9Sstevel@tonic-gate} 1429*7c478bd9Sstevel@tonic-gate 1430*7c478bd9Sstevel@tonic-gate 1431*7c478bd9Sstevel@tonic-gate# 1432*7c478bd9Sstevel@tonic-gate# auth_menu_handler(): Enter the Authentication method. 1433*7c478bd9Sstevel@tonic-gate# 1434*7c478bd9Sstevel@tonic-gateauth_menu_handler() 1435*7c478bd9Sstevel@tonic-gate{ 1436*7c478bd9Sstevel@tonic-gate # Display Auth menu 1437*7c478bd9Sstevel@tonic-gate display_msg auth_method_menu 1438*7c478bd9Sstevel@tonic-gate 1439*7c478bd9Sstevel@tonic-gate # Get a Valid choice. 1440*7c478bd9Sstevel@tonic-gate while : 1441*7c478bd9Sstevel@tonic-gate do 1442*7c478bd9Sstevel@tonic-gate # Display appropriate prompt and get answer. 1443*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 1444*7c478bd9Sstevel@tonic-gate get_ans "Choose Authentication Method (h=help):" "1" 1445*7c478bd9Sstevel@tonic-gate else 1446*7c478bd9Sstevel@tonic-gate get_ans "Choose Authentication Method (0=reset, h=help):" 1447*7c478bd9Sstevel@tonic-gate fi 1448*7c478bd9Sstevel@tonic-gate 1449*7c478bd9Sstevel@tonic-gate # Determine choice. 1450*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 1451*7c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 1452*7c478bd9Sstevel@tonic-gate 1) _AUTHMETHOD="none" 1453*7c478bd9Sstevel@tonic-gate break ;; 1454*7c478bd9Sstevel@tonic-gate 2) _AUTHMETHOD="simple" 1455*7c478bd9Sstevel@tonic-gate break ;; 1456*7c478bd9Sstevel@tonic-gate 3) _AUTHMETHOD="sasl/DIGEST-MD5" 1457*7c478bd9Sstevel@tonic-gate break ;; 1458*7c478bd9Sstevel@tonic-gate 4) _AUTHMETHOD="tls:simple" 1459*7c478bd9Sstevel@tonic-gate break ;; 1460*7c478bd9Sstevel@tonic-gate 5) _AUTHMETHOD="tls:sasl/DIGEST-MD5" 1461*7c478bd9Sstevel@tonic-gate break ;; 1462*7c478bd9Sstevel@tonic-gate 0) _AUTHMETHOD="" 1463*7c478bd9Sstevel@tonic-gate _FIRST=1 1464*7c478bd9Sstevel@tonic-gate break ;; 1465*7c478bd9Sstevel@tonic-gate h) display_msg auth_help ;; 1466*7c478bd9Sstevel@tonic-gate *) ${ECHO} "Please enter 1-5, 0=reset, or h=help." ;; 1467*7c478bd9Sstevel@tonic-gate esac 1468*7c478bd9Sstevel@tonic-gate done 1469*7c478bd9Sstevel@tonic-gate} 1470*7c478bd9Sstevel@tonic-gate 1471*7c478bd9Sstevel@tonic-gate 1472*7c478bd9Sstevel@tonic-gate# 1473*7c478bd9Sstevel@tonic-gate# get_auth(): Enter the Authentication method. 1474*7c478bd9Sstevel@tonic-gate# 1475*7c478bd9Sstevel@tonic-gateget_auth() 1476*7c478bd9Sstevel@tonic-gate{ 1477*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_auth()" 1478*7c478bd9Sstevel@tonic-gate 1479*7c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 1480*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 1481*7c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 1482*7c478bd9Sstevel@tonic-gate 1483*7c478bd9Sstevel@tonic-gate while : 1484*7c478bd9Sstevel@tonic-gate do 1485*7c478bd9Sstevel@tonic-gate # Call Menu handler 1486*7c478bd9Sstevel@tonic-gate auth_menu_handler 1487*7c478bd9Sstevel@tonic-gate 1488*7c478bd9Sstevel@tonic-gate # Add Auth Method to list. 1489*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 1490*7c478bd9Sstevel@tonic-gate LDAP_AUTHMETHOD="${_AUTHMETHOD}" 1491*7c478bd9Sstevel@tonic-gate _FIRST=0 1492*7c478bd9Sstevel@tonic-gate else 1493*7c478bd9Sstevel@tonic-gate LDAP_AUTHMETHOD="${LDAP_AUTHMETHOD};${_AUTHMETHOD}" 1494*7c478bd9Sstevel@tonic-gate fi 1495*7c478bd9Sstevel@tonic-gate 1496*7c478bd9Sstevel@tonic-gate # Display current Authentication Method. 1497*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1498*7c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_AUTHMETHOD}" 1499*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1500*7c478bd9Sstevel@tonic-gate 1501*7c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 1502*7c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 1503*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1504*7c478bd9Sstevel@tonic-gate break; 1505*7c478bd9Sstevel@tonic-gate fi 1506*7c478bd9Sstevel@tonic-gate done 1507*7c478bd9Sstevel@tonic-gate} 1508*7c478bd9Sstevel@tonic-gate 1509*7c478bd9Sstevel@tonic-gate 1510*7c478bd9Sstevel@tonic-gate# 1511*7c478bd9Sstevel@tonic-gate# get_followref(): Whether or not to follow referrals. 1512*7c478bd9Sstevel@tonic-gate# 1513*7c478bd9Sstevel@tonic-gateget_followref() 1514*7c478bd9Sstevel@tonic-gate{ 1515*7c478bd9Sstevel@tonic-gate get_confirm "Do you want the clients to follow referrals (y/n/h)?" "n" "referrals_help" 1516*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1517*7c478bd9Sstevel@tonic-gate LDAP_FOLLOWREF="TRUE" 1518*7c478bd9Sstevel@tonic-gate else 1519*7c478bd9Sstevel@tonic-gate LDAP_FOLLOWREF="FALSE" 1520*7c478bd9Sstevel@tonic-gate fi 1521*7c478bd9Sstevel@tonic-gate} 1522*7c478bd9Sstevel@tonic-gate 1523*7c478bd9Sstevel@tonic-gate 1524*7c478bd9Sstevel@tonic-gate# 1525*7c478bd9Sstevel@tonic-gate# get_timelimit(): Set the time limit. -1 is max time. 1526*7c478bd9Sstevel@tonic-gate# 1527*7c478bd9Sstevel@tonic-gateget_timelimit() 1528*7c478bd9Sstevel@tonic-gate{ 1529*7c478bd9Sstevel@tonic-gate # Get current timeout value from cn=config. 1530*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-timelimit > ${TMPDIR}/chk_timeout 2>&1" 1531*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 1532*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Could not reach LDAP server to check current timeout!" 1533*7c478bd9Sstevel@tonic-gate cleanup 1534*7c478bd9Sstevel@tonic-gate exit 1 1535*7c478bd9Sstevel@tonic-gate fi 1536*7c478bd9Sstevel@tonic-gate CURR_TIMELIMIT=`${GREP} timelimit ${TMPDIR}/chk_timeout | cut -f2 -d=` 1537*7c478bd9Sstevel@tonic-gate 1538*7c478bd9Sstevel@tonic-gate get_negone_num "Enter the time limit for iDS (current=${CURR_TIMELIMIT}):" "-1" 1539*7c478bd9Sstevel@tonic-gate IDS_TIMELIMIT=$NUM 1540*7c478bd9Sstevel@tonic-gate} 1541*7c478bd9Sstevel@tonic-gate 1542*7c478bd9Sstevel@tonic-gate 1543*7c478bd9Sstevel@tonic-gate# 1544*7c478bd9Sstevel@tonic-gate# get_sizelimit(): Set the size limit. -1 is max size. 1545*7c478bd9Sstevel@tonic-gate# 1546*7c478bd9Sstevel@tonic-gateget_sizelimit() 1547*7c478bd9Sstevel@tonic-gate{ 1548*7c478bd9Sstevel@tonic-gate # Get current sizelimit value from cn=config. 1549*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-sizelimit > ${TMPDIR}/chk_sizelimit 2>&1" 1550*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 1551*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Could not reach LDAP server to check current sizelimit!" 1552*7c478bd9Sstevel@tonic-gate cleanup 1553*7c478bd9Sstevel@tonic-gate exit 1 1554*7c478bd9Sstevel@tonic-gate fi 1555*7c478bd9Sstevel@tonic-gate CURR_SIZELIMIT=`${GREP} sizelimit ${TMPDIR}/chk_sizelimit | cut -f2 -d=` 1556*7c478bd9Sstevel@tonic-gate 1557*7c478bd9Sstevel@tonic-gate get_negone_num "Enter the size limit for iDS (current=${CURR_SIZELIMIT}):" "-1" 1558*7c478bd9Sstevel@tonic-gate IDS_SIZELIMIT=$NUM 1559*7c478bd9Sstevel@tonic-gate} 1560*7c478bd9Sstevel@tonic-gate 1561*7c478bd9Sstevel@tonic-gate 1562*7c478bd9Sstevel@tonic-gate# 1563*7c478bd9Sstevel@tonic-gate# get_want_crypt(): Ask user if want to store passwords in crypt? 1564*7c478bd9Sstevel@tonic-gate# 1565*7c478bd9Sstevel@tonic-gateget_want_crypt() 1566*7c478bd9Sstevel@tonic-gate{ 1567*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to store passwords in \"crypt\" format (y/n/h)?" "n" "crypt_help" 1568*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1569*7c478bd9Sstevel@tonic-gate NEED_CRYPT="TRUE" 1570*7c478bd9Sstevel@tonic-gate else 1571*7c478bd9Sstevel@tonic-gate NEED_CRYPT="FALSE" 1572*7c478bd9Sstevel@tonic-gate fi 1573*7c478bd9Sstevel@tonic-gate} 1574*7c478bd9Sstevel@tonic-gate 1575*7c478bd9Sstevel@tonic-gate 1576*7c478bd9Sstevel@tonic-gate# 1577*7c478bd9Sstevel@tonic-gate# get_srv_authMethod_pam(): Get the Service Auth Method for pam_ldap from user. 1578*7c478bd9Sstevel@tonic-gate# 1579*7c478bd9Sstevel@tonic-gate# NOTE: This function is base on get_auth(). 1580*7c478bd9Sstevel@tonic-gate# 1581*7c478bd9Sstevel@tonic-gateget_srv_authMethod_pam() 1582*7c478bd9Sstevel@tonic-gate{ 1583*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_pam()" 1584*7c478bd9Sstevel@tonic-gate 1585*7c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 1586*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 1587*7c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 1588*7c478bd9Sstevel@tonic-gate 1589*7c478bd9Sstevel@tonic-gate while : 1590*7c478bd9Sstevel@tonic-gate do 1591*7c478bd9Sstevel@tonic-gate # Call Menu handler 1592*7c478bd9Sstevel@tonic-gate srvauth_menu_handler 1593*7c478bd9Sstevel@tonic-gate 1594*7c478bd9Sstevel@tonic-gate # Add Auth Method to list. 1595*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 1596*7c478bd9Sstevel@tonic-gate if [ "$_AUTHMETHOD" = "" ]; then 1597*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="" 1598*7c478bd9Sstevel@tonic-gate else 1599*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="pam_ldap:${_AUTHMETHOD}" 1600*7c478bd9Sstevel@tonic-gate fi 1601*7c478bd9Sstevel@tonic-gate _FIRST=0 1602*7c478bd9Sstevel@tonic-gate else 1603*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="${LDAP_SRV_AUTHMETHOD_PAM};${_AUTHMETHOD}" 1604*7c478bd9Sstevel@tonic-gate fi 1605*7c478bd9Sstevel@tonic-gate 1606*7c478bd9Sstevel@tonic-gate # Display current Authentication Method. 1607*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1608*7c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_PAM}" 1609*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1610*7c478bd9Sstevel@tonic-gate 1611*7c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 1612*7c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 1613*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1614*7c478bd9Sstevel@tonic-gate break; 1615*7c478bd9Sstevel@tonic-gate fi 1616*7c478bd9Sstevel@tonic-gate done 1617*7c478bd9Sstevel@tonic-gate 1618*7c478bd9Sstevel@tonic-gate # Check in case user reset string and exited loop. 1619*7c478bd9Sstevel@tonic-gate if [ "$LDAP_SRV_AUTHMETHOD_PAM" = "" ]; then 1620*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_PAM=0 1621*7c478bd9Sstevel@tonic-gate fi 1622*7c478bd9Sstevel@tonic-gate} 1623*7c478bd9Sstevel@tonic-gate 1624*7c478bd9Sstevel@tonic-gate 1625*7c478bd9Sstevel@tonic-gate# 1626*7c478bd9Sstevel@tonic-gate# get_srv_authMethod_key(): Get the Service Auth Method for keyserv from user. 1627*7c478bd9Sstevel@tonic-gate# 1628*7c478bd9Sstevel@tonic-gate# NOTE: This function is base on get_auth(). 1629*7c478bd9Sstevel@tonic-gate# 1630*7c478bd9Sstevel@tonic-gateget_srv_authMethod_key() 1631*7c478bd9Sstevel@tonic-gate{ 1632*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_key()" 1633*7c478bd9Sstevel@tonic-gate 1634*7c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 1635*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 1636*7c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 1637*7c478bd9Sstevel@tonic-gate 1638*7c478bd9Sstevel@tonic-gate while : 1639*7c478bd9Sstevel@tonic-gate do 1640*7c478bd9Sstevel@tonic-gate # Call Menu handler 1641*7c478bd9Sstevel@tonic-gate srvauth_menu_handler 1642*7c478bd9Sstevel@tonic-gate 1643*7c478bd9Sstevel@tonic-gate # Add Auth Method to list. 1644*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 1645*7c478bd9Sstevel@tonic-gate if [ "$_AUTHMETHOD" = "" ]; then 1646*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="" 1647*7c478bd9Sstevel@tonic-gate else 1648*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="keyserv:${_AUTHMETHOD}" 1649*7c478bd9Sstevel@tonic-gate fi 1650*7c478bd9Sstevel@tonic-gate _FIRST=0 1651*7c478bd9Sstevel@tonic-gate else 1652*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="${LDAP_SRV_AUTHMETHOD_KEY};${_AUTHMETHOD}" 1653*7c478bd9Sstevel@tonic-gate fi 1654*7c478bd9Sstevel@tonic-gate 1655*7c478bd9Sstevel@tonic-gate # Display current Authentication Method. 1656*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1657*7c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_KEY}" 1658*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1659*7c478bd9Sstevel@tonic-gate 1660*7c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 1661*7c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 1662*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1663*7c478bd9Sstevel@tonic-gate break; 1664*7c478bd9Sstevel@tonic-gate fi 1665*7c478bd9Sstevel@tonic-gate done 1666*7c478bd9Sstevel@tonic-gate 1667*7c478bd9Sstevel@tonic-gate # Check in case user reset string and exited loop. 1668*7c478bd9Sstevel@tonic-gate if [ "$LDAP_SRV_AUTHMETHOD_KEY" = "" ]; then 1669*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_KEY=0 1670*7c478bd9Sstevel@tonic-gate fi 1671*7c478bd9Sstevel@tonic-gate} 1672*7c478bd9Sstevel@tonic-gate 1673*7c478bd9Sstevel@tonic-gate 1674*7c478bd9Sstevel@tonic-gate# 1675*7c478bd9Sstevel@tonic-gate# get_srv_authMethod_cmd(): Get the Service Auth Method for passwd-cmd from user. 1676*7c478bd9Sstevel@tonic-gate# 1677*7c478bd9Sstevel@tonic-gate# NOTE: This function is base on get_auth(). 1678*7c478bd9Sstevel@tonic-gate# 1679*7c478bd9Sstevel@tonic-gateget_srv_authMethod_cmd() 1680*7c478bd9Sstevel@tonic-gate{ 1681*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_cmd()" 1682*7c478bd9Sstevel@tonic-gate 1683*7c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 1684*7c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 1685*7c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 1686*7c478bd9Sstevel@tonic-gate 1687*7c478bd9Sstevel@tonic-gate while : 1688*7c478bd9Sstevel@tonic-gate do 1689*7c478bd9Sstevel@tonic-gate # Call Menu handler 1690*7c478bd9Sstevel@tonic-gate srvauth_menu_handler 1691*7c478bd9Sstevel@tonic-gate 1692*7c478bd9Sstevel@tonic-gate # Add Auth Method to list. 1693*7c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 1694*7c478bd9Sstevel@tonic-gate if [ "$_AUTHMETHOD" = "" ]; then 1695*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="" 1696*7c478bd9Sstevel@tonic-gate else 1697*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="passwd-cmd:${_AUTHMETHOD}" 1698*7c478bd9Sstevel@tonic-gate fi 1699*7c478bd9Sstevel@tonic-gate _FIRST=0 1700*7c478bd9Sstevel@tonic-gate else 1701*7c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="${LDAP_SRV_AUTHMETHOD_CMD};${_AUTHMETHOD}" 1702*7c478bd9Sstevel@tonic-gate fi 1703*7c478bd9Sstevel@tonic-gate 1704*7c478bd9Sstevel@tonic-gate # Display current Authentication Method. 1705*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1706*7c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_CMD}" 1707*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1708*7c478bd9Sstevel@tonic-gate 1709*7c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 1710*7c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 1711*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 1712*7c478bd9Sstevel@tonic-gate break; 1713*7c478bd9Sstevel@tonic-gate fi 1714*7c478bd9Sstevel@tonic-gate done 1715*7c478bd9Sstevel@tonic-gate 1716*7c478bd9Sstevel@tonic-gate # Check in case user reset string and exited loop. 1717*7c478bd9Sstevel@tonic-gate if [ "$LDAP_SRV_AUTHMETHOD_CMD" = "" ]; then 1718*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_CMD=0 1719*7c478bd9Sstevel@tonic-gate fi 1720*7c478bd9Sstevel@tonic-gate} 1721*7c478bd9Sstevel@tonic-gate 1722*7c478bd9Sstevel@tonic-gate 1723*7c478bd9Sstevel@tonic-gate# 1724*7c478bd9Sstevel@tonic-gate# get_srch_time(): Amount of time to search. 1725*7c478bd9Sstevel@tonic-gate# 1726*7c478bd9Sstevel@tonic-gateget_srch_time() 1727*7c478bd9Sstevel@tonic-gate{ 1728*7c478bd9Sstevel@tonic-gate get_negone_num "Client search time limit in seconds (h=help):" "$LDAP_SEARCH_TIME_LIMIT" "srchtime_help" 1729*7c478bd9Sstevel@tonic-gate LDAP_SEARCH_TIME_LIMIT=$NUM 1730*7c478bd9Sstevel@tonic-gate} 1731*7c478bd9Sstevel@tonic-gate 1732*7c478bd9Sstevel@tonic-gate 1733*7c478bd9Sstevel@tonic-gate# 1734*7c478bd9Sstevel@tonic-gate# get_prof_ttl(): The profile time to live (TTL) 1735*7c478bd9Sstevel@tonic-gate# 1736*7c478bd9Sstevel@tonic-gateget_prof_ttl() 1737*7c478bd9Sstevel@tonic-gate{ 1738*7c478bd9Sstevel@tonic-gate get_negone_num "Profile Time To Live in seconds (h=help):" "$LDAP_PROFILE_TTL" "profttl_help" 1739*7c478bd9Sstevel@tonic-gate LDAP_PROFILE_TTL=$NUM 1740*7c478bd9Sstevel@tonic-gate} 1741*7c478bd9Sstevel@tonic-gate 1742*7c478bd9Sstevel@tonic-gate 1743*7c478bd9Sstevel@tonic-gate# 1744*7c478bd9Sstevel@tonic-gate# get_bind_limit(): Bind time limit 1745*7c478bd9Sstevel@tonic-gate# 1746*7c478bd9Sstevel@tonic-gateget_bind_limit() 1747*7c478bd9Sstevel@tonic-gate{ 1748*7c478bd9Sstevel@tonic-gate get_negone_num "Bind time limit in seconds (h=help):" "$LDAP_BIND_LIMIT" "bindlim_help" 1749*7c478bd9Sstevel@tonic-gate LDAP_BIND_LIMIT=$NUM 1750*7c478bd9Sstevel@tonic-gate} 1751*7c478bd9Sstevel@tonic-gate 1752*7c478bd9Sstevel@tonic-gate 1753*7c478bd9Sstevel@tonic-gate###################################################################### 1754*7c478bd9Sstevel@tonic-gate# FUNCTIONS FOR Service Search Descriptor's START HERE. 1755*7c478bd9Sstevel@tonic-gate###################################################################### 1756*7c478bd9Sstevel@tonic-gate 1757*7c478bd9Sstevel@tonic-gate 1758*7c478bd9Sstevel@tonic-gate# 1759*7c478bd9Sstevel@tonic-gate# add_ssd(): Get SSD's from user and add to file. 1760*7c478bd9Sstevel@tonic-gate# 1761*7c478bd9Sstevel@tonic-gateadd_ssd() 1762*7c478bd9Sstevel@tonic-gate{ 1763*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_ssd()" 1764*7c478bd9Sstevel@tonic-gate 1765*7c478bd9Sstevel@tonic-gate # Enter the service id. Loop til unique. 1766*7c478bd9Sstevel@tonic-gate while : 1767*7c478bd9Sstevel@tonic-gate do 1768*7c478bd9Sstevel@tonic-gate get_ans "Enter the service id:" 1769*7c478bd9Sstevel@tonic-gate _SERV_ID=$ANS 1770*7c478bd9Sstevel@tonic-gate 1771*7c478bd9Sstevel@tonic-gate # Grep for name existing. 1772*7c478bd9Sstevel@tonic-gate ${GREP} -i "^$ANS:" ${SSD_FILE} > /dev/null 2>&1 1773*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1774*7c478bd9Sstevel@tonic-gate break 1775*7c478bd9Sstevel@tonic-gate fi 1776*7c478bd9Sstevel@tonic-gate 1777*7c478bd9Sstevel@tonic-gate # Name exists, print message, let user decide. 1778*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Service id ${ANS} already exists." 1779*7c478bd9Sstevel@tonic-gate done 1780*7c478bd9Sstevel@tonic-gate 1781*7c478bd9Sstevel@tonic-gate get_ans "Enter the base:" 1782*7c478bd9Sstevel@tonic-gate _BASE=$ANS 1783*7c478bd9Sstevel@tonic-gate 1784*7c478bd9Sstevel@tonic-gate # Get the scope and verify that its one or sub. 1785*7c478bd9Sstevel@tonic-gate while : 1786*7c478bd9Sstevel@tonic-gate do 1787*7c478bd9Sstevel@tonic-gate get_ans "Enter the scope:" 1788*7c478bd9Sstevel@tonic-gate _SCOPE=$ANS 1789*7c478bd9Sstevel@tonic-gate case `${ECHO} ${_SCOPE} | tr '[A-Z]' '[a-z]'` in 1790*7c478bd9Sstevel@tonic-gate one) break ;; 1791*7c478bd9Sstevel@tonic-gate sub) break ;; 1792*7c478bd9Sstevel@tonic-gate *) ${ECHO} "${_SCOPE} is Not valid - Enter 'one' or 'sub'" ;; 1793*7c478bd9Sstevel@tonic-gate esac 1794*7c478bd9Sstevel@tonic-gate done 1795*7c478bd9Sstevel@tonic-gate 1796*7c478bd9Sstevel@tonic-gate # Build SSD to add to file. 1797*7c478bd9Sstevel@tonic-gate _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}" 1798*7c478bd9Sstevel@tonic-gate 1799*7c478bd9Sstevel@tonic-gate # Add the SSD to the file. 1800*7c478bd9Sstevel@tonic-gate ${ECHO} "${_SSD}" >> ${SSD_FILE} 1801*7c478bd9Sstevel@tonic-gate} 1802*7c478bd9Sstevel@tonic-gate 1803*7c478bd9Sstevel@tonic-gate 1804*7c478bd9Sstevel@tonic-gate# 1805*7c478bd9Sstevel@tonic-gate# delete_ssd(): Delete a SSD from the list. 1806*7c478bd9Sstevel@tonic-gate# 1807*7c478bd9Sstevel@tonic-gatedelete_ssd() 1808*7c478bd9Sstevel@tonic-gate{ 1809*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In delete_ssd()" 1810*7c478bd9Sstevel@tonic-gate 1811*7c478bd9Sstevel@tonic-gate # Get service id name from user for SSD to delete. 1812*7c478bd9Sstevel@tonic-gate get_ans_req "Enter service id to delete:" 1813*7c478bd9Sstevel@tonic-gate 1814*7c478bd9Sstevel@tonic-gate # Make sure service id exists. 1815*7c478bd9Sstevel@tonic-gate ${GREP} "$ANS" ${SSD_FILE} > /dev/null 2>&1 1816*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1817*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid service id: $ANS not present in list." 1818*7c478bd9Sstevel@tonic-gate return 1819*7c478bd9Sstevel@tonic-gate fi 1820*7c478bd9Sstevel@tonic-gate 1821*7c478bd9Sstevel@tonic-gate # Create temporary back SSD file. 1822*7c478bd9Sstevel@tonic-gate cp ${SSD_FILE} ${SSD_FILE}.bak 1823*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1824*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak" 1825*7c478bd9Sstevel@tonic-gate exit 1 1826*7c478bd9Sstevel@tonic-gate fi 1827*7c478bd9Sstevel@tonic-gate 1828*7c478bd9Sstevel@tonic-gate # Use ${GREP} to remove the SSD. Read from temp file 1829*7c478bd9Sstevel@tonic-gate # and write to the orig file. 1830*7c478bd9Sstevel@tonic-gate ${GREP} -v "$ANS" ${SSD_FILE}.bak > ${SSD_FILE} 1831*7c478bd9Sstevel@tonic-gate} 1832*7c478bd9Sstevel@tonic-gate 1833*7c478bd9Sstevel@tonic-gate 1834*7c478bd9Sstevel@tonic-gate# 1835*7c478bd9Sstevel@tonic-gate# modify_ssd(): Allow user to modify a SSD. 1836*7c478bd9Sstevel@tonic-gate# 1837*7c478bd9Sstevel@tonic-gatemodify_ssd() 1838*7c478bd9Sstevel@tonic-gate{ 1839*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_ssd()" 1840*7c478bd9Sstevel@tonic-gate 1841*7c478bd9Sstevel@tonic-gate # Prompt user for service id. 1842*7c478bd9Sstevel@tonic-gate get_ans_req "Enter service id to modify:" 1843*7c478bd9Sstevel@tonic-gate 1844*7c478bd9Sstevel@tonic-gate # Put into temp _LINE. 1845*7c478bd9Sstevel@tonic-gate _LINE=`${GREP} "^$ANS:" ${SSD_FILE}` 1846*7c478bd9Sstevel@tonic-gate if [ "$_LINE" = "" ]; then 1847*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid service id: $ANS" 1848*7c478bd9Sstevel@tonic-gate return 1849*7c478bd9Sstevel@tonic-gate fi 1850*7c478bd9Sstevel@tonic-gate 1851*7c478bd9Sstevel@tonic-gate # Display current filter for user to see. 1852*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1853*7c478bd9Sstevel@tonic-gate ${ECHO} "Current SSD: $_LINE" 1854*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1855*7c478bd9Sstevel@tonic-gate 1856*7c478bd9Sstevel@tonic-gate # Get the defaults. 1857*7c478bd9Sstevel@tonic-gate _CURR_BASE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 1` 1858*7c478bd9Sstevel@tonic-gate _CURR_SCOPE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 2` 1859*7c478bd9Sstevel@tonic-gate 1860*7c478bd9Sstevel@tonic-gate # Create temporary back SSD file. 1861*7c478bd9Sstevel@tonic-gate cp ${SSD_FILE} ${SSD_FILE}.bak 1862*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 1863*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak" 1864*7c478bd9Sstevel@tonic-gate cleanup 1865*7c478bd9Sstevel@tonic-gate exit 1 1866*7c478bd9Sstevel@tonic-gate fi 1867*7c478bd9Sstevel@tonic-gate 1868*7c478bd9Sstevel@tonic-gate # Removed the old line. 1869*7c478bd9Sstevel@tonic-gate ${GREP} -v "^$ANS:" ${SSD_FILE}.bak > ${SSD_FILE} 2>&1 1870*7c478bd9Sstevel@tonic-gate 1871*7c478bd9Sstevel@tonic-gate # New Entry 1872*7c478bd9Sstevel@tonic-gate _SERV_ID=$ANS 1873*7c478bd9Sstevel@tonic-gate get_ans_req "Enter the base:" "$_CURR_BASE" 1874*7c478bd9Sstevel@tonic-gate _BASE=$ANS 1875*7c478bd9Sstevel@tonic-gate get_ans_req "Enter the scope:" "$_CURR_SCOPE" 1876*7c478bd9Sstevel@tonic-gate _SCOPE=$ANS 1877*7c478bd9Sstevel@tonic-gate 1878*7c478bd9Sstevel@tonic-gate # Build the new SSD. 1879*7c478bd9Sstevel@tonic-gate _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}" 1880*7c478bd9Sstevel@tonic-gate 1881*7c478bd9Sstevel@tonic-gate # Add the SSD to the file. 1882*7c478bd9Sstevel@tonic-gate ${ECHO} "${_SSD}" >> ${SSD_FILE} 1883*7c478bd9Sstevel@tonic-gate} 1884*7c478bd9Sstevel@tonic-gate 1885*7c478bd9Sstevel@tonic-gate 1886*7c478bd9Sstevel@tonic-gate# 1887*7c478bd9Sstevel@tonic-gate# display_ssd(): Display the current SSD list. 1888*7c478bd9Sstevel@tonic-gate# 1889*7c478bd9Sstevel@tonic-gatedisplay_ssd() 1890*7c478bd9Sstevel@tonic-gate{ 1891*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In display_ssd()" 1892*7c478bd9Sstevel@tonic-gate 1893*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1894*7c478bd9Sstevel@tonic-gate ${ECHO} "Current Service Search Descriptors:" 1895*7c478bd9Sstevel@tonic-gate ${ECHO} "==================================" 1896*7c478bd9Sstevel@tonic-gate cat ${SSD_FILE} 1897*7c478bd9Sstevel@tonic-gate ${ECHO} "" 1898*7c478bd9Sstevel@tonic-gate ${ECHO} "Hit return to continue." 1899*7c478bd9Sstevel@tonic-gate read __A 1900*7c478bd9Sstevel@tonic-gate} 1901*7c478bd9Sstevel@tonic-gate 1902*7c478bd9Sstevel@tonic-gate 1903*7c478bd9Sstevel@tonic-gate# 1904*7c478bd9Sstevel@tonic-gate# prompt_ssd(): Get SSD's from user. 1905*7c478bd9Sstevel@tonic-gate# 1906*7c478bd9Sstevel@tonic-gateprompt_ssd() 1907*7c478bd9Sstevel@tonic-gate{ 1908*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_ssd()" 1909*7c478bd9Sstevel@tonic-gate # See if user wants SSD's? 1910*7c478bd9Sstevel@tonic-gate get_confirm "Do you wish to setup Service Search Descriptors (y/n/h)?" "n" "ssd_help" 1911*7c478bd9Sstevel@tonic-gate [ "$?" -eq 0 ] && return 1912*7c478bd9Sstevel@tonic-gate 1913*7c478bd9Sstevel@tonic-gate # Display menu for SSD choices. 1914*7c478bd9Sstevel@tonic-gate while : 1915*7c478bd9Sstevel@tonic-gate do 1916*7c478bd9Sstevel@tonic-gate display_msg prompt_ssd_menu 1917*7c478bd9Sstevel@tonic-gate get_ans "Enter menu choice:" "Quit" 1918*7c478bd9Sstevel@tonic-gate case "$ANS" in 1919*7c478bd9Sstevel@tonic-gate [Aa] | add) add_ssd ;; 1920*7c478bd9Sstevel@tonic-gate [Dd] | delete) delete_ssd ;; 1921*7c478bd9Sstevel@tonic-gate [Mm] | modify) modify_ssd ;; 1922*7c478bd9Sstevel@tonic-gate [Pp] | print | display) display_ssd ;; 1923*7c478bd9Sstevel@tonic-gate [Xx] | reset | clear) reset_ssd_file ;; 1924*7c478bd9Sstevel@tonic-gate [Hh] | Help | help) display_msg ssd_menu_help 1925*7c478bd9Sstevel@tonic-gate ${ECHO} " Press return to continue." 1926*7c478bd9Sstevel@tonic-gate read __A ;; 1927*7c478bd9Sstevel@tonic-gate [Qq] | Quit | quit) return ;; 1928*7c478bd9Sstevel@tonic-gate *) ${ECHO} "Invalid choice: $ANS please re-enter from menu." ;; 1929*7c478bd9Sstevel@tonic-gate esac 1930*7c478bd9Sstevel@tonic-gate done 1931*7c478bd9Sstevel@tonic-gate} 1932*7c478bd9Sstevel@tonic-gate 1933*7c478bd9Sstevel@tonic-gate 1934*7c478bd9Sstevel@tonic-gate# 1935*7c478bd9Sstevel@tonic-gate# reset_ssd_file(): Blank out current SSD file. 1936*7c478bd9Sstevel@tonic-gate# 1937*7c478bd9Sstevel@tonic-gatereset_ssd_file() 1938*7c478bd9Sstevel@tonic-gate{ 1939*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In reset_ssd_file()" 1940*7c478bd9Sstevel@tonic-gate 1941*7c478bd9Sstevel@tonic-gate rm -f ${SSD_FILE} 1942*7c478bd9Sstevel@tonic-gate touch ${SSD_FILE} 1943*7c478bd9Sstevel@tonic-gate} 1944*7c478bd9Sstevel@tonic-gate 1945*7c478bd9Sstevel@tonic-gate 1946*7c478bd9Sstevel@tonic-gate# 1947*7c478bd9Sstevel@tonic-gate# create_ssd_file(): Create a temporary file for SSD's. 1948*7c478bd9Sstevel@tonic-gate# 1949*7c478bd9Sstevel@tonic-gatecreate_ssd_file() 1950*7c478bd9Sstevel@tonic-gate{ 1951*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In create_ssd_file()" 1952*7c478bd9Sstevel@tonic-gate 1953*7c478bd9Sstevel@tonic-gate # Build a list of SSD's and store in temp file. 1954*7c478bd9Sstevel@tonic-gate ${GREP} "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} | \ 1955*7c478bd9Sstevel@tonic-gate sed 's/LDAP_SERV_SRCH_DES=//' \ 1956*7c478bd9Sstevel@tonic-gate > ${SSD_FILE} 1957*7c478bd9Sstevel@tonic-gate} 1958*7c478bd9Sstevel@tonic-gate 1959*7c478bd9Sstevel@tonic-gate 1960*7c478bd9Sstevel@tonic-gate# 1961*7c478bd9Sstevel@tonic-gate# ssd_2_config(): Append the SSD file to the output file. 1962*7c478bd9Sstevel@tonic-gate# 1963*7c478bd9Sstevel@tonic-gatessd_2_config() 1964*7c478bd9Sstevel@tonic-gate{ 1965*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_config()" 1966*7c478bd9Sstevel@tonic-gate 1967*7c478bd9Sstevel@tonic-gate # Convert to config file format using sed. 1968*7c478bd9Sstevel@tonic-gate sed -e "s/^/LDAP_SERV_SRCH_DES=/" ${SSD_FILE} >> ${OUTPUT_FILE} 1969*7c478bd9Sstevel@tonic-gate} 1970*7c478bd9Sstevel@tonic-gate 1971*7c478bd9Sstevel@tonic-gate 1972*7c478bd9Sstevel@tonic-gate# 1973*7c478bd9Sstevel@tonic-gate# ssd_2_profile(): Add SSD's to the GEN_CMD string. 1974*7c478bd9Sstevel@tonic-gate# 1975*7c478bd9Sstevel@tonic-gatessd_2_profile() 1976*7c478bd9Sstevel@tonic-gate{ 1977*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_profile()" 1978*7c478bd9Sstevel@tonic-gate 1979*7c478bd9Sstevel@tonic-gate GEN_TMPFILE=${TMPDIR}/ssd_tmpfile 1980*7c478bd9Sstevel@tonic-gate touch ${GEN_TMPFILE} 1981*7c478bd9Sstevel@tonic-gate 1982*7c478bd9Sstevel@tonic-gate # Add and convert each SSD to string. 1983*7c478bd9Sstevel@tonic-gate while read SSD_LINE 1984*7c478bd9Sstevel@tonic-gate do 1985*7c478bd9Sstevel@tonic-gate ${ECHO} " -a \"serviceSearchDescriptor=${SSD_LINE}\"\c" >> ${GEN_TMPFILE} 1986*7c478bd9Sstevel@tonic-gate done <${SSD_FILE} 1987*7c478bd9Sstevel@tonic-gate 1988*7c478bd9Sstevel@tonic-gate # Add SSD's to GEN_CMD. 1989*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} `cat ${GEN_TMPFILE}`" 1990*7c478bd9Sstevel@tonic-gate} 1991*7c478bd9Sstevel@tonic-gate 1992*7c478bd9Sstevel@tonic-gate 1993*7c478bd9Sstevel@tonic-gate# 1994*7c478bd9Sstevel@tonic-gate# prompt_config_info(): This function prompts the user for the config 1995*7c478bd9Sstevel@tonic-gate# info that is not specified in the input file. 1996*7c478bd9Sstevel@tonic-gate# 1997*7c478bd9Sstevel@tonic-gateprompt_config_info() 1998*7c478bd9Sstevel@tonic-gate{ 1999*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_config_info()" 2000*7c478bd9Sstevel@tonic-gate 2001*7c478bd9Sstevel@tonic-gate # Prompt for iDS server name. 2002*7c478bd9Sstevel@tonic-gate get_ids_server 2003*7c478bd9Sstevel@tonic-gate 2004*7c478bd9Sstevel@tonic-gate # Prompt for iDS port number. 2005*7c478bd9Sstevel@tonic-gate get_ids_port 2006*7c478bd9Sstevel@tonic-gate 2007*7c478bd9Sstevel@tonic-gate # Check iDS version for compatibility. 2008*7c478bd9Sstevel@tonic-gate chk_ids_version 2009*7c478bd9Sstevel@tonic-gate 2010*7c478bd9Sstevel@tonic-gate # Check if the server supports the VLV. 2011*7c478bd9Sstevel@tonic-gate chk_vlv_indexes 2012*7c478bd9Sstevel@tonic-gate 2013*7c478bd9Sstevel@tonic-gate # Get the Directory manager DN and passwd. 2014*7c478bd9Sstevel@tonic-gate get_dirmgr_dn 2015*7c478bd9Sstevel@tonic-gate get_dirmgr_pw 2016*7c478bd9Sstevel@tonic-gate 2017*7c478bd9Sstevel@tonic-gate # 2018*7c478bd9Sstevel@tonic-gate # LDAP CLIENT PROFILE SPECIFIC INFORMATION. 2019*7c478bd9Sstevel@tonic-gate # (i.e. The fields that show up in the profile.) 2020*7c478bd9Sstevel@tonic-gate # 2021*7c478bd9Sstevel@tonic-gate get_domain "domain_help" 2022*7c478bd9Sstevel@tonic-gate 2023*7c478bd9Sstevel@tonic-gate get_basedn 2024*7c478bd9Sstevel@tonic-gate 2025*7c478bd9Sstevel@tonic-gate get_profile_name 2026*7c478bd9Sstevel@tonic-gate get_srv_list 2027*7c478bd9Sstevel@tonic-gate get_pref_srv 2028*7c478bd9Sstevel@tonic-gate get_search_scope 2029*7c478bd9Sstevel@tonic-gate 2030*7c478bd9Sstevel@tonic-gate # If cred is "anonymous", make auth == "none" 2031*7c478bd9Sstevel@tonic-gate get_cred_level 2032*7c478bd9Sstevel@tonic-gate if [ "$LDAP_CRED_LEVEL" != "anonymous" ]; then 2033*7c478bd9Sstevel@tonic-gate get_auth 2034*7c478bd9Sstevel@tonic-gate fi 2035*7c478bd9Sstevel@tonic-gate 2036*7c478bd9Sstevel@tonic-gate get_followref 2037*7c478bd9Sstevel@tonic-gate 2038*7c478bd9Sstevel@tonic-gate # Query user about timelimt. 2039*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to modify the server timelimit value (y/n/h)?" "n" "tlim_help" 2040*7c478bd9Sstevel@tonic-gate NEED_TIME=$? 2041*7c478bd9Sstevel@tonic-gate [ $NEED_TIME -eq 1 ] && get_timelimit 2042*7c478bd9Sstevel@tonic-gate 2043*7c478bd9Sstevel@tonic-gate # Query user about sizelimit. 2044*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to modify the server sizelimit value (y/n/h)?" "n" "slim_help" 2045*7c478bd9Sstevel@tonic-gate NEED_SIZE=$? 2046*7c478bd9Sstevel@tonic-gate [ $NEED_SIZE -eq 1 ] && get_sizelimit 2047*7c478bd9Sstevel@tonic-gate 2048*7c478bd9Sstevel@tonic-gate # Does the user want to store passwords in crypt format? 2049*7c478bd9Sstevel@tonic-gate get_want_crypt 2050*7c478bd9Sstevel@tonic-gate 2051*7c478bd9Sstevel@tonic-gate # Prompt for any Service Authentication Methods? 2052*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Authentication Methods (y/n/h)?" "n" "srvauth_help" 2053*7c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 2054*7c478bd9Sstevel@tonic-gate # Does the user want to set Service Authentication Method for pam_ldap? 2055*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Auth. Method for \"pam_ldap\" (y/n/h)?" "n" "pam_ldap_help" 2056*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_PAM=$? 2057*7c478bd9Sstevel@tonic-gate [ $NEED_SRVAUTH_PAM -eq 1 ] && get_srv_authMethod_pam 2058*7c478bd9Sstevel@tonic-gate 2059*7c478bd9Sstevel@tonic-gate # Does the user want to set Service Authentication Method for keyserv? 2060*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Auth. Method for \"keyserv\" (y/n/h)?" "n" "keyserv_help" 2061*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_KEY=$? 2062*7c478bd9Sstevel@tonic-gate [ $NEED_SRVAUTH_KEY -eq 1 ] && get_srv_authMethod_key 2063*7c478bd9Sstevel@tonic-gate 2064*7c478bd9Sstevel@tonic-gate # Does the user want to set Service Authentication Method for passwd-cmd? 2065*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Auth. Method for \"passwd-cmd\" (y/n/h)?" "n" "passwd-cmd_help" 2066*7c478bd9Sstevel@tonic-gate NEED_SRVAUTH_CMD=$? 2067*7c478bd9Sstevel@tonic-gate [ $NEED_SRVAUTH_CMD -eq 1 ] && get_srv_authMethod_cmd 2068*7c478bd9Sstevel@tonic-gate fi 2069*7c478bd9Sstevel@tonic-gate 2070*7c478bd9Sstevel@tonic-gate # Get Timeouts 2071*7c478bd9Sstevel@tonic-gate get_srch_time 2072*7c478bd9Sstevel@tonic-gate get_prof_ttl 2073*7c478bd9Sstevel@tonic-gate get_bind_limit 2074*7c478bd9Sstevel@tonic-gate 2075*7c478bd9Sstevel@tonic-gate # Reset the sdd_file and prompt user for SSD. Will use menus 2076*7c478bd9Sstevel@tonic-gate # to build an SSD File. 2077*7c478bd9Sstevel@tonic-gate reset_ssd_file 2078*7c478bd9Sstevel@tonic-gate prompt_ssd 2079*7c478bd9Sstevel@tonic-gate 2080*7c478bd9Sstevel@tonic-gate # Display FULL debugging info. 2081*7c478bd9Sstevel@tonic-gate disp_full_debug 2082*7c478bd9Sstevel@tonic-gate 2083*7c478bd9Sstevel@tonic-gate # Extra blank line to separate prompt lines from steps. 2084*7c478bd9Sstevel@tonic-gate ${ECHO} " " 2085*7c478bd9Sstevel@tonic-gate} 2086*7c478bd9Sstevel@tonic-gate 2087*7c478bd9Sstevel@tonic-gate 2088*7c478bd9Sstevel@tonic-gate###################################################################### 2089*7c478bd9Sstevel@tonic-gate# FUNCTIONS FOR display_summary() START HERE. 2090*7c478bd9Sstevel@tonic-gate###################################################################### 2091*7c478bd9Sstevel@tonic-gate 2092*7c478bd9Sstevel@tonic-gate 2093*7c478bd9Sstevel@tonic-gate# 2094*7c478bd9Sstevel@tonic-gate# get_proxyagent(): Get the proxyagent DN. 2095*7c478bd9Sstevel@tonic-gate# 2096*7c478bd9Sstevel@tonic-gateget_proxyagent() 2097*7c478bd9Sstevel@tonic-gate{ 2098*7c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT="cn=proxyagent,ou=profile,${LDAP_BASEDN}" # default 2099*7c478bd9Sstevel@tonic-gate get_ans "Enter DN for proxy agent:" "$LDAP_PROXYAGENT" 2100*7c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT=$ANS 2101*7c478bd9Sstevel@tonic-gate} 2102*7c478bd9Sstevel@tonic-gate 2103*7c478bd9Sstevel@tonic-gate 2104*7c478bd9Sstevel@tonic-gate# 2105*7c478bd9Sstevel@tonic-gate# get_proxy_pw(): Get the proxyagent passwd. 2106*7c478bd9Sstevel@tonic-gate# 2107*7c478bd9Sstevel@tonic-gateget_proxy_pw() 2108*7c478bd9Sstevel@tonic-gate{ 2109*7c478bd9Sstevel@tonic-gate get_passwd "Enter passwd for proxyagent:" 2110*7c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT_CRED=$ANS 2111*7c478bd9Sstevel@tonic-gate} 2112*7c478bd9Sstevel@tonic-gate 2113*7c478bd9Sstevel@tonic-gate 2114*7c478bd9Sstevel@tonic-gate# 2115*7c478bd9Sstevel@tonic-gate# display_summary(): Display a summary of values entered and let the 2116*7c478bd9Sstevel@tonic-gate# user modify values at will. 2117*7c478bd9Sstevel@tonic-gate# 2118*7c478bd9Sstevel@tonic-gatedisplay_summary() 2119*7c478bd9Sstevel@tonic-gate{ 2120*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In display_summary()" 2121*7c478bd9Sstevel@tonic-gate 2122*7c478bd9Sstevel@tonic-gate # Create lookup table for function names. First entry is dummy for 2123*7c478bd9Sstevel@tonic-gate # shift. 2124*7c478bd9Sstevel@tonic-gate TBL1="dummy" 2125*7c478bd9Sstevel@tonic-gate TBL2="get_domain get_basedn get_profile_name" 2126*7c478bd9Sstevel@tonic-gate TBL3="get_srv_list get_pref_srv get_search_scope get_cred_level" 2127*7c478bd9Sstevel@tonic-gate TBL4="get_auth get_followref" 2128*7c478bd9Sstevel@tonic-gate TBL5="get_timelimit get_sizelimit get_want_crypt" 2129*7c478bd9Sstevel@tonic-gate TBL6="get_srv_authMethod_pam get_srv_authMethod_key get_srv_authMethod_cmd" 2130*7c478bd9Sstevel@tonic-gate TBL7="get_srch_time get_prof_ttl get_bind_limit" 2131*7c478bd9Sstevel@tonic-gate TBL8="prompt_ssd" 2132*7c478bd9Sstevel@tonic-gate FUNC_TBL="$TBL1 $TBL2 $TBL3 $TBL4 $TBL5 $TBL6 $TBL7 $TBL8" 2133*7c478bd9Sstevel@tonic-gate 2134*7c478bd9Sstevel@tonic-gate # Since menu prompt string is long, set here. 2135*7c478bd9Sstevel@tonic-gate _MENU_PROMPT="Enter config value to change: (1-19 0=commit changes)" 2136*7c478bd9Sstevel@tonic-gate 2137*7c478bd9Sstevel@tonic-gate # Infinite loop. Test for 0, and break in loop. 2138*7c478bd9Sstevel@tonic-gate while : 2139*7c478bd9Sstevel@tonic-gate do 2140*7c478bd9Sstevel@tonic-gate # Display menu and get value in range. 2141*7c478bd9Sstevel@tonic-gate display_msg summary_menu 2142*7c478bd9Sstevel@tonic-gate get_menu_choice "${_MENU_PROMPT}" "0" "19" "0" 2143*7c478bd9Sstevel@tonic-gate _CH=$MN_CH 2144*7c478bd9Sstevel@tonic-gate 2145*7c478bd9Sstevel@tonic-gate # Make sure where not exiting. 2146*7c478bd9Sstevel@tonic-gate if [ $_CH -eq 0 ]; then 2147*7c478bd9Sstevel@tonic-gate break # Break out of loop if 0 selected. 2148*7c478bd9Sstevel@tonic-gate fi 2149*7c478bd9Sstevel@tonic-gate 2150*7c478bd9Sstevel@tonic-gate # Call appropriate function from function table. 2151*7c478bd9Sstevel@tonic-gate set $FUNC_TBL 2152*7c478bd9Sstevel@tonic-gate shift $_CH 2153*7c478bd9Sstevel@tonic-gate $1 # Call the appropriate function. 2154*7c478bd9Sstevel@tonic-gate done 2155*7c478bd9Sstevel@tonic-gate 2156*7c478bd9Sstevel@tonic-gate # If cred level is still see if user wants a change? 2157*7c478bd9Sstevel@tonic-gate if ${ECHO} "$LDAP_CRED_LEVEL" | ${GREP} "proxy" > /dev/null 2>&1 2158*7c478bd9Sstevel@tonic-gate then 2159*7c478bd9Sstevel@tonic-gate if [ "$LDAP_AUTHMETHOD" != "none" ]; then 2160*7c478bd9Sstevel@tonic-gate NEED_PROXY=1 # I assume integer test is faster? 2161*7c478bd9Sstevel@tonic-gate get_proxyagent 2162*7c478bd9Sstevel@tonic-gate get_proxy_pw 2163*7c478bd9Sstevel@tonic-gate else 2164*7c478bd9Sstevel@tonic-gate ${ECHO} "WARNING: Since Authentication method is 'none'." 2165*7c478bd9Sstevel@tonic-gate ${ECHO} " Credential level will be set to 'anonymous'." 2166*7c478bd9Sstevel@tonic-gate LDAP_CRED_LEVEL="anonymous" 2167*7c478bd9Sstevel@tonic-gate fi 2168*7c478bd9Sstevel@tonic-gate fi 2169*7c478bd9Sstevel@tonic-gate 2170*7c478bd9Sstevel@tonic-gate # Display FULL debugging info. 2171*7c478bd9Sstevel@tonic-gate disp_full_debug 2172*7c478bd9Sstevel@tonic-gate 2173*7c478bd9Sstevel@tonic-gate # Final confirmation message. (ARE YOU SURE!) 2174*7c478bd9Sstevel@tonic-gate ${ECHO} " " 2175*7c478bd9Sstevel@tonic-gate get_confirm_nodef "WARNING: About to start committing changes. (y=continue, n=EXIT)" 2176*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2177*7c478bd9Sstevel@tonic-gate ${ECHO} "Terminating setup without making changes at users request." 2178*7c478bd9Sstevel@tonic-gate exit 1 2179*7c478bd9Sstevel@tonic-gate fi 2180*7c478bd9Sstevel@tonic-gate 2181*7c478bd9Sstevel@tonic-gate # Print newline 2182*7c478bd9Sstevel@tonic-gate ${ECHO} " " 2183*7c478bd9Sstevel@tonic-gate} 2184*7c478bd9Sstevel@tonic-gate 2185*7c478bd9Sstevel@tonic-gate 2186*7c478bd9Sstevel@tonic-gate# 2187*7c478bd9Sstevel@tonic-gate# create_config_file(): Write config data to config file specified. 2188*7c478bd9Sstevel@tonic-gate# 2189*7c478bd9Sstevel@tonic-gatecreate_config_file() 2190*7c478bd9Sstevel@tonic-gate{ 2191*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In create_config_file()" 2192*7c478bd9Sstevel@tonic-gate 2193*7c478bd9Sstevel@tonic-gate # If output file exists, delete it. 2194*7c478bd9Sstevel@tonic-gate [ -f $OUTPUT_FILE ] && rm $OUTPUT_FILE 2195*7c478bd9Sstevel@tonic-gate 2196*7c478bd9Sstevel@tonic-gate # Create output file. 2197*7c478bd9Sstevel@tonic-gate cat > $OUTPUT_FILE <<EOF 2198*7c478bd9Sstevel@tonic-gate#!/bin/sh 2199*7c478bd9Sstevel@tonic-gate# $OUTPUT_FILE - This file contains configuration information for 2200*7c478bd9Sstevel@tonic-gate# Native LDAP. Use the idsconfig tool to load it. 2201*7c478bd9Sstevel@tonic-gate# 2202*7c478bd9Sstevel@tonic-gate# WARNING: This file was generated by idsconfig, and is intended to 2203*7c478bd9Sstevel@tonic-gate# be loaded by idsconfig as is. DO NOT EDIT THIS FILE! 2204*7c478bd9Sstevel@tonic-gate# 2205*7c478bd9Sstevel@tonic-gateIDS_SERVER="$IDS_SERVER" 2206*7c478bd9Sstevel@tonic-gateIDS_PORT=$IDS_PORT 2207*7c478bd9Sstevel@tonic-gateIDS_TIMELIMIT=$IDS_TIMELIMIT 2208*7c478bd9Sstevel@tonic-gateIDS_SIZELIMIT=$IDS_SIZELIMIT 2209*7c478bd9Sstevel@tonic-gateLDAP_ROOTDN="$LDAP_ROOTDN" 2210*7c478bd9Sstevel@tonic-gateLDAP_ROOTPWD=$LDAP_ROOTPWD 2211*7c478bd9Sstevel@tonic-gateLDAP_DOMAIN="$LDAP_DOMAIN" 2212*7c478bd9Sstevel@tonic-gateLDAP_SUFFIX="$LDAP_SUFFIX" 2213*7c478bd9Sstevel@tonic-gate 2214*7c478bd9Sstevel@tonic-gate# Internal program variables that need to be set. 2215*7c478bd9Sstevel@tonic-gateNEED_PROXY=$NEED_PROXY 2216*7c478bd9Sstevel@tonic-gateNEED_TIME=$NEED_TIME 2217*7c478bd9Sstevel@tonic-gateNEED_SIZE=$NEED_SIZE 2218*7c478bd9Sstevel@tonic-gateNEED_CRYPT=$NEED_CRYPT 2219*7c478bd9Sstevel@tonic-gate 2220*7c478bd9Sstevel@tonic-gate# LDAP PROFILE related defaults 2221*7c478bd9Sstevel@tonic-gateLDAP_PROFILE_NAME="$LDAP_PROFILE_NAME" 2222*7c478bd9Sstevel@tonic-gateDEL_OLD_PROFILE=1 2223*7c478bd9Sstevel@tonic-gateLDAP_BASEDN="$LDAP_BASEDN" 2224*7c478bd9Sstevel@tonic-gateLDAP_SERVER_LIST="$LDAP_SERVER_LIST" 2225*7c478bd9Sstevel@tonic-gateLDAP_AUTHMETHOD="$LDAP_AUTHMETHOD" 2226*7c478bd9Sstevel@tonic-gateLDAP_FOLLOWREF=$LDAP_FOLLOWREF 2227*7c478bd9Sstevel@tonic-gateLDAP_SEARCH_SCOPE="$LDAP_SEARCH_SCOPE" 2228*7c478bd9Sstevel@tonic-gateNEED_SRVAUTH_PAM=$NEED_SRVAUTH_PAM 2229*7c478bd9Sstevel@tonic-gateNEED_SRVAUTH_KEY=$NEED_SRVAUTH_KEY 2230*7c478bd9Sstevel@tonic-gateNEED_SRVAUTH_CMD=$NEED_SRVAUTH_CMD 2231*7c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_PAM="$LDAP_SRV_AUTHMETHOD_PAM" 2232*7c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_KEY="$LDAP_SRV_AUTHMETHOD_KEY" 2233*7c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_CMD="$LDAP_SRV_AUTHMETHOD_CMD" 2234*7c478bd9Sstevel@tonic-gateLDAP_SEARCH_TIME_LIMIT=$LDAP_SEARCH_TIME_LIMIT 2235*7c478bd9Sstevel@tonic-gateLDAP_PREF_SRVLIST="$LDAP_PREF_SRVLIST" 2236*7c478bd9Sstevel@tonic-gateLDAP_PROFILE_TTL=$LDAP_PROFILE_TTL 2237*7c478bd9Sstevel@tonic-gateLDAP_CRED_LEVEL="$LDAP_CRED_LEVEL" 2238*7c478bd9Sstevel@tonic-gateLDAP_BIND_LIMIT=$LDAP_BIND_LIMIT 2239*7c478bd9Sstevel@tonic-gate 2240*7c478bd9Sstevel@tonic-gate# Proxy Agent 2241*7c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT="$LDAP_PROXYAGENT" 2242*7c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT_CRED=$LDAP_PROXYAGENT_CRED 2243*7c478bd9Sstevel@tonic-gate 2244*7c478bd9Sstevel@tonic-gate# Export all the variables (just in case) 2245*7c478bd9Sstevel@tonic-gateexport IDS_HOME IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST LDAP_BASEDN 2246*7c478bd9Sstevel@tonic-gateexport LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED 2247*7c478bd9Sstevel@tonic-gateexport NEED_PROXY 2248*7c478bd9Sstevel@tonic-gateexport LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST 2249*7c478bd9Sstevel@tonic-gateexport LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT 2250*7c478bd9Sstevel@tonic-gateexport LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT 2251*7c478bd9Sstevel@tonic-gateexport NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD 2252*7c478bd9Sstevel@tonic-gateexport LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD 2253*7c478bd9Sstevel@tonic-gateexport LDAP_SERV_SRCH_DES SSD_FILE 2254*7c478bd9Sstevel@tonic-gate 2255*7c478bd9Sstevel@tonic-gate# Service Search Descriptors start here if present: 2256*7c478bd9Sstevel@tonic-gateEOF 2257*7c478bd9Sstevel@tonic-gate # Add service search descriptors. 2258*7c478bd9Sstevel@tonic-gate ssd_2_config "${OUTPUT_FILE}" 2259*7c478bd9Sstevel@tonic-gate 2260*7c478bd9Sstevel@tonic-gate # Add the end of FILE tag. 2261*7c478bd9Sstevel@tonic-gate ${ECHO} "" >> ${OUTPUT_FILE} 2262*7c478bd9Sstevel@tonic-gate ${ECHO} "# End of $OUTPUT_FILE" >> ${OUTPUT_FILE} 2263*7c478bd9Sstevel@tonic-gate} 2264*7c478bd9Sstevel@tonic-gate 2265*7c478bd9Sstevel@tonic-gate 2266*7c478bd9Sstevel@tonic-gate# 2267*7c478bd9Sstevel@tonic-gate# chk_vlv_indexes(): Do ldapsearch to see if server supports VLV. 2268*7c478bd9Sstevel@tonic-gate# 2269*7c478bd9Sstevel@tonic-gatechk_vlv_indexes() 2270*7c478bd9Sstevel@tonic-gate{ 2271*7c478bd9Sstevel@tonic-gate # Do ldapsearch to see if server supports VLV. 2272*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkVLV 2>&1 2273*7c478bd9Sstevel@tonic-gate eval "${GREP} 2.16.840.1.113730.3.4.9 ${TMPDIR}/checkVLV ${VERB}" 2274*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2275*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: VLV is not supported on LDAP server!" 2276*7c478bd9Sstevel@tonic-gate cleanup 2277*7c478bd9Sstevel@tonic-gate exit 1 2278*7c478bd9Sstevel@tonic-gate fi 2279*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " VLV controls found on LDAP server." 2280*7c478bd9Sstevel@tonic-gate} 2281*7c478bd9Sstevel@tonic-gate 2282*7c478bd9Sstevel@tonic-gate# 2283*7c478bd9Sstevel@tonic-gate# get_backend(): this function gets the relevant backend 2284*7c478bd9Sstevel@tonic-gate# (database) for LDAP_BASED. 2285*7c478bd9Sstevel@tonic-gate# Description: set IDS_DATABASE; exit on failure. 2286*7c478bd9Sstevel@tonic-gate# Prerequisite: LDAP_BASEDN and LDAP_SUFFIX are 2287*7c478bd9Sstevel@tonic-gate# valid. 2288*7c478bd9Sstevel@tonic-gate# 2289*7c478bd9Sstevel@tonic-gate# backend is retrieved from suffixes and subsuffixes 2290*7c478bd9Sstevel@tonic-gate# defined under "cn=mapping tree,cn=config". The 2291*7c478bd9Sstevel@tonic-gate# nsslapd-state attribute of these suffixes entries 2292*7c478bd9Sstevel@tonic-gate# is filled with either Backend, Disabled or referrals 2293*7c478bd9Sstevel@tonic-gate# related values. We only want those that have a true 2294*7c478bd9Sstevel@tonic-gate# backend database to select the relevant backend. 2295*7c478bd9Sstevel@tonic-gate# 2296*7c478bd9Sstevel@tonic-gateget_backend() 2297*7c478bd9Sstevel@tonic-gate{ 2298*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_backend()" 2299*7c478bd9Sstevel@tonic-gate 2300*7c478bd9Sstevel@tonic-gate cur_suffix=${LDAP_BASEDN} 2301*7c478bd9Sstevel@tonic-gate prev_suffix= 2302*7c478bd9Sstevel@tonic-gate IDS_DATABASE= 2303*7c478bd9Sstevel@tonic-gate while [ "${cur_suffix}" != "${prev_suffix}" ] 2304*7c478bd9Sstevel@tonic-gate do 2305*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP suffix: ${cur_suffix}" 2306*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} " \ 2307*7c478bd9Sstevel@tonic-gate "-b \"cn=\\\"${cur_suffix}\\\",cn=mapping tree,cn=config\" " \ 2308*7c478bd9Sstevel@tonic-gate "-s base nsslapd-state=Backend nsslapd-backend 2>&1 " \ 2309*7c478bd9Sstevel@tonic-gate "| ${GREP} 'nsslapd-backend=' " \ 2310*7c478bd9Sstevel@tonic-gate "> ${TMPDIR}/ids_database_name 2>&1" 2311*7c478bd9Sstevel@tonic-gate NUM_DBS=`wc -l ${TMPDIR}/ids_database_name | awk '{print $1}'` 2312*7c478bd9Sstevel@tonic-gate case ${NUM_DBS} in 2313*7c478bd9Sstevel@tonic-gate 0) # not a suffix, or suffix not activated; try next 2314*7c478bd9Sstevel@tonic-gate prev_suffix=${cur_suffix} 2315*7c478bd9Sstevel@tonic-gate cur_suffix=`${ECHO} ${cur_suffix} | cut -f2- -d','` 2316*7c478bd9Sstevel@tonic-gate ;; 2317*7c478bd9Sstevel@tonic-gate 1) # suffix found; get database name 2318*7c478bd9Sstevel@tonic-gate IDS_DATABASE=`cat ${TMPDIR}/ids_database_name | cut -d= -f2` 2319*7c478bd9Sstevel@tonic-gate ;; 2320*7c478bd9Sstevel@tonic-gate *) # can not handle more than one database per suffix 2321*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: More than one database is configured " 2322*7c478bd9Sstevel@tonic-gate ${ECHO} " for $LDAP_SUFFIX!" 2323*7c478bd9Sstevel@tonic-gate ${ECHO} " $PROG can not configure suffixes where " 2324*7c478bd9Sstevel@tonic-gate ${ECHO} " more than one database is used for one suffix." 2325*7c478bd9Sstevel@tonic-gate cleanup 2326*7c478bd9Sstevel@tonic-gate exit 1 2327*7c478bd9Sstevel@tonic-gate ;; 2328*7c478bd9Sstevel@tonic-gate esac 2329*7c478bd9Sstevel@tonic-gate if [ -n "${IDS_DATABASE}" ]; then 2330*7c478bd9Sstevel@tonic-gate break 2331*7c478bd9Sstevel@tonic-gate fi 2332*7c478bd9Sstevel@tonic-gate done 2333*7c478bd9Sstevel@tonic-gate 2334*7c478bd9Sstevel@tonic-gate if [ -z "${IDS_DATABASE}" ]; then 2335*7c478bd9Sstevel@tonic-gate # should not happen, since LDAP_BASEDN is supposed to be valid 2336*7c478bd9Sstevel@tonic-gate ${ECHO} "Could not find a valid backend for ${LDAP_BASEDN}." 2337*7c478bd9Sstevel@tonic-gate ${ECHO} "Exiting." 2338*7c478bd9Sstevel@tonic-gate cleanup 2339*7c478bd9Sstevel@tonic-gate exit 1 2340*7c478bd9Sstevel@tonic-gate fi 2341*7c478bd9Sstevel@tonic-gate 2342*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "IDS_DATABASE: ${IDS_DATABASE}" 2343*7c478bd9Sstevel@tonic-gate} 2344*7c478bd9Sstevel@tonic-gate 2345*7c478bd9Sstevel@tonic-gate# 2346*7c478bd9Sstevel@tonic-gate# validate_suffix(): This function validates ${LDAP_SUFFIX} 2347*7c478bd9Sstevel@tonic-gate# THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION. 2348*7c478bd9Sstevel@tonic-gate# 2349*7c478bd9Sstevel@tonic-gatevalidate_suffix() 2350*7c478bd9Sstevel@tonic-gate{ 2351*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In validate_suffix()" 2352*7c478bd9Sstevel@tonic-gate 2353*7c478bd9Sstevel@tonic-gate # Check LDAP_SUFFIX is not null 2354*7c478bd9Sstevel@tonic-gate if [ -z "${LDAP_SUFFIX}" ]; then 2355*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix (null suffix)" 2356*7c478bd9Sstevel@tonic-gate cleanup 2357*7c478bd9Sstevel@tonic-gate exit 1 2358*7c478bd9Sstevel@tonic-gate fi 2359*7c478bd9Sstevel@tonic-gate 2360*7c478bd9Sstevel@tonic-gate # Check LDAP_SUFFIX does exist 2361*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_SUFFIX}\" -s base \"objectclass=*\" > ${TMPDIR}/checkSuffix 2>&1" 2362*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2363*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix ${LDAP_SUFFIX}" 2364*7c478bd9Sstevel@tonic-gate cleanup 2365*7c478bd9Sstevel@tonic-gate exit 1 2366*7c478bd9Sstevel@tonic-gate fi 2367*7c478bd9Sstevel@tonic-gate 2368*7c478bd9Sstevel@tonic-gate # Check LDAP_SUFFIX and LDAP_BASEDN are consistent 2369*7c478bd9Sstevel@tonic-gate # Convert to lower case for basename. 2370*7c478bd9Sstevel@tonic-gate format_string "${LDAP_BASEDN}" 2371*7c478bd9Sstevel@tonic-gate LOWER_BASEDN="${FMT_STR}" 2372*7c478bd9Sstevel@tonic-gate format_string "${LDAP_SUFFIX}" 2373*7c478bd9Sstevel@tonic-gate LOWER_SUFFIX="${FMT_STR}" 2374*7c478bd9Sstevel@tonic-gate 2375*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}" 2376*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}" 2377*7c478bd9Sstevel@tonic-gate 2378*7c478bd9Sstevel@tonic-gate if [ "${LOWER_BASEDN}" != "${LOWER_SUFFIX}" ]; then 2379*7c478bd9Sstevel@tonic-gate sub_basedn=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"` 2380*7c478bd9Sstevel@tonic-gate if [ "$sub_basedn" = "${LOWER_BASEDN}" ]; then 2381*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix ${LOWER_SUFFIX}" 2382*7c478bd9Sstevel@tonic-gate ${ECHO} "for Base DN ${LOWER_BASEDN}" 2383*7c478bd9Sstevel@tonic-gate cleanup 2384*7c478bd9Sstevel@tonic-gate exit 1 2385*7c478bd9Sstevel@tonic-gate fi 2386*7c478bd9Sstevel@tonic-gate fi 2387*7c478bd9Sstevel@tonic-gate} 2388*7c478bd9Sstevel@tonic-gate 2389*7c478bd9Sstevel@tonic-gate# 2390*7c478bd9Sstevel@tonic-gate# validate_info(): This function validates the basic info collected 2391*7c478bd9Sstevel@tonic-gate# So that some problems are caught right away. 2392*7c478bd9Sstevel@tonic-gate# THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION. 2393*7c478bd9Sstevel@tonic-gate# 2394*7c478bd9Sstevel@tonic-gatevalidate_info() 2395*7c478bd9Sstevel@tonic-gate{ 2396*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In validate_info()" 2397*7c478bd9Sstevel@tonic-gate 2398*7c478bd9Sstevel@tonic-gate # Set SERVER_ARGS, AUTH_ARGS, and LDAP_ARGS for the config file. 2399*7c478bd9Sstevel@tonic-gate SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}" 2400*7c478bd9Sstevel@tonic-gate AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}" 2401*7c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 2402*7c478bd9Sstevel@tonic-gate export SERVER_ARGS 2403*7c478bd9Sstevel@tonic-gate 2404*7c478bd9Sstevel@tonic-gate # Check the Root DN and Root DN passwd. 2405*7c478bd9Sstevel@tonic-gate # Use eval instead of $EVAL because not part of setup. (validate) 2406*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1" 2407*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2408*7c478bd9Sstevel@tonic-gate eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}" 2409*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2410*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Root DN passwd is invalid." 2411*7c478bd9Sstevel@tonic-gate else 2412*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR2: Invalid Root DN <${LDAP_ROOTDN}>." 2413*7c478bd9Sstevel@tonic-gate fi 2414*7c478bd9Sstevel@tonic-gate cleanup 2415*7c478bd9Sstevel@tonic-gate exit 1 2416*7c478bd9Sstevel@tonic-gate fi 2417*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " RootDN ... OK" 2418*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " RootDN passwd ... OK" 2419*7c478bd9Sstevel@tonic-gate 2420*7c478bd9Sstevel@tonic-gate # Check if the server supports the VLV. 2421*7c478bd9Sstevel@tonic-gate chk_vlv_indexes 2422*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " VLV indexes ... OK" 2423*7c478bd9Sstevel@tonic-gate 2424*7c478bd9Sstevel@tonic-gate # Check LDAP suffix 2425*7c478bd9Sstevel@tonic-gate validate_suffix 2426*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP suffix ... OK" 2427*7c478bd9Sstevel@tonic-gate 2428*7c478bd9Sstevel@tonic-gate # Get backend 2429*7c478bd9Sstevel@tonic-gate get_backend 2430*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP backend ... OK" 2431*7c478bd9Sstevel@tonic-gate 2432*7c478bd9Sstevel@tonic-gate} 2433*7c478bd9Sstevel@tonic-gate 2434*7c478bd9Sstevel@tonic-gate# 2435*7c478bd9Sstevel@tonic-gate# format_string(): take a string as argument and set FMT_STR 2436*7c478bd9Sstevel@tonic-gate# to be the same string formatted as follow: 2437*7c478bd9Sstevel@tonic-gate# - only lower case characters 2438*7c478bd9Sstevel@tonic-gate# - no unnecessary spaces around , and = 2439*7c478bd9Sstevel@tonic-gate# 2440*7c478bd9Sstevel@tonic-gateformat_string() 2441*7c478bd9Sstevel@tonic-gate{ 2442*7c478bd9Sstevel@tonic-gate FMT_STR=`${ECHO} "$1" | tr '[A-Z]' '[a-z]' | 2443*7c478bd9Sstevel@tonic-gate sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'` 2444*7c478bd9Sstevel@tonic-gate} 2445*7c478bd9Sstevel@tonic-gate 2446*7c478bd9Sstevel@tonic-gate# 2447*7c478bd9Sstevel@tonic-gate# check_basedn_suffix(): check that there is an existing 2448*7c478bd9Sstevel@tonic-gate# valid suffix to hold current base DN 2449*7c478bd9Sstevel@tonic-gate# return: 2450*7c478bd9Sstevel@tonic-gate# 0: valid suffix found 2451*7c478bd9Sstevel@tonic-gate# 1: no valid suffix found, or user gives up 2452*7c478bd9Sstevel@tonic-gate# 2: give it another try 2453*7c478bd9Sstevel@tonic-gate# 2454*7c478bd9Sstevel@tonic-gatecheck_basedn_suffix() 2455*7c478bd9Sstevel@tonic-gate{ 2456*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In check_basedn_suffix()" 2457*7c478bd9Sstevel@tonic-gate 2458*7c478bd9Sstevel@tonic-gate # find out existing suffixes 2459*7c478bd9Sstevel@tonic-gate discover_serv_suffix 2460*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2461*7c478bd9Sstevel@tonic-gate ${ECHO} "No suffixes found. Exiting." 2462*7c478bd9Sstevel@tonic-gate return 1 2463*7c478bd9Sstevel@tonic-gate fi 2464*7c478bd9Sstevel@tonic-gate 2465*7c478bd9Sstevel@tonic-gate ${ECHO} " Validating LDAP Base DN and Suffix ..." 2466*7c478bd9Sstevel@tonic-gate 2467*7c478bd9Sstevel@tonic-gate # check that LDAP Base DN might be added 2468*7c478bd9Sstevel@tonic-gate cur_ldap_entry=${LDAP_BASEDN} 2469*7c478bd9Sstevel@tonic-gate prev_ldap_entry= 2470*7c478bd9Sstevel@tonic-gate while [ "${cur_ldap_entry}" != "${prev_ldap_entry}" ] 2471*7c478bd9Sstevel@tonic-gate do 2472*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP entry: ${cur_ldap_entry}" 2473*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "${cur_ldap_entry}" \ 2474*7c478bd9Sstevel@tonic-gate -s one "objectclass=*" > /dev/null 2>&1 2475*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2476*7c478bd9Sstevel@tonic-gate break 2477*7c478bd9Sstevel@tonic-gate else 2478*7c478bd9Sstevel@tonic-gate prev_ldap_entry=${cur_ldap_entry} 2479*7c478bd9Sstevel@tonic-gate cur_ldap_entry=`${ECHO} ${cur_ldap_entry} | cut -f2- -d','` 2480*7c478bd9Sstevel@tonic-gate fi 2481*7c478bd9Sstevel@tonic-gate done 2482*7c478bd9Sstevel@tonic-gate 2483*7c478bd9Sstevel@tonic-gate if [ "${cur_ldap_entry}" = "${prev_ldap_entry}" ]; then 2484*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "No valid LDAP suffix found" 2485*7c478bd9Sstevel@tonic-gate display_msg ldap_suffix_list 2486*7c478bd9Sstevel@tonic-gate get_confirm "Do you want to continue (h=help):" \ 2487*7c478bd9Sstevel@tonic-gate "y" ldap_suffix_list_help 2488*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2489*7c478bd9Sstevel@tonic-gate return 1 # users gives up 2490*7c478bd9Sstevel@tonic-gate else 2491*7c478bd9Sstevel@tonic-gate return 2 # continue 2492*7c478bd9Sstevel@tonic-gate fi 2493*7c478bd9Sstevel@tonic-gate else 2494*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "found valid LDAP entry: ${cur_ldap_entry}" 2495*7c478bd9Sstevel@tonic-gate 2496*7c478bd9Sstevel@tonic-gate # Now looking for relevant suffix for this entry. 2497*7c478bd9Sstevel@tonic-gate # LDAP_SUFFIX will then be used to add necessary 2498*7c478bd9Sstevel@tonic-gate # base objects. See add_base_objects(). 2499*7c478bd9Sstevel@tonic-gate format_string "${cur_ldap_entry}" 2500*7c478bd9Sstevel@tonic-gate lower_entry="${FMT_STR}" 2501*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "final suffix list: ${LDAP_SUFFIX_LIST}" 2502*7c478bd9Sstevel@tonic-gate oIFS=$IFS 2503*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to new line" 2504*7c478bd9Sstevel@tonic-gate IFS=' 2505*7c478bd9Sstevel@tonic-gate' 2506*7c478bd9Sstevel@tonic-gate for suff in ${LDAP_SUFFIX_LIST} 2507*7c478bd9Sstevel@tonic-gate do 2508*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "testing suffix: ${suff}" 2509*7c478bd9Sstevel@tonic-gate format_string "${suff}" 2510*7c478bd9Sstevel@tonic-gate lower_suff="${FMT_STR}" 2511*7c478bd9Sstevel@tonic-gate if [ "${lower_entry}" = "${lower_suff}" ]; then 2512*7c478bd9Sstevel@tonic-gate LDAP_SUFFIX="${suff}" 2513*7c478bd9Sstevel@tonic-gate break 2514*7c478bd9Sstevel@tonic-gate else 2515*7c478bd9Sstevel@tonic-gate dcstmp=`basename "${lower_entry}" "${lower_suff}"` 2516*7c478bd9Sstevel@tonic-gate if [ "${dcstmp}" = "${lower_entry}" ]; then 2517*7c478bd9Sstevel@tonic-gate # invalid suffix, try next one 2518*7c478bd9Sstevel@tonic-gate continue 2519*7c478bd9Sstevel@tonic-gate else 2520*7c478bd9Sstevel@tonic-gate # valid suffix found 2521*7c478bd9Sstevel@tonic-gate LDAP_SUFFIX="${suff}" 2522*7c478bd9Sstevel@tonic-gate break 2523*7c478bd9Sstevel@tonic-gate fi 2524*7c478bd9Sstevel@tonic-gate fi 2525*7c478bd9Sstevel@tonic-gate done 2526*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to original value" 2527*7c478bd9Sstevel@tonic-gate IFS=$oIFS 2528*7c478bd9Sstevel@tonic-gate 2529*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LDAP_SUFFIX: ${LDAP_SUFFIX}" 2530*7c478bd9Sstevel@tonic-gate 2531*7c478bd9Sstevel@tonic-gate if [ -z "${LDAP_SUFFIX}" ]; then 2532*7c478bd9Sstevel@tonic-gate # should not happen, since we found the entry 2533*7c478bd9Sstevel@tonic-gate ${ECHO} "Could not find a valid suffix for ${LDAP_BASEDN}." 2534*7c478bd9Sstevel@tonic-gate ${ECHO} "Exiting." 2535*7c478bd9Sstevel@tonic-gate return 1 2536*7c478bd9Sstevel@tonic-gate fi 2537*7c478bd9Sstevel@tonic-gate 2538*7c478bd9Sstevel@tonic-gate # Getting relevant database (backend) 2539*7c478bd9Sstevel@tonic-gate # IDS_DATABASE will then be used to create indexes. 2540*7c478bd9Sstevel@tonic-gate get_backend 2541*7c478bd9Sstevel@tonic-gate 2542*7c478bd9Sstevel@tonic-gate return 0 2543*7c478bd9Sstevel@tonic-gate fi 2544*7c478bd9Sstevel@tonic-gate} 2545*7c478bd9Sstevel@tonic-gate 2546*7c478bd9Sstevel@tonic-gate# 2547*7c478bd9Sstevel@tonic-gate# discover_serv_suffix(): This function queries the server to find 2548*7c478bd9Sstevel@tonic-gate# suffixes available 2549*7c478bd9Sstevel@tonic-gate# return: 0: OK, suffix found 2550*7c478bd9Sstevel@tonic-gate# 1: suffix not determined 2551*7c478bd9Sstevel@tonic-gatediscover_serv_suffix() 2552*7c478bd9Sstevel@tonic-gate{ 2553*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In discover_serv_suffix()" 2554*7c478bd9Sstevel@tonic-gate 2555*7c478bd9Sstevel@tonic-gate # Search the server for the TOP of the TREE. 2556*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkTOP 2>&1 2557*7c478bd9Sstevel@tonic-gate ${GREP} -i namingcontexts ${TMPDIR}/checkTOP | \ 2558*7c478bd9Sstevel@tonic-gate ${GREP} -i -v NetscapeRoot > ${TMPDIR}/treeTOP 2559*7c478bd9Sstevel@tonic-gate NUM_TOP=`wc -l ${TMPDIR}/treeTOP | awk '{print $1}'` 2560*7c478bd9Sstevel@tonic-gate case $NUM_TOP in 2561*7c478bd9Sstevel@tonic-gate 0) 2562*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: No suffix found in LDAP tree" 2563*7c478bd9Sstevel@tonic-gate return 1 2564*7c478bd9Sstevel@tonic-gate ;; 2565*7c478bd9Sstevel@tonic-gate *) # build the list of suffixes; take out 'namingContexts=' in 2566*7c478bd9Sstevel@tonic-gate # each line of ${TMPDIR}/treeTOP 2567*7c478bd9Sstevel@tonic-gate LDAP_SUFFIX_LIST=`cat ${TMPDIR}/treeTOP | 2568*7c478bd9Sstevel@tonic-gate awk '{ printf("%s\n",substr($0,16,length-15)) }'` 2569*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "final list: ${LDAP_SUFFIX_LIST}" 2570*7c478bd9Sstevel@tonic-gate 2571*7c478bd9Sstevel@tonic-gate ;; 2572*7c478bd9Sstevel@tonic-gate esac 2573*7c478bd9Sstevel@tonic-gate 2574*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SUFFIX_LIST = $LDAP_SUFFIX_LIST" 2575*7c478bd9Sstevel@tonic-gate return 0 2576*7c478bd9Sstevel@tonic-gate} 2577*7c478bd9Sstevel@tonic-gate 2578*7c478bd9Sstevel@tonic-gate 2579*7c478bd9Sstevel@tonic-gate# 2580*7c478bd9Sstevel@tonic-gate# modify_cn(): Change the cn from MUST to MAY in ipNetwork. 2581*7c478bd9Sstevel@tonic-gate# 2582*7c478bd9Sstevel@tonic-gatemodify_cn() 2583*7c478bd9Sstevel@tonic-gate{ 2584*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_cn()" 2585*7c478bd9Sstevel@tonic-gate 2586*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2587*7c478bd9Sstevel@tonic-gatedn: cn=schema 2588*7c478bd9Sstevel@tonic-gatechangetype: modify 2589*7c478bd9Sstevel@tonic-gateadd: objectclasses 2590*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( ipNetworkNumber ) MAY ( ipNetmaskNumber $ manager $ cn $ l $ description ) X-ORIGIN 'RFC 2307' )) 2591*7c478bd9Sstevel@tonic-gateEOF 2592*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ipNetwork_cn 2593*7c478bd9Sstevel@tonic-gate 2594*7c478bd9Sstevel@tonic-gate # Modify the cn for ipNetwork. 2595*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ipNetwork_cn ${VERB}" 2596*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2597*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of cn for ipNetwork failed!" 2598*7c478bd9Sstevel@tonic-gate cleanup 2599*7c478bd9Sstevel@tonic-gate exit 1 2600*7c478bd9Sstevel@tonic-gate fi 2601*7c478bd9Sstevel@tonic-gate} 2602*7c478bd9Sstevel@tonic-gate 2603*7c478bd9Sstevel@tonic-gate 2604*7c478bd9Sstevel@tonic-gate# modify_timelimit(): Modify timelimit to user value. 2605*7c478bd9Sstevel@tonic-gatemodify_timelimit() 2606*7c478bd9Sstevel@tonic-gate{ 2607*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_timelimit()" 2608*7c478bd9Sstevel@tonic-gate 2609*7c478bd9Sstevel@tonic-gate # Here doc to modify timelimit. 2610*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2611*7c478bd9Sstevel@tonic-gatedn: cn=config 2612*7c478bd9Sstevel@tonic-gatechangetype: modify 2613*7c478bd9Sstevel@tonic-gatereplace: nsslapd-timelimit 2614*7c478bd9Sstevel@tonic-gatensslapd-timelimit: ${IDS_TIMELIMIT} 2615*7c478bd9Sstevel@tonic-gateEOF 2616*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_timelimit 2617*7c478bd9Sstevel@tonic-gate 2618*7c478bd9Sstevel@tonic-gate # Add the entry. 2619*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_timelimit ${VERB}" 2620*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2621*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of nsslapd-timelimit failed!" 2622*7c478bd9Sstevel@tonic-gate cleanup 2623*7c478bd9Sstevel@tonic-gate exit 1 2624*7c478bd9Sstevel@tonic-gate fi 2625*7c478bd9Sstevel@tonic-gate 2626*7c478bd9Sstevel@tonic-gate # Display messages for modifications made in patch. 2627*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Changed timelimit to ${IDS_TIMELIMIT} in cn=config." 2628*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 2629*7c478bd9Sstevel@tonic-gate} 2630*7c478bd9Sstevel@tonic-gate 2631*7c478bd9Sstevel@tonic-gate 2632*7c478bd9Sstevel@tonic-gate# modify_sizelimit(): Modify sizelimit to user value. 2633*7c478bd9Sstevel@tonic-gatemodify_sizelimit() 2634*7c478bd9Sstevel@tonic-gate{ 2635*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_sizelimit()" 2636*7c478bd9Sstevel@tonic-gate 2637*7c478bd9Sstevel@tonic-gate # Here doc to modify sizelimit. 2638*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2639*7c478bd9Sstevel@tonic-gatedn: cn=config 2640*7c478bd9Sstevel@tonic-gatechangetype: modify 2641*7c478bd9Sstevel@tonic-gatereplace: nsslapd-sizelimit 2642*7c478bd9Sstevel@tonic-gatensslapd-sizelimit: ${IDS_SIZELIMIT} 2643*7c478bd9Sstevel@tonic-gateEOF 2644*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_sizelimit 2645*7c478bd9Sstevel@tonic-gate 2646*7c478bd9Sstevel@tonic-gate # Add the entry. 2647*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_sizelimit ${VERB}" 2648*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2649*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of nsslapd-sizelimit failed!" 2650*7c478bd9Sstevel@tonic-gate cleanup 2651*7c478bd9Sstevel@tonic-gate exit 1 2652*7c478bd9Sstevel@tonic-gate fi 2653*7c478bd9Sstevel@tonic-gate 2654*7c478bd9Sstevel@tonic-gate # Display messages for modifications made in patch. 2655*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Changed sizelimit to ${IDS_SIZELIMIT} in cn=config." 2656*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 2657*7c478bd9Sstevel@tonic-gate} 2658*7c478bd9Sstevel@tonic-gate 2659*7c478bd9Sstevel@tonic-gate 2660*7c478bd9Sstevel@tonic-gate# modify_pwd_crypt(): Modify the passwd storage scheme to support CRYPT. 2661*7c478bd9Sstevel@tonic-gatemodify_pwd_crypt() 2662*7c478bd9Sstevel@tonic-gate{ 2663*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_pwd_crypt()" 2664*7c478bd9Sstevel@tonic-gate 2665*7c478bd9Sstevel@tonic-gate # Here doc to modify passwordstoragescheme. 2666*7c478bd9Sstevel@tonic-gate # IDS 5.2 moved passwordchangesceme off to a new data structure. 2667*7c478bd9Sstevel@tonic-gate if [ $IDS_MAJVER -le 5 ] && [ $IDS_MINVER -le 1 ]; then 2668*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2669*7c478bd9Sstevel@tonic-gatedn: cn=config 2670*7c478bd9Sstevel@tonic-gatechangetype: modify 2671*7c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme 2672*7c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt 2673*7c478bd9Sstevel@tonic-gateEOF 2674*7c478bd9Sstevel@tonic-gate ) > ${TMPDIR}/ids_crypt 2675*7c478bd9Sstevel@tonic-gate else 2676*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2677*7c478bd9Sstevel@tonic-gatedn: cn=Password Policy,cn=config 2678*7c478bd9Sstevel@tonic-gatechangetype: modify 2679*7c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme 2680*7c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt 2681*7c478bd9Sstevel@tonic-gateEOF 2682*7c478bd9Sstevel@tonic-gate ) > ${TMPDIR}/ids_crypt 2683*7c478bd9Sstevel@tonic-gate fi 2684*7c478bd9Sstevel@tonic-gate 2685*7c478bd9Sstevel@tonic-gate # Add the entry. 2686*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_crypt ${VERB}" 2687*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2688*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of passwordstoragescheme failed!" 2689*7c478bd9Sstevel@tonic-gate cleanup 2690*7c478bd9Sstevel@tonic-gate exit 1 2691*7c478bd9Sstevel@tonic-gate fi 2692*7c478bd9Sstevel@tonic-gate 2693*7c478bd9Sstevel@tonic-gate # Display messages for modifications made in patch. 2694*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Changed passwordstoragescheme to \"crypt\" in cn=config." 2695*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 2696*7c478bd9Sstevel@tonic-gate} 2697*7c478bd9Sstevel@tonic-gate 2698*7c478bd9Sstevel@tonic-gate 2699*7c478bd9Sstevel@tonic-gate# 2700*7c478bd9Sstevel@tonic-gate# add_eq_indexes(): Add indexes to improve search performance. 2701*7c478bd9Sstevel@tonic-gate# 2702*7c478bd9Sstevel@tonic-gateadd_eq_indexes() 2703*7c478bd9Sstevel@tonic-gate{ 2704*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_eq_indexes()" 2705*7c478bd9Sstevel@tonic-gate 2706*7c478bd9Sstevel@tonic-gate # Set eq indexes to add. 2707*7c478bd9Sstevel@tonic-gate _INDEXES="uidNumber ipNetworkNumber gidnumber oncrpcnumber automountKey" 2708*7c478bd9Sstevel@tonic-gate 2709*7c478bd9Sstevel@tonic-gate # Set _EXT to use as shortcut. 2710*7c478bd9Sstevel@tonic-gate _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config" 2711*7c478bd9Sstevel@tonic-gate 2712*7c478bd9Sstevel@tonic-gate 2713*7c478bd9Sstevel@tonic-gate # Display message to id current step. 2714*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Processing eq,pres indexes:" 2715*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 2716*7c478bd9Sstevel@tonic-gate 2717*7c478bd9Sstevel@tonic-gate # For loop to create indexes. 2718*7c478bd9Sstevel@tonic-gate for i in ${_INDEXES}; do 2719*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " Adding index for ${i}" 2720*7c478bd9Sstevel@tonic-gate 2721*7c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 2722*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1 2723*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2724*7c478bd9Sstevel@tonic-gate # Display index skipped. 2725*7c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres) skipped already exists" 2726*7c478bd9Sstevel@tonic-gate continue 2727*7c478bd9Sstevel@tonic-gate fi 2728*7c478bd9Sstevel@tonic-gate 2729*7c478bd9Sstevel@tonic-gate # Here doc to create LDIF. 2730*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2731*7c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT} 2732*7c478bd9Sstevel@tonic-gateobjectClass: top 2733*7c478bd9Sstevel@tonic-gateobjectClass: nsIndex 2734*7c478bd9Sstevel@tonic-gatecn: ${i} 2735*7c478bd9Sstevel@tonic-gatensSystemIndex: false 2736*7c478bd9Sstevel@tonic-gatensIndexType: pres 2737*7c478bd9Sstevel@tonic-gatensIndexType: eq 2738*7c478bd9Sstevel@tonic-gateEOF 2739*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i} 2740*7c478bd9Sstevel@tonic-gate 2741*7c478bd9Sstevel@tonic-gate # Add the index. 2742*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}" 2743*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2744*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding EQ,PRES index for ${i} failed!" 2745*7c478bd9Sstevel@tonic-gate cleanup 2746*7c478bd9Sstevel@tonic-gate exit 1 2747*7c478bd9Sstevel@tonic-gate fi 2748*7c478bd9Sstevel@tonic-gate 2749*7c478bd9Sstevel@tonic-gate # Build date for task name. 2750*7c478bd9Sstevel@tonic-gate _YR=`date '+%y'` 2751*7c478bd9Sstevel@tonic-gate _MN=`date '+%m'` 2752*7c478bd9Sstevel@tonic-gate _DY=`date '+%d'` 2753*7c478bd9Sstevel@tonic-gate _H=`date '+%H'` 2754*7c478bd9Sstevel@tonic-gate _M=`date '+%M'` 2755*7c478bd9Sstevel@tonic-gate _S=`date '+%S'` 2756*7c478bd9Sstevel@tonic-gate 2757*7c478bd9Sstevel@tonic-gate # Build task name 2758*7c478bd9Sstevel@tonic-gate TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}" 2759*7c478bd9Sstevel@tonic-gate 2760*7c478bd9Sstevel@tonic-gate # Build the task entry to add. 2761*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2762*7c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config 2763*7c478bd9Sstevel@tonic-gatechangetype: add 2764*7c478bd9Sstevel@tonic-gateobjectclass: top 2765*7c478bd9Sstevel@tonic-gateobjectclass: extensibleObject 2766*7c478bd9Sstevel@tonic-gatecn: ${TASKNAME} 2767*7c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE} 2768*7c478bd9Sstevel@tonic-gatensIndexAttribute: ${i} 2769*7c478bd9Sstevel@tonic-gateEOF 2770*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i} 2771*7c478bd9Sstevel@tonic-gate 2772*7c478bd9Sstevel@tonic-gate # Add the task. 2773*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}" 2774*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2775*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding task for ${i} failed!" 2776*7c478bd9Sstevel@tonic-gate cleanup 2777*7c478bd9Sstevel@tonic-gate exit 1 2778*7c478bd9Sstevel@tonic-gate fi 2779*7c478bd9Sstevel@tonic-gate 2780*7c478bd9Sstevel@tonic-gate # Wait for task to finish, display current status. 2781*7c478bd9Sstevel@tonic-gate while : 2782*7c478bd9Sstevel@tonic-gate do 2783*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1" 2784*7c478bd9Sstevel@tonic-gate ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1 2785*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2786*7c478bd9Sstevel@tonic-gate break 2787*7c478bd9Sstevel@tonic-gate fi 2788*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}" 2789*7c478bd9Sstevel@tonic-gate TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}` 2790*7c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres) $TASK_STATUS \r\c" 2791*7c478bd9Sstevel@tonic-gate ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1 2792*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2793*7c478bd9Sstevel@tonic-gate break 2794*7c478bd9Sstevel@tonic-gate fi 2795*7c478bd9Sstevel@tonic-gate sleep 2 2796*7c478bd9Sstevel@tonic-gate done 2797*7c478bd9Sstevel@tonic-gate 2798*7c478bd9Sstevel@tonic-gate # Print newline because of \c. 2799*7c478bd9Sstevel@tonic-gate ${ECHO} " " 2800*7c478bd9Sstevel@tonic-gate done 2801*7c478bd9Sstevel@tonic-gate} 2802*7c478bd9Sstevel@tonic-gate 2803*7c478bd9Sstevel@tonic-gate 2804*7c478bd9Sstevel@tonic-gate# 2805*7c478bd9Sstevel@tonic-gate# add_sub_indexes(): Add indexes to improve search performance. 2806*7c478bd9Sstevel@tonic-gate# 2807*7c478bd9Sstevel@tonic-gateadd_sub_indexes() 2808*7c478bd9Sstevel@tonic-gate{ 2809*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_sub_indexes()" 2810*7c478bd9Sstevel@tonic-gate 2811*7c478bd9Sstevel@tonic-gate # Set eq indexes to add. 2812*7c478bd9Sstevel@tonic-gate _INDEXES="ipHostNumber membernisnetgroup nisnetgrouptriple" 2813*7c478bd9Sstevel@tonic-gate 2814*7c478bd9Sstevel@tonic-gate # Set _EXT to use as shortcut. 2815*7c478bd9Sstevel@tonic-gate _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config" 2816*7c478bd9Sstevel@tonic-gate 2817*7c478bd9Sstevel@tonic-gate 2818*7c478bd9Sstevel@tonic-gate # Display message to id current step. 2819*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Processing eq,pres,sub indexes:" 2820*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 2821*7c478bd9Sstevel@tonic-gate 2822*7c478bd9Sstevel@tonic-gate # For loop to create indexes. 2823*7c478bd9Sstevel@tonic-gate for i in ${_INDEXES}; do 2824*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " Adding index for ${i}" 2825*7c478bd9Sstevel@tonic-gate 2826*7c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 2827*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1 2828*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2829*7c478bd9Sstevel@tonic-gate # Display index skipped. 2830*7c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres,sub) skipped already exists" 2831*7c478bd9Sstevel@tonic-gate continue 2832*7c478bd9Sstevel@tonic-gate fi 2833*7c478bd9Sstevel@tonic-gate 2834*7c478bd9Sstevel@tonic-gate # Here doc to create LDIF. 2835*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2836*7c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT} 2837*7c478bd9Sstevel@tonic-gateobjectClass: top 2838*7c478bd9Sstevel@tonic-gateobjectClass: nsIndex 2839*7c478bd9Sstevel@tonic-gatecn: ${i} 2840*7c478bd9Sstevel@tonic-gatensSystemIndex: false 2841*7c478bd9Sstevel@tonic-gatensIndexType: pres 2842*7c478bd9Sstevel@tonic-gatensIndexType: eq 2843*7c478bd9Sstevel@tonic-gatensIndexType: sub 2844*7c478bd9Sstevel@tonic-gateEOF 2845*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i} 2846*7c478bd9Sstevel@tonic-gate 2847*7c478bd9Sstevel@tonic-gate # Add the index. 2848*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}" 2849*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2850*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding EQ,PRES,SUB index for ${i} failed!" 2851*7c478bd9Sstevel@tonic-gate cleanup 2852*7c478bd9Sstevel@tonic-gate exit 1 2853*7c478bd9Sstevel@tonic-gate fi 2854*7c478bd9Sstevel@tonic-gate 2855*7c478bd9Sstevel@tonic-gate # Build date for task name. 2856*7c478bd9Sstevel@tonic-gate _YR=`date '+%y'` 2857*7c478bd9Sstevel@tonic-gate _MN=`date '+%m'` 2858*7c478bd9Sstevel@tonic-gate _DY=`date '+%d'` 2859*7c478bd9Sstevel@tonic-gate _H=`date '+%H'` 2860*7c478bd9Sstevel@tonic-gate _M=`date '+%M'` 2861*7c478bd9Sstevel@tonic-gate _S=`date '+%S'` 2862*7c478bd9Sstevel@tonic-gate 2863*7c478bd9Sstevel@tonic-gate # Build task name 2864*7c478bd9Sstevel@tonic-gate TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}" 2865*7c478bd9Sstevel@tonic-gate 2866*7c478bd9Sstevel@tonic-gate # Build the task entry to add. 2867*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2868*7c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config 2869*7c478bd9Sstevel@tonic-gatechangetype: add 2870*7c478bd9Sstevel@tonic-gateobjectclass: top 2871*7c478bd9Sstevel@tonic-gateobjectclass: extensibleObject 2872*7c478bd9Sstevel@tonic-gatecn: ${TASKNAME} 2873*7c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE} 2874*7c478bd9Sstevel@tonic-gatensIndexAttribute: ${i} 2875*7c478bd9Sstevel@tonic-gateEOF 2876*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i} 2877*7c478bd9Sstevel@tonic-gate 2878*7c478bd9Sstevel@tonic-gate # Add the task. 2879*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}" 2880*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2881*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding task for ${i} failed!" 2882*7c478bd9Sstevel@tonic-gate cleanup 2883*7c478bd9Sstevel@tonic-gate exit 1 2884*7c478bd9Sstevel@tonic-gate fi 2885*7c478bd9Sstevel@tonic-gate 2886*7c478bd9Sstevel@tonic-gate # Wait for task to finish, display current status. 2887*7c478bd9Sstevel@tonic-gate while : 2888*7c478bd9Sstevel@tonic-gate do 2889*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1" 2890*7c478bd9Sstevel@tonic-gate ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1 2891*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 2892*7c478bd9Sstevel@tonic-gate break 2893*7c478bd9Sstevel@tonic-gate fi 2894*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}" 2895*7c478bd9Sstevel@tonic-gate TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}` 2896*7c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres,sub) $TASK_STATUS \r\c" 2897*7c478bd9Sstevel@tonic-gate ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1 2898*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2899*7c478bd9Sstevel@tonic-gate break 2900*7c478bd9Sstevel@tonic-gate fi 2901*7c478bd9Sstevel@tonic-gate sleep 2 2902*7c478bd9Sstevel@tonic-gate done 2903*7c478bd9Sstevel@tonic-gate 2904*7c478bd9Sstevel@tonic-gate # Print newline because of \c. 2905*7c478bd9Sstevel@tonic-gate ${ECHO} " " 2906*7c478bd9Sstevel@tonic-gate done 2907*7c478bd9Sstevel@tonic-gate} 2908*7c478bd9Sstevel@tonic-gate 2909*7c478bd9Sstevel@tonic-gate 2910*7c478bd9Sstevel@tonic-gate# 2911*7c478bd9Sstevel@tonic-gate# add_vlv_indexes(): Add VLV indexes to improve search performance. 2912*7c478bd9Sstevel@tonic-gate# 2913*7c478bd9Sstevel@tonic-gateadd_vlv_indexes() 2914*7c478bd9Sstevel@tonic-gate{ 2915*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_indexes()" 2916*7c478bd9Sstevel@tonic-gate 2917*7c478bd9Sstevel@tonic-gate # Set eq indexes to add. 2918*7c478bd9Sstevel@tonic-gate # Note semi colon separators because some filters contain colons 2919*7c478bd9Sstevel@tonic-gate _INDEX1="${LDAP_DOMAIN}.getgrent;${LDAP_DOMAIN}_group_vlv_index;ou=group;objectClass=posixGroup" 2920*7c478bd9Sstevel@tonic-gate _INDEX2="${LDAP_DOMAIN}.gethostent;${LDAP_DOMAIN}_hosts_vlv_index;ou=hosts;objectClass=ipHost" 2921*7c478bd9Sstevel@tonic-gate _INDEX3="${LDAP_DOMAIN}.getnetent;${LDAP_DOMAIN}_networks_vlv_index;ou=networks;objectClass=ipNetwork" 2922*7c478bd9Sstevel@tonic-gate _INDEX4="${LDAP_DOMAIN}.getpwent;${LDAP_DOMAIN}_passwd_vlv_index;ou=people;objectClass=posixAccount" 2923*7c478bd9Sstevel@tonic-gate _INDEX5="${LDAP_DOMAIN}.getrpcent;${LDAP_DOMAIN}_rpc_vlv_index;ou=rpc;objectClass=oncRpc" 2924*7c478bd9Sstevel@tonic-gate _INDEX6="${LDAP_DOMAIN}.getspent;${LDAP_DOMAIN}_shadow_vlv_index;ou=people;objectClass=shadowAccount" 2925*7c478bd9Sstevel@tonic-gate 2926*7c478bd9Sstevel@tonic-gate # Indexes added during NIS to LDAP transition 2927*7c478bd9Sstevel@tonic-gate _INDEX7="${LDAP_DOMAIN}.getauhoent;${LDAP_DOMAIN}_auho_vlv_index;automountmapname=auto_home;objectClass=automount" 2928*7c478bd9Sstevel@tonic-gate _INDEX8="${LDAP_DOMAIN}.getsoluent;${LDAP_DOMAIN}_solu_vlv_index;ou=people;objectClass=SolarisUserAttr" 2929*7c478bd9Sstevel@tonic-gate _INDEX9="${LDAP_DOMAIN}.getauduent;${LDAP_DOMAIN}_audu_vlv_index;ou=people;objectClass=SolarisAuditUser" 2930*7c478bd9Sstevel@tonic-gate _INDEX10="${LDAP_DOMAIN}.getauthent;${LDAP_DOMAIN}_auth_vlv_index;ou=SolarisAuthAttr;objectClass=SolarisAuthAttr" 2931*7c478bd9Sstevel@tonic-gate _INDEX11="${LDAP_DOMAIN}.getexecent;${LDAP_DOMAIN}_exec_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisExecAttr)(SolarisKernelSecurityPolicy=*)" 2932*7c478bd9Sstevel@tonic-gate _INDEX12="${LDAP_DOMAIN}.getprofent;${LDAP_DOMAIN}_prof_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisProfAttr)(SolarisAttrLongDesc=*)" 2933*7c478bd9Sstevel@tonic-gate _INDEX13="${LDAP_DOMAIN}.getmailent;${LDAP_DOMAIN}_mail_vlv_index;ou=aliases;objectClass=mailGroup" 2934*7c478bd9Sstevel@tonic-gate _INDEX14="${LDAP_DOMAIN}.getbootent;${LDAP_DOMAIN}__boot_vlv_index;ou=ethers;&(objectClass=bootableDevice)(bootParameter=*)" 2935*7c478bd9Sstevel@tonic-gate _INDEX15="${LDAP_DOMAIN}.getethent;${LDAP_DOMAIN}_ethers_vlv_index;ou=ethers;&(objectClass=ieee802Device)(macAddress=*)" 2936*7c478bd9Sstevel@tonic-gate _INDEX16="${LDAP_DOMAIN}.getngrpent;${LDAP_DOMAIN}_netgroup_vlv_index;ou=netgroup;objectClass=nisNetgroup" 2937*7c478bd9Sstevel@tonic-gate _INDEX17="${LDAP_DOMAIN}.getipnent;${LDAP_DOMAIN}_ipn_vlv_index;ou=networks;&(objectClass=ipNetwork)(cn=*)" 2938*7c478bd9Sstevel@tonic-gate _INDEX18="${LDAP_DOMAIN}.getmaskent;${LDAP_DOMAIN}_mask_vlv_index;ou=networks;&(objectClass=ipNetwork)(ipNetmaskNumber=*)" 2939*7c478bd9Sstevel@tonic-gate _INDEX19="${LDAP_DOMAIN}.getprent;${LDAP_DOMAIN}_pr_vlv_index;ou=printers;objectClass=printerService" 2940*7c478bd9Sstevel@tonic-gate _INDEX20="${LDAP_DOMAIN}.getip4ent;${LDAP_DOMAIN}_ip4_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*.*)" 2941*7c478bd9Sstevel@tonic-gate _INDEX21="${LDAP_DOMAIN}.getip6ent;${LDAP_DOMAIN}_ip6_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*:*)" 2942*7c478bd9Sstevel@tonic-gate 2943*7c478bd9Sstevel@tonic-gate _INDEXES="$_INDEX1 $_INDEX2 $_INDEX3 $_INDEX4 $_INDEX5 $_INDEX6 $_INDEX7 $_INDEX8 $_INDEX9 $_INDEX10 $_INDEX11 $_INDEX12 $_INDEX13 $_INDEX14 $_INDEX15 $_INDEX16 $_INDEX17 $_INDEX18 $_INDEX19 $_INDEX20 $_INDEX21 " 2944*7c478bd9Sstevel@tonic-gate 2945*7c478bd9Sstevel@tonic-gate 2946*7c478bd9Sstevel@tonic-gate # Set _EXT to use as shortcut. 2947*7c478bd9Sstevel@tonic-gate _EXT="cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config" 2948*7c478bd9Sstevel@tonic-gate 2949*7c478bd9Sstevel@tonic-gate 2950*7c478bd9Sstevel@tonic-gate # Display message to id current step. 2951*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Processing VLV indexes:" 2952*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 2953*7c478bd9Sstevel@tonic-gate 2954*7c478bd9Sstevel@tonic-gate # Reset temp file for vlvindex commands. 2955*7c478bd9Sstevel@tonic-gate [ -f ${TMPDIR}/vlvindex_list ] && rm ${TMPDIR}/vlvindex_list 2956*7c478bd9Sstevel@tonic-gate touch ${TMPDIR}/vlvindex_list 2957*7c478bd9Sstevel@tonic-gate 2958*7c478bd9Sstevel@tonic-gate # Get the instance name from iDS server. 2959*7c478bd9Sstevel@tonic-gate _INSTANCE="<server-instance>" # Default to old output. 2960*7c478bd9Sstevel@tonic-gate 2961*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} -v ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-instancedir | ${GREP} 'nsslapd-instancedir=' | cut -d'=' -f2- > ${TMPDIR}/instance_name 2>&1" 2962*7c478bd9Sstevel@tonic-gate 2963*7c478bd9Sstevel@tonic-gate ${GREP} "slapd-" ${TMPDIR}/instance_name > /dev/null 2>&1 # Check if seems right? 2964*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then # If success, grab name after "slapd-". 2965*7c478bd9Sstevel@tonic-gate _INST_DIR=`cat ${TMPDIR}/instance_name` 2966*7c478bd9Sstevel@tonic-gate _INSTANCE=`basename "${_INST_DIR}" | cut -d'-' -f2-` 2967*7c478bd9Sstevel@tonic-gate fi 2968*7c478bd9Sstevel@tonic-gate 2969*7c478bd9Sstevel@tonic-gate # For loop to create indexes. 2970*7c478bd9Sstevel@tonic-gate for p in ${_INDEXES}; do 2971*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " Adding index for ${i}" 2972*7c478bd9Sstevel@tonic-gate 2973*7c478bd9Sstevel@tonic-gate # Break p (pair) into i and j parts. 2974*7c478bd9Sstevel@tonic-gate i=`${ECHO} $p | cut -d';' -f1` 2975*7c478bd9Sstevel@tonic-gate j=`${ECHO} $p | cut -d';' -f2` 2976*7c478bd9Sstevel@tonic-gate k=`${ECHO} $p | cut -d';' -f3` 2977*7c478bd9Sstevel@tonic-gate m=`${ECHO} $p | cut -d';' -f4` 2978*7c478bd9Sstevel@tonic-gate 2979*7c478bd9Sstevel@tonic-gate # Set _jEXT to use as shortcut. 2980*7c478bd9Sstevel@tonic-gate _jEXT="cn=${j},${_EXT}" 2981*7c478bd9Sstevel@tonic-gate 2982*7c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 2983*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_jEXT}" -s base "objectclass=*" > /dev/null 2>&1 2984*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 2985*7c478bd9Sstevel@tonic-gate # Display index skipped. 2986*7c478bd9Sstevel@tonic-gate ${ECHO} " ${i} vlv_index skipped already exists" 2987*7c478bd9Sstevel@tonic-gate continue 2988*7c478bd9Sstevel@tonic-gate fi 2989*7c478bd9Sstevel@tonic-gate 2990*7c478bd9Sstevel@tonic-gate # Compute the VLV Scope from the LDAP_SEARCH_SCOPE. 2991*7c478bd9Sstevel@tonic-gate # NOTE: A value of "base (0)" does not make sense. 2992*7c478bd9Sstevel@tonic-gate case "$LDAP_SEARCH_SCOPE" in 2993*7c478bd9Sstevel@tonic-gate sub) VLV_SCOPE="2" ;; 2994*7c478bd9Sstevel@tonic-gate *) VLV_SCOPE="1" ;; 2995*7c478bd9Sstevel@tonic-gate esac 2996*7c478bd9Sstevel@tonic-gate 2997*7c478bd9Sstevel@tonic-gate # Here doc to create LDIF. 2998*7c478bd9Sstevel@tonic-gate ( cat <<EOF 2999*7c478bd9Sstevel@tonic-gatedn: ${_jEXT} 3000*7c478bd9Sstevel@tonic-gateobjectClass: top 3001*7c478bd9Sstevel@tonic-gateobjectClass: vlvSearch 3002*7c478bd9Sstevel@tonic-gatecn: ${j} 3003*7c478bd9Sstevel@tonic-gatevlvbase: ${k},${LDAP_BASEDN} 3004*7c478bd9Sstevel@tonic-gatevlvscope: ${VLV_SCOPE} 3005*7c478bd9Sstevel@tonic-gatevlvfilter: (${m}) 3006*7c478bd9Sstevel@tonic-gateaci: (target="ldap:///${_jEXT}")(targetattr="*")(version 3.0; acl "Config";allow(read,search,compare)userdn="ldap:///anyone";) 3007*7c478bd9Sstevel@tonic-gate 3008*7c478bd9Sstevel@tonic-gatedn: cn=${i},${_jEXT} 3009*7c478bd9Sstevel@tonic-gatecn: ${i} 3010*7c478bd9Sstevel@tonic-gatevlvSort: cn uid 3011*7c478bd9Sstevel@tonic-gateobjectclass: top 3012*7c478bd9Sstevel@tonic-gateobjectclass: vlvIndex 3013*7c478bd9Sstevel@tonic-gateEOF 3014*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_index_${i} 3015*7c478bd9Sstevel@tonic-gate 3016*7c478bd9Sstevel@tonic-gate # Add the index. 3017*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}" 3018*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3019*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding VLV index for ${i} failed!" 3020*7c478bd9Sstevel@tonic-gate cleanup 3021*7c478bd9Sstevel@tonic-gate exit 1 3022*7c478bd9Sstevel@tonic-gate fi 3023*7c478bd9Sstevel@tonic-gate 3024*7c478bd9Sstevel@tonic-gate # Print message that index was created. 3025*7c478bd9Sstevel@tonic-gate ${ECHO} " ${i} vlv_index Entry created" 3026*7c478bd9Sstevel@tonic-gate 3027*7c478bd9Sstevel@tonic-gate # Add command to list of vlvindex commands to run. 3028*7c478bd9Sstevel@tonic-gate ${ECHO} " directoryserver -s ${_INSTANCE} vlvindex -n ${IDS_DATABASE} -T ${i}" >> ${TMPDIR}/vlvindex_list 3029*7c478bd9Sstevel@tonic-gate done 3030*7c478bd9Sstevel@tonic-gate} 3031*7c478bd9Sstevel@tonic-gate 3032*7c478bd9Sstevel@tonic-gate 3033*7c478bd9Sstevel@tonic-gate# 3034*7c478bd9Sstevel@tonic-gate# display_vlv_cmds(): Display VLV index commands to run on server. 3035*7c478bd9Sstevel@tonic-gate# 3036*7c478bd9Sstevel@tonic-gatedisplay_vlv_cmds() 3037*7c478bd9Sstevel@tonic-gate{ 3038*7c478bd9Sstevel@tonic-gate if [ -s "${TMPDIR}/vlvindex_list" ]; then 3039*7c478bd9Sstevel@tonic-gate display_msg display_vlv_list 3040*7c478bd9Sstevel@tonic-gate cat ${TMPDIR}/vlvindex_list 3041*7c478bd9Sstevel@tonic-gate fi 3042*7c478bd9Sstevel@tonic-gate} 3043*7c478bd9Sstevel@tonic-gate 3044*7c478bd9Sstevel@tonic-gate 3045*7c478bd9Sstevel@tonic-gate# 3046*7c478bd9Sstevel@tonic-gate# update_schema_attr(): Update Schema to support Naming. 3047*7c478bd9Sstevel@tonic-gate# 3048*7c478bd9Sstevel@tonic-gateupdate_schema_attr() 3049*7c478bd9Sstevel@tonic-gate{ 3050*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_attr()" 3051*7c478bd9Sstevel@tonic-gate 3052*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3053*7c478bd9Sstevel@tonic-gatedn: cn=schema 3054*7c478bd9Sstevel@tonic-gatechangetype: modify 3055*7c478bd9Sstevel@tonic-gateadd: attributetypes 3056*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'NIS public key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3057*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'NIS secret key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3058*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3059*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3060*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'automount Key Value' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3061*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'automount information' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3062*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3063*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3064*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3065*7c478bd9Sstevel@tonic-gateattributetypes: ( rfc822mailMember-oid NAME 'rfc822mailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3066*7c478bd9Sstevel@tonic-gateattributetypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3067*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3068*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 3069*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3070*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 3071*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3072*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 3073*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 3074*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.22 NAME 'SolarisCertificatePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3075*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.23 NAME 'SolarisCertificatePassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3076*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 3077*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3078*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 3079*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferredServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 3080*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferredServerOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3081*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3082*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.4 NAME 'SolarisAttrKeyValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3083*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.5 NAME 'SolarisAuditAlways' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3084*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.6 NAME 'SolarisAuditNever' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3085*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.7 NAME 'SolarisAttrShortDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3086*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.8 NAME 'SolarisAttrLongDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3087*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.9 NAME 'SolarisKernelSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3088*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.10 NAME 'SolarisProfileType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3089*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.11 NAME 'SolarisProfileId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3090*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.12 NAME 'SolarisUserQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3091*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.13 NAME 'SolarisAttrReserved1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3092*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.14 NAME 'SolarisAttrReserved2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3093*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.1 NAME 'SolarisProjectID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 3094*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.2 NAME 'SolarisProjectName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 3095*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.3 NAME 'SolarisProjectAttr' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3096*7c478bd9Sstevel@tonic-gateattributetypes: ( memberGid-oid NAME 'memberGid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3097*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3098*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 3099*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3100*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 3101*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 3102*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3103*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3104*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live before a client DUA should re-read this configuration profile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 3105*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 3106*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3107*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3108*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3109*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3110*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Search scope used by a service of the DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 3111*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication Method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3112*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer. This URI SHOULD be used as a relative distinguished name (RDN). If printer-xri-supported is implemented, then this URI value MUST be listed in a member value of printer-xri-supported.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 3113*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The unordered list of XRI (extended resource identifiers) supported by this printer. Each member of the list consists of a URI (uniform resource identifier) followed by optional authentication and security metaparameters.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 3114*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-specific administrative name of this printer, more end-user friendly than a URI.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3115*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configured' DESC 'The configured language in which error and status messages will be generated (by default) by this printer. Also, a possible language for printer string attributes set by operator, system administrator, or manufacturer. Also, the (declared) language of the "printer-name", "printer-location", "printer-info", and "printer-make-and-model" attributes of this printer. For example: "en-us" (US English) or "fr-fr" (French in France) Legal values of language tags conform to [RFC3066] "Tags for the Identification of Languages".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3116*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'Identifies the location of the printer. This could include things like: "in Room 123A", "second floor of building XYZ".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3117*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Identifies the descriptive information about this printer. This could include things like: "This printer can be used for printing color transparencies for HR presentations", or "Out of courtesy for others, please print only small (1-5 page) jobs at this printer", or even "This printer is going away on July 1, 1997, please find a new printer".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3118*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI used to obtain more information about this specific printer. For example, this could be an HTTP type URI referencing an HTML page accessible to a Web Browser. The information obtained from this URI is intended for end user consumption.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 3119*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Identifies the make and model of the device. The device manufacturer MAY initially populate this attribute.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3120*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DESC 'Identifies the IPP protocol version(s) that this printer supports, including major and minor versions, i.e., the version numbers for which this Printer implementation meets the conformance requirements.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3121*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-supported' DESC 'Indicates whether or not the printer supports more than one document per job, i.e., more than one Send-Document or Send-Data operation with document data.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3122*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC 'The configured charset in which error and status messages will be generated (by default) by this printer. Also, a possible charset for printer string attributes set by operator, system administrator, or manufacturer. For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1). Legal values are defined by the IANA Registry of Coded Character Sets and the "(preferred MIME name)" SHALL be used as the tag. For coherence with IPP Model, charset tags in this attribute SHALL be lowercase normalized. This attribute SHOULD be static (time of registration) and SHOULD NOT be dynamically refreshed attributetypes: (subsequently).' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} SINGLE-VALUE ) 3123*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'Identifies the set of charsets supported for attribute type values of type Directory String for this directory entry. For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1). Legal values are defined by the IANA Registry of Coded Character Sets and the preferred MIME name.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} ) 3124*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language-supported' DESC 'Identifies the natural language(s) supported for this directory entry. For example: "en-us" (US English) or "fr-fr" (French in France). Legal values conform to [RFC3066], Tags for the Identification of Languages.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} ) 3125*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible document formats in which data may be interpreted and printed by this printer. Legal values are MIME types come from the IANA Registry of Internet Media Types.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3126*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Indicates whether this printer is capable of any type of color printing at all, including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 3127*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DESC 'Compression algorithms supported by this printer. For example: "deflate, gzip". Legal values include; "none", "deflate" attributetypes: (public domain ZIP), "gzip" (GNU ZIP), "compress" (UNIX).' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 3128*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'The nominal number of pages per minute which may be output by this printer (e.g., a simplex or black-and-white printer). This attribute is informative, NOT a service guarantee. Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 3129*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DESC 'The nominal number of color pages per minute which may be output by this printer (e.g., a simplex or color printer). This attribute is informative, NOT a service guarantee. Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 3130*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer. Legal values include; "none", "staple", "punch", "cover", "bind", "saddle-stitch", "edge-stitch", "staple-top-left", "staple-bottom-left", "staple-top-right", "staple-bottom-right", "edge-stitch-left", "edge-stitch-top", "edge-stitch-right", "edge-stitch-bottom", "staple-dual-left", "staple-dual-top", "staple-dual-right", "staple-dual-bottom".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 3131*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium. Legal values include; 1, 2, and 4. Implementations may support other values.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 3132*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotations supported by this printer. Legal values include; "one-sided", "two-sided-long-edge", "two-sided-short-edge".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3133*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supported by this printer. For example: "iso-a4", "envelope", or "na-letter-white". Legal values conform to ISO 10175, Document Printing Application (DPA), and any IANA registered extensions.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 3134*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DESC 'Site-specific names of media supported by this printer, in the language in "printer-natural-language-configured". For example: "purchasing-form" (site-specific name) as opposed to (in "printer-media-supported"): "na-letter" (standard keyword from ISO 10175).' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 3135*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer. Each resolution value is a string with 3 fields: 1) Cross feed direction resolution (positive integer), 2) Feed direction resolution (positive integer), 3) Resolution unit. Legal values are "dpi" (dots per inch) and "dpcm" (dots per centimeter). Each resolution field is delimited by ">". For example: "300> 300> dpi>".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 3136*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' DESC 'List of print qualities supported for printing documents on this printer. For example: "draft, normal". Legal values include; "unknown", "draft", "normal", "high".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3137*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DESC 'Indicates the number of job priority levels supported. An IPP conformant printer which supports job priority must always support a full range of priorities from "1" to "100" (to ensure consistent behavior), therefore this attribute describes the "granularity". Legal values of this attribute are from "1" to "100".' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 3138*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'The maximum number of copies of a document that may be printed as a single job. A value of "0" indicates no maximum limit. A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 3139*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DESC 'The maximum size in kilobytes (1,024 octets actually) incoming print job that this printer will accept. A value of "0" indicates no maximum limit. A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 3140*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'The name of the current human operator responsible for operating this printer. It is suggested that this string include information that would enable other humans to reach the operator, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3141*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The name of the current human service person responsible for servicing this printer. It is suggested that this string include information that would enable other humans to reach the service person, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 3142*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-supported' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer. Legal values include; "unknown", "face-up", and "face-down".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3143*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer. Legal values include; "unknown", "first-to-last", "last-to-first".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3144*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer. Legal values include; "unknown", "bursting", "decollating", "page-collating", "offset-stacking".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3145*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'Site-specific administrative names of this printer in addition the printer name specified for printer-name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 3146*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.63 NAME 'sun-printer-bsdaddr' DESC 'Sets the server, print queue destination name and whether the client generates protocol extensions. "Solaris" specifies a Solaris print server extension. The value is represented by the following value: server "," destination ", Solaris".' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 3147*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.64 NAME 'sun-printer-kvp' DESC 'This attribute contains a set of key value pairs which may have meaning to the print subsystem or may be user defined. Each value is represented by the following: key "=" value.' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 3148*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.57 NAME 'nisplusTimeZone' DESC 'tzone column from NIS+ timezone table' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 3149*7c478bd9Sstevel@tonic-gateEOF 3150*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_attr 3151*7c478bd9Sstevel@tonic-gate 3152*7c478bd9Sstevel@tonic-gate # Add the entry. 3153*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_attr ${VERB}" 3154*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3155*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of schema attributes failed!" 3156*7c478bd9Sstevel@tonic-gate cleanup 3157*7c478bd9Sstevel@tonic-gate exit 1 3158*7c478bd9Sstevel@tonic-gate fi 3159*7c478bd9Sstevel@tonic-gate 3160*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3161*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Schema attributes have been updated." 3162*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3163*7c478bd9Sstevel@tonic-gate} 3164*7c478bd9Sstevel@tonic-gate 3165*7c478bd9Sstevel@tonic-gate 3166*7c478bd9Sstevel@tonic-gate# 3167*7c478bd9Sstevel@tonic-gate# update_schema_obj(): Update the schema objectclass definitions. 3168*7c478bd9Sstevel@tonic-gate# 3169*7c478bd9Sstevel@tonic-gateupdate_schema_obj() 3170*7c478bd9Sstevel@tonic-gate{ 3171*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_obj()" 3172*7c478bd9Sstevel@tonic-gate 3173*7c478bd9Sstevel@tonic-gate # Add the objectclass definitions. 3174*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3175*7c478bd9Sstevel@tonic-gatedn: cn=schema 3176*7c478bd9Sstevel@tonic-gatechangetype: modify 3177*7c478bd9Sstevel@tonic-gateadd: objectclasses 3178*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.14 NAME 'NisKeyObject' SUP 'top' MUST (objectclass $ cn $ nisPublickey $ nisSecretkey) MAY (uidNumber $ description)) 3179*7c478bd9Sstevel@tonic-gate 3180*7c478bd9Sstevel@tonic-gatedn: cn=schema 3181*7c478bd9Sstevel@tonic-gatechangetype: modify 3182*7c478bd9Sstevel@tonic-gateadd: objectclasses 3183*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP 'top' MUST (objectclass $ nisDomain) MAY ()) 3184*7c478bd9Sstevel@tonic-gate 3185*7c478bd9Sstevel@tonic-gatedn: cn=schema 3186*7c478bd9Sstevel@tonic-gatechangetype: modify 3187*7c478bd9Sstevel@tonic-gateadd: objectclasses 3188*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP 'top' MUST (objectclass $ automountMapName) MAY (description)) 3189*7c478bd9Sstevel@tonic-gate 3190*7c478bd9Sstevel@tonic-gatedn: cn=schema 3191*7c478bd9Sstevel@tonic-gatechangetype: modify 3192*7c478bd9Sstevel@tonic-gateadd: objectclasses 3193*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP 'top' MUST (objectclass $ automountKey $ automountInformation ) MAY (description)) 3194*7c478bd9Sstevel@tonic-gate 3195*7c478bd9Sstevel@tonic-gatedn: cn=schema 3196*7c478bd9Sstevel@tonic-gatechangetype: modify 3197*7c478bd9Sstevel@tonic-gateadd: objectclasses 3198*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.7 NAME 'SolarisNamingProfile' SUP 'top' MUST (objectclass $ cn $ SolarisLDAPservers $ SolarisSearchBaseDN) MAY (SolarisBindDN $ SolarisBindPassword $ SolarisAuthMethod $ SolarisTransportSecurity $ SolarisCertificatePath $ SolarisCertificatePassword $ SolarisDataSearchDN $ SolarisSearchScope $ SolarisSearchTimeLimit $ SolarisPreferredServer $ SolarisPreferredServerOnly $ SolarisCacheTTL $ SolarisSearchReferral)) 3199*7c478bd9Sstevel@tonic-gate 3200*7c478bd9Sstevel@tonic-gatedn: cn=schema 3201*7c478bd9Sstevel@tonic-gatechangetype: modify 3202*7c478bd9Sstevel@tonic-gateadd: objectclasses 3203*7c478bd9Sstevel@tonic-gateobjectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' SUP 'top' MUST (objectclass $ mail) MAY (cn $ mgrpRFC822MailMember)) 3204*7c478bd9Sstevel@tonic-gate 3205*7c478bd9Sstevel@tonic-gatedn: cn=schema 3206*7c478bd9Sstevel@tonic-gatechangetype: modify 3207*7c478bd9Sstevel@tonic-gateadd: objectclasses 3208*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP 'top' MUST (objectclass $ cn) MAY (rfc822mailMember)) 3209*7c478bd9Sstevel@tonic-gate 3210*7c478bd9Sstevel@tonic-gatedn: cn=schema 3211*7c478bd9Sstevel@tonic-gatechangetype: modify 3212*7c478bd9Sstevel@tonic-gateadd: objectclasses 3213*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' SUP 'top' MUST (objectclass $ cn) MAY (nisNetIdUser $ nisNetIdGroup $ nisNetIdHost)) 3214*7c478bd9Sstevel@tonic-gate 3215*7c478bd9Sstevel@tonic-gatedn: cn=schema 3216*7c478bd9Sstevel@tonic-gatechangetype: modify 3217*7c478bd9Sstevel@tonic-gateadd: objectclasses 3218*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.2 NAME 'SolarisAuditUser' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisAuditAlways $ SolarisAuditNever)) 3219*7c478bd9Sstevel@tonic-gate 3220*7c478bd9Sstevel@tonic-gatedn: cn=schema 3221*7c478bd9Sstevel@tonic-gatechangetype: modify 3222*7c478bd9Sstevel@tonic-gateadd: objectclasses 3223*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.3 NAME 'SolarisUserAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisUserQualifier $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrKeyValue)) 3224*7c478bd9Sstevel@tonic-gate 3225*7c478bd9Sstevel@tonic-gatedn: cn=schema 3226*7c478bd9Sstevel@tonic-gatechangetype: modify 3227*7c478bd9Sstevel@tonic-gateadd: objectclasses 3228*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.4 NAME 'SolarisAuthAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrShortDesc $ SolarisAttrLongDesc $ SolarisAttrKeyValue)) 3229*7c478bd9Sstevel@tonic-gate 3230*7c478bd9Sstevel@tonic-gatedn: cn=schema 3231*7c478bd9Sstevel@tonic-gatechangetype: modify 3232*7c478bd9Sstevel@tonic-gateadd: objectclasses 3233*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.5 NAME 'SolarisProfAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrLongDesc $ SolarisAttrKeyValue)) 3234*7c478bd9Sstevel@tonic-gate 3235*7c478bd9Sstevel@tonic-gatedn: cn=schema 3236*7c478bd9Sstevel@tonic-gatechangetype: modify 3237*7c478bd9Sstevel@tonic-gateadd: objectclasses 3238*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.6 NAME 'SolarisExecAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisKernelSecurityPolicy $ SolarisProfileType $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisProfileID $ SolarisAttrKeyValue)) 3239*7c478bd9Sstevel@tonic-gate 3240*7c478bd9Sstevel@tonic-gatedn: cn=schema 3241*7c478bd9Sstevel@tonic-gatechangetype: modify 3242*7c478bd9Sstevel@tonic-gateadd: objectclasses 3243*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.1 NAME 'SolarisProject' SUP 'top' MUST (objectclass $ SolarisProjectID $ SolarisProjectName) MAY (memberUid $ memberGid $ description $ SolarisProjectAttr)) 3244*7c478bd9Sstevel@tonic-gate 3245*7c478bd9Sstevel@tonic-gatedn: cn=schema 3246*7c478bd9Sstevel@tonic-gatechangetype: modify 3247*7c478bd9Sstevel@tonic-gateadd: objectclasses 3248*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP 'top' DESC 'Abstraction of a base configuration for a DUA' MUST (cn) MAY (defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL)) 3249*7c478bd9Sstevel@tonic-gate 3250*7c478bd9Sstevel@tonic-gatedn: cn=schema 3251*7c478bd9Sstevel@tonic-gatechangetype: modify 3252*7c478bd9Sstevel@tonic-gateadd: objectclasses 3253*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.2549 NAME 'slpService' DESC 'DUMMY definition' SUP 'top' MUST (objectclass) MAY ()) 3254*7c478bd9Sstevel@tonic-gate 3255*7c478bd9Sstevel@tonic-gatedn: cn=schema 3256*7c478bd9Sstevel@tonic-gatechangetype: modify 3257*7c478bd9Sstevel@tonic-gateadd: objectclasses 3258*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.254 NAME 'slpServicePrinter' DESC 'Service Location Protocol (SLP) information.' AUXILIARY SUP 'slpService') 3259*7c478bd9Sstevel@tonic-gate 3260*7c478bd9Sstevel@tonic-gatedn: cn=schema 3261*7c478bd9Sstevel@tonic-gatechangetype: modify 3262*7c478bd9Sstevel@tonic-gateadd: objectclasses 3263*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer related information.' ABSTRACT SUP 'top' MAY ( printer-name $ printer-natural-language-configured $ printer-location $ printer-info $ printer-more-info $ printer-make-and-model $ printer-multiple-document-jobs-supported $ printer-charset-configured $ printer-charset-supported $ printer-generated-natural-language-supported $ printer-document-format-supported $ printer-color-supported $ printer-compression-supported $ printer-pages-per-minute $ printer-pages-per-minute-color $ printer-finishings-supported $ printer-number-up-supported $ printer-sides-supported $ printer-media-supported $ printer-media-local-supported $ printer-resolution-supported $ printer-print-quality-supported $ printer-job-priority-supported $ printer-copies-supported $ printer-job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supported $ printer-output-features-supported )) 3264*7c478bd9Sstevel@tonic-gate 3265*7c478bd9Sstevel@tonic-gatedn: cn=schema 3266*7c478bd9Sstevel@tonic-gatechangetype: modify 3267*7c478bd9Sstevel@tonic-gateadd: objectclasses 3268*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer information.' STRUCTURAL SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported )) 3269*7c478bd9Sstevel@tonic-gate 3270*7c478bd9Sstevel@tonic-gatedn: cn=schema 3271*7c478bd9Sstevel@tonic-gatechangetype: modify 3272*7c478bd9Sstevel@tonic-gateadd: objectclasses 3273*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printer information.' AUXILIARY SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported )) 3274*7c478bd9Sstevel@tonic-gate 3275*7c478bd9Sstevel@tonic-gatedn: cn=schema 3276*7c478bd9Sstevel@tonic-gatechangetype: modify 3277*7c478bd9Sstevel@tonic-gateadd: objectclasses 3278*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' AUXILIARY SUP 'top' MAY ( printer-ipp-versions-supported $ printer-multiple-document-jobs-supported )) 3279*7c478bd9Sstevel@tonic-gate 3280*7c478bd9Sstevel@tonic-gatedn: cn=schema 3281*7c478bd9Sstevel@tonic-gatechangetype: modify 3282*7c478bd9Sstevel@tonic-gateadd: objectclasses 3283*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' AUXILIARY SUP 'top' MUST ( printer-name ) MAY ( printer-aliases)) 3284*7c478bd9Sstevel@tonic-gate 3285*7c478bd9Sstevel@tonic-gatedn: cn=schema 3286*7c478bd9Sstevel@tonic-gatechangetype: modify 3287*7c478bd9Sstevel@tonic-gateadd: objectclasses 3288*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.14 NAME 'sunPrinter' DESC 'Sun printer information' SUP 'top' AUXILIARY MUST (objectclass $ printer-name) MAY (sun-printer-bsdaddr $ sun-printer-kvp)) 3289*7c478bd9Sstevel@tonic-gate 3290*7c478bd9Sstevel@tonic-gatedn: cn=schema 3291*7c478bd9Sstevel@tonic-gatechangetype: modify 3292*7c478bd9Sstevel@tonic-gateadd: objectclasses 3293*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.12 NAME 'nisplusTimeZoneData' DESC 'NIS+ timezone table data' SUP top STRUCTURAL MUST ( cn ) MAY ( nisplusTimeZone $ description ) ) 3294*7c478bd9Sstevel@tonic-gateEOF 3295*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_obj 3296*7c478bd9Sstevel@tonic-gate 3297*7c478bd9Sstevel@tonic-gate # Add the entry. 3298*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_obj ${VERB}" 3299*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3300*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of schema objectclass definitions failed!" 3301*7c478bd9Sstevel@tonic-gate cleanup 3302*7c478bd9Sstevel@tonic-gate exit 1 3303*7c478bd9Sstevel@tonic-gate fi 3304*7c478bd9Sstevel@tonic-gate 3305*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3306*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Schema objectclass definitions have been added." 3307*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3308*7c478bd9Sstevel@tonic-gate} 3309*7c478bd9Sstevel@tonic-gate 3310*7c478bd9Sstevel@tonic-gate 3311*7c478bd9Sstevel@tonic-gate# 3312*7c478bd9Sstevel@tonic-gate# modify_top_aci(): Modify the ACI for the top entry to disable self modify 3313*7c478bd9Sstevel@tonic-gate# of user attributes. 3314*7c478bd9Sstevel@tonic-gate# 3315*7c478bd9Sstevel@tonic-gatemodify_top_aci() 3316*7c478bd9Sstevel@tonic-gate{ 3317*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_top_aci()" 3318*7c478bd9Sstevel@tonic-gate 3319*7c478bd9Sstevel@tonic-gate # Set ACI Name 3320*7c478bd9Sstevel@tonic-gate ACI_NAME="LDAP_Naming_Services_deny_write_access" 3321*7c478bd9Sstevel@tonic-gate 3322*7c478bd9Sstevel@tonic-gate # Search for ACI_NAME 3323*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_top_aci 2>&1" 3324*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3325*7c478bd9Sstevel@tonic-gate ${ECHO} "Error searching aci for ${LDAP_BASEDN}" 3326*7c478bd9Sstevel@tonic-gate cat ${TMPDIR}/chk_top_aci 3327*7c478bd9Sstevel@tonic-gate cleanup 3328*7c478bd9Sstevel@tonic-gate exit 1 3329*7c478bd9Sstevel@tonic-gate fi 3330*7c478bd9Sstevel@tonic-gate ${GREP} "${ACI_NAME}" ${TMPDIR}/chk_top_aci > /dev/null 2>&1 3331*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3332*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Top level ACI ${ACI_NAME} already exists for ${LDAP_BASEDN}." 3333*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3334*7c478bd9Sstevel@tonic-gate return 0 3335*7c478bd9Sstevel@tonic-gate fi 3336*7c478bd9Sstevel@tonic-gate 3337*7c478bd9Sstevel@tonic-gate # Crate LDIF for top level ACI. 3338*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3339*7c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN} 3340*7c478bd9Sstevel@tonic-gatechangetype: modify 3341*7c478bd9Sstevel@tonic-gateadd: aci 3342*7c478bd9Sstevel@tonic-gateaci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";) 3343*7c478bd9Sstevel@tonic-gate- 3344*7c478bd9Sstevel@tonic-gateEOF 3345*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/top_aci 3346*7c478bd9Sstevel@tonic-gate 3347*7c478bd9Sstevel@tonic-gate # Add the entry. 3348*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/top_aci ${VERB}" 3349*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3350*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Modify of top level ACI failed! (restricts self modify)" 3351*7c478bd9Sstevel@tonic-gate cleanup 3352*7c478bd9Sstevel@tonic-gate exit 1 3353*7c478bd9Sstevel@tonic-gate fi 3354*7c478bd9Sstevel@tonic-gate 3355*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3356*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. ACI for ${LDAP_BASEDN} modified to disable self modify." 3357*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3358*7c478bd9Sstevel@tonic-gate} 3359*7c478bd9Sstevel@tonic-gate 3360*7c478bd9Sstevel@tonic-gate 3361*7c478bd9Sstevel@tonic-gate# 3362*7c478bd9Sstevel@tonic-gate# add_vlv_aci(): Add access control information (aci) for VLV. 3363*7c478bd9Sstevel@tonic-gate# 3364*7c478bd9Sstevel@tonic-gateadd_vlv_aci() 3365*7c478bd9Sstevel@tonic-gate{ 3366*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_aci()" 3367*7c478bd9Sstevel@tonic-gate 3368*7c478bd9Sstevel@tonic-gate # Add the VLV ACI. 3369*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3370*7c478bd9Sstevel@tonic-gatedn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 3371*7c478bd9Sstevel@tonic-gatechangetype: modify 3372*7c478bd9Sstevel@tonic-gatereplace: aci 3373*7c478bd9Sstevel@tonic-gateaci: (targetattr != "aci") (version 3.0; acl "VLV Request Control"; allow(read,search,compare) userdn = "ldap:///anyone";) 3374*7c478bd9Sstevel@tonic-gateEOF 3375*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_aci 3376*7c478bd9Sstevel@tonic-gate 3377*7c478bd9Sstevel@tonic-gate # Add the entry. 3378*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/vlv_aci ${VERB}" 3379*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3380*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Add of VLV ACI failed!" 3381*7c478bd9Sstevel@tonic-gate cleanup 3382*7c478bd9Sstevel@tonic-gate exit 1 3383*7c478bd9Sstevel@tonic-gate fi 3384*7c478bd9Sstevel@tonic-gate 3385*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3386*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Add of VLV Access Control Information (ACI)." 3387*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3388*7c478bd9Sstevel@tonic-gate} 3389*7c478bd9Sstevel@tonic-gate 3390*7c478bd9Sstevel@tonic-gate 3391*7c478bd9Sstevel@tonic-gate# 3392*7c478bd9Sstevel@tonic-gate# set_nisdomain(): Add the NisDomainObject to the Base DN. 3393*7c478bd9Sstevel@tonic-gate# 3394*7c478bd9Sstevel@tonic-gateset_nisdomain() 3395*7c478bd9Sstevel@tonic-gate{ 3396*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In set_nisdomain()" 3397*7c478bd9Sstevel@tonic-gate 3398*7c478bd9Sstevel@tonic-gate # Check if nisDomain is already set. 3399*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "${LDAP_BASEDN}" -s base "objectclass=*" > ${TMPDIR}/chk_nisdomain 2>&1 3400*7c478bd9Sstevel@tonic-gate eval "${GREP} -i nisDomain ${TMPDIR}/chk_nisdomain ${VERB}" 3401*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3402*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. NisDomainObject for ${LDAP_BASEDN} was already set." 3403*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3404*7c478bd9Sstevel@tonic-gate return 0 3405*7c478bd9Sstevel@tonic-gate fi 3406*7c478bd9Sstevel@tonic-gate 3407*7c478bd9Sstevel@tonic-gate # Add the new top level containers. 3408*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3409*7c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN} 3410*7c478bd9Sstevel@tonic-gatechangetype: modify 3411*7c478bd9Sstevel@tonic-gateobjectclass: nisDomainObject 3412*7c478bd9Sstevel@tonic-gatenisdomain: ${LDAP_DOMAIN} 3413*7c478bd9Sstevel@tonic-gateEOF 3414*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/nis_domain 3415*7c478bd9Sstevel@tonic-gate 3416*7c478bd9Sstevel@tonic-gate # Add the entry. 3417*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/nis_domain ${VERB}" 3418*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3419*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of NisDomainObject in ${LDAP_BASEDN} failed." 3420*7c478bd9Sstevel@tonic-gate cleanup 3421*7c478bd9Sstevel@tonic-gate exit 1 3422*7c478bd9Sstevel@tonic-gate fi 3423*7c478bd9Sstevel@tonic-gate 3424*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3425*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. NisDomainObject added to ${LDAP_BASEDN}." 3426*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3427*7c478bd9Sstevel@tonic-gate} 3428*7c478bd9Sstevel@tonic-gate 3429*7c478bd9Sstevel@tonic-gate 3430*7c478bd9Sstevel@tonic-gate# 3431*7c478bd9Sstevel@tonic-gate# check_attrName(): Check that the attribute name is valid. 3432*7c478bd9Sstevel@tonic-gate# $1 Key to check. 3433*7c478bd9Sstevel@tonic-gate# Returns 0 : valid name 1 : invalid name 3434*7c478bd9Sstevel@tonic-gate# 3435*7c478bd9Sstevel@tonic-gatecheck_attrName() 3436*7c478bd9Sstevel@tonic-gate{ 3437*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In check_attrName()" 3438*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_attrName: Input Param = $1" 3439*7c478bd9Sstevel@tonic-gate 3440*7c478bd9Sstevel@tonic-gate ${ECHO} $1 | ${EGREP} '^[0-9]+(\.[0-9]+)*$' > /dev/null 2>&1 3441*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3442*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \ 3443*7c478bd9Sstevel@tonic-gate attributeTypes | ${EGREP} -i '^attributetypes[ ]*=[ ]*\([ ]*$1 ' ${VERB}" 3444*7c478bd9Sstevel@tonic-gate else 3445*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \ 3446*7c478bd9Sstevel@tonic-gate attributeTypes | ${EGREP} -i \"'$1'\" ${VERB}" 3447*7c478bd9Sstevel@tonic-gate fi 3448*7c478bd9Sstevel@tonic-gate 3449*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3450*7c478bd9Sstevel@tonic-gate return 1 3451*7c478bd9Sstevel@tonic-gate else 3452*7c478bd9Sstevel@tonic-gate return 0 3453*7c478bd9Sstevel@tonic-gate fi 3454*7c478bd9Sstevel@tonic-gate} 3455*7c478bd9Sstevel@tonic-gate 3456*7c478bd9Sstevel@tonic-gate 3457*7c478bd9Sstevel@tonic-gate# 3458*7c478bd9Sstevel@tonic-gate# get_objectclass(): Determine the objectclass for the given attribute name 3459*7c478bd9Sstevel@tonic-gate# $1 Attribute name to check. 3460*7c478bd9Sstevel@tonic-gate# _ATTR_NAME Return value, Object Name or NULL if unknown to idsconfig. 3461*7c478bd9Sstevel@tonic-gate# 3462*7c478bd9Sstevel@tonic-gate# NOTE: An attribute name can be valid but still we might not be able 3463*7c478bd9Sstevel@tonic-gate# to determine the objectclass from the table. 3464*7c478bd9Sstevel@tonic-gate# In such cases, the user needs to create the necessary object(s). 3465*7c478bd9Sstevel@tonic-gate# 3466*7c478bd9Sstevel@tonic-gateget_objectclass() 3467*7c478bd9Sstevel@tonic-gate{ 3468*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_objectclass()" 3469*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: Input Param = $1" 3470*7c478bd9Sstevel@tonic-gate 3471*7c478bd9Sstevel@tonic-gate # Set return value to NULL string. 3472*7c478bd9Sstevel@tonic-gate _ATTR_NAME="" 3473*7c478bd9Sstevel@tonic-gate 3474*7c478bd9Sstevel@tonic-gate # Test key for type: 3475*7c478bd9Sstevel@tonic-gate case `${ECHO} ${1} | tr '[A-Z]' '[a-z]'` in 3476*7c478bd9Sstevel@tonic-gate ou | organizationalunitname | 2.5.4.11) _ATTR_NAME="organizationalUnit" ;; 3477*7c478bd9Sstevel@tonic-gate dc | domaincomponent | 0.9.2342.19200300.100.1.25) _ATTR_NAME="domain" ;; 3478*7c478bd9Sstevel@tonic-gate o | organizationname | 2.5.4.10) _ATTR_NAME="organization" ;; 3479*7c478bd9Sstevel@tonic-gate c | countryname | 2.5.4.6) _ATTR_NAME="country" ;; 3480*7c478bd9Sstevel@tonic-gate *) _ATTR_NAME="" ;; 3481*7c478bd9Sstevel@tonic-gate esac 3482*7c478bd9Sstevel@tonic-gate 3483*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: _ATTR_NAME = $_ATTR_NAME" 3484*7c478bd9Sstevel@tonic-gate} 3485*7c478bd9Sstevel@tonic-gate 3486*7c478bd9Sstevel@tonic-gate 3487*7c478bd9Sstevel@tonic-gate# 3488*7c478bd9Sstevel@tonic-gate# add_base_objects(): Add any necessary base objects. 3489*7c478bd9Sstevel@tonic-gate# 3490*7c478bd9Sstevel@tonic-gateadd_base_objects() 3491*7c478bd9Sstevel@tonic-gate{ 3492*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_base_objects()" 3493*7c478bd9Sstevel@tonic-gate 3494*7c478bd9Sstevel@tonic-gate # Convert to lower case for basename. 3495*7c478bd9Sstevel@tonic-gate format_string "${LDAP_BASEDN}" 3496*7c478bd9Sstevel@tonic-gate LOWER_BASEDN="${FMT_STR}" 3497*7c478bd9Sstevel@tonic-gate format_string "${LDAP_SUFFIX}" 3498*7c478bd9Sstevel@tonic-gate LOWER_SUFFIX="${FMT_STR}" 3499*7c478bd9Sstevel@tonic-gate 3500*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}" 3501*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}" 3502*7c478bd9Sstevel@tonic-gate 3503*7c478bd9Sstevel@tonic-gate # Create additional components. 3504*7c478bd9Sstevel@tonic-gate if [ "${LOWER_BASEDN}" = "${LOWER_SUFFIX}" ]; then 3505*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "Base DN and Suffix equivalent" 3506*7c478bd9Sstevel@tonic-gate else 3507*7c478bd9Sstevel@tonic-gate # first, test that the suffix is valid 3508*7c478bd9Sstevel@tonic-gate dcstmp=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"` 3509*7c478bd9Sstevel@tonic-gate if [ "$dcstmp" = "${LOWER_BASEDN}" ]; then 3510*7c478bd9Sstevel@tonic-gate # should not happen since check_basedn_suffix() succeeded 3511*7c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix ${LOWER_SUFFIX}" 3512*7c478bd9Sstevel@tonic-gate ${ECHO} "for Base DN ${LOWER_BASEDN}" 3513*7c478bd9Sstevel@tonic-gate cleanup 3514*7c478bd9Sstevel@tonic-gate exit 1 3515*7c478bd9Sstevel@tonic-gate fi 3516*7c478bd9Sstevel@tonic-gate # OK, suffix is valid, start working with LDAP_BASEDN 3517*7c478bd9Sstevel@tonic-gate # field separator is ',' (i.e., space is a valid character) 3518*7c478bd9Sstevel@tonic-gate dcstmp2="`${ECHO} ${LDAP_BASEDN} | 3519*7c478bd9Sstevel@tonic-gate sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'`" 3520*7c478bd9Sstevel@tonic-gate dcs="" 3521*7c478bd9Sstevel@tonic-gate # use dcstmp to count the loop, and dcstmp2 to get the correct 3522*7c478bd9Sstevel@tonic-gate # string case 3523*7c478bd9Sstevel@tonic-gate # dcs should be in reverse order, only for these components 3524*7c478bd9Sstevel@tonic-gate # that need to be added 3525*7c478bd9Sstevel@tonic-gate while [ -n "${dcstmp}" ] 3526*7c478bd9Sstevel@tonic-gate do 3527*7c478bd9Sstevel@tonic-gate i2=`${ECHO} "$dcstmp2" | cut -f1 -d','` 3528*7c478bd9Sstevel@tonic-gate dk=`${ECHO} $i2 | awk -F= '{print $1}'` 3529*7c478bd9Sstevel@tonic-gate dc=`${ECHO} $i2 | awk -F= '{print $2}'` 3530*7c478bd9Sstevel@tonic-gate dcs="$dk=$dc,$dcs"; 3531*7c478bd9Sstevel@tonic-gate dcstmp2=`${ECHO} "$dcstmp2" | cut -f2- -d','` 3532*7c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "$dcstmp" | cut -f2- -d','` 3533*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && \ 3534*7c478bd9Sstevel@tonic-gate ${ECHO} "dcs: ${dcs}\ndcstmp: ${dcstmp}\ndcstmp2: ${dcstmp2}\n" 3535*7c478bd9Sstevel@tonic-gate done 3536*7c478bd9Sstevel@tonic-gate 3537*7c478bd9Sstevel@tonic-gate 3538*7c478bd9Sstevel@tonic-gate 3539*7c478bd9Sstevel@tonic-gate lastdc=${LDAP_SUFFIX} 3540*7c478bd9Sstevel@tonic-gate dc=`${ECHO} "${dcs}" | cut -f1 -d','` 3541*7c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "${dcs}" | cut -f2- -d','` 3542*7c478bd9Sstevel@tonic-gate while [ -n "${dc}" ]; do 3543*7c478bd9Sstevel@tonic-gate # Get Key and component from $dc. 3544*7c478bd9Sstevel@tonic-gate dk2=`${ECHO} $dc | awk -F= '{print $1}'` 3545*7c478bd9Sstevel@tonic-gate dc2=`${ECHO} $dc | awk -F= '{print $2}'` 3546*7c478bd9Sstevel@tonic-gate 3547*7c478bd9Sstevel@tonic-gate # At this point, ${dk2} is a valid attribute name 3548*7c478bd9Sstevel@tonic-gate 3549*7c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 3550*7c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "${dk2}=${dc2},$lastdc" -s base "objectclass=*" > /dev/null 2>&1 3551*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3552*7c478bd9Sstevel@tonic-gate # Set the $lastdc to new dc. 3553*7c478bd9Sstevel@tonic-gate lastdc="${dk2}=${dc2},$lastdc" 3554*7c478bd9Sstevel@tonic-gate 3555*7c478bd9Sstevel@tonic-gate # Process next component. 3556*7c478bd9Sstevel@tonic-gate dc=`${ECHO} "${dcstmp}" | cut -f1 -d','` 3557*7c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','` 3558*7c478bd9Sstevel@tonic-gate continue 3559*7c478bd9Sstevel@tonic-gate 3560*7c478bd9Sstevel@tonic-gate fi 3561*7c478bd9Sstevel@tonic-gate 3562*7c478bd9Sstevel@tonic-gate # Determine the objectclass for the entry. 3563*7c478bd9Sstevel@tonic-gate get_objectclass $dk2 3564*7c478bd9Sstevel@tonic-gate OBJ_Name=${_ATTR_NAME} 3565*7c478bd9Sstevel@tonic-gate if [ "${OBJ_Name}" = "" ]; then 3566*7c478bd9Sstevel@tonic-gate ${ECHO} "Cannot determine objectclass for $dk2" 3567*7c478bd9Sstevel@tonic-gate ${ECHO} "Please create ${dk2}=${dc2},$lastdc entry and rerun idsconfig" 3568*7c478bd9Sstevel@tonic-gate exit 1 3569*7c478bd9Sstevel@tonic-gate fi 3570*7c478bd9Sstevel@tonic-gate 3571*7c478bd9Sstevel@tonic-gate # Add the new container. 3572*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3573*7c478bd9Sstevel@tonic-gatedn: ${dk2}=${dc2},$lastdc 3574*7c478bd9Sstevel@tonic-gate${dk2}: $dc2 3575*7c478bd9Sstevel@tonic-gateobjectClass: top 3576*7c478bd9Sstevel@tonic-gateobjectClass: ${OBJ_Name} 3577*7c478bd9Sstevel@tonic-gateEOF 3578*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/base_objects 3579*7c478bd9Sstevel@tonic-gate 3580*7c478bd9Sstevel@tonic-gate 3581*7c478bd9Sstevel@tonic-gate # Set the $lastdc to new dc. 3582*7c478bd9Sstevel@tonic-gate lastdc="${dk2}=${dc2},$lastdc" 3583*7c478bd9Sstevel@tonic-gate 3584*7c478bd9Sstevel@tonic-gate # Add the entry. 3585*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/base_objects ${VERB}" 3586*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3587*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of base objects ${dc} failed." 3588*7c478bd9Sstevel@tonic-gate cleanup 3589*7c478bd9Sstevel@tonic-gate exit 1 3590*7c478bd9Sstevel@tonic-gate fi 3591*7c478bd9Sstevel@tonic-gate 3592*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3593*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Created DN component ${dc}." 3594*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3595*7c478bd9Sstevel@tonic-gate 3596*7c478bd9Sstevel@tonic-gate # Process next component. 3597*7c478bd9Sstevel@tonic-gate dc=`${ECHO} "${dcstmp}" | cut -f1 -d','` 3598*7c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','` 3599*7c478bd9Sstevel@tonic-gate done 3600*7c478bd9Sstevel@tonic-gate fi 3601*7c478bd9Sstevel@tonic-gate} 3602*7c478bd9Sstevel@tonic-gate 3603*7c478bd9Sstevel@tonic-gate 3604*7c478bd9Sstevel@tonic-gate# 3605*7c478bd9Sstevel@tonic-gate# add_new_containers(): Add the top level classes. 3606*7c478bd9Sstevel@tonic-gate# 3607*7c478bd9Sstevel@tonic-gate# $1 = Base DN 3608*7c478bd9Sstevel@tonic-gate# 3609*7c478bd9Sstevel@tonic-gateadd_new_containers() 3610*7c478bd9Sstevel@tonic-gate{ 3611*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_new_containers()" 3612*7c478bd9Sstevel@tonic-gate 3613*7c478bd9Sstevel@tonic-gate for ou in people group rpc protocols networks netgroup \ 3614*7c478bd9Sstevel@tonic-gate aliases hosts services ethers profile printers \ 3615*7c478bd9Sstevel@tonic-gate SolarisAuthAttr SolarisProfAttr Timezone ; do 3616*7c478bd9Sstevel@tonic-gate 3617*7c478bd9Sstevel@tonic-gate # Check if nismaps already exist. 3618*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"ou=${ou},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 3619*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3620*7c478bd9Sstevel@tonic-gate continue 3621*7c478bd9Sstevel@tonic-gate fi 3622*7c478bd9Sstevel@tonic-gate 3623*7c478bd9Sstevel@tonic-gate # Create TMP file to add. 3624*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3625*7c478bd9Sstevel@tonic-gatedn: ou=${ou},${LDAP_BASEDN} 3626*7c478bd9Sstevel@tonic-gateou: ${ou} 3627*7c478bd9Sstevel@tonic-gateobjectClass: top 3628*7c478bd9Sstevel@tonic-gateobjectClass: organizationalUnit 3629*7c478bd9Sstevel@tonic-gateEOF 3630*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/toplevel.${ou} 3631*7c478bd9Sstevel@tonic-gate 3632*7c478bd9Sstevel@tonic-gate # Add the entry. 3633*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/toplevel.${ou} ${VERB}" 3634*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3635*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Add of ou=${ou} container failed!" 3636*7c478bd9Sstevel@tonic-gate cleanup 3637*7c478bd9Sstevel@tonic-gate exit 1 3638*7c478bd9Sstevel@tonic-gate fi 3639*7c478bd9Sstevel@tonic-gate done 3640*7c478bd9Sstevel@tonic-gate 3641*7c478bd9Sstevel@tonic-gate # Display message that top level OU containers complete. 3642*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Top level \"ou\" containers complete." 3643*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3644*7c478bd9Sstevel@tonic-gate} 3645*7c478bd9Sstevel@tonic-gate 3646*7c478bd9Sstevel@tonic-gate 3647*7c478bd9Sstevel@tonic-gate# 3648*7c478bd9Sstevel@tonic-gate# add_auto_maps(): Add the automount map entries. 3649*7c478bd9Sstevel@tonic-gate# 3650*7c478bd9Sstevel@tonic-gate# auto_home, auto_direct, auto_master, auto_shared 3651*7c478bd9Sstevel@tonic-gate# 3652*7c478bd9Sstevel@tonic-gateadd_auto_maps() 3653*7c478bd9Sstevel@tonic-gate{ 3654*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_auto_maps()" 3655*7c478bd9Sstevel@tonic-gate 3656*7c478bd9Sstevel@tonic-gate # Set AUTO_MAPS for maps to create. 3657*7c478bd9Sstevel@tonic-gate AUTO_MAPS="auto_home auto_direct auto_master auto_shared" 3658*7c478bd9Sstevel@tonic-gate 3659*7c478bd9Sstevel@tonic-gate for automap in $AUTO_MAPS; do 3660*7c478bd9Sstevel@tonic-gate # Check if automaps already exist. 3661*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"automountMapName=${automap},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 3662*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3663*7c478bd9Sstevel@tonic-gate continue 3664*7c478bd9Sstevel@tonic-gate fi 3665*7c478bd9Sstevel@tonic-gate 3666*7c478bd9Sstevel@tonic-gate # Create the tmp file to add. 3667*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3668*7c478bd9Sstevel@tonic-gatedn: automountMapName=${automap},${LDAP_BASEDN} 3669*7c478bd9Sstevel@tonic-gateautomountMapName: ${automap} 3670*7c478bd9Sstevel@tonic-gateobjectClass: top 3671*7c478bd9Sstevel@tonic-gateobjectClass: automountMap 3672*7c478bd9Sstevel@tonic-gateEOF 3673*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/automap.${automap} 3674*7c478bd9Sstevel@tonic-gate 3675*7c478bd9Sstevel@tonic-gate # Add the entry. 3676*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/automap.${automap} ${VERB}" 3677*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3678*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Add of automap ${automap} failed!" 3679*7c478bd9Sstevel@tonic-gate cleanup 3680*7c478bd9Sstevel@tonic-gate exit 1 3681*7c478bd9Sstevel@tonic-gate fi 3682*7c478bd9Sstevel@tonic-gate done 3683*7c478bd9Sstevel@tonic-gate 3684*7c478bd9Sstevel@tonic-gate # Display message that automount entries are updated. 3685*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. automount maps: $AUTO_MAPS processed." 3686*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3687*7c478bd9Sstevel@tonic-gate} 3688*7c478bd9Sstevel@tonic-gate 3689*7c478bd9Sstevel@tonic-gate 3690*7c478bd9Sstevel@tonic-gate# 3691*7c478bd9Sstevel@tonic-gate# add_proxyagent(): Add entry for nameservice to use to access server. 3692*7c478bd9Sstevel@tonic-gate# 3693*7c478bd9Sstevel@tonic-gateadd_proxyagent() 3694*7c478bd9Sstevel@tonic-gate{ 3695*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_proxyagent()" 3696*7c478bd9Sstevel@tonic-gate 3697*7c478bd9Sstevel@tonic-gate # Check if nismaps already exist. 3698*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_PROXYAGENT}\" -s base \"objectclass=*\" ${VERB}" 3699*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3700*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} already exists." 3701*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3702*7c478bd9Sstevel@tonic-gate return 0 3703*7c478bd9Sstevel@tonic-gate fi 3704*7c478bd9Sstevel@tonic-gate 3705*7c478bd9Sstevel@tonic-gate # Get cn and sn names from LDAP_PROXYAGENT. 3706*7c478bd9Sstevel@tonic-gate cn_tmp=`${ECHO} ${LDAP_PROXYAGENT} | cut -f1 -d, | cut -f2 -d=` 3707*7c478bd9Sstevel@tonic-gate 3708*7c478bd9Sstevel@tonic-gate # Create the tmp file to add. 3709*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3710*7c478bd9Sstevel@tonic-gatedn: ${LDAP_PROXYAGENT} 3711*7c478bd9Sstevel@tonic-gatecn: ${cn_tmp} 3712*7c478bd9Sstevel@tonic-gatesn: ${cn_tmp} 3713*7c478bd9Sstevel@tonic-gateobjectclass: top 3714*7c478bd9Sstevel@tonic-gateobjectclass: person 3715*7c478bd9Sstevel@tonic-gateuserpassword: ${LDAP_PROXYAGENT_CRED} 3716*7c478bd9Sstevel@tonic-gateEOF 3717*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxyagent 3718*7c478bd9Sstevel@tonic-gate 3719*7c478bd9Sstevel@tonic-gate # Add the entry. 3720*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/proxyagent ${VERB}" 3721*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3722*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding proxyagent failed!" 3723*7c478bd9Sstevel@tonic-gate cleanup 3724*7c478bd9Sstevel@tonic-gate exit 1 3725*7c478bd9Sstevel@tonic-gate fi 3726*7c478bd9Sstevel@tonic-gate 3727*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3728*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} added." 3729*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3730*7c478bd9Sstevel@tonic-gate} 3731*7c478bd9Sstevel@tonic-gate 3732*7c478bd9Sstevel@tonic-gate 3733*7c478bd9Sstevel@tonic-gate# 3734*7c478bd9Sstevel@tonic-gate# allow_proxy_read_pw(): Give Proxy Agent read permission for password. 3735*7c478bd9Sstevel@tonic-gate# 3736*7c478bd9Sstevel@tonic-gateallow_proxy_read_pw() 3737*7c478bd9Sstevel@tonic-gate{ 3738*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In allow_proxy_read_pw()" 3739*7c478bd9Sstevel@tonic-gate 3740*7c478bd9Sstevel@tonic-gate # Set ACI Name 3741*7c478bd9Sstevel@tonic-gate PROXY_ACI_NAME="LDAP_Naming_Services_proxy_password_read" 3742*7c478bd9Sstevel@tonic-gate 3743*7c478bd9Sstevel@tonic-gate # Search for ACI_NAME 3744*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_proxyread_aci 2>&1" 3745*7c478bd9Sstevel@tonic-gate ${GREP} "${PROXY_ACI_NAME}" ${TMPDIR}/chk_proxyread_aci > /dev/null 2>&1 3746*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3747*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Proxy ACI ${PROXY_ACI_NAME=} already exists for ${LDAP_BASEDN}." 3748*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3749*7c478bd9Sstevel@tonic-gate return 0 3750*7c478bd9Sstevel@tonic-gate fi 3751*7c478bd9Sstevel@tonic-gate 3752*7c478bd9Sstevel@tonic-gate # Create the tmp file to add. 3753*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3754*7c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN} 3755*7c478bd9Sstevel@tonic-gatechangetype: modify 3756*7c478bd9Sstevel@tonic-gateadd: aci 3757*7c478bd9Sstevel@tonic-gateaci: (target="ldap:///${LDAP_BASEDN}")(targetattr="userPassword")(version 3.0; acl ${PROXY_ACI_NAME}; allow (compare,read,search) userdn = "ldap:///${LDAP_PROXYAGENT}";) 3758*7c478bd9Sstevel@tonic-gateEOF 3759*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxy_read 3760*7c478bd9Sstevel@tonic-gate 3761*7c478bd9Sstevel@tonic-gate # Add the entry. 3762*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/proxy_read ${VERB}" 3763*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3764*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Allow ${LDAP_PROXYAGENT} to read password failed!" 3765*7c478bd9Sstevel@tonic-gate cleanup 3766*7c478bd9Sstevel@tonic-gate exit 1 3767*7c478bd9Sstevel@tonic-gate fi 3768*7c478bd9Sstevel@tonic-gate 3769*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3770*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Give ${LDAP_PROXYAGENT} read permission for password." 3771*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3772*7c478bd9Sstevel@tonic-gate} 3773*7c478bd9Sstevel@tonic-gate 3774*7c478bd9Sstevel@tonic-gate 3775*7c478bd9Sstevel@tonic-gate# 3776*7c478bd9Sstevel@tonic-gate# add_profile(): Add client profile to server. 3777*7c478bd9Sstevel@tonic-gate# 3778*7c478bd9Sstevel@tonic-gateadd_profile() 3779*7c478bd9Sstevel@tonic-gate{ 3780*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_profile()" 3781*7c478bd9Sstevel@tonic-gate 3782*7c478bd9Sstevel@tonic-gate # If profile name already exists, DELETE it, and add new one. 3783*7c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 3784*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 3785*7c478bd9Sstevel@tonic-gate # Create Delete file. 3786*7c478bd9Sstevel@tonic-gate ( cat <<EOF 3787*7c478bd9Sstevel@tonic-gatecn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN} 3788*7c478bd9Sstevel@tonic-gateEOF 3789*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/del_profile 3790*7c478bd9Sstevel@tonic-gate 3791*7c478bd9Sstevel@tonic-gate # Check if DEL_OLD_PROFILE is set. (If not ERROR) 3792*7c478bd9Sstevel@tonic-gate if [ $DEL_OLD_PROFILE -eq 0 ]; then 3793*7c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Profile name ${LDAP_PROFILE_NAME} exists! Add failed!" 3794*7c478bd9Sstevel@tonic-gate exit 1 3795*7c478bd9Sstevel@tonic-gate fi 3796*7c478bd9Sstevel@tonic-gate 3797*7c478bd9Sstevel@tonic-gate # Delete the OLD profile. 3798*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPDELETE} ${LDAP_ARGS} -f ${TMPDIR}/del_profile ${VERB}" 3799*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3800*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Attempt to DELETE profile failed!" 3801*7c478bd9Sstevel@tonic-gate cleanup 3802*7c478bd9Sstevel@tonic-gate exit 1 3803*7c478bd9Sstevel@tonic-gate fi 3804*7c478bd9Sstevel@tonic-gate fi 3805*7c478bd9Sstevel@tonic-gate 3806*7c478bd9Sstevel@tonic-gate # Build the "ldapclient genprofile" command string to execute. 3807*7c478bd9Sstevel@tonic-gate GEN_CMD="ldapclient genprofile -a \"profileName=${LDAP_PROFILE_NAME}\"" 3808*7c478bd9Sstevel@tonic-gate 3809*7c478bd9Sstevel@tonic-gate # Add required argument defaultSearchBase. 3810*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"defaultSearchBase=${LDAP_BASEDN}\"" 3811*7c478bd9Sstevel@tonic-gate 3812*7c478bd9Sstevel@tonic-gate # Add optional parameters. 3813*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_SERVER_LIST" ] && \ 3814*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"defaultServerList=${LDAP_SERVER_LIST}\"" 3815*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_SEARCH_SCOPE" ] && \ 3816*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"defaultSearchScope=${LDAP_SEARCH_SCOPE}\"" 3817*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_CRED_LEVEL" ] && \ 3818*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"credentialLevel=${LDAP_CRED_LEVEL}\"" 3819*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_AUTHMETHOD" ] && \ 3820*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"authenticationMethod=${LDAP_AUTHMETHOD}\"" 3821*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_FOLLOWREF" ] && \ 3822*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"followReferrals=${LDAP_FOLLOWREF}\"" 3823*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_SEARCH_TIME_LIMIT" ] && \ 3824*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"searchTimeLimit=${LDAP_SEARCH_TIME_LIMIT}\"" 3825*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_PROFILE_TTL" ] && \ 3826*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"profileTTL=${LDAP_PROFILE_TTL}\"" 3827*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_BIND_LIMIT" ] && \ 3828*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"bindTimeLimit=${LDAP_BIND_LIMIT}\"" 3829*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_PREF_SRVLIST" ] && \ 3830*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"preferredServerList=${LDAP_PREF_SRVLIST}\"" 3831*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_SRV_AUTHMETHOD_PAM" ] && \ 3832*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_PAM}\"" 3833*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_SRV_AUTHMETHOD_KEY" ] && \ 3834*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_KEY}\"" 3835*7c478bd9Sstevel@tonic-gate [ -n "$LDAP_SRV_AUTHMETHOD_CMD" ] && \ 3836*7c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_CMD}\"" 3837*7c478bd9Sstevel@tonic-gate 3838*7c478bd9Sstevel@tonic-gate # Check if there are any service search descriptors to ad. 3839*7c478bd9Sstevel@tonic-gate if [ -s "${SSD_FILE}" ]; then 3840*7c478bd9Sstevel@tonic-gate ssd_2_profile 3841*7c478bd9Sstevel@tonic-gate fi 3842*7c478bd9Sstevel@tonic-gate 3843*7c478bd9Sstevel@tonic-gate # Execute "ldapclient genprofile" to create profile. 3844*7c478bd9Sstevel@tonic-gate eval ${GEN_CMD} > ${TMPDIR}/gen_profile 2> ${TMPDIR}/gen_profile_ERR 3845*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3846*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: ldapclient genprofile failed!" 3847*7c478bd9Sstevel@tonic-gate cleanup 3848*7c478bd9Sstevel@tonic-gate exit 1 3849*7c478bd9Sstevel@tonic-gate fi 3850*7c478bd9Sstevel@tonic-gate 3851*7c478bd9Sstevel@tonic-gate # Add the generated profile.. 3852*7c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/gen_profile ${VERB}" 3853*7c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 3854*7c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Attempt to add profile failed!" 3855*7c478bd9Sstevel@tonic-gate cleanup 3856*7c478bd9Sstevel@tonic-gate exit 1 3857*7c478bd9Sstevel@tonic-gate fi 3858*7c478bd9Sstevel@tonic-gate 3859*7c478bd9Sstevel@tonic-gate # Display message that schema is updated. 3860*7c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Generated client profile and loaded on server." 3861*7c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 3862*7c478bd9Sstevel@tonic-gate} 3863*7c478bd9Sstevel@tonic-gate 3864*7c478bd9Sstevel@tonic-gate 3865*7c478bd9Sstevel@tonic-gate# 3866*7c478bd9Sstevel@tonic-gate# cleanup(): Remove the TMPDIR and all files in it. 3867*7c478bd9Sstevel@tonic-gate# 3868*7c478bd9Sstevel@tonic-gatecleanup() 3869*7c478bd9Sstevel@tonic-gate{ 3870*7c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In cleanup()" 3871*7c478bd9Sstevel@tonic-gate 3872*7c478bd9Sstevel@tonic-gate rm -fr ${TMPDIR} 3873*7c478bd9Sstevel@tonic-gate} 3874*7c478bd9Sstevel@tonic-gate 3875*7c478bd9Sstevel@tonic-gate 3876*7c478bd9Sstevel@tonic-gate# 3877*7c478bd9Sstevel@tonic-gate# * * * MAIN * * * 3878*7c478bd9Sstevel@tonic-gate# 3879*7c478bd9Sstevel@tonic-gate# Description: 3880*7c478bd9Sstevel@tonic-gate# This script assumes that the iPlanet Directory Server (iDS) is 3881*7c478bd9Sstevel@tonic-gate# installed and that setup has been run. This script takes the 3882*7c478bd9Sstevel@tonic-gate# iDS server from that point and sets up the infrastructure for 3883*7c478bd9Sstevel@tonic-gate# LDAP Naming Services. After running this script, ldapaddent(1M) 3884*7c478bd9Sstevel@tonic-gate# or some other tools can be used to populate data. 3885*7c478bd9Sstevel@tonic-gate 3886*7c478bd9Sstevel@tonic-gate# Initialize the variables that need to be set to NULL, or some 3887*7c478bd9Sstevel@tonic-gate# other initial value before the rest of the functions can be called. 3888*7c478bd9Sstevel@tonic-gateinit 3889*7c478bd9Sstevel@tonic-gate 3890*7c478bd9Sstevel@tonic-gate# Parse command line arguments. 3891*7c478bd9Sstevel@tonic-gateparse_arg $* 3892*7c478bd9Sstevel@tonic-gateshift $? 3893*7c478bd9Sstevel@tonic-gate 3894*7c478bd9Sstevel@tonic-gate# Print extra line to separate from prompt. 3895*7c478bd9Sstevel@tonic-gate${ECHO} " " 3896*7c478bd9Sstevel@tonic-gate 3897*7c478bd9Sstevel@tonic-gate# Either Load the user specified config file 3898*7c478bd9Sstevel@tonic-gate# or prompt user for config info. 3899*7c478bd9Sstevel@tonic-gateif [ -n "$INPUT_FILE" ] 3900*7c478bd9Sstevel@tonic-gatethen 3901*7c478bd9Sstevel@tonic-gate load_config_file 3902*7c478bd9Sstevel@tonic-gate INTERACTIVE=0 # Turns off prompts that occur later. 3903*7c478bd9Sstevel@tonic-gate validate_info # Validate basic info in file. 3904*7c478bd9Sstevel@tonic-gate chk_ids_version # Check iDS version for compatibility. 3905*7c478bd9Sstevel@tonic-gateelse 3906*7c478bd9Sstevel@tonic-gate # Display BACKUP warning to user. 3907*7c478bd9Sstevel@tonic-gate display_msg backup_server 3908*7c478bd9Sstevel@tonic-gate get_confirm "Do you wish to continue with server setup (y/n/h)?" "n" "backup_help" 3909*7c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then # if No, cleanup and exit. 3910*7c478bd9Sstevel@tonic-gate cleanup ; exit 1 3911*7c478bd9Sstevel@tonic-gate fi 3912*7c478bd9Sstevel@tonic-gate 3913*7c478bd9Sstevel@tonic-gate # Prompt for values. 3914*7c478bd9Sstevel@tonic-gate prompt_config_info 3915*7c478bd9Sstevel@tonic-gate display_summary # Allow user to modify results. 3916*7c478bd9Sstevel@tonic-gate INTERACTIVE=1 # Insures future prompting. 3917*7c478bd9Sstevel@tonic-gatefi 3918*7c478bd9Sstevel@tonic-gate 3919*7c478bd9Sstevel@tonic-gate# Modify slapd.oc.conf to ALLOW cn instead of REQUIRE. 3920*7c478bd9Sstevel@tonic-gatemodify_cn 3921*7c478bd9Sstevel@tonic-gate 3922*7c478bd9Sstevel@tonic-gate# Modify timelimit to user value. 3923*7c478bd9Sstevel@tonic-gate[ $NEED_TIME -eq 1 ] && modify_timelimit 3924*7c478bd9Sstevel@tonic-gate 3925*7c478bd9Sstevel@tonic-gate# Modify sizelimit to user value. 3926*7c478bd9Sstevel@tonic-gate[ $NEED_SIZE -eq 1 ] && modify_sizelimit 3927*7c478bd9Sstevel@tonic-gate 3928*7c478bd9Sstevel@tonic-gate# Modify the password storage scheme to support CRYPT. 3929*7c478bd9Sstevel@tonic-gateif [ "$NEED_CRYPT" = "TRUE" ]; then 3930*7c478bd9Sstevel@tonic-gate modify_pwd_crypt 3931*7c478bd9Sstevel@tonic-gatefi 3932*7c478bd9Sstevel@tonic-gate 3933*7c478bd9Sstevel@tonic-gate# Update the schema (Attributes, Objectclass Definitions) 3934*7c478bd9Sstevel@tonic-gateupdate_schema_attr 3935*7c478bd9Sstevel@tonic-gateupdate_schema_obj 3936*7c478bd9Sstevel@tonic-gate 3937*7c478bd9Sstevel@tonic-gate# Add base objects (if needed) 3938*7c478bd9Sstevel@tonic-gateadd_base_objects 3939*7c478bd9Sstevel@tonic-gate 3940*7c478bd9Sstevel@tonic-gate# Update the NisDomainObject. 3941*7c478bd9Sstevel@tonic-gate# The Base DN might of just been created, so this MUST happen after 3942*7c478bd9Sstevel@tonic-gate# the base objects have been added! 3943*7c478bd9Sstevel@tonic-gateset_nisdomain 3944*7c478bd9Sstevel@tonic-gate 3945*7c478bd9Sstevel@tonic-gate# Add top level classes (new containers) 3946*7c478bd9Sstevel@tonic-gateadd_new_containers 3947*7c478bd9Sstevel@tonic-gate 3948*7c478bd9Sstevel@tonic-gate# Add common nismaps. 3949*7c478bd9Sstevel@tonic-gateadd_auto_maps 3950*7c478bd9Sstevel@tonic-gate 3951*7c478bd9Sstevel@tonic-gate# Modify top ACI. 3952*7c478bd9Sstevel@tonic-gatemodify_top_aci 3953*7c478bd9Sstevel@tonic-gate 3954*7c478bd9Sstevel@tonic-gate# Add Access Control Information for VLV. 3955*7c478bd9Sstevel@tonic-gateadd_vlv_aci 3956*7c478bd9Sstevel@tonic-gate 3957*7c478bd9Sstevel@tonic-gate# if Proxy needed, Add Proxy Agent and give read permission for password. 3958*7c478bd9Sstevel@tonic-gateif [ $NEED_PROXY -eq 1 ]; then 3959*7c478bd9Sstevel@tonic-gate add_proxyagent 3960*7c478bd9Sstevel@tonic-gate allow_proxy_read_pw 3961*7c478bd9Sstevel@tonic-gatefi 3962*7c478bd9Sstevel@tonic-gate 3963*7c478bd9Sstevel@tonic-gate# Generate client profile and add it to the server. 3964*7c478bd9Sstevel@tonic-gateadd_profile 3965*7c478bd9Sstevel@tonic-gate 3966*7c478bd9Sstevel@tonic-gate# Add Indexes to improve Search Performance. 3967*7c478bd9Sstevel@tonic-gateadd_eq_indexes 3968*7c478bd9Sstevel@tonic-gateadd_sub_indexes 3969*7c478bd9Sstevel@tonic-gateadd_vlv_indexes 3970*7c478bd9Sstevel@tonic-gate 3971*7c478bd9Sstevel@tonic-gate# Display setup complete message 3972*7c478bd9Sstevel@tonic-gatedisplay_msg setup_complete 3973*7c478bd9Sstevel@tonic-gate 3974*7c478bd9Sstevel@tonic-gate# Display VLV index commands to be executed on server. 3975*7c478bd9Sstevel@tonic-gatedisplay_vlv_cmds 3976*7c478bd9Sstevel@tonic-gate 3977*7c478bd9Sstevel@tonic-gate# Create config file if requested. 3978*7c478bd9Sstevel@tonic-gate[ -n "$OUTPUT_FILE" ] && create_config_file 3979*7c478bd9Sstevel@tonic-gate 3980*7c478bd9Sstevel@tonic-gate# Removed the TMPDIR and all files in it. 3981*7c478bd9Sstevel@tonic-gatecleanup 3982*7c478bd9Sstevel@tonic-gate 3983*7c478bd9Sstevel@tonic-gateexit 0 3984*7c478bd9Sstevel@tonic-gate# end of MAIN. 3985