1*7c478bd9Sstevel@tonic-gate#!/bin/sh
2*7c478bd9Sstevel@tonic-gate#
3*7c478bd9Sstevel@tonic-gate# CDDL HEADER START
4*7c478bd9Sstevel@tonic-gate#
5*7c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the
6*7c478bd9Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only
7*7c478bd9Sstevel@tonic-gate# (the "License").  You may not use this file except in compliance
8*7c478bd9Sstevel@tonic-gate# with the License.
9*7c478bd9Sstevel@tonic-gate#
10*7c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11*7c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing.
12*7c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions
13*7c478bd9Sstevel@tonic-gate# and limitations under the License.
14*7c478bd9Sstevel@tonic-gate#
15*7c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each
16*7c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17*7c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the
18*7c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying
19*7c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner]
20*7c478bd9Sstevel@tonic-gate#
21*7c478bd9Sstevel@tonic-gate# CDDL HEADER END
22*7c478bd9Sstevel@tonic-gate#
23*7c478bd9Sstevel@tonic-gate#
24*7c478bd9Sstevel@tonic-gate# ident	"%Z%%M%	%I%	%E% SMI"
25*7c478bd9Sstevel@tonic-gate#
26*7c478bd9Sstevel@tonic-gate# idsconfig -- script to setup iDS 5.x for Native LDAP II.
27*7c478bd9Sstevel@tonic-gate#
28*7c478bd9Sstevel@tonic-gate# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
29*7c478bd9Sstevel@tonic-gate# Use is subject to license terms.
30*7c478bd9Sstevel@tonic-gate#
31*7c478bd9Sstevel@tonic-gate
32*7c478bd9Sstevel@tonic-gate#
33*7c478bd9Sstevel@tonic-gate# display_msg(): Displays message corresponding to the tag passed in.
34*7c478bd9Sstevel@tonic-gate#
35*7c478bd9Sstevel@tonic-gatedisplay_msg()
36*7c478bd9Sstevel@tonic-gate{
37*7c478bd9Sstevel@tonic-gate    case "$1" in
38*7c478bd9Sstevel@tonic-gate    usage) cat <<EOF
39*7c478bd9Sstevel@tonic-gate $PROG: [ -v ] [ -i input file ] [ -o output file ]
40*7c478bd9Sstevel@tonic-gate   i <input file>     Get setup info from input file.
41*7c478bd9Sstevel@tonic-gate   o <output file>    Generate a server configuration output file.
42*7c478bd9Sstevel@tonic-gate   v                  Verbose mode
43*7c478bd9Sstevel@tonic-gateEOF
44*7c478bd9Sstevel@tonic-gate    ;;
45*7c478bd9Sstevel@tonic-gate    backup_server) cat <<EOF
46*7c478bd9Sstevel@tonic-gateIt is strongly recommended that you BACKUP the directory server
47*7c478bd9Sstevel@tonic-gatebefore running $PROG.
48*7c478bd9Sstevel@tonic-gate
49*7c478bd9Sstevel@tonic-gateHit Ctrl-C at any time before the final confirmation to exit.
50*7c478bd9Sstevel@tonic-gate
51*7c478bd9Sstevel@tonic-gateEOF
52*7c478bd9Sstevel@tonic-gate    ;;
53*7c478bd9Sstevel@tonic-gate    setup_complete) cat <<EOF
54*7c478bd9Sstevel@tonic-gate
55*7c478bd9Sstevel@tonic-gate$PROG: Setup of iDS server ${IDS_SERVER} is complete.
56*7c478bd9Sstevel@tonic-gate
57*7c478bd9Sstevel@tonic-gateEOF
58*7c478bd9Sstevel@tonic-gate    ;;
59*7c478bd9Sstevel@tonic-gate    display_vlv_list) cat <<EOF
60*7c478bd9Sstevel@tonic-gate
61*7c478bd9Sstevel@tonic-gateNote: idsconfig has created entries for VLV indexes.  Use the 
62*7c478bd9Sstevel@tonic-gate      directoryserver(1m) script on ${IDS_SERVER} to stop
63*7c478bd9Sstevel@tonic-gate      the server and then enter the following vlvindex
64*7c478bd9Sstevel@tonic-gate      sub-commands to create the actual VLV indexes:
65*7c478bd9Sstevel@tonic-gate
66*7c478bd9Sstevel@tonic-gateEOF
67*7c478bd9Sstevel@tonic-gate    ;;
68*7c478bd9Sstevel@tonic-gate    cred_level_menu) cat <<EOF
69*7c478bd9Sstevel@tonic-gateThe following are the supported credential levels:
70*7c478bd9Sstevel@tonic-gate  1  anonymous
71*7c478bd9Sstevel@tonic-gate  2  proxy
72*7c478bd9Sstevel@tonic-gate  3  proxy anonymous
73*7c478bd9Sstevel@tonic-gateEOF
74*7c478bd9Sstevel@tonic-gate    ;;
75*7c478bd9Sstevel@tonic-gate    auth_method_menu) cat <<EOF
76*7c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods:
77*7c478bd9Sstevel@tonic-gate  1  none
78*7c478bd9Sstevel@tonic-gate  2  simple
79*7c478bd9Sstevel@tonic-gate  3  sasl/DIGEST-MD5
80*7c478bd9Sstevel@tonic-gate  4  tls:simple
81*7c478bd9Sstevel@tonic-gate  5  tls:sasl/DIGEST-MD5
82*7c478bd9Sstevel@tonic-gateEOF
83*7c478bd9Sstevel@tonic-gate    ;;
84*7c478bd9Sstevel@tonic-gate    srvauth_method_menu) cat <<EOF
85*7c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods:
86*7c478bd9Sstevel@tonic-gate  1  simple
87*7c478bd9Sstevel@tonic-gate  2  sasl/DIGEST-MD5
88*7c478bd9Sstevel@tonic-gate  3  tls:simple
89*7c478bd9Sstevel@tonic-gate  4  tls:sasl/DIGEST-MD5
90*7c478bd9Sstevel@tonic-gateEOF
91*7c478bd9Sstevel@tonic-gate    ;;
92*7c478bd9Sstevel@tonic-gate    prompt_ssd_menu) cat <<EOF
93*7c478bd9Sstevel@tonic-gate  A  Add a Service Search Descriptor
94*7c478bd9Sstevel@tonic-gate  D  Delete a SSD
95*7c478bd9Sstevel@tonic-gate  M  Modify a SSD
96*7c478bd9Sstevel@tonic-gate  P  Display all SSD's
97*7c478bd9Sstevel@tonic-gate  H  Help
98*7c478bd9Sstevel@tonic-gate  X  Clear all SSD's
99*7c478bd9Sstevel@tonic-gate
100*7c478bd9Sstevel@tonic-gate  Q  Exit menu
101*7c478bd9Sstevel@tonic-gateEOF
102*7c478bd9Sstevel@tonic-gate    ;;
103*7c478bd9Sstevel@tonic-gate    summary_menu) cat <<EOF
104*7c478bd9Sstevel@tonic-gate              Summary of Configuration
105*7c478bd9Sstevel@tonic-gate
106*7c478bd9Sstevel@tonic-gate  1  Domain to serve               : $LDAP_DOMAIN
107*7c478bd9Sstevel@tonic-gate  2  Base DN to setup              : $LDAP_BASEDN
108*7c478bd9Sstevel@tonic-gate  3  Profile name to create        : $LDAP_PROFILE_NAME
109*7c478bd9Sstevel@tonic-gate  4  Default Server List           : $LDAP_SERVER_LIST
110*7c478bd9Sstevel@tonic-gate  5  Preferred Server List         : $LDAP_PREF_SRVLIST
111*7c478bd9Sstevel@tonic-gate  6  Default Search Scope          : $LDAP_SEARCH_SCOPE
112*7c478bd9Sstevel@tonic-gate  7  Credential Level              : $LDAP_CRED_LEVEL
113*7c478bd9Sstevel@tonic-gate  8  Authentication Method         : $LDAP_AUTHMETHOD
114*7c478bd9Sstevel@tonic-gate  9  Enable Follow Referrals       : $LDAP_FOLLOWREF
115*7c478bd9Sstevel@tonic-gate 10  iDS Time Limit                : $IDS_TIMELIMIT
116*7c478bd9Sstevel@tonic-gate 11  iDS Size Limit                : $IDS_SIZELIMIT
117*7c478bd9Sstevel@tonic-gate 12  Enable crypt password storage : $NEED_CRYPT
118*7c478bd9Sstevel@tonic-gate 13  Service Auth Method pam_ldap  : $LDAP_SRV_AUTHMETHOD_PAM
119*7c478bd9Sstevel@tonic-gate 14  Service Auth Method keyserv   : $LDAP_SRV_AUTHMETHOD_KEY
120*7c478bd9Sstevel@tonic-gate 15  Service Auth Method passwd-cmd: $LDAP_SRV_AUTHMETHOD_CMD
121*7c478bd9Sstevel@tonic-gate 16  Search Time Limit             : $LDAP_SEARCH_TIME_LIMIT
122*7c478bd9Sstevel@tonic-gate 17  Profile Time to Live          : $LDAP_PROFILE_TTL
123*7c478bd9Sstevel@tonic-gate 18  Bind Limit                    : $LDAP_BIND_LIMIT
124*7c478bd9Sstevel@tonic-gate 19  Service Search Descriptors Menu
125*7c478bd9Sstevel@tonic-gate
126*7c478bd9Sstevel@tonic-gateEOF
127*7c478bd9Sstevel@tonic-gate    ;;
128*7c478bd9Sstevel@tonic-gate    ldap_suffix_list) cat <<EOF
129*7c478bd9Sstevel@tonic-gate
130*7c478bd9Sstevel@tonic-gateNo valid suffixes (naming contexts) were found for LDAP base DN:
131*7c478bd9Sstevel@tonic-gate${LDAP_BASEDN}
132*7c478bd9Sstevel@tonic-gate
133*7c478bd9Sstevel@tonic-gateAvailable suffixes are:
134*7c478bd9Sstevel@tonic-gate${LDAP_SUFFIX_LIST}
135*7c478bd9Sstevel@tonic-gate
136*7c478bd9Sstevel@tonic-gateEOF
137*7c478bd9Sstevel@tonic-gate    ;;
138*7c478bd9Sstevel@tonic-gate    sorry) cat <<EOF
139*7c478bd9Sstevel@tonic-gate
140*7c478bd9Sstevel@tonic-gateHELP - No help is available for this topic.
141*7c478bd9Sstevel@tonic-gate
142*7c478bd9Sstevel@tonic-gateEOF
143*7c478bd9Sstevel@tonic-gate    ;;
144*7c478bd9Sstevel@tonic-gate    backup_help) cat <<EOF
145*7c478bd9Sstevel@tonic-gate
146*7c478bd9Sstevel@tonic-gateHELP - Since idsconfig modifies the directory server configuration,
147*7c478bd9Sstevel@tonic-gate       it is strongly recommended that you backup the server prior
148*7c478bd9Sstevel@tonic-gate       to running this utility.  This is especially true if the server
149*7c478bd9Sstevel@tonic-gate       being configured is a production server.
150*7c478bd9Sstevel@tonic-gate
151*7c478bd9Sstevel@tonic-gateEOF
152*7c478bd9Sstevel@tonic-gate    ;;
153*7c478bd9Sstevel@tonic-gate    port_help) cat <<EOF
154*7c478bd9Sstevel@tonic-gate
155*7c478bd9Sstevel@tonic-gateHELP - Enter the port number the directory server is configured to
156*7c478bd9Sstevel@tonic-gate       use for LDAP.
157*7c478bd9Sstevel@tonic-gate
158*7c478bd9Sstevel@tonic-gateEOF
159*7c478bd9Sstevel@tonic-gate    ;;
160*7c478bd9Sstevel@tonic-gate    domain_help) cat <<EOF
161*7c478bd9Sstevel@tonic-gate
162*7c478bd9Sstevel@tonic-gateHELP - This is the DNS domain name this server will be serving.  You
163*7c478bd9Sstevel@tonic-gate       must provide this name even if the server is not going to be populated
164*7c478bd9Sstevel@tonic-gate       with hostnames.  Any unqualified hostname stored in the directory
165*7c478bd9Sstevel@tonic-gate       will be fully qualified using this DNS domain name.
166*7c478bd9Sstevel@tonic-gate
167*7c478bd9Sstevel@tonic-gateEOF
168*7c478bd9Sstevel@tonic-gate    ;;
169*7c478bd9Sstevel@tonic-gate    basedn_help) cat <<EOF
170*7c478bd9Sstevel@tonic-gate
171*7c478bd9Sstevel@tonic-gateHELP - This parameter defines the default location in the directory tree for
172*7c478bd9Sstevel@tonic-gate       the naming services entries.  You can override this default by using 
173*7c478bd9Sstevel@tonic-gate       serviceSearchDescriptors (SSD). You will be given the option to set up 
174*7c478bd9Sstevel@tonic-gate       an SSD later on in the setup.
175*7c478bd9Sstevel@tonic-gate
176*7c478bd9Sstevel@tonic-gateEOF
177*7c478bd9Sstevel@tonic-gate    ;;
178*7c478bd9Sstevel@tonic-gate    profile_help) cat <<EOF
179*7c478bd9Sstevel@tonic-gate
180*7c478bd9Sstevel@tonic-gateHELP - Name of the configuration profile with which the clients will be
181*7c478bd9Sstevel@tonic-gate       configured. A directory server can store various profiles for multiple 
182*7c478bd9Sstevel@tonic-gate       groups of clients.  The initialization tool, (ldapclient(1M)), assumes 
183*7c478bd9Sstevel@tonic-gate       "default" unless another is specified.
184*7c478bd9Sstevel@tonic-gate
185*7c478bd9Sstevel@tonic-gateEOF
186*7c478bd9Sstevel@tonic-gate    ;;
187*7c478bd9Sstevel@tonic-gate    def_srvlist_help) cat <<EOF
188*7c478bd9Sstevel@tonic-gate
189*7c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve clients using this profile.
190*7c478bd9Sstevel@tonic-gate       All these servers should contain consistent data and provide similar 
191*7c478bd9Sstevel@tonic-gate       functionality.  This list is not ordered, and clients might change the 
192*7c478bd9Sstevel@tonic-gate       order given in this list. Note that this is a space separated list of 
193*7c478bd9Sstevel@tonic-gate       *IP addresses* (not host names).  Providing port numbers is optional.
194*7c478bd9Sstevel@tonic-gate
195*7c478bd9Sstevel@tonic-gateEOF
196*7c478bd9Sstevel@tonic-gate    ;;
197*7c478bd9Sstevel@tonic-gate    pref_srvlist_help) cat <<EOF
198*7c478bd9Sstevel@tonic-gate
199*7c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve this client profile. 
200*7c478bd9Sstevel@tonic-gate       Unlike the default server list, which is not ordered, the preferred 
201*7c478bd9Sstevel@tonic-gate       servers must be entered IN THE ORDER you wish to have them contacted. 
202*7c478bd9Sstevel@tonic-gate       If you do specify a preferred server list, clients will always contact 
203*7c478bd9Sstevel@tonic-gate       them before attempting to contact any of the servers on the default 
204*7c478bd9Sstevel@tonic-gate       server list. Note that you must enter the preferred server list as a 
205*7c478bd9Sstevel@tonic-gate       space-separated list of *IP addresses* (not host names).  Providing port 
206*7c478bd9Sstevel@tonic-gate       numbers is optional.
207*7c478bd9Sstevel@tonic-gate
208*7c478bd9Sstevel@tonic-gateEOF
209*7c478bd9Sstevel@tonic-gate    ;;
210*7c478bd9Sstevel@tonic-gate    srch_scope_help) cat <<EOF
211*7c478bd9Sstevel@tonic-gate
212*7c478bd9Sstevel@tonic-gateHELP - Default search scope to be used for all searches unless they are
213*7c478bd9Sstevel@tonic-gate       overwritten using serviceSearchDescriptors.  The valid options
214*7c478bd9Sstevel@tonic-gate       are "one", which would specify the search will only be performed 
215*7c478bd9Sstevel@tonic-gate       at the base DN for the given service, or "sub", which would specify 
216*7c478bd9Sstevel@tonic-gate       the search will be performed through *all* levels below the base DN 
217*7c478bd9Sstevel@tonic-gate       for the given service.
218*7c478bd9Sstevel@tonic-gate
219*7c478bd9Sstevel@tonic-gateEOF
220*7c478bd9Sstevel@tonic-gate    ;;
221*7c478bd9Sstevel@tonic-gate    cred_lvl_help) cat <<EOF
222*7c478bd9Sstevel@tonic-gate
223*7c478bd9Sstevel@tonic-gateHELP - This parameter defines what credentials the clients use to
224*7c478bd9Sstevel@tonic-gate       authenticate to the directory server.  This list might contain
225*7c478bd9Sstevel@tonic-gate       multiple credential levels and is ordered.  If a proxy level
226*7c478bd9Sstevel@tonic-gate       is configured, you will also be prompted to enter a bind DN
227*7c478bd9Sstevel@tonic-gate       for the proxy agent along with a password.  This proxy agent
228*7c478bd9Sstevel@tonic-gate       will be created if it does not exist.
229*7c478bd9Sstevel@tonic-gate
230*7c478bd9Sstevel@tonic-gateEOF
231*7c478bd9Sstevel@tonic-gate    ;;
232*7c478bd9Sstevel@tonic-gate    auth_help) cat <<EOF
233*7c478bd9Sstevel@tonic-gate
234*7c478bd9Sstevel@tonic-gateHELP - The default authentication method(s) to be used by all services
235*7c478bd9Sstevel@tonic-gate       in the client using this profile.  This is a ordered list of
236*7c478bd9Sstevel@tonic-gate       authentication methods separated by a ';'.  The supported methods
237*7c478bd9Sstevel@tonic-gate       are provided in a menu.  Note that sasl/DIGEST-MD5 binds require
238*7c478bd9Sstevel@tonic-gate       passwords to be stored un-encrypted on the server.
239*7c478bd9Sstevel@tonic-gate
240*7c478bd9Sstevel@tonic-gateEOF
241*7c478bd9Sstevel@tonic-gate    ;;
242*7c478bd9Sstevel@tonic-gate    srvauth_help) cat <<EOF
243*7c478bd9Sstevel@tonic-gate
244*7c478bd9Sstevel@tonic-gateHELP - The authentication methods to be used by a given service.  Currently
245*7c478bd9Sstevel@tonic-gate       3 services support this feature: pam_ldap, keyserv, and passwd-cmd.
246*7c478bd9Sstevel@tonic-gate       The authentication method specified in this attribute overrides
247*7c478bd9Sstevel@tonic-gate       the default authentication method defined in the profile.  This
248*7c478bd9Sstevel@tonic-gate       feature can be used to select stronger authentication methods for
249*7c478bd9Sstevel@tonic-gate       services which require increased security.
250*7c478bd9Sstevel@tonic-gate
251*7c478bd9Sstevel@tonic-gateEOF
252*7c478bd9Sstevel@tonic-gate    ;;
253*7c478bd9Sstevel@tonic-gate    pam_ldap_help) cat <<EOF
254*7c478bd9Sstevel@tonic-gate
255*7c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by pam_ldap when contacting
256*7c478bd9Sstevel@tonic-gate       the directory server.  This is a ordered list, and, if provided, will
257*7c478bd9Sstevel@tonic-gate       override the default authentication method parameter.
258*7c478bd9Sstevel@tonic-gate
259*7c478bd9Sstevel@tonic-gateEOF
260*7c478bd9Sstevel@tonic-gate    ;;
261*7c478bd9Sstevel@tonic-gate    keyserv_help) cat <<EOF
262*7c478bd9Sstevel@tonic-gate
263*7c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by newkey(1M) and chkey(1)
264*7c478bd9Sstevel@tonic-gate       when contacting the directory server.  This is a ordered list and
265*7c478bd9Sstevel@tonic-gate       if provided will override the default authentication method
266*7c478bd9Sstevel@tonic-gate       parameter.
267*7c478bd9Sstevel@tonic-gate
268*7c478bd9Sstevel@tonic-gateEOF
269*7c478bd9Sstevel@tonic-gate    ;;
270*7c478bd9Sstevel@tonic-gate    passwd-cmd_help) cat <<EOF
271*7c478bd9Sstevel@tonic-gate
272*7c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by passwd(1) command when
273*7c478bd9Sstevel@tonic-gate       contacting the directory server.  This is a ordered list and if
274*7c478bd9Sstevel@tonic-gate       provided will override the default authentication method parameter.
275*7c478bd9Sstevel@tonic-gate
276*7c478bd9Sstevel@tonic-gateEOF
277*7c478bd9Sstevel@tonic-gate    ;;
278*7c478bd9Sstevel@tonic-gate    referrals_help) cat <<EOF
279*7c478bd9Sstevel@tonic-gate
280*7c478bd9Sstevel@tonic-gateHELP - This parameter indicates whether the client should follow
281*7c478bd9Sstevel@tonic-gate       ldap referrals if it encounters one during naming lookups.
282*7c478bd9Sstevel@tonic-gate
283*7c478bd9Sstevel@tonic-gateEOF
284*7c478bd9Sstevel@tonic-gate    ;;
285*7c478bd9Sstevel@tonic-gate    tlim_help) cat <<EOF
286*7c478bd9Sstevel@tonic-gate
287*7c478bd9Sstevel@tonic-gateHELP - The server time limit value indicates the maximum amount of time the
288*7c478bd9Sstevel@tonic-gate       server would spend on a query from the client before abandoning it.
289*7c478bd9Sstevel@tonic-gate       A value of '-1' indicates no limit.
290*7c478bd9Sstevel@tonic-gate
291*7c478bd9Sstevel@tonic-gateEOF
292*7c478bd9Sstevel@tonic-gate    ;;
293*7c478bd9Sstevel@tonic-gate    slim_help) cat <<EOF
294*7c478bd9Sstevel@tonic-gate
295*7c478bd9Sstevel@tonic-gateHELP - The server sizelimit value indicates the maximum number of entries
296*7c478bd9Sstevel@tonic-gate       the server would return in respond to a query from the client.  A
297*7c478bd9Sstevel@tonic-gate       value of '-1' indicates no limit.
298*7c478bd9Sstevel@tonic-gate
299*7c478bd9Sstevel@tonic-gateEOF
300*7c478bd9Sstevel@tonic-gate    ;;
301*7c478bd9Sstevel@tonic-gate    crypt_help) cat <<EOF
302*7c478bd9Sstevel@tonic-gate
303*7c478bd9Sstevel@tonic-gateHELP - By default iDS does not store userPassword attribute values using
304*7c478bd9Sstevel@tonic-gate       unix "crypt" format.  If you need to keep your passwords in the crypt
305*7c478bd9Sstevel@tonic-gate       format for NIS/NIS+ and pam_unix compatibility, choose 'yes'.  If
306*7c478bd9Sstevel@tonic-gate       passwords are stored using any other format than crypt, pam_ldap
307*7c478bd9Sstevel@tonic-gate       MUST be used by clients to authenticate users to the system. Note 
308*7c478bd9Sstevel@tonic-gate       that if you wish to use sasl/DIGEST-MD5 in conjunction with pam_ldap,
309*7c478bd9Sstevel@tonic-gate       user passwords must be stored in the clear format.
310*7c478bd9Sstevel@tonic-gate
311*7c478bd9Sstevel@tonic-gateEOF
312*7c478bd9Sstevel@tonic-gate    ;;
313*7c478bd9Sstevel@tonic-gate    srchtime_help) cat <<EOF
314*7c478bd9Sstevel@tonic-gate
315*7c478bd9Sstevel@tonic-gateHELP - The search time limit the client will enforce for directory
316*7c478bd9Sstevel@tonic-gate       lookups.
317*7c478bd9Sstevel@tonic-gate
318*7c478bd9Sstevel@tonic-gateEOF
319*7c478bd9Sstevel@tonic-gate    ;;
320*7c478bd9Sstevel@tonic-gate    profttl_help) cat <<EOF
321*7c478bd9Sstevel@tonic-gate
322*7c478bd9Sstevel@tonic-gateHELP - The time to live value for profile.  The client will refresh its
323*7c478bd9Sstevel@tonic-gate       cached version of the configuration profile at this TTL interval.
324*7c478bd9Sstevel@tonic-gate
325*7c478bd9Sstevel@tonic-gateEOF
326*7c478bd9Sstevel@tonic-gate    ;;
327*7c478bd9Sstevel@tonic-gate    bindlim_help) cat <<EOF
328*7c478bd9Sstevel@tonic-gate
329*7c478bd9Sstevel@tonic-gateHELP - The time limit for the bind operation to the directory.  This
330*7c478bd9Sstevel@tonic-gate       value controls the responsiveness of the client in case a server
331*7c478bd9Sstevel@tonic-gate       becomes unavailable.  The smallest timeout value for a given
332*7c478bd9Sstevel@tonic-gate       network architecture/conditions would work best.  This is very
333*7c478bd9Sstevel@tonic-gate       similar to setting TCP timeout, but only for LDAP bind operation.
334*7c478bd9Sstevel@tonic-gate
335*7c478bd9Sstevel@tonic-gateEOF
336*7c478bd9Sstevel@tonic-gate    ;;
337*7c478bd9Sstevel@tonic-gate    ssd_help) cat <<EOF
338*7c478bd9Sstevel@tonic-gate
339*7c478bd9Sstevel@tonic-gateHELP - Using Service Search Descriptors (SSD), you can override the
340*7c478bd9Sstevel@tonic-gate       default configuration for a given service.  The SSD can be
341*7c478bd9Sstevel@tonic-gate       used to override the default search base DN, the default search
342*7c478bd9Sstevel@tonic-gate       scope, and the default search filter to be used for directory
343*7c478bd9Sstevel@tonic-gate       lookups.  SSD are supported for all services (databases)
344*7c478bd9Sstevel@tonic-gate       defined in nsswitch.conf(4).  The default base DN is defined
345*7c478bd9Sstevel@tonic-gate       in ldap(1).
346*7c478bd9Sstevel@tonic-gate
347*7c478bd9Sstevel@tonic-gate       Note: SSD are powerful tools in defining configuration profiles
348*7c478bd9Sstevel@tonic-gate             and provide a great deal of flexibility.  However, care
349*7c478bd9Sstevel@tonic-gate             must be taken in creating them.  If you decide to make use
350*7c478bd9Sstevel@tonic-gate             of SSDs, consult the documentation first.
351*7c478bd9Sstevel@tonic-gate
352*7c478bd9Sstevel@tonic-gateEOF
353*7c478bd9Sstevel@tonic-gate    ;;
354*7c478bd9Sstevel@tonic-gate    ssd_menu_help) cat <<EOF
355*7c478bd9Sstevel@tonic-gate
356*7c478bd9Sstevel@tonic-gateHELP - Using this menu SSD can be added, updated, or deleted from
357*7c478bd9Sstevel@tonic-gate       the profile.
358*7c478bd9Sstevel@tonic-gate
359*7c478bd9Sstevel@tonic-gate       A - This option creates a new SSD by prompting for the
360*7c478bd9Sstevel@tonic-gate           service name, base DN, and scope.  Service name is
361*7c478bd9Sstevel@tonic-gate           any valid service as defined in ldap(1).  base is
362*7c478bd9Sstevel@tonic-gate           either the distinguished name to the container where
363*7c478bd9Sstevel@tonic-gate           this service will use, or a relative DN followed
364*7c478bd9Sstevel@tonic-gate           by a ','.
365*7c478bd9Sstevel@tonic-gate       D - Delete a previously created SSD.
366*7c478bd9Sstevel@tonic-gate       M - Modify a previously created SSD.
367*7c478bd9Sstevel@tonic-gate       P - Display a list of all the previously created SSD.
368*7c478bd9Sstevel@tonic-gate       X - Delete all of the previously created SSD.
369*7c478bd9Sstevel@tonic-gate
370*7c478bd9Sstevel@tonic-gate       Q - Exit the menu and continue with the server configuration.
371*7c478bd9Sstevel@tonic-gate
372*7c478bd9Sstevel@tonic-gateEOF
373*7c478bd9Sstevel@tonic-gate    ;;
374*7c478bd9Sstevel@tonic-gate    ldap_suffix_list_help) cat <<EOF
375*7c478bd9Sstevel@tonic-gate
376*7c478bd9Sstevel@tonic-gateHELP - No valid suffixes (naming contexts) are available on server 
377*7c478bd9Sstevel@tonic-gate       ${IDS_SERVER}:${IDS_PORT}.
378*7c478bd9Sstevel@tonic-gate       You must set an LDAP Base DN that can be contained in 
379*7c478bd9Sstevel@tonic-gate       an existing suffix.
380*7c478bd9Sstevel@tonic-gate
381*7c478bd9Sstevel@tonic-gateEOF
382*7c478bd9Sstevel@tonic-gate    ;;
383*7c478bd9Sstevel@tonic-gate    esac
384*7c478bd9Sstevel@tonic-gate}
385*7c478bd9Sstevel@tonic-gate
386*7c478bd9Sstevel@tonic-gate
387*7c478bd9Sstevel@tonic-gate#
388*7c478bd9Sstevel@tonic-gate# get_ans(): gets an answer from the user.
389*7c478bd9Sstevel@tonic-gate#		$1  instruction/comment/description/question
390*7c478bd9Sstevel@tonic-gate#		$2  default value
391*7c478bd9Sstevel@tonic-gate#
392*7c478bd9Sstevel@tonic-gateget_ans()
393*7c478bd9Sstevel@tonic-gate{
394*7c478bd9Sstevel@tonic-gate    if [ -z "$2" ]
395*7c478bd9Sstevel@tonic-gate    then
396*7c478bd9Sstevel@tonic-gate	${ECHO} "$1 \c"
397*7c478bd9Sstevel@tonic-gate    else
398*7c478bd9Sstevel@tonic-gate	${ECHO} "$1 [$2] \c"
399*7c478bd9Sstevel@tonic-gate    fi
400*7c478bd9Sstevel@tonic-gate
401*7c478bd9Sstevel@tonic-gate    read ANS
402*7c478bd9Sstevel@tonic-gate    if [ -z "$ANS" ]
403*7c478bd9Sstevel@tonic-gate    then
404*7c478bd9Sstevel@tonic-gate	ANS=$2
405*7c478bd9Sstevel@tonic-gate    fi
406*7c478bd9Sstevel@tonic-gate}
407*7c478bd9Sstevel@tonic-gate
408*7c478bd9Sstevel@tonic-gate
409*7c478bd9Sstevel@tonic-gate#
410*7c478bd9Sstevel@tonic-gate# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
411*7c478bd9Sstevel@tonic-gate#		$@  instruction/comment/description/question
412*7c478bd9Sstevel@tonic-gate#
413*7c478bd9Sstevel@tonic-gateget_ans_req()
414*7c478bd9Sstevel@tonic-gate{
415*7c478bd9Sstevel@tonic-gate    ANS=""                  # Set ANS to NULL.
416*7c478bd9Sstevel@tonic-gate    while [ "$ANS" = "" ]
417*7c478bd9Sstevel@tonic-gate    do
418*7c478bd9Sstevel@tonic-gate	get_ans "$@"
419*7c478bd9Sstevel@tonic-gate	[ "$ANS" = "" ] && ${ECHO} "NULL value not allowed!"
420*7c478bd9Sstevel@tonic-gate    done
421*7c478bd9Sstevel@tonic-gate}
422*7c478bd9Sstevel@tonic-gate
423*7c478bd9Sstevel@tonic-gate
424*7c478bd9Sstevel@tonic-gate#
425*7c478bd9Sstevel@tonic-gate# get_number(): Querys and verifies that number entered is numeric.
426*7c478bd9Sstevel@tonic-gate#               Function will repeat prompt user for number value.
427*7c478bd9Sstevel@tonic-gate#               $1  Message text.
428*7c478bd9Sstevel@tonic-gate#		$2  default value.
429*7c478bd9Sstevel@tonic-gate#               $3  Help argument.
430*7c478bd9Sstevel@tonic-gate#
431*7c478bd9Sstevel@tonic-gateget_number()
432*7c478bd9Sstevel@tonic-gate{
433*7c478bd9Sstevel@tonic-gate    ANS=""                  # Set ANS to NULL.
434*7c478bd9Sstevel@tonic-gate    NUM=""
435*7c478bd9Sstevel@tonic-gate
436*7c478bd9Sstevel@tonic-gate    get_ans "$1" "$2"
437*7c478bd9Sstevel@tonic-gate
438*7c478bd9Sstevel@tonic-gate    # Verify that value is numeric.
439*7c478bd9Sstevel@tonic-gate    while not_numeric $ANS
440*7c478bd9Sstevel@tonic-gate    do
441*7c478bd9Sstevel@tonic-gate	case "$ANS" in
442*7c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
443*7c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Invalid value: \"${ANS}\". \c"
444*7c478bd9Sstevel@tonic-gate	     ;;
445*7c478bd9Sstevel@tonic-gate	esac
446*7c478bd9Sstevel@tonic-gate	# Get a new value.
447*7c478bd9Sstevel@tonic-gate	get_ans "Enter a numeric value:" "$2"
448*7c478bd9Sstevel@tonic-gate    done
449*7c478bd9Sstevel@tonic-gate    NUM=$ANS
450*7c478bd9Sstevel@tonic-gate}
451*7c478bd9Sstevel@tonic-gate
452*7c478bd9Sstevel@tonic-gate
453*7c478bd9Sstevel@tonic-gate#
454*7c478bd9Sstevel@tonic-gate# get_negone_num(): Only allows a -1 or positive integer.
455*7c478bd9Sstevel@tonic-gate#                   Used for values where -1 has special meaning.
456*7c478bd9Sstevel@tonic-gate#
457*7c478bd9Sstevel@tonic-gate#                   $1 - Prompt message.
458*7c478bd9Sstevel@tonic-gate#                   $2 - Default value (require).
459*7c478bd9Sstevel@tonic-gate#                   $3 - Optional help argument.
460*7c478bd9Sstevel@tonic-gateget_negone_num()
461*7c478bd9Sstevel@tonic-gate{
462*7c478bd9Sstevel@tonic-gate    while :
463*7c478bd9Sstevel@tonic-gate    do
464*7c478bd9Sstevel@tonic-gate	get_number "$1" "$2" "$3"
465*7c478bd9Sstevel@tonic-gate	if is_negative $ANS
466*7c478bd9Sstevel@tonic-gate	then
467*7c478bd9Sstevel@tonic-gate	    if [ "$ANS" = "-1" ]; then
468*7c478bd9Sstevel@tonic-gate		break  # -1 is OK, so break.
469*7c478bd9Sstevel@tonic-gate	    else       # Need to re-enter number.
470*7c478bd9Sstevel@tonic-gate		${ECHO} "Invalid number: please enter -1 or positive number."
471*7c478bd9Sstevel@tonic-gate	    fi
472*7c478bd9Sstevel@tonic-gate	else
473*7c478bd9Sstevel@tonic-gate	    break      # Positive number
474*7c478bd9Sstevel@tonic-gate	fi
475*7c478bd9Sstevel@tonic-gate    done
476*7c478bd9Sstevel@tonic-gate}
477*7c478bd9Sstevel@tonic-gate
478*7c478bd9Sstevel@tonic-gate
479*7c478bd9Sstevel@tonic-gate#
480*7c478bd9Sstevel@tonic-gate# get_passwd(): Reads a password from the user and verify with second.
481*7c478bd9Sstevel@tonic-gate#		$@  instruction/comment/description/question
482*7c478bd9Sstevel@tonic-gate#
483*7c478bd9Sstevel@tonic-gateget_passwd()
484*7c478bd9Sstevel@tonic-gate{
485*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd()"
486*7c478bd9Sstevel@tonic-gate
487*7c478bd9Sstevel@tonic-gate    # Temporary PASSWD variables
488*7c478bd9Sstevel@tonic-gate    _PASS1=""
489*7c478bd9Sstevel@tonic-gate    _PASS2=""
490*7c478bd9Sstevel@tonic-gate
491*7c478bd9Sstevel@tonic-gate    /usr/bin/stty -echo     # Turn echo OFF
492*7c478bd9Sstevel@tonic-gate
493*7c478bd9Sstevel@tonic-gate    # Endless loop that continues until passwd and re-entered passwd
494*7c478bd9Sstevel@tonic-gate    # match.
495*7c478bd9Sstevel@tonic-gate    while :
496*7c478bd9Sstevel@tonic-gate    do
497*7c478bd9Sstevel@tonic-gate	ANS=""                  # Set ANS to NULL.
498*7c478bd9Sstevel@tonic-gate
499*7c478bd9Sstevel@tonic-gate	# Don't allow NULL for first try.
500*7c478bd9Sstevel@tonic-gate	while [ "$ANS" = "" ]
501*7c478bd9Sstevel@tonic-gate	do
502*7c478bd9Sstevel@tonic-gate	    get_ans "$@"
503*7c478bd9Sstevel@tonic-gate	    [ "$ANS" = "" ] && ${ECHO} "" && ${ECHO} "NULL passwd not allowed!"
504*7c478bd9Sstevel@tonic-gate	done
505*7c478bd9Sstevel@tonic-gate	_PASS1=$ANS         # Store first try.
506*7c478bd9Sstevel@tonic-gate
507*7c478bd9Sstevel@tonic-gate	# Get second try.
508*7c478bd9Sstevel@tonic-gate	${ECHO} ""
509*7c478bd9Sstevel@tonic-gate	get_ans "Re-enter passwd:"
510*7c478bd9Sstevel@tonic-gate	_PASS2=$ANS
511*7c478bd9Sstevel@tonic-gate
512*7c478bd9Sstevel@tonic-gate	# Test if passwords are identical.
513*7c478bd9Sstevel@tonic-gate	if [ "$_PASS1" = "$_PASS2" ]; then
514*7c478bd9Sstevel@tonic-gate	    break
515*7c478bd9Sstevel@tonic-gate	fi
516*7c478bd9Sstevel@tonic-gate
517*7c478bd9Sstevel@tonic-gate	# Move cursor down to next line and print ERROR message.
518*7c478bd9Sstevel@tonic-gate	${ECHO} ""
519*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: passwords don't match; try again."
520*7c478bd9Sstevel@tonic-gate    done
521*7c478bd9Sstevel@tonic-gate
522*7c478bd9Sstevel@tonic-gate    /usr/bin/stty echo      # Turn echo ON
523*7c478bd9Sstevel@tonic-gate
524*7c478bd9Sstevel@tonic-gate    ${ECHO} ""
525*7c478bd9Sstevel@tonic-gate}
526*7c478bd9Sstevel@tonic-gate
527*7c478bd9Sstevel@tonic-gate
528*7c478bd9Sstevel@tonic-gate#
529*7c478bd9Sstevel@tonic-gate# get_passwd_nochk(): Reads a password from the user w/o check.
530*7c478bd9Sstevel@tonic-gate#		$@  instruction/comment/description/question
531*7c478bd9Sstevel@tonic-gate#
532*7c478bd9Sstevel@tonic-gateget_passwd_nochk()
533*7c478bd9Sstevel@tonic-gate{
534*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd_nochk()"
535*7c478bd9Sstevel@tonic-gate
536*7c478bd9Sstevel@tonic-gate    /usr/bin/stty -echo     # Turn echo OFF
537*7c478bd9Sstevel@tonic-gate
538*7c478bd9Sstevel@tonic-gate    get_ans "$@"
539*7c478bd9Sstevel@tonic-gate
540*7c478bd9Sstevel@tonic-gate    /usr/bin/stty echo      # Turn echo ON
541*7c478bd9Sstevel@tonic-gate
542*7c478bd9Sstevel@tonic-gate    ${ECHO} ""
543*7c478bd9Sstevel@tonic-gate}
544*7c478bd9Sstevel@tonic-gate
545*7c478bd9Sstevel@tonic-gate
546*7c478bd9Sstevel@tonic-gate#
547*7c478bd9Sstevel@tonic-gate# get_menu_choice(): Get a menu choice from user.  Continue prompting
548*7c478bd9Sstevel@tonic-gate#                    till the choice is in required range.
549*7c478bd9Sstevel@tonic-gate#   $1 .. Message text.
550*7c478bd9Sstevel@tonic-gate#   $2 .. min value
551*7c478bd9Sstevel@tonic-gate#   $3 .. max value
552*7c478bd9Sstevel@tonic-gate#   $4 .. OPTIONAL: default value
553*7c478bd9Sstevel@tonic-gate#
554*7c478bd9Sstevel@tonic-gate#   Return value:
555*7c478bd9Sstevel@tonic-gate#     MN_CH will contain the value selected.
556*7c478bd9Sstevel@tonic-gate#
557*7c478bd9Sstevel@tonic-gateget_menu_choice()
558*7c478bd9Sstevel@tonic-gate{
559*7c478bd9Sstevel@tonic-gate    # Check for req parameter.
560*7c478bd9Sstevel@tonic-gate    if [ $# -lt 3 ]; then
561*7c478bd9Sstevel@tonic-gate	${ECHO} "get_menu_choice(): Did not get required parameters."
562*7c478bd9Sstevel@tonic-gate	return 1
563*7c478bd9Sstevel@tonic-gate    fi
564*7c478bd9Sstevel@tonic-gate
565*7c478bd9Sstevel@tonic-gate    while :
566*7c478bd9Sstevel@tonic-gate    do
567*7c478bd9Sstevel@tonic-gate	get_ans "$1" "$4"
568*7c478bd9Sstevel@tonic-gate	MN_CH=$ANS
569*7c478bd9Sstevel@tonic-gate	is_negative $MN_CH
570*7c478bd9Sstevel@tonic-gate	if [ $? -eq 1 ]; then
571*7c478bd9Sstevel@tonic-gate	    if [ $MN_CH -ge $2 ]; then
572*7c478bd9Sstevel@tonic-gate		if [ $MN_CH -le $3 ]; then
573*7c478bd9Sstevel@tonic-gate		    return
574*7c478bd9Sstevel@tonic-gate		fi
575*7c478bd9Sstevel@tonic-gate	    fi
576*7c478bd9Sstevel@tonic-gate	fi
577*7c478bd9Sstevel@tonic-gate	${ECHO} "Invalid choice: $MN_CH"
578*7c478bd9Sstevel@tonic-gate    done
579*7c478bd9Sstevel@tonic-gate}
580*7c478bd9Sstevel@tonic-gate
581*7c478bd9Sstevel@tonic-gate
582*7c478bd9Sstevel@tonic-gate#
583*7c478bd9Sstevel@tonic-gate# get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
584*7c478bd9Sstevel@tonic-gate#                $1 - Message
585*7c478bd9Sstevel@tonic-gate#                $2 - default value.
586*7c478bd9Sstevel@tonic-gate#
587*7c478bd9Sstevel@tonic-gateget_confirm()
588*7c478bd9Sstevel@tonic-gate{
589*7c478bd9Sstevel@tonic-gate    _ANSWER=
590*7c478bd9Sstevel@tonic-gate
591*7c478bd9Sstevel@tonic-gate    while :
592*7c478bd9Sstevel@tonic-gate    do
593*7c478bd9Sstevel@tonic-gate	# Display Internal ERROR if $2 not set.
594*7c478bd9Sstevel@tonic-gate	if [ -z "$2" ]
595*7c478bd9Sstevel@tonic-gate	then
596*7c478bd9Sstevel@tonic-gate	    ${ECHO} "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
597*7c478bd9Sstevel@tonic-gate	    exit 2
598*7c478bd9Sstevel@tonic-gate	fi
599*7c478bd9Sstevel@tonic-gate
600*7c478bd9Sstevel@tonic-gate	# Display prompt.
601*7c478bd9Sstevel@tonic-gate	${ECHO} "$1 [$2] \c"
602*7c478bd9Sstevel@tonic-gate
603*7c478bd9Sstevel@tonic-gate	# Get the ANSWER.
604*7c478bd9Sstevel@tonic-gate	read _ANSWER
605*7c478bd9Sstevel@tonic-gate	if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
606*7c478bd9Sstevel@tonic-gate	    _ANSWER=$2
607*7c478bd9Sstevel@tonic-gate	fi
608*7c478bd9Sstevel@tonic-gate	case "$_ANSWER" in
609*7c478bd9Sstevel@tonic-gate	    [Yy] | yes | Yes | YES) return 1 ;;
610*7c478bd9Sstevel@tonic-gate	    [Nn] | no  | No  | NO)  return 0 ;;
611*7c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg ${3:-sorry};;
612*7c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Please enter y or n."  ;;
613*7c478bd9Sstevel@tonic-gate	esac
614*7c478bd9Sstevel@tonic-gate    done
615*7c478bd9Sstevel@tonic-gate}
616*7c478bd9Sstevel@tonic-gate
617*7c478bd9Sstevel@tonic-gate
618*7c478bd9Sstevel@tonic-gate#
619*7c478bd9Sstevel@tonic-gate# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
620*7c478bd9Sstevel@tonic-gate#                      No default value supported.
621*7c478bd9Sstevel@tonic-gate#
622*7c478bd9Sstevel@tonic-gateget_confirm_nodef()
623*7c478bd9Sstevel@tonic-gate{
624*7c478bd9Sstevel@tonic-gate    _ANSWER=
625*7c478bd9Sstevel@tonic-gate
626*7c478bd9Sstevel@tonic-gate    while :
627*7c478bd9Sstevel@tonic-gate    do
628*7c478bd9Sstevel@tonic-gate	${ECHO} "$@ \c"
629*7c478bd9Sstevel@tonic-gate	read _ANSWER
630*7c478bd9Sstevel@tonic-gate	case "$_ANSWER" in
631*7c478bd9Sstevel@tonic-gate	    [Yy] | yes | Yes | YES) return 1 ;;
632*7c478bd9Sstevel@tonic-gate	    [Nn] | no  | No  | NO)  return 0 ;;
633*7c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Please enter y or n."  ;;
634*7c478bd9Sstevel@tonic-gate	esac
635*7c478bd9Sstevel@tonic-gate    done
636*7c478bd9Sstevel@tonic-gate}
637*7c478bd9Sstevel@tonic-gate
638*7c478bd9Sstevel@tonic-gate
639*7c478bd9Sstevel@tonic-gate#
640*7c478bd9Sstevel@tonic-gate# is_numeric(): Tells is a string is numeric.
641*7c478bd9Sstevel@tonic-gate#    0 = Numeric
642*7c478bd9Sstevel@tonic-gate#    1 = NOT Numeric
643*7c478bd9Sstevel@tonic-gate#
644*7c478bd9Sstevel@tonic-gateis_numeric()
645*7c478bd9Sstevel@tonic-gate{
646*7c478bd9Sstevel@tonic-gate    # Check for parameter.
647*7c478bd9Sstevel@tonic-gate    if [ $# -ne 1 ]; then
648*7c478bd9Sstevel@tonic-gate	return 1
649*7c478bd9Sstevel@tonic-gate    fi
650*7c478bd9Sstevel@tonic-gate
651*7c478bd9Sstevel@tonic-gate    # Determine if numeric.
652*7c478bd9Sstevel@tonic-gate    expr "$1" + 1 > /dev/null 2>&1
653*7c478bd9Sstevel@tonic-gate    if [ $? -ge 2 ]; then
654*7c478bd9Sstevel@tonic-gate	return 1
655*7c478bd9Sstevel@tonic-gate    fi
656*7c478bd9Sstevel@tonic-gate
657*7c478bd9Sstevel@tonic-gate    # Made it here, it's Numeric.
658*7c478bd9Sstevel@tonic-gate    return 0
659*7c478bd9Sstevel@tonic-gate}
660*7c478bd9Sstevel@tonic-gate
661*7c478bd9Sstevel@tonic-gate
662*7c478bd9Sstevel@tonic-gate#
663*7c478bd9Sstevel@tonic-gate# not_numeric(): Reverses the return values of is_numeric.  Useful
664*7c478bd9Sstevel@tonic-gate#                 for if and while statements that want to test for
665*7c478bd9Sstevel@tonic-gate#                 non-numeric data.
666*7c478bd9Sstevel@tonic-gate#    0 = NOT Numeric
667*7c478bd9Sstevel@tonic-gate#    1 = Numeric
668*7c478bd9Sstevel@tonic-gate#
669*7c478bd9Sstevel@tonic-gatenot_numeric()
670*7c478bd9Sstevel@tonic-gate{
671*7c478bd9Sstevel@tonic-gate    is_numeric $1
672*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
673*7c478bd9Sstevel@tonic-gate       return 1
674*7c478bd9Sstevel@tonic-gate    else
675*7c478bd9Sstevel@tonic-gate       return 0
676*7c478bd9Sstevel@tonic-gate    fi
677*7c478bd9Sstevel@tonic-gate}
678*7c478bd9Sstevel@tonic-gate
679*7c478bd9Sstevel@tonic-gate
680*7c478bd9Sstevel@tonic-gate#
681*7c478bd9Sstevel@tonic-gate# is_negative(): Tells is a Numeric value is less than zero.
682*7c478bd9Sstevel@tonic-gate#    0 = Negative Numeric
683*7c478bd9Sstevel@tonic-gate#    1 = Positive Numeric
684*7c478bd9Sstevel@tonic-gate#    2 = NOT Numeric
685*7c478bd9Sstevel@tonic-gate#
686*7c478bd9Sstevel@tonic-gateis_negative()
687*7c478bd9Sstevel@tonic-gate{
688*7c478bd9Sstevel@tonic-gate    # Check for parameter.
689*7c478bd9Sstevel@tonic-gate    if [ $# -ne 1 ]; then
690*7c478bd9Sstevel@tonic-gate	return 1
691*7c478bd9Sstevel@tonic-gate    fi
692*7c478bd9Sstevel@tonic-gate
693*7c478bd9Sstevel@tonic-gate    # Determine if numeric.  Can't use expr because -0 is
694*7c478bd9Sstevel@tonic-gate    # considered positive??
695*7c478bd9Sstevel@tonic-gate    if is_numeric $1; then
696*7c478bd9Sstevel@tonic-gate	case "$1" in
697*7c478bd9Sstevel@tonic-gate	    -*)  return 0 ;;   # Negative Numeric
698*7c478bd9Sstevel@tonic-gate	    *)   return 1 ;;   # Positive Numeric
699*7c478bd9Sstevel@tonic-gate	esac
700*7c478bd9Sstevel@tonic-gate    else
701*7c478bd9Sstevel@tonic-gate	return 2
702*7c478bd9Sstevel@tonic-gate    fi
703*7c478bd9Sstevel@tonic-gate}
704*7c478bd9Sstevel@tonic-gate
705*7c478bd9Sstevel@tonic-gate
706*7c478bd9Sstevel@tonic-gate#
707*7c478bd9Sstevel@tonic-gate# check_domainname(): check validity of a domain name.  Currently we check
708*7c478bd9Sstevel@tonic-gate#                     that it has at least two components.
709*7c478bd9Sstevel@tonic-gate#		$1  the domain name to be checked
710*7c478bd9Sstevel@tonic-gate#
711*7c478bd9Sstevel@tonic-gatecheck_domainname()
712*7c478bd9Sstevel@tonic-gate{
713*7c478bd9Sstevel@tonic-gate    if [ ! -z "$1" ]
714*7c478bd9Sstevel@tonic-gate    then
715*7c478bd9Sstevel@tonic-gate	t=`expr "$1" : '[^.]\{1,\}[.][^.]\{1,\}'`
716*7c478bd9Sstevel@tonic-gate	if [ "$t" = 0 ]
717*7c478bd9Sstevel@tonic-gate	then
718*7c478bd9Sstevel@tonic-gate	    return 1
719*7c478bd9Sstevel@tonic-gate	fi
720*7c478bd9Sstevel@tonic-gate    fi
721*7c478bd9Sstevel@tonic-gate    return 0
722*7c478bd9Sstevel@tonic-gate}
723*7c478bd9Sstevel@tonic-gate
724*7c478bd9Sstevel@tonic-gate
725*7c478bd9Sstevel@tonic-gate#
726*7c478bd9Sstevel@tonic-gate# check_baseDN(): check validity of the baseDN name.
727*7c478bd9Sstevel@tonic-gate#		$1  the baseDN name to be checked
728*7c478bd9Sstevel@tonic-gate#
729*7c478bd9Sstevel@tonic-gate#     NOTE: The check_baseDN function does not catch all invalid DN's.
730*7c478bd9Sstevel@tonic-gate#           Its purpose is to reduce the number of invalid DN's to
731*7c478bd9Sstevel@tonic-gate#           get past the input routine.  The invalid DN's will be
732*7c478bd9Sstevel@tonic-gate#           caught by the LDAP server when they are attempted to be
733*7c478bd9Sstevel@tonic-gate#           created.
734*7c478bd9Sstevel@tonic-gate#
735*7c478bd9Sstevel@tonic-gatecheck_baseDN()
736*7c478bd9Sstevel@tonic-gate{
737*7c478bd9Sstevel@tonic-gate    ck_DN=$1
738*7c478bd9Sstevel@tonic-gate    ${ECHO} "  Checking LDAP Base DN ..."
739*7c478bd9Sstevel@tonic-gate    if [ ! -z "$ck_DN" ]; then
740*7c478bd9Sstevel@tonic-gate        [ $DEBUG -eq 1 ] && ${ECHO} "Checking baseDN: $ck_DN"
741*7c478bd9Sstevel@tonic-gate        # Check for = (assignment operator)
742*7c478bd9Sstevel@tonic-gate        ${ECHO} "$ck_DN" | ${GREP} "=" > /dev/null 2>&1
743*7c478bd9Sstevel@tonic-gate        if [ $? -ne 0 ]; then
744*7c478bd9Sstevel@tonic-gate            [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: No '=' in baseDN."
745*7c478bd9Sstevel@tonic-gate            return 1
746*7c478bd9Sstevel@tonic-gate        fi
747*7c478bd9Sstevel@tonic-gate
748*7c478bd9Sstevel@tonic-gate        # Check all keys.
749*7c478bd9Sstevel@tonic-gate        while :
750*7c478bd9Sstevel@tonic-gate        do
751*7c478bd9Sstevel@tonic-gate            # Get first key.
752*7c478bd9Sstevel@tonic-gate            dkey=`${ECHO} $ck_DN | cut -d'=' -f1`
753*7c478bd9Sstevel@tonic-gate
754*7c478bd9Sstevel@tonic-gate            # Check that the key string is valid
755*7c478bd9Sstevel@tonic-gate	    check_attrName $dkey
756*7c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
757*7c478bd9Sstevel@tonic-gate                [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: invalid key=${dkey}"
758*7c478bd9Sstevel@tonic-gate                return 1
759*7c478bd9Sstevel@tonic-gate            fi
760*7c478bd9Sstevel@tonic-gate
761*7c478bd9Sstevel@tonic-gate            [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: valid key=${dkey}"
762*7c478bd9Sstevel@tonic-gate
763*7c478bd9Sstevel@tonic-gate            # Remove first key from DN
764*7c478bd9Sstevel@tonic-gate            ck_DN=`${ECHO} $ck_DN | cut -s -d',' -f2-`
765*7c478bd9Sstevel@tonic-gate
766*7c478bd9Sstevel@tonic-gate            # Break loop if nothing left.
767*7c478bd9Sstevel@tonic-gate            if [ "$ck_DN" = "" ]; then
768*7c478bd9Sstevel@tonic-gate                break
769*7c478bd9Sstevel@tonic-gate            fi
770*7c478bd9Sstevel@tonic-gate        done
771*7c478bd9Sstevel@tonic-gate    fi
772*7c478bd9Sstevel@tonic-gate    return 0
773*7c478bd9Sstevel@tonic-gate}
774*7c478bd9Sstevel@tonic-gate
775*7c478bd9Sstevel@tonic-gate
776*7c478bd9Sstevel@tonic-gate#
777*7c478bd9Sstevel@tonic-gate# domain_2_dc(): Convert a domain name into dc string.
778*7c478bd9Sstevel@tonic-gate#    $1  .. Domain name.
779*7c478bd9Sstevel@tonic-gate#
780*7c478bd9Sstevel@tonic-gatedomain_2_dc()
781*7c478bd9Sstevel@tonic-gate{
782*7c478bd9Sstevel@tonic-gate    _DOM=$1           # Domain parameter.
783*7c478bd9Sstevel@tonic-gate    _DOM_2_DC=""      # Return value from function.
784*7c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
785*7c478bd9Sstevel@tonic-gate
786*7c478bd9Sstevel@tonic-gate    export _DOM_2_DC  # Make visible for others.
787*7c478bd9Sstevel@tonic-gate
788*7c478bd9Sstevel@tonic-gate    # Convert "."'s to spaces for "for" loop.
789*7c478bd9Sstevel@tonic-gate    domtmp="`${ECHO} ${_DOM} | tr '.' ' '`"
790*7c478bd9Sstevel@tonic-gate    for i in $domtmp; do
791*7c478bd9Sstevel@tonic-gate	if [ $_FIRST -eq 1 ]; then
792*7c478bd9Sstevel@tonic-gate	    _DOM_2_DC="dc=${i}"
793*7c478bd9Sstevel@tonic-gate	    _FIRST=0
794*7c478bd9Sstevel@tonic-gate	else
795*7c478bd9Sstevel@tonic-gate	    _DOM_2_DC="${_DOM_2_DC},dc=${i}"
796*7c478bd9Sstevel@tonic-gate	fi
797*7c478bd9Sstevel@tonic-gate    done
798*7c478bd9Sstevel@tonic-gate}
799*7c478bd9Sstevel@tonic-gate
800*7c478bd9Sstevel@tonic-gate
801*7c478bd9Sstevel@tonic-gate#
802*7c478bd9Sstevel@tonic-gate# is_root_user(): Check to see if logged in as root user.
803*7c478bd9Sstevel@tonic-gate#
804*7c478bd9Sstevel@tonic-gateis_root_user()
805*7c478bd9Sstevel@tonic-gate{
806*7c478bd9Sstevel@tonic-gate    case `id` in
807*7c478bd9Sstevel@tonic-gate	uid=0\(root\)*) return 0 ;;
808*7c478bd9Sstevel@tonic-gate	* )             return 1 ;;
809*7c478bd9Sstevel@tonic-gate    esac
810*7c478bd9Sstevel@tonic-gate}
811*7c478bd9Sstevel@tonic-gate
812*7c478bd9Sstevel@tonic-gate
813*7c478bd9Sstevel@tonic-gate#
814*7c478bd9Sstevel@tonic-gate# parse_arg(): Parses the command line arguments and sets the
815*7c478bd9Sstevel@tonic-gate#              appropriate variables.
816*7c478bd9Sstevel@tonic-gate#
817*7c478bd9Sstevel@tonic-gateparse_arg()
818*7c478bd9Sstevel@tonic-gate{
819*7c478bd9Sstevel@tonic-gate    while getopts "dvhi:o:" ARG
820*7c478bd9Sstevel@tonic-gate    do
821*7c478bd9Sstevel@tonic-gate	case $ARG in
822*7c478bd9Sstevel@tonic-gate	    d)      DEBUG=1;;
823*7c478bd9Sstevel@tonic-gate	    v)      VERB="";;
824*7c478bd9Sstevel@tonic-gate	    i)      INPUT_FILE=$OPTARG;;
825*7c478bd9Sstevel@tonic-gate	    o)      OUTPUT_FILE=$OPTARG;;
826*7c478bd9Sstevel@tonic-gate	    \?)	display_msg usage
827*7c478bd9Sstevel@tonic-gate		    exit 1;;
828*7c478bd9Sstevel@tonic-gate	    *)	${ECHO} "**ERROR: Supported option missing handler!"
829*7c478bd9Sstevel@tonic-gate		    display_msg usage
830*7c478bd9Sstevel@tonic-gate		    exit 1;;
831*7c478bd9Sstevel@tonic-gate	esac
832*7c478bd9Sstevel@tonic-gate    done
833*7c478bd9Sstevel@tonic-gate    return `expr $OPTIND - 1`
834*7c478bd9Sstevel@tonic-gate}
835*7c478bd9Sstevel@tonic-gate
836*7c478bd9Sstevel@tonic-gate
837*7c478bd9Sstevel@tonic-gate#
838*7c478bd9Sstevel@tonic-gate# init(): initializes variables and options
839*7c478bd9Sstevel@tonic-gate#
840*7c478bd9Sstevel@tonic-gateinit()
841*7c478bd9Sstevel@tonic-gate{
842*7c478bd9Sstevel@tonic-gate    # General variables.
843*7c478bd9Sstevel@tonic-gate    PROG=`basename $0`	# Program name
844*7c478bd9Sstevel@tonic-gate    PID=$$              # Program ID
845*7c478bd9Sstevel@tonic-gate    VERB='> /dev/null 2>&1'	# NULL or "> /dev/null"
846*7c478bd9Sstevel@tonic-gate    ECHO="/bin/echo"	# print message on screen
847*7c478bd9Sstevel@tonic-gate    EVAL="eval"		# eval or echo
848*7c478bd9Sstevel@tonic-gate    EGREP="/usr/bin/egrep"
849*7c478bd9Sstevel@tonic-gate    GREP="/usr/bin/grep"
850*7c478bd9Sstevel@tonic-gate    DEBUG=0             # Set Debug OFF
851*7c478bd9Sstevel@tonic-gate    BACKUP=no_ldap	# backup suffix
852*7c478bd9Sstevel@tonic-gate    HOST=""		# NULL or <hostname>
853*7c478bd9Sstevel@tonic-gate
854*7c478bd9Sstevel@tonic-gate    DOM=""              # Set to NULL
855*7c478bd9Sstevel@tonic-gate    # If DNS domain (resolv.conf) exists use that, otherwise use domainname.
856*7c478bd9Sstevel@tonic-gate    if [ -f /etc/resolv.conf ]; then
857*7c478bd9Sstevel@tonic-gate        DOM=`/usr/xpg4/bin/grep -i -E '^domain|^search' /etc/resolv.conf \
858*7c478bd9Sstevel@tonic-gate	    | awk '{ print $2 }' | tail -1`
859*7c478bd9Sstevel@tonic-gate    fi
860*7c478bd9Sstevel@tonic-gate
861*7c478bd9Sstevel@tonic-gate    # If for any reason the DOM did not get set (error'd resolv.conf) set
862*7c478bd9Sstevel@tonic-gate    # DOM to the domainname command's output.
863*7c478bd9Sstevel@tonic-gate    if [ "$DOM" = "" ]; then
864*7c478bd9Sstevel@tonic-gate        DOM=`domainname`	# domain from domainname command.
865*7c478bd9Sstevel@tonic-gate    fi
866*7c478bd9Sstevel@tonic-gate
867*7c478bd9Sstevel@tonic-gate    STEP=1
868*7c478bd9Sstevel@tonic-gate    INTERACTIVE=1       # 0 = on, 1 = off (For input file mode)
869*7c478bd9Sstevel@tonic-gate    DEL_OLD_PROFILE=0   # 0 (default), 1 = delete old profile.
870*7c478bd9Sstevel@tonic-gate
871*7c478bd9Sstevel@tonic-gate    # idsconfig specific variables.
872*7c478bd9Sstevel@tonic-gate    INPUT_FILE=""
873*7c478bd9Sstevel@tonic-gate    OUTPUT_FILE=""
874*7c478bd9Sstevel@tonic-gate    NEED_PROXY=0        # 0 = No Proxy, 1 = Create Proxy.
875*7c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT=""
876*7c478bd9Sstevel@tonic-gate    LDAP_SUFFIX=""
877*7c478bd9Sstevel@tonic-gate    LDAP_DOMAIN=$DOM	# domainname on Server (default value)
878*7c478bd9Sstevel@tonic-gate    GEN_CMD=""
879*7c478bd9Sstevel@tonic-gate
880*7c478bd9Sstevel@tonic-gate    # LDAP COMMANDS
881*7c478bd9Sstevel@tonic-gate    LDAPSEARCH="/bin/ldapsearch -r"
882*7c478bd9Sstevel@tonic-gate    LDAPMODIFY=/bin/ldapmodify
883*7c478bd9Sstevel@tonic-gate    LDAPADD=/bin/ldapadd
884*7c478bd9Sstevel@tonic-gate    LDAPDELETE=/bin/ldapdelete
885*7c478bd9Sstevel@tonic-gate    LDAP_GEN_PROFILE=/usr/sbin/ldap_gen_profile
886*7c478bd9Sstevel@tonic-gate
887*7c478bd9Sstevel@tonic-gate    # iDS specific information
888*7c478bd9Sstevel@tonic-gate    IDS_SERVER=""
889*7c478bd9Sstevel@tonic-gate    IDS_PORT=389
890*7c478bd9Sstevel@tonic-gate    NEED_TIME=0
891*7c478bd9Sstevel@tonic-gate    NEED_SIZE=0
892*7c478bd9Sstevel@tonic-gate    NEED_SRVAUTH_PAM=0
893*7c478bd9Sstevel@tonic-gate    NEED_SRVAUTH_KEY=0
894*7c478bd9Sstevel@tonic-gate    NEED_SRVAUTH_CMD=0
895*7c478bd9Sstevel@tonic-gate    IDS_TIMELIMIT=""
896*7c478bd9Sstevel@tonic-gate    IDS_SIZELIMIT=""
897*7c478bd9Sstevel@tonic-gate
898*7c478bd9Sstevel@tonic-gate    # LDAP PROFILE related defaults
899*7c478bd9Sstevel@tonic-gate    LDAP_ROOTDN="cn=Directory Manager"   # Provide common default.
900*7c478bd9Sstevel@tonic-gate    LDAP_ROOTPWD=""                      # NULL passwd as default (i.e. invalid)
901*7c478bd9Sstevel@tonic-gate    LDAP_PROFILE_NAME="default"
902*7c478bd9Sstevel@tonic-gate    LDAP_BASEDN=""
903*7c478bd9Sstevel@tonic-gate    LDAP_SERVER_LIST=""
904*7c478bd9Sstevel@tonic-gate    LDAP_AUTHMETHOD=""
905*7c478bd9Sstevel@tonic-gate    LDAP_FOLLOWREF="FALSE"
906*7c478bd9Sstevel@tonic-gate    NEED_CRYPT=""
907*7c478bd9Sstevel@tonic-gate    LDAP_SEARCH_SCOPE="one"
908*7c478bd9Sstevel@tonic-gate    LDAP_SRV_AUTHMETHOD_PAM=""
909*7c478bd9Sstevel@tonic-gate    LDAP_SRV_AUTHMETHOD_KEY=""
910*7c478bd9Sstevel@tonic-gate    LDAP_SRV_AUTHMETHOD_CMD=""
911*7c478bd9Sstevel@tonic-gate    LDAP_SEARCH_TIME_LIMIT=30
912*7c478bd9Sstevel@tonic-gate    LDAP_PREF_SRVLIST=""
913*7c478bd9Sstevel@tonic-gate    LDAP_PROFILE_TTL=43200
914*7c478bd9Sstevel@tonic-gate    LDAP_CRED_LEVEL="proxy"
915*7c478bd9Sstevel@tonic-gate    LDAP_BIND_LIMIT=10
916*7c478bd9Sstevel@tonic-gate
917*7c478bd9Sstevel@tonic-gate    # Prevent new files from being read by group or others.
918*7c478bd9Sstevel@tonic-gate    umask 077
919*7c478bd9Sstevel@tonic-gate
920*7c478bd9Sstevel@tonic-gate    # Service Search Descriptors
921*7c478bd9Sstevel@tonic-gate    LDAP_SERV_SRCH_DES=""
922*7c478bd9Sstevel@tonic-gate
923*7c478bd9Sstevel@tonic-gate    # Set and create TMPDIR.
924*7c478bd9Sstevel@tonic-gate    TMPDIR="/tmp/idsconfig.${PID}"
925*7c478bd9Sstevel@tonic-gate    if mkdir -m 700 ${TMPDIR}
926*7c478bd9Sstevel@tonic-gate    then
927*7c478bd9Sstevel@tonic-gate	# Cleanup on exit.
928*7c478bd9Sstevel@tonic-gate	trap 'rm -rf ${TMPDIR}; /usr/bin/stty echo; exit' 1 2 3 6 15
929*7c478bd9Sstevel@tonic-gate    else
930*7c478bd9Sstevel@tonic-gate	echo "ERROR: unable to create a safe temporary directory."
931*7c478bd9Sstevel@tonic-gate	exit 1
932*7c478bd9Sstevel@tonic-gate    fi
933*7c478bd9Sstevel@tonic-gate    LDAP_ROOTPWF=${TMPDIR}/rootPWD
934*7c478bd9Sstevel@tonic-gate
935*7c478bd9Sstevel@tonic-gate    # Set the SSD file name after setting TMPDIR.
936*7c478bd9Sstevel@tonic-gate    SSD_FILE=${TMPDIR}/ssd_list
937*7c478bd9Sstevel@tonic-gate
938*7c478bd9Sstevel@tonic-gate    export DEBUG VERB ECHO EVAL EGREP GREP STEP TMPDIR
939*7c478bd9Sstevel@tonic-gate    export IDS_SERVER IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST
940*7c478bd9Sstevel@tonic-gate    export LDAP_BASEDN LDAP_ROOTPWF
941*7c478bd9Sstevel@tonic-gate    export LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED
942*7c478bd9Sstevel@tonic-gate    export NEED_PROXY
943*7c478bd9Sstevel@tonic-gate    export LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST
944*7c478bd9Sstevel@tonic-gate    export LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT
945*7c478bd9Sstevel@tonic-gate    export LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT
946*7c478bd9Sstevel@tonic-gate    export NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD
947*7c478bd9Sstevel@tonic-gate    export LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD
948*7c478bd9Sstevel@tonic-gate    export LDAP_SERV_SRCH_DES SSD_FILE
949*7c478bd9Sstevel@tonic-gate    export GEN_CMD
950*7c478bd9Sstevel@tonic-gate}
951*7c478bd9Sstevel@tonic-gate
952*7c478bd9Sstevel@tonic-gate
953*7c478bd9Sstevel@tonic-gate#
954*7c478bd9Sstevel@tonic-gate# disp_full_debug(): List of all debug variables usually interested in.
955*7c478bd9Sstevel@tonic-gate#                    Grouped to avoid MASSIVE code duplication.
956*7c478bd9Sstevel@tonic-gate#
957*7c478bd9Sstevel@tonic-gatedisp_full_debug()
958*7c478bd9Sstevel@tonic-gate{
959*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_SERVER = $IDS_SERVER"
960*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_PORT = $IDS_PORT"
961*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_ROOTDN = $LDAP_ROOTDN"
962*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_ROOTPWD = $LDAP_ROOTPWD"
963*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_DOMAIN = $LDAP_DOMAIN"
964*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SUFFIX = $LDAP_SUFFIX"
965*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_BASEDN = $LDAP_BASEDN"
966*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROFILE_NAME = $LDAP_PROFILE_NAME"
967*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SERVER_LIST = $LDAP_SERVER_LIST"
968*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PREF_SRVLIST = $LDAP_PREF_SRVLIST"
969*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SEARCH_SCOPE = $LDAP_SEARCH_SCOPE"
970*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_CRED_LEVEL = $LDAP_CRED_LEVEL"
971*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_AUTHMETHOD = $LDAP_AUTHMETHOD"
972*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_FOLLOWREF = $LDAP_FOLLOWREF"
973*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_TIMELIMIT = $IDS_TIMELIMIT"
974*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_SIZELIMIT = $IDS_SIZELIMIT"
975*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_CRYPT = $NEED_CRYPT"
976*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_SRVAUTH_PAM = $NEED_SRVAUTH_PAM"
977*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_SRVAUTH_KEY = $NEED_SRVAUTH_KEY"
978*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_SRVAUTH_CMD = $NEED_SRVAUTH_CMD"
979*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SRV_AUTHMETHOD_PAM = $LDAP_SRV_AUTHMETHOD_PAM"
980*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SRV_AUTHMETHOD_KEY = $LDAP_SRV_AUTHMETHOD_KEY"
981*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SRV_AUTHMETHOD_CMD = $LDAP_SRV_AUTHMETHOD_CMD"
982*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SEARCH_TIME_LIMIT = $LDAP_SEARCH_TIME_LIMIT"
983*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROFILE_TTL = $LDAP_PROFILE_TTL"
984*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_BIND_LIMIT = $LDAP_BIND_LIMIT"
985*7c478bd9Sstevel@tonic-gate
986*7c478bd9Sstevel@tonic-gate    # Only display proxy stuff if needed.
987*7c478bd9Sstevel@tonic-gate    if [ $NEED_PROXY -eq  1 ]; then
988*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROXYAGENT = $LDAP_PROXYAGENT"
989*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROXYAGENT_CRED = $LDAP_PROXYAGENT_CRED"
990*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  NEED_PROXY = $NEED_PROXY"
991*7c478bd9Sstevel@tonic-gate    fi
992*7c478bd9Sstevel@tonic-gate
993*7c478bd9Sstevel@tonic-gate    # Service Search Descriptors are a special case.
994*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SERV_SRCH_DES = $LDAP_SERV_SRCH_DES"
995*7c478bd9Sstevel@tonic-gate}
996*7c478bd9Sstevel@tonic-gate
997*7c478bd9Sstevel@tonic-gate
998*7c478bd9Sstevel@tonic-gate#
999*7c478bd9Sstevel@tonic-gate# load_config_file(): Loads the config file.
1000*7c478bd9Sstevel@tonic-gate#
1001*7c478bd9Sstevel@tonic-gateload_config_file()
1002*7c478bd9Sstevel@tonic-gate{
1003*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In load_config_file()"
1004*7c478bd9Sstevel@tonic-gate
1005*7c478bd9Sstevel@tonic-gate    # Remove SSD lines from input file before sourcing.
1006*7c478bd9Sstevel@tonic-gate    # The SSD lines must be removed because some forms of the
1007*7c478bd9Sstevel@tonic-gate    # data could cause SHELL errors.
1008*7c478bd9Sstevel@tonic-gate    ${GREP} -v "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} > ${TMPDIR}/inputfile.noSSD
1009*7c478bd9Sstevel@tonic-gate
1010*7c478bd9Sstevel@tonic-gate    # Source the input file.
1011*7c478bd9Sstevel@tonic-gate    . ${TMPDIR}/inputfile.noSSD
1012*7c478bd9Sstevel@tonic-gate
1013*7c478bd9Sstevel@tonic-gate    # If LDAP_SUFFIX is no set, try to utilize LDAP_TREETOP since older
1014*7c478bd9Sstevel@tonic-gate    # config files use LDAP_TREETOP
1015*7c478bd9Sstevel@tonic-gate    LDAP_SUFFIX="${LDAP_SUFFIX:-$LDAP_TREETOP}"
1016*7c478bd9Sstevel@tonic-gate
1017*7c478bd9Sstevel@tonic-gate    # Save password to temporary file.
1018*7c478bd9Sstevel@tonic-gate    save_password
1019*7c478bd9Sstevel@tonic-gate
1020*7c478bd9Sstevel@tonic-gate    # Create the SSD file.
1021*7c478bd9Sstevel@tonic-gate    create_ssd_file
1022*7c478bd9Sstevel@tonic-gate
1023*7c478bd9Sstevel@tonic-gate    # Display FULL debugging info.
1024*7c478bd9Sstevel@tonic-gate    disp_full_debug
1025*7c478bd9Sstevel@tonic-gate}
1026*7c478bd9Sstevel@tonic-gate
1027*7c478bd9Sstevel@tonic-gate#
1028*7c478bd9Sstevel@tonic-gate# save_password(): Save password to temporary file.
1029*7c478bd9Sstevel@tonic-gate#
1030*7c478bd9Sstevel@tonic-gatesave_password()
1031*7c478bd9Sstevel@tonic-gate{
1032*7c478bd9Sstevel@tonic-gate    cat > ${LDAP_ROOTPWF} <<EOF
1033*7c478bd9Sstevel@tonic-gate${LDAP_ROOTPWD}
1034*7c478bd9Sstevel@tonic-gateEOF
1035*7c478bd9Sstevel@tonic-gate}
1036*7c478bd9Sstevel@tonic-gate
1037*7c478bd9Sstevel@tonic-gate######################################################################
1038*7c478bd9Sstevel@tonic-gate# FUNCTIONS  FOR prompt_config_info() START HERE.
1039*7c478bd9Sstevel@tonic-gate######################################################################
1040*7c478bd9Sstevel@tonic-gate
1041*7c478bd9Sstevel@tonic-gate#
1042*7c478bd9Sstevel@tonic-gate# get_ids_server(): Prompt for iDS server name.
1043*7c478bd9Sstevel@tonic-gate#
1044*7c478bd9Sstevel@tonic-gateget_ids_server()
1045*7c478bd9Sstevel@tonic-gate{
1046*7c478bd9Sstevel@tonic-gate    while :
1047*7c478bd9Sstevel@tonic-gate    do
1048*7c478bd9Sstevel@tonic-gate	# Prompt for server name.
1049*7c478bd9Sstevel@tonic-gate	get_ans "Enter the iPlanet Directory Server's (iDS) hostname to setup:" "$IDS_SERVER"
1050*7c478bd9Sstevel@tonic-gate	IDS_SERVER=$ANS
1051*7c478bd9Sstevel@tonic-gate
1052*7c478bd9Sstevel@tonic-gate	# Ping server to see if live.  If valid break out of loop.
1053*7c478bd9Sstevel@tonic-gate	ping $IDS_SERVER > /dev/null 2>&1
1054*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1055*7c478bd9Sstevel@tonic-gate	    break
1056*7c478bd9Sstevel@tonic-gate	fi
1057*7c478bd9Sstevel@tonic-gate
1058*7c478bd9Sstevel@tonic-gate	# Invalid server, enter a new name.
1059*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Server '${IDS_SERVER}' is invalid or unreachable."
1060*7c478bd9Sstevel@tonic-gate	IDS_SERVER=""
1061*7c478bd9Sstevel@tonic-gate    done
1062*7c478bd9Sstevel@tonic-gate
1063*7c478bd9Sstevel@tonic-gate    # Set SERVER_ARGS and LDAP_ARGS since values might of changed.
1064*7c478bd9Sstevel@tonic-gate    SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}"
1065*7c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
1066*7c478bd9Sstevel@tonic-gate    export SERVER_ARGS
1067*7c478bd9Sstevel@tonic-gate
1068*7c478bd9Sstevel@tonic-gate}
1069*7c478bd9Sstevel@tonic-gate
1070*7c478bd9Sstevel@tonic-gate#
1071*7c478bd9Sstevel@tonic-gate# get_ids_port(): Prompt for iDS port number.
1072*7c478bd9Sstevel@tonic-gate#
1073*7c478bd9Sstevel@tonic-gateget_ids_port()
1074*7c478bd9Sstevel@tonic-gate{
1075*7c478bd9Sstevel@tonic-gate    # Get a valid iDS port number.
1076*7c478bd9Sstevel@tonic-gate    while :
1077*7c478bd9Sstevel@tonic-gate    do
1078*7c478bd9Sstevel@tonic-gate	# Enter port number.
1079*7c478bd9Sstevel@tonic-gate	get_number "Enter the port number for iDS (h=help):" "$IDS_PORT" "port_help"
1080*7c478bd9Sstevel@tonic-gate	IDS_PORT=$ANS
1081*7c478bd9Sstevel@tonic-gate
1082*7c478bd9Sstevel@tonic-gate	# Do a simple search to check hostname and port number.
1083*7c478bd9Sstevel@tonic-gate	# If search returns SUCCESS, break out, host and port must
1084*7c478bd9Sstevel@tonic-gate	# be valid.
1085*7c478bd9Sstevel@tonic-gate	${LDAPSEARCH} -h ${IDS_SERVER} -p ${IDS_PORT} -b "" -s base "objectclass=*" > /dev/null 2>&1
1086*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1087*7c478bd9Sstevel@tonic-gate	    break
1088*7c478bd9Sstevel@tonic-gate	fi
1089*7c478bd9Sstevel@tonic-gate
1090*7c478bd9Sstevel@tonic-gate	# Invalid host/port pair, Re-enter.
1091*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Invalid host or port: ${IDS_SERVER}:${IDS_PORT}, Please re-enter!"
1092*7c478bd9Sstevel@tonic-gate	get_ids_server
1093*7c478bd9Sstevel@tonic-gate    done
1094*7c478bd9Sstevel@tonic-gate
1095*7c478bd9Sstevel@tonic-gate    # Set SERVER_ARGS and LDAP_ARGS since values might of changed.
1096*7c478bd9Sstevel@tonic-gate    SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}"
1097*7c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
1098*7c478bd9Sstevel@tonic-gate    export SERVER_ARGS
1099*7c478bd9Sstevel@tonic-gate}
1100*7c478bd9Sstevel@tonic-gate
1101*7c478bd9Sstevel@tonic-gate
1102*7c478bd9Sstevel@tonic-gate#
1103*7c478bd9Sstevel@tonic-gate# chk_ids_version(): Read the slapd config file and set variables
1104*7c478bd9Sstevel@tonic-gate#
1105*7c478bd9Sstevel@tonic-gatechk_ids_version()
1106*7c478bd9Sstevel@tonic-gate{
1107*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()"
1108*7c478bd9Sstevel@tonic-gate
1109*7c478bd9Sstevel@tonic-gate    # check iDS version number.
1110*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base \"objectclass=*\" version | ${GREP} \"^version=\" | cut -f2 -d'/' | cut -f1 -d' ' > ${TMPDIR}/checkDSver 2>&1"
1111*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
1112*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Can not determine the version number of iDS!"
1113*7c478bd9Sstevel@tonic-gate	exit 1
1114*7c478bd9Sstevel@tonic-gate    fi
1115*7c478bd9Sstevel@tonic-gate    IDS_VER=`cat ${TMPDIR}/checkDSver`
1116*7c478bd9Sstevel@tonic-gate    IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.`
1117*7c478bd9Sstevel@tonic-gate    IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.`
1118*7c478bd9Sstevel@tonic-gate    if [ "${IDS_MAJVER}" != "5" ]; then
1119*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: $PROG only works with iDS version 5.x, not ${IDS_VER}."
1120*7c478bd9Sstevel@tonic-gate    	exit 1
1121*7c478bd9Sstevel@tonic-gate    fi
1122*7c478bd9Sstevel@tonic-gate    if [ $DEBUG -eq 1 ]; then
1123*7c478bd9Sstevel@tonic-gate	${ECHO} "  IDS_MAJVER = $IDS_MAJVER"
1124*7c478bd9Sstevel@tonic-gate	${ECHO} "  IDS_MINVER = $IDS_MINVER"
1125*7c478bd9Sstevel@tonic-gate    fi
1126*7c478bd9Sstevel@tonic-gate}
1127*7c478bd9Sstevel@tonic-gate
1128*7c478bd9Sstevel@tonic-gate
1129*7c478bd9Sstevel@tonic-gate#
1130*7c478bd9Sstevel@tonic-gate# get_dirmgr_dn(): Get the directory manger DN.
1131*7c478bd9Sstevel@tonic-gate#
1132*7c478bd9Sstevel@tonic-gateget_dirmgr_dn()
1133*7c478bd9Sstevel@tonic-gate{
1134*7c478bd9Sstevel@tonic-gate    get_ans "Enter the directory manager DN:" "$LDAP_ROOTDN"
1135*7c478bd9Sstevel@tonic-gate    LDAP_ROOTDN=$ANS
1136*7c478bd9Sstevel@tonic-gate
1137*7c478bd9Sstevel@tonic-gate    # Update ENV variables using DN.
1138*7c478bd9Sstevel@tonic-gate    AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}"
1139*7c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
1140*7c478bd9Sstevel@tonic-gate    export AUTH_ARGS LDAP_ARGS
1141*7c478bd9Sstevel@tonic-gate}
1142*7c478bd9Sstevel@tonic-gate
1143*7c478bd9Sstevel@tonic-gate
1144*7c478bd9Sstevel@tonic-gate#
1145*7c478bd9Sstevel@tonic-gate# get_dirmgr_pw(): Get the Root DN passwd. (Root DN found in slapd.conf)
1146*7c478bd9Sstevel@tonic-gate#
1147*7c478bd9Sstevel@tonic-gateget_dirmgr_pw()
1148*7c478bd9Sstevel@tonic-gate{
1149*7c478bd9Sstevel@tonic-gate    while :
1150*7c478bd9Sstevel@tonic-gate    do
1151*7c478bd9Sstevel@tonic-gate	# Get passwd.
1152*7c478bd9Sstevel@tonic-gate	get_passwd_nochk "Enter passwd for ${LDAP_ROOTDN} :"
1153*7c478bd9Sstevel@tonic-gate	LDAP_ROOTPWD=$ANS
1154*7c478bd9Sstevel@tonic-gate
1155*7c478bd9Sstevel@tonic-gate	# Store password in file.
1156*7c478bd9Sstevel@tonic-gate	save_password
1157*7c478bd9Sstevel@tonic-gate
1158*7c478bd9Sstevel@tonic-gate	# Update ENV variables using DN's PW.
1159*7c478bd9Sstevel@tonic-gate	AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}"
1160*7c478bd9Sstevel@tonic-gate	LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
1161*7c478bd9Sstevel@tonic-gate	export AUTH_ARGS LDAP_ARGS
1162*7c478bd9Sstevel@tonic-gate
1163*7c478bd9Sstevel@tonic-gate	# Verify that ROOTDN and ROOTPWD are valid.
1164*7c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1"
1165*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
1166*7c478bd9Sstevel@tonic-gate	    eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}"
1167*7c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
1168*7c478bd9Sstevel@tonic-gate		${ECHO} "ERROR: Root DN passwd is invalid."
1169*7c478bd9Sstevel@tonic-gate	    else
1170*7c478bd9Sstevel@tonic-gate		${ECHO} "ERROR: Invalid Root DN <${LDAP_ROOTDN}>."
1171*7c478bd9Sstevel@tonic-gate		get_dirmgr_dn
1172*7c478bd9Sstevel@tonic-gate	    fi
1173*7c478bd9Sstevel@tonic-gate	else
1174*7c478bd9Sstevel@tonic-gate	    break         # Both are valid.
1175*7c478bd9Sstevel@tonic-gate	fi
1176*7c478bd9Sstevel@tonic-gate    done
1177*7c478bd9Sstevel@tonic-gate
1178*7c478bd9Sstevel@tonic-gate
1179*7c478bd9Sstevel@tonic-gate}
1180*7c478bd9Sstevel@tonic-gate
1181*7c478bd9Sstevel@tonic-gate
1182*7c478bd9Sstevel@tonic-gate#
1183*7c478bd9Sstevel@tonic-gate# get_domain(): Get the Domain that will be served by the LDAP server.
1184*7c478bd9Sstevel@tonic-gate#               $1 - Help argument.
1185*7c478bd9Sstevel@tonic-gate#
1186*7c478bd9Sstevel@tonic-gateget_domain()
1187*7c478bd9Sstevel@tonic-gate{
1188*7c478bd9Sstevel@tonic-gate    # Use LDAP_DOMAIN as default.
1189*7c478bd9Sstevel@tonic-gate    get_ans "Enter the domainname to be served (h=help):" $LDAP_DOMAIN
1190*7c478bd9Sstevel@tonic-gate
1191*7c478bd9Sstevel@tonic-gate    # Check domainname, and have user re-enter if not valid.
1192*7c478bd9Sstevel@tonic-gate    check_domainname $ANS
1193*7c478bd9Sstevel@tonic-gate    while [ $? -ne 0 ]
1194*7c478bd9Sstevel@tonic-gate    do
1195*7c478bd9Sstevel@tonic-gate	case "$ANS" in
1196*7c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg ${1:-sorry} ;;
1197*7c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Invalid domainname: \"${ANS}\"."
1198*7c478bd9Sstevel@tonic-gate	     ;;
1199*7c478bd9Sstevel@tonic-gate	esac
1200*7c478bd9Sstevel@tonic-gate	get_ans "Enter domainname to be served (h=help):" $DOM
1201*7c478bd9Sstevel@tonic-gate
1202*7c478bd9Sstevel@tonic-gate	check_domainname $ANS
1203*7c478bd9Sstevel@tonic-gate    done
1204*7c478bd9Sstevel@tonic-gate
1205*7c478bd9Sstevel@tonic-gate    # Set the domainname to valid name.
1206*7c478bd9Sstevel@tonic-gate    LDAP_DOMAIN=$ANS
1207*7c478bd9Sstevel@tonic-gate}
1208*7c478bd9Sstevel@tonic-gate
1209*7c478bd9Sstevel@tonic-gate
1210*7c478bd9Sstevel@tonic-gate#
1211*7c478bd9Sstevel@tonic-gate# get_basedn(): Query for the Base DN.
1212*7c478bd9Sstevel@tonic-gate#
1213*7c478bd9Sstevel@tonic-gateget_basedn()
1214*7c478bd9Sstevel@tonic-gate{
1215*7c478bd9Sstevel@tonic-gate    # Set the $_DOM_2_DC and assign to LDAP_BASEDN as default.
1216*7c478bd9Sstevel@tonic-gate    # Then call get_basedn().  This method remakes the default
1217*7c478bd9Sstevel@tonic-gate    # each time just in case the domain changed.
1218*7c478bd9Sstevel@tonic-gate    domain_2_dc $LDAP_DOMAIN
1219*7c478bd9Sstevel@tonic-gate    LDAP_BASEDN=$_DOM_2_DC
1220*7c478bd9Sstevel@tonic-gate
1221*7c478bd9Sstevel@tonic-gate    # Get Base DN.
1222*7c478bd9Sstevel@tonic-gate    while :
1223*7c478bd9Sstevel@tonic-gate    do
1224*7c478bd9Sstevel@tonic-gate	get_ans_req "Enter LDAP Base DN (h=help):" "$LDAP_BASEDN"
1225*7c478bd9Sstevel@tonic-gate	check_baseDN "$ANS"
1226*7c478bd9Sstevel@tonic-gate	while [ $? -ne 0 ]
1227*7c478bd9Sstevel@tonic-gate	do
1228*7c478bd9Sstevel@tonic-gate	    case "$ANS" in
1229*7c478bd9Sstevel@tonic-gate		[Hh] | help | Help | \?) display_msg basedn_help ;;
1230*7c478bd9Sstevel@tonic-gate		* ) ${ECHO} "Invalid base DN: \"${ANS}\"."
1231*7c478bd9Sstevel@tonic-gate		;;
1232*7c478bd9Sstevel@tonic-gate	    esac
1233*7c478bd9Sstevel@tonic-gate
1234*7c478bd9Sstevel@tonic-gate	    # Re-Enter the BaseDN
1235*7c478bd9Sstevel@tonic-gate	    get_ans_req "Enter LDAP Base DN (h=help):" "$LDAP_BASEDN"
1236*7c478bd9Sstevel@tonic-gate	    check_baseDN "$ANS"
1237*7c478bd9Sstevel@tonic-gate	done
1238*7c478bd9Sstevel@tonic-gate
1239*7c478bd9Sstevel@tonic-gate	# Set base DN.
1240*7c478bd9Sstevel@tonic-gate	LDAP_BASEDN=${ANS}
1241*7c478bd9Sstevel@tonic-gate
1242*7c478bd9Sstevel@tonic-gate	check_basedn_suffix
1243*7c478bd9Sstevel@tonic-gate	case $? in
1244*7c478bd9Sstevel@tonic-gate	    0) break ;;
1245*7c478bd9Sstevel@tonic-gate	    1) cleanup; exit 1 ;;
1246*7c478bd9Sstevel@tonic-gate	    2) continue ;;
1247*7c478bd9Sstevel@tonic-gate	esac
1248*7c478bd9Sstevel@tonic-gate    done
1249*7c478bd9Sstevel@tonic-gate}
1250*7c478bd9Sstevel@tonic-gate
1251*7c478bd9Sstevel@tonic-gate
1252*7c478bd9Sstevel@tonic-gate#
1253*7c478bd9Sstevel@tonic-gate# get_profile_name(): Enter the profile name.
1254*7c478bd9Sstevel@tonic-gate#
1255*7c478bd9Sstevel@tonic-gateget_profile_name()
1256*7c478bd9Sstevel@tonic-gate{
1257*7c478bd9Sstevel@tonic-gate    # Reset Delete Old Profile since getting new profile name.
1258*7c478bd9Sstevel@tonic-gate    DEL_OLD_PROFILE=0
1259*7c478bd9Sstevel@tonic-gate
1260*7c478bd9Sstevel@tonic-gate    # Loop until valid profile name, or replace.
1261*7c478bd9Sstevel@tonic-gate    while :
1262*7c478bd9Sstevel@tonic-gate    do
1263*7c478bd9Sstevel@tonic-gate	# Prompt for profile name.
1264*7c478bd9Sstevel@tonic-gate	get_ans "Enter the profile name (h=help):" "$LDAP_PROFILE_NAME"
1265*7c478bd9Sstevel@tonic-gate
1266*7c478bd9Sstevel@tonic-gate	# Check for Help.
1267*7c478bd9Sstevel@tonic-gate	case "$ANS" in
1268*7c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg profile_help
1269*7c478bd9Sstevel@tonic-gate				     continue ;;
1270*7c478bd9Sstevel@tonic-gate	    * )  ;;
1271*7c478bd9Sstevel@tonic-gate	esac
1272*7c478bd9Sstevel@tonic-gate
1273*7c478bd9Sstevel@tonic-gate	# Search to see if profile name already exists.
1274*7c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${ANS},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
1275*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1276*7c478bd9Sstevel@tonic-gate	    get_confirm_nodef "Are you sure you want to overwire profile cn=${ANS}?"
1277*7c478bd9Sstevel@tonic-gate	    if [ $? -eq 1 ]; then
1278*7c478bd9Sstevel@tonic-gate		DEL_OLD_PROFILE=1
1279*7c478bd9Sstevel@tonic-gate		return 0  # Replace old profile name.
1280*7c478bd9Sstevel@tonic-gate	    else
1281*7c478bd9Sstevel@tonic-gate		${ECHO} "Please re-enter a new profile name."
1282*7c478bd9Sstevel@tonic-gate	    fi
1283*7c478bd9Sstevel@tonic-gate	else
1284*7c478bd9Sstevel@tonic-gate	    break  # Unique profile name.
1285*7c478bd9Sstevel@tonic-gate	fi
1286*7c478bd9Sstevel@tonic-gate    done
1287*7c478bd9Sstevel@tonic-gate
1288*7c478bd9Sstevel@tonic-gate    # Set Profile Name.
1289*7c478bd9Sstevel@tonic-gate    LDAP_PROFILE_NAME=$ANS
1290*7c478bd9Sstevel@tonic-gate}
1291*7c478bd9Sstevel@tonic-gate
1292*7c478bd9Sstevel@tonic-gate
1293*7c478bd9Sstevel@tonic-gate#
1294*7c478bd9Sstevel@tonic-gate# get_srv_list(): Get the default server list.
1295*7c478bd9Sstevel@tonic-gate#
1296*7c478bd9Sstevel@tonic-gateget_srv_list()
1297*7c478bd9Sstevel@tonic-gate{
1298*7c478bd9Sstevel@tonic-gate    # If LDAP_SERVER_LIST is NULL, then set, otherwise leave alone.
1299*7c478bd9Sstevel@tonic-gate    if [ -z "${LDAP_SERVER_LIST}" ]; then
1300*7c478bd9Sstevel@tonic-gate	LDAP_SERVER_LIST=`getent hosts ${IDS_SERVER} | awk '{print $1}'`
1301*7c478bd9Sstevel@tonic-gate        if [ ${IDS_PORT} -ne 389 ]; then
1302*7c478bd9Sstevel@tonic-gate	    LDAP_SERVER_LIST="${LDAP_SERVER_LIST}:${IDS_PORT}"
1303*7c478bd9Sstevel@tonic-gate	fi
1304*7c478bd9Sstevel@tonic-gate    fi
1305*7c478bd9Sstevel@tonic-gate
1306*7c478bd9Sstevel@tonic-gate    # Prompt for new LDAP_SERVER_LIST.
1307*7c478bd9Sstevel@tonic-gate    while :
1308*7c478bd9Sstevel@tonic-gate    do
1309*7c478bd9Sstevel@tonic-gate	get_ans "Default server list (h=help):" $LDAP_SERVER_LIST
1310*7c478bd9Sstevel@tonic-gate
1311*7c478bd9Sstevel@tonic-gate	# If help continue, otherwise break.
1312*7c478bd9Sstevel@tonic-gate	case "$ANS" in
1313*7c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg def_srvlist_help ;;
1314*7c478bd9Sstevel@tonic-gate	    * ) break ;;
1315*7c478bd9Sstevel@tonic-gate	esac
1316*7c478bd9Sstevel@tonic-gate    done
1317*7c478bd9Sstevel@tonic-gate    LDAP_SERVER_LIST=$ANS
1318*7c478bd9Sstevel@tonic-gate}
1319*7c478bd9Sstevel@tonic-gate
1320*7c478bd9Sstevel@tonic-gate
1321*7c478bd9Sstevel@tonic-gate#
1322*7c478bd9Sstevel@tonic-gate# get_pref_srv(): The preferred server list (Overrides the server list)
1323*7c478bd9Sstevel@tonic-gate#
1324*7c478bd9Sstevel@tonic-gateget_pref_srv()
1325*7c478bd9Sstevel@tonic-gate{
1326*7c478bd9Sstevel@tonic-gate    while :
1327*7c478bd9Sstevel@tonic-gate    do
1328*7c478bd9Sstevel@tonic-gate	get_ans "Preferred server list (h=help):" $LDAP_PREF_SRVLIST
1329*7c478bd9Sstevel@tonic-gate
1330*7c478bd9Sstevel@tonic-gate	# If help continue, otherwise break.
1331*7c478bd9Sstevel@tonic-gate	case "$ANS" in
1332*7c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg pref_srvlist_help ;;
1333*7c478bd9Sstevel@tonic-gate	    * ) break ;;
1334*7c478bd9Sstevel@tonic-gate	esac
1335*7c478bd9Sstevel@tonic-gate    done
1336*7c478bd9Sstevel@tonic-gate    LDAP_PREF_SRVLIST=$ANS
1337*7c478bd9Sstevel@tonic-gate}
1338*7c478bd9Sstevel@tonic-gate
1339*7c478bd9Sstevel@tonic-gate
1340*7c478bd9Sstevel@tonic-gate#
1341*7c478bd9Sstevel@tonic-gate# get_search_scope(): Get the search scope from the user.
1342*7c478bd9Sstevel@tonic-gate#
1343*7c478bd9Sstevel@tonic-gateget_search_scope()
1344*7c478bd9Sstevel@tonic-gate{
1345*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_search_scope()"
1346*7c478bd9Sstevel@tonic-gate
1347*7c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
1348*7c478bd9Sstevel@tonic-gate    while :
1349*7c478bd9Sstevel@tonic-gate    do
1350*7c478bd9Sstevel@tonic-gate	get_ans "Choose desired search scope (one, sub, h=help): " "one"
1351*7c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
1352*7c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
1353*7c478bd9Sstevel@tonic-gate	    one) LDAP_SEARCH_SCOPE="one"
1354*7c478bd9Sstevel@tonic-gate	       return 1 ;;
1355*7c478bd9Sstevel@tonic-gate	    sub) LDAP_SEARCH_SCOPE="sub"
1356*7c478bd9Sstevel@tonic-gate	       return 2 ;;
1357*7c478bd9Sstevel@tonic-gate	    h) display_msg srch_scope_help ;;
1358*7c478bd9Sstevel@tonic-gate	    *) ${ECHO} "Please enter \"one\", \"sub\", or \"h\"." ;;
1359*7c478bd9Sstevel@tonic-gate	esac
1360*7c478bd9Sstevel@tonic-gate    done
1361*7c478bd9Sstevel@tonic-gate
1362*7c478bd9Sstevel@tonic-gate}
1363*7c478bd9Sstevel@tonic-gate
1364*7c478bd9Sstevel@tonic-gate
1365*7c478bd9Sstevel@tonic-gate#
1366*7c478bd9Sstevel@tonic-gate# get_cred_level(): Function to display menu to user and get the
1367*7c478bd9Sstevel@tonic-gate#                  credential level.
1368*7c478bd9Sstevel@tonic-gate#
1369*7c478bd9Sstevel@tonic-gateget_cred_level()
1370*7c478bd9Sstevel@tonic-gate{
1371*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_cred_level()"
1372*7c478bd9Sstevel@tonic-gate
1373*7c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
1374*7c478bd9Sstevel@tonic-gate    display_msg cred_level_menu
1375*7c478bd9Sstevel@tonic-gate    while :
1376*7c478bd9Sstevel@tonic-gate    do
1377*7c478bd9Sstevel@tonic-gate	get_ans "Choose Credential level [h=help]:" "1"
1378*7c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
1379*7c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
1380*7c478bd9Sstevel@tonic-gate	    1) LDAP_CRED_LEVEL="anonymous"
1381*7c478bd9Sstevel@tonic-gate	       return 1 ;;
1382*7c478bd9Sstevel@tonic-gate	    2) LDAP_CRED_LEVEL="proxy"
1383*7c478bd9Sstevel@tonic-gate	       return 2 ;;
1384*7c478bd9Sstevel@tonic-gate	    3) LDAP_CRED_LEVEL="proxy anonymous"
1385*7c478bd9Sstevel@tonic-gate	       return 3 ;;
1386*7c478bd9Sstevel@tonic-gate	    h) display_msg cred_lvl_help ;;
1387*7c478bd9Sstevel@tonic-gate	    *) ${ECHO} "Please enter 1, 2 or 3." ;;
1388*7c478bd9Sstevel@tonic-gate	esac
1389*7c478bd9Sstevel@tonic-gate    done
1390*7c478bd9Sstevel@tonic-gate}
1391*7c478bd9Sstevel@tonic-gate
1392*7c478bd9Sstevel@tonic-gate
1393*7c478bd9Sstevel@tonic-gate#
1394*7c478bd9Sstevel@tonic-gate# srvauth_menu_handler(): Enter the Service Authentication method.
1395*7c478bd9Sstevel@tonic-gate#
1396*7c478bd9Sstevel@tonic-gatesrvauth_menu_handler()
1397*7c478bd9Sstevel@tonic-gate{
1398*7c478bd9Sstevel@tonic-gate    # Display Auth menu
1399*7c478bd9Sstevel@tonic-gate    display_msg srvauth_method_menu
1400*7c478bd9Sstevel@tonic-gate
1401*7c478bd9Sstevel@tonic-gate    # Get a Valid choice.
1402*7c478bd9Sstevel@tonic-gate    while :
1403*7c478bd9Sstevel@tonic-gate    do
1404*7c478bd9Sstevel@tonic-gate	# Display appropriate prompt and get answer.
1405*7c478bd9Sstevel@tonic-gate	if [ $_FIRST -eq 1 ]; then
1406*7c478bd9Sstevel@tonic-gate	    get_ans "Choose Service Authentication Method:" "1"
1407*7c478bd9Sstevel@tonic-gate	else
1408*7c478bd9Sstevel@tonic-gate	    get_ans "Choose Service Authentication Method (0=reset):"
1409*7c478bd9Sstevel@tonic-gate	fi
1410*7c478bd9Sstevel@tonic-gate
1411*7c478bd9Sstevel@tonic-gate	# Determine choice.
1412*7c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
1413*7c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
1414*7c478bd9Sstevel@tonic-gate	    1) _AUTHMETHOD="simple"
1415*7c478bd9Sstevel@tonic-gate		break ;;
1416*7c478bd9Sstevel@tonic-gate	    2) _AUTHMETHOD="sasl/DIGEST-MD5"
1417*7c478bd9Sstevel@tonic-gate		break ;;
1418*7c478bd9Sstevel@tonic-gate	    3) _AUTHMETHOD="tls:simple"
1419*7c478bd9Sstevel@tonic-gate		break ;;
1420*7c478bd9Sstevel@tonic-gate	    4) _AUTHMETHOD="tls:sasl/DIGEST-MD5"
1421*7c478bd9Sstevel@tonic-gate		break ;;
1422*7c478bd9Sstevel@tonic-gate	    0) _AUTHMETHOD=""
1423*7c478bd9Sstevel@tonic-gate		_FIRST=1
1424*7c478bd9Sstevel@tonic-gate		break ;;
1425*7c478bd9Sstevel@tonic-gate	    *) ${ECHO} "Please enter 1-4 or 0 to reset." ;;
1426*7c478bd9Sstevel@tonic-gate	esac
1427*7c478bd9Sstevel@tonic-gate    done
1428*7c478bd9Sstevel@tonic-gate}
1429*7c478bd9Sstevel@tonic-gate
1430*7c478bd9Sstevel@tonic-gate
1431*7c478bd9Sstevel@tonic-gate#
1432*7c478bd9Sstevel@tonic-gate# auth_menu_handler(): Enter the Authentication method.
1433*7c478bd9Sstevel@tonic-gate#
1434*7c478bd9Sstevel@tonic-gateauth_menu_handler()
1435*7c478bd9Sstevel@tonic-gate{
1436*7c478bd9Sstevel@tonic-gate    # Display Auth menu
1437*7c478bd9Sstevel@tonic-gate    display_msg auth_method_menu
1438*7c478bd9Sstevel@tonic-gate
1439*7c478bd9Sstevel@tonic-gate    # Get a Valid choice.
1440*7c478bd9Sstevel@tonic-gate    while :
1441*7c478bd9Sstevel@tonic-gate    do
1442*7c478bd9Sstevel@tonic-gate	# Display appropriate prompt and get answer.
1443*7c478bd9Sstevel@tonic-gate	if [ $_FIRST -eq 1 ]; then
1444*7c478bd9Sstevel@tonic-gate	    get_ans "Choose Authentication Method (h=help):" "1"
1445*7c478bd9Sstevel@tonic-gate	else
1446*7c478bd9Sstevel@tonic-gate	    get_ans "Choose Authentication Method (0=reset, h=help):"
1447*7c478bd9Sstevel@tonic-gate	fi
1448*7c478bd9Sstevel@tonic-gate
1449*7c478bd9Sstevel@tonic-gate	# Determine choice.
1450*7c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
1451*7c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
1452*7c478bd9Sstevel@tonic-gate	    1) _AUTHMETHOD="none"
1453*7c478bd9Sstevel@tonic-gate		break ;;
1454*7c478bd9Sstevel@tonic-gate	    2) _AUTHMETHOD="simple"
1455*7c478bd9Sstevel@tonic-gate		break ;;
1456*7c478bd9Sstevel@tonic-gate	    3) _AUTHMETHOD="sasl/DIGEST-MD5"
1457*7c478bd9Sstevel@tonic-gate		break ;;
1458*7c478bd9Sstevel@tonic-gate	    4) _AUTHMETHOD="tls:simple"
1459*7c478bd9Sstevel@tonic-gate		break ;;
1460*7c478bd9Sstevel@tonic-gate	    5) _AUTHMETHOD="tls:sasl/DIGEST-MD5"
1461*7c478bd9Sstevel@tonic-gate		break ;;
1462*7c478bd9Sstevel@tonic-gate	    0) _AUTHMETHOD=""
1463*7c478bd9Sstevel@tonic-gate		_FIRST=1
1464*7c478bd9Sstevel@tonic-gate		break ;;
1465*7c478bd9Sstevel@tonic-gate	    h) display_msg auth_help ;;
1466*7c478bd9Sstevel@tonic-gate	    *) ${ECHO} "Please enter 1-5, 0=reset, or h=help." ;;
1467*7c478bd9Sstevel@tonic-gate	esac
1468*7c478bd9Sstevel@tonic-gate    done
1469*7c478bd9Sstevel@tonic-gate}
1470*7c478bd9Sstevel@tonic-gate
1471*7c478bd9Sstevel@tonic-gate
1472*7c478bd9Sstevel@tonic-gate#
1473*7c478bd9Sstevel@tonic-gate# get_auth(): Enter the Authentication method.
1474*7c478bd9Sstevel@tonic-gate#
1475*7c478bd9Sstevel@tonic-gateget_auth()
1476*7c478bd9Sstevel@tonic-gate{
1477*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_auth()"
1478*7c478bd9Sstevel@tonic-gate
1479*7c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
1480*7c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
1481*7c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
1482*7c478bd9Sstevel@tonic-gate
1483*7c478bd9Sstevel@tonic-gate    while :
1484*7c478bd9Sstevel@tonic-gate    do
1485*7c478bd9Sstevel@tonic-gate	# Call Menu handler
1486*7c478bd9Sstevel@tonic-gate	auth_menu_handler
1487*7c478bd9Sstevel@tonic-gate
1488*7c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
1489*7c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
1490*7c478bd9Sstevel@tonic-gate	    LDAP_AUTHMETHOD="${_AUTHMETHOD}"
1491*7c478bd9Sstevel@tonic-gate	    _FIRST=0
1492*7c478bd9Sstevel@tonic-gate	else
1493*7c478bd9Sstevel@tonic-gate	    LDAP_AUTHMETHOD="${LDAP_AUTHMETHOD};${_AUTHMETHOD}"
1494*7c478bd9Sstevel@tonic-gate	fi
1495*7c478bd9Sstevel@tonic-gate
1496*7c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
1497*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1498*7c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_AUTHMETHOD}"
1499*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1500*7c478bd9Sstevel@tonic-gate
1501*7c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
1502*7c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
1503*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1504*7c478bd9Sstevel@tonic-gate	    break;
1505*7c478bd9Sstevel@tonic-gate	fi
1506*7c478bd9Sstevel@tonic-gate    done
1507*7c478bd9Sstevel@tonic-gate}
1508*7c478bd9Sstevel@tonic-gate
1509*7c478bd9Sstevel@tonic-gate
1510*7c478bd9Sstevel@tonic-gate#
1511*7c478bd9Sstevel@tonic-gate# get_followref(): Whether or not to follow referrals.
1512*7c478bd9Sstevel@tonic-gate#
1513*7c478bd9Sstevel@tonic-gateget_followref()
1514*7c478bd9Sstevel@tonic-gate{
1515*7c478bd9Sstevel@tonic-gate    get_confirm "Do you want the clients to follow referrals (y/n/h)?" "n" "referrals_help"
1516*7c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
1517*7c478bd9Sstevel@tonic-gate	LDAP_FOLLOWREF="TRUE"
1518*7c478bd9Sstevel@tonic-gate    else
1519*7c478bd9Sstevel@tonic-gate	LDAP_FOLLOWREF="FALSE"
1520*7c478bd9Sstevel@tonic-gate    fi
1521*7c478bd9Sstevel@tonic-gate}
1522*7c478bd9Sstevel@tonic-gate
1523*7c478bd9Sstevel@tonic-gate
1524*7c478bd9Sstevel@tonic-gate#
1525*7c478bd9Sstevel@tonic-gate# get_timelimit(): Set the time limit. -1 is max time.
1526*7c478bd9Sstevel@tonic-gate#
1527*7c478bd9Sstevel@tonic-gateget_timelimit()
1528*7c478bd9Sstevel@tonic-gate{
1529*7c478bd9Sstevel@tonic-gate    # Get current timeout value from cn=config.
1530*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-timelimit > ${TMPDIR}/chk_timeout 2>&1"
1531*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
1532*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Could not reach LDAP server to check current timeout!"
1533*7c478bd9Sstevel@tonic-gate	cleanup
1534*7c478bd9Sstevel@tonic-gate	exit 1
1535*7c478bd9Sstevel@tonic-gate    fi
1536*7c478bd9Sstevel@tonic-gate    CURR_TIMELIMIT=`${GREP} timelimit ${TMPDIR}/chk_timeout | cut -f2 -d=`
1537*7c478bd9Sstevel@tonic-gate
1538*7c478bd9Sstevel@tonic-gate    get_negone_num "Enter the time limit for iDS (current=${CURR_TIMELIMIT}):" "-1"
1539*7c478bd9Sstevel@tonic-gate    IDS_TIMELIMIT=$NUM
1540*7c478bd9Sstevel@tonic-gate}
1541*7c478bd9Sstevel@tonic-gate
1542*7c478bd9Sstevel@tonic-gate
1543*7c478bd9Sstevel@tonic-gate#
1544*7c478bd9Sstevel@tonic-gate# get_sizelimit(): Set the size limit. -1 is max size.
1545*7c478bd9Sstevel@tonic-gate#
1546*7c478bd9Sstevel@tonic-gateget_sizelimit()
1547*7c478bd9Sstevel@tonic-gate{
1548*7c478bd9Sstevel@tonic-gate    # Get current sizelimit value from cn=config.
1549*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-sizelimit > ${TMPDIR}/chk_sizelimit 2>&1"
1550*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
1551*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Could not reach LDAP server to check current sizelimit!"
1552*7c478bd9Sstevel@tonic-gate	cleanup
1553*7c478bd9Sstevel@tonic-gate	exit 1
1554*7c478bd9Sstevel@tonic-gate    fi
1555*7c478bd9Sstevel@tonic-gate    CURR_SIZELIMIT=`${GREP} sizelimit ${TMPDIR}/chk_sizelimit | cut -f2 -d=`
1556*7c478bd9Sstevel@tonic-gate
1557*7c478bd9Sstevel@tonic-gate    get_negone_num "Enter the size limit for iDS (current=${CURR_SIZELIMIT}):" "-1"
1558*7c478bd9Sstevel@tonic-gate    IDS_SIZELIMIT=$NUM
1559*7c478bd9Sstevel@tonic-gate}
1560*7c478bd9Sstevel@tonic-gate
1561*7c478bd9Sstevel@tonic-gate
1562*7c478bd9Sstevel@tonic-gate#
1563*7c478bd9Sstevel@tonic-gate# get_want_crypt(): Ask user if want to store passwords in crypt?
1564*7c478bd9Sstevel@tonic-gate#
1565*7c478bd9Sstevel@tonic-gateget_want_crypt()
1566*7c478bd9Sstevel@tonic-gate{
1567*7c478bd9Sstevel@tonic-gate    get_confirm "Do you want to store passwords in \"crypt\" format (y/n/h)?" "n" "crypt_help"
1568*7c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
1569*7c478bd9Sstevel@tonic-gate	NEED_CRYPT="TRUE"
1570*7c478bd9Sstevel@tonic-gate    else
1571*7c478bd9Sstevel@tonic-gate	NEED_CRYPT="FALSE"
1572*7c478bd9Sstevel@tonic-gate    fi
1573*7c478bd9Sstevel@tonic-gate}
1574*7c478bd9Sstevel@tonic-gate
1575*7c478bd9Sstevel@tonic-gate
1576*7c478bd9Sstevel@tonic-gate#
1577*7c478bd9Sstevel@tonic-gate# get_srv_authMethod_pam(): Get the Service Auth Method for pam_ldap from user.
1578*7c478bd9Sstevel@tonic-gate#
1579*7c478bd9Sstevel@tonic-gate#  NOTE: This function is base on get_auth().
1580*7c478bd9Sstevel@tonic-gate#
1581*7c478bd9Sstevel@tonic-gateget_srv_authMethod_pam()
1582*7c478bd9Sstevel@tonic-gate{
1583*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_pam()"
1584*7c478bd9Sstevel@tonic-gate
1585*7c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
1586*7c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
1587*7c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
1588*7c478bd9Sstevel@tonic-gate
1589*7c478bd9Sstevel@tonic-gate    while :
1590*7c478bd9Sstevel@tonic-gate    do
1591*7c478bd9Sstevel@tonic-gate	# Call Menu handler
1592*7c478bd9Sstevel@tonic-gate	srvauth_menu_handler
1593*7c478bd9Sstevel@tonic-gate
1594*7c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
1595*7c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
1596*7c478bd9Sstevel@tonic-gate	    if [ "$_AUTHMETHOD" = "" ]; then
1597*7c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_PAM=""
1598*7c478bd9Sstevel@tonic-gate	    else
1599*7c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_PAM="pam_ldap:${_AUTHMETHOD}"
1600*7c478bd9Sstevel@tonic-gate	    fi
1601*7c478bd9Sstevel@tonic-gate	    _FIRST=0
1602*7c478bd9Sstevel@tonic-gate	else
1603*7c478bd9Sstevel@tonic-gate	    LDAP_SRV_AUTHMETHOD_PAM="${LDAP_SRV_AUTHMETHOD_PAM};${_AUTHMETHOD}"
1604*7c478bd9Sstevel@tonic-gate	fi
1605*7c478bd9Sstevel@tonic-gate
1606*7c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
1607*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1608*7c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_PAM}"
1609*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1610*7c478bd9Sstevel@tonic-gate
1611*7c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
1612*7c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
1613*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1614*7c478bd9Sstevel@tonic-gate	    break;
1615*7c478bd9Sstevel@tonic-gate	fi
1616*7c478bd9Sstevel@tonic-gate    done
1617*7c478bd9Sstevel@tonic-gate
1618*7c478bd9Sstevel@tonic-gate    # Check in case user reset string and exited loop.
1619*7c478bd9Sstevel@tonic-gate    if [ "$LDAP_SRV_AUTHMETHOD_PAM" = "" ]; then
1620*7c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_PAM=0
1621*7c478bd9Sstevel@tonic-gate    fi
1622*7c478bd9Sstevel@tonic-gate}
1623*7c478bd9Sstevel@tonic-gate
1624*7c478bd9Sstevel@tonic-gate
1625*7c478bd9Sstevel@tonic-gate#
1626*7c478bd9Sstevel@tonic-gate# get_srv_authMethod_key(): Get the Service Auth Method for keyserv from user.
1627*7c478bd9Sstevel@tonic-gate#
1628*7c478bd9Sstevel@tonic-gate#  NOTE: This function is base on get_auth().
1629*7c478bd9Sstevel@tonic-gate#
1630*7c478bd9Sstevel@tonic-gateget_srv_authMethod_key()
1631*7c478bd9Sstevel@tonic-gate{
1632*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_key()"
1633*7c478bd9Sstevel@tonic-gate
1634*7c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
1635*7c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
1636*7c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
1637*7c478bd9Sstevel@tonic-gate
1638*7c478bd9Sstevel@tonic-gate    while :
1639*7c478bd9Sstevel@tonic-gate    do
1640*7c478bd9Sstevel@tonic-gate	# Call Menu handler
1641*7c478bd9Sstevel@tonic-gate	srvauth_menu_handler
1642*7c478bd9Sstevel@tonic-gate
1643*7c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
1644*7c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
1645*7c478bd9Sstevel@tonic-gate	    if [ "$_AUTHMETHOD" = "" ]; then
1646*7c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_KEY=""
1647*7c478bd9Sstevel@tonic-gate	    else
1648*7c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_KEY="keyserv:${_AUTHMETHOD}"
1649*7c478bd9Sstevel@tonic-gate	    fi
1650*7c478bd9Sstevel@tonic-gate	    _FIRST=0
1651*7c478bd9Sstevel@tonic-gate	else
1652*7c478bd9Sstevel@tonic-gate	    LDAP_SRV_AUTHMETHOD_KEY="${LDAP_SRV_AUTHMETHOD_KEY};${_AUTHMETHOD}"
1653*7c478bd9Sstevel@tonic-gate	fi
1654*7c478bd9Sstevel@tonic-gate
1655*7c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
1656*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1657*7c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_KEY}"
1658*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1659*7c478bd9Sstevel@tonic-gate
1660*7c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
1661*7c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
1662*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1663*7c478bd9Sstevel@tonic-gate	    break;
1664*7c478bd9Sstevel@tonic-gate	fi
1665*7c478bd9Sstevel@tonic-gate    done
1666*7c478bd9Sstevel@tonic-gate
1667*7c478bd9Sstevel@tonic-gate    # Check in case user reset string and exited loop.
1668*7c478bd9Sstevel@tonic-gate    if [ "$LDAP_SRV_AUTHMETHOD_KEY" = "" ]; then
1669*7c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_KEY=0
1670*7c478bd9Sstevel@tonic-gate    fi
1671*7c478bd9Sstevel@tonic-gate}
1672*7c478bd9Sstevel@tonic-gate
1673*7c478bd9Sstevel@tonic-gate
1674*7c478bd9Sstevel@tonic-gate#
1675*7c478bd9Sstevel@tonic-gate# get_srv_authMethod_cmd(): Get the Service Auth Method for passwd-cmd from user.
1676*7c478bd9Sstevel@tonic-gate#
1677*7c478bd9Sstevel@tonic-gate#  NOTE: This function is base on get_auth().
1678*7c478bd9Sstevel@tonic-gate#
1679*7c478bd9Sstevel@tonic-gateget_srv_authMethod_cmd()
1680*7c478bd9Sstevel@tonic-gate{
1681*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_cmd()"
1682*7c478bd9Sstevel@tonic-gate
1683*7c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
1684*7c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
1685*7c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
1686*7c478bd9Sstevel@tonic-gate
1687*7c478bd9Sstevel@tonic-gate    while :
1688*7c478bd9Sstevel@tonic-gate    do
1689*7c478bd9Sstevel@tonic-gate	# Call Menu handler
1690*7c478bd9Sstevel@tonic-gate	srvauth_menu_handler
1691*7c478bd9Sstevel@tonic-gate
1692*7c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
1693*7c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
1694*7c478bd9Sstevel@tonic-gate	    if [ "$_AUTHMETHOD" = "" ]; then
1695*7c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_CMD=""
1696*7c478bd9Sstevel@tonic-gate	    else
1697*7c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_CMD="passwd-cmd:${_AUTHMETHOD}"
1698*7c478bd9Sstevel@tonic-gate	    fi
1699*7c478bd9Sstevel@tonic-gate	    _FIRST=0
1700*7c478bd9Sstevel@tonic-gate	else
1701*7c478bd9Sstevel@tonic-gate	    LDAP_SRV_AUTHMETHOD_CMD="${LDAP_SRV_AUTHMETHOD_CMD};${_AUTHMETHOD}"
1702*7c478bd9Sstevel@tonic-gate	fi
1703*7c478bd9Sstevel@tonic-gate
1704*7c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
1705*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1706*7c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_CMD}"
1707*7c478bd9Sstevel@tonic-gate	${ECHO} ""
1708*7c478bd9Sstevel@tonic-gate
1709*7c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
1710*7c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
1711*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
1712*7c478bd9Sstevel@tonic-gate	    break;
1713*7c478bd9Sstevel@tonic-gate	fi
1714*7c478bd9Sstevel@tonic-gate    done
1715*7c478bd9Sstevel@tonic-gate
1716*7c478bd9Sstevel@tonic-gate    # Check in case user reset string and exited loop.
1717*7c478bd9Sstevel@tonic-gate    if [ "$LDAP_SRV_AUTHMETHOD_CMD" = "" ]; then
1718*7c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_CMD=0
1719*7c478bd9Sstevel@tonic-gate    fi
1720*7c478bd9Sstevel@tonic-gate}
1721*7c478bd9Sstevel@tonic-gate
1722*7c478bd9Sstevel@tonic-gate
1723*7c478bd9Sstevel@tonic-gate#
1724*7c478bd9Sstevel@tonic-gate# get_srch_time(): Amount of time to search.
1725*7c478bd9Sstevel@tonic-gate#
1726*7c478bd9Sstevel@tonic-gateget_srch_time()
1727*7c478bd9Sstevel@tonic-gate{
1728*7c478bd9Sstevel@tonic-gate    get_negone_num "Client search time limit in seconds (h=help):" "$LDAP_SEARCH_TIME_LIMIT" "srchtime_help"
1729*7c478bd9Sstevel@tonic-gate    LDAP_SEARCH_TIME_LIMIT=$NUM
1730*7c478bd9Sstevel@tonic-gate}
1731*7c478bd9Sstevel@tonic-gate
1732*7c478bd9Sstevel@tonic-gate
1733*7c478bd9Sstevel@tonic-gate#
1734*7c478bd9Sstevel@tonic-gate# get_prof_ttl(): The profile time to live (TTL)
1735*7c478bd9Sstevel@tonic-gate#
1736*7c478bd9Sstevel@tonic-gateget_prof_ttl()
1737*7c478bd9Sstevel@tonic-gate{
1738*7c478bd9Sstevel@tonic-gate    get_negone_num "Profile Time To Live in seconds (h=help):" "$LDAP_PROFILE_TTL" "profttl_help"
1739*7c478bd9Sstevel@tonic-gate    LDAP_PROFILE_TTL=$NUM
1740*7c478bd9Sstevel@tonic-gate}
1741*7c478bd9Sstevel@tonic-gate
1742*7c478bd9Sstevel@tonic-gate
1743*7c478bd9Sstevel@tonic-gate#
1744*7c478bd9Sstevel@tonic-gate# get_bind_limit(): Bind time limit
1745*7c478bd9Sstevel@tonic-gate#
1746*7c478bd9Sstevel@tonic-gateget_bind_limit()
1747*7c478bd9Sstevel@tonic-gate{
1748*7c478bd9Sstevel@tonic-gate    get_negone_num "Bind time limit in seconds (h=help):" "$LDAP_BIND_LIMIT" "bindlim_help"
1749*7c478bd9Sstevel@tonic-gate    LDAP_BIND_LIMIT=$NUM
1750*7c478bd9Sstevel@tonic-gate}
1751*7c478bd9Sstevel@tonic-gate
1752*7c478bd9Sstevel@tonic-gate
1753*7c478bd9Sstevel@tonic-gate######################################################################
1754*7c478bd9Sstevel@tonic-gate# FUNCTIONS  FOR Service Search Descriptor's START HERE.
1755*7c478bd9Sstevel@tonic-gate######################################################################
1756*7c478bd9Sstevel@tonic-gate
1757*7c478bd9Sstevel@tonic-gate
1758*7c478bd9Sstevel@tonic-gate#
1759*7c478bd9Sstevel@tonic-gate# add_ssd(): Get SSD's from user and add to file.
1760*7c478bd9Sstevel@tonic-gate#
1761*7c478bd9Sstevel@tonic-gateadd_ssd()
1762*7c478bd9Sstevel@tonic-gate{
1763*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_ssd()"
1764*7c478bd9Sstevel@tonic-gate
1765*7c478bd9Sstevel@tonic-gate    # Enter the service id.  Loop til unique.
1766*7c478bd9Sstevel@tonic-gate    while :
1767*7c478bd9Sstevel@tonic-gate    do
1768*7c478bd9Sstevel@tonic-gate	get_ans "Enter the service id:"
1769*7c478bd9Sstevel@tonic-gate	_SERV_ID=$ANS
1770*7c478bd9Sstevel@tonic-gate
1771*7c478bd9Sstevel@tonic-gate	# Grep for name existing.
1772*7c478bd9Sstevel@tonic-gate	${GREP} -i "^$ANS:" ${SSD_FILE} > /dev/null 2>&1
1773*7c478bd9Sstevel@tonic-gate	if [ $? -eq 1 ]; then
1774*7c478bd9Sstevel@tonic-gate	    break
1775*7c478bd9Sstevel@tonic-gate	fi
1776*7c478bd9Sstevel@tonic-gate
1777*7c478bd9Sstevel@tonic-gate	# Name exists, print message, let user decide.
1778*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Service id ${ANS} already exists."
1779*7c478bd9Sstevel@tonic-gate    done
1780*7c478bd9Sstevel@tonic-gate
1781*7c478bd9Sstevel@tonic-gate    get_ans "Enter the base:"
1782*7c478bd9Sstevel@tonic-gate    _BASE=$ANS
1783*7c478bd9Sstevel@tonic-gate
1784*7c478bd9Sstevel@tonic-gate    # Get the scope and verify that its one or sub.
1785*7c478bd9Sstevel@tonic-gate    while :
1786*7c478bd9Sstevel@tonic-gate    do
1787*7c478bd9Sstevel@tonic-gate	get_ans "Enter the scope:"
1788*7c478bd9Sstevel@tonic-gate	_SCOPE=$ANS
1789*7c478bd9Sstevel@tonic-gate	case `${ECHO} ${_SCOPE} | tr '[A-Z]' '[a-z]'` in
1790*7c478bd9Sstevel@tonic-gate	    one) break ;;
1791*7c478bd9Sstevel@tonic-gate	    sub) break ;;
1792*7c478bd9Sstevel@tonic-gate	    *)   ${ECHO} "${_SCOPE} is Not valid - Enter 'one' or 'sub'" ;;
1793*7c478bd9Sstevel@tonic-gate	esac
1794*7c478bd9Sstevel@tonic-gate    done
1795*7c478bd9Sstevel@tonic-gate
1796*7c478bd9Sstevel@tonic-gate    # Build SSD to add to file.
1797*7c478bd9Sstevel@tonic-gate    _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}"
1798*7c478bd9Sstevel@tonic-gate
1799*7c478bd9Sstevel@tonic-gate    # Add the SSD to the file.
1800*7c478bd9Sstevel@tonic-gate    ${ECHO} "${_SSD}" >> ${SSD_FILE}
1801*7c478bd9Sstevel@tonic-gate}
1802*7c478bd9Sstevel@tonic-gate
1803*7c478bd9Sstevel@tonic-gate
1804*7c478bd9Sstevel@tonic-gate#
1805*7c478bd9Sstevel@tonic-gate# delete_ssd(): Delete a SSD from the list.
1806*7c478bd9Sstevel@tonic-gate#
1807*7c478bd9Sstevel@tonic-gatedelete_ssd()
1808*7c478bd9Sstevel@tonic-gate{
1809*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In delete_ssd()"
1810*7c478bd9Sstevel@tonic-gate
1811*7c478bd9Sstevel@tonic-gate    # Get service id name from user for SSD to delete.
1812*7c478bd9Sstevel@tonic-gate    get_ans_req "Enter service id to delete:"
1813*7c478bd9Sstevel@tonic-gate
1814*7c478bd9Sstevel@tonic-gate    # Make sure service id exists.
1815*7c478bd9Sstevel@tonic-gate    ${GREP} "$ANS" ${SSD_FILE} > /dev/null 2>&1
1816*7c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
1817*7c478bd9Sstevel@tonic-gate	${ECHO} "Invalid service id: $ANS not present in list."
1818*7c478bd9Sstevel@tonic-gate	return
1819*7c478bd9Sstevel@tonic-gate    fi
1820*7c478bd9Sstevel@tonic-gate
1821*7c478bd9Sstevel@tonic-gate    # Create temporary back SSD file.
1822*7c478bd9Sstevel@tonic-gate    cp ${SSD_FILE} ${SSD_FILE}.bak
1823*7c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
1824*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak"
1825*7c478bd9Sstevel@tonic-gate	exit 1
1826*7c478bd9Sstevel@tonic-gate    fi
1827*7c478bd9Sstevel@tonic-gate
1828*7c478bd9Sstevel@tonic-gate    # Use ${GREP} to remove the SSD.  Read from temp file
1829*7c478bd9Sstevel@tonic-gate    # and write to the orig file.
1830*7c478bd9Sstevel@tonic-gate    ${GREP} -v "$ANS" ${SSD_FILE}.bak > ${SSD_FILE}
1831*7c478bd9Sstevel@tonic-gate}
1832*7c478bd9Sstevel@tonic-gate
1833*7c478bd9Sstevel@tonic-gate
1834*7c478bd9Sstevel@tonic-gate#
1835*7c478bd9Sstevel@tonic-gate# modify_ssd(): Allow user to modify a SSD.
1836*7c478bd9Sstevel@tonic-gate#
1837*7c478bd9Sstevel@tonic-gatemodify_ssd()
1838*7c478bd9Sstevel@tonic-gate{
1839*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_ssd()"
1840*7c478bd9Sstevel@tonic-gate
1841*7c478bd9Sstevel@tonic-gate    # Prompt user for service id.
1842*7c478bd9Sstevel@tonic-gate    get_ans_req "Enter service id to modify:"
1843*7c478bd9Sstevel@tonic-gate
1844*7c478bd9Sstevel@tonic-gate    # Put into temp _LINE.
1845*7c478bd9Sstevel@tonic-gate    _LINE=`${GREP} "^$ANS:" ${SSD_FILE}`
1846*7c478bd9Sstevel@tonic-gate    if [ "$_LINE" = "" ]; then
1847*7c478bd9Sstevel@tonic-gate	${ECHO} "Invalid service id: $ANS"
1848*7c478bd9Sstevel@tonic-gate	return
1849*7c478bd9Sstevel@tonic-gate    fi
1850*7c478bd9Sstevel@tonic-gate
1851*7c478bd9Sstevel@tonic-gate    # Display current filter for user to see.
1852*7c478bd9Sstevel@tonic-gate    ${ECHO} ""
1853*7c478bd9Sstevel@tonic-gate    ${ECHO} "Current SSD: $_LINE"
1854*7c478bd9Sstevel@tonic-gate    ${ECHO} ""
1855*7c478bd9Sstevel@tonic-gate
1856*7c478bd9Sstevel@tonic-gate    # Get the defaults.
1857*7c478bd9Sstevel@tonic-gate    _CURR_BASE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 1`
1858*7c478bd9Sstevel@tonic-gate    _CURR_SCOPE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 2`
1859*7c478bd9Sstevel@tonic-gate
1860*7c478bd9Sstevel@tonic-gate    # Create temporary back SSD file.
1861*7c478bd9Sstevel@tonic-gate    cp ${SSD_FILE} ${SSD_FILE}.bak
1862*7c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
1863*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak"
1864*7c478bd9Sstevel@tonic-gate	cleanup
1865*7c478bd9Sstevel@tonic-gate	exit 1
1866*7c478bd9Sstevel@tonic-gate    fi
1867*7c478bd9Sstevel@tonic-gate
1868*7c478bd9Sstevel@tonic-gate    # Removed the old line.
1869*7c478bd9Sstevel@tonic-gate    ${GREP} -v "^$ANS:" ${SSD_FILE}.bak > ${SSD_FILE} 2>&1
1870*7c478bd9Sstevel@tonic-gate
1871*7c478bd9Sstevel@tonic-gate    # New Entry
1872*7c478bd9Sstevel@tonic-gate    _SERV_ID=$ANS
1873*7c478bd9Sstevel@tonic-gate    get_ans_req "Enter the base:" "$_CURR_BASE"
1874*7c478bd9Sstevel@tonic-gate    _BASE=$ANS
1875*7c478bd9Sstevel@tonic-gate    get_ans_req "Enter the scope:" "$_CURR_SCOPE"
1876*7c478bd9Sstevel@tonic-gate    _SCOPE=$ANS
1877*7c478bd9Sstevel@tonic-gate
1878*7c478bd9Sstevel@tonic-gate    # Build the new SSD.
1879*7c478bd9Sstevel@tonic-gate    _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}"
1880*7c478bd9Sstevel@tonic-gate
1881*7c478bd9Sstevel@tonic-gate    # Add the SSD to the file.
1882*7c478bd9Sstevel@tonic-gate    ${ECHO} "${_SSD}" >> ${SSD_FILE}
1883*7c478bd9Sstevel@tonic-gate}
1884*7c478bd9Sstevel@tonic-gate
1885*7c478bd9Sstevel@tonic-gate
1886*7c478bd9Sstevel@tonic-gate#
1887*7c478bd9Sstevel@tonic-gate# display_ssd(): Display the current SSD list.
1888*7c478bd9Sstevel@tonic-gate#
1889*7c478bd9Sstevel@tonic-gatedisplay_ssd()
1890*7c478bd9Sstevel@tonic-gate{
1891*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In display_ssd()"
1892*7c478bd9Sstevel@tonic-gate
1893*7c478bd9Sstevel@tonic-gate    ${ECHO} ""
1894*7c478bd9Sstevel@tonic-gate    ${ECHO} "Current Service Search Descriptors:"
1895*7c478bd9Sstevel@tonic-gate    ${ECHO} "=================================="
1896*7c478bd9Sstevel@tonic-gate    cat ${SSD_FILE}
1897*7c478bd9Sstevel@tonic-gate    ${ECHO} ""
1898*7c478bd9Sstevel@tonic-gate    ${ECHO} "Hit return to continue."
1899*7c478bd9Sstevel@tonic-gate    read __A
1900*7c478bd9Sstevel@tonic-gate}
1901*7c478bd9Sstevel@tonic-gate
1902*7c478bd9Sstevel@tonic-gate
1903*7c478bd9Sstevel@tonic-gate#
1904*7c478bd9Sstevel@tonic-gate# prompt_ssd(): Get SSD's from user.
1905*7c478bd9Sstevel@tonic-gate#
1906*7c478bd9Sstevel@tonic-gateprompt_ssd()
1907*7c478bd9Sstevel@tonic-gate{
1908*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_ssd()"
1909*7c478bd9Sstevel@tonic-gate    # See if user wants SSD's?
1910*7c478bd9Sstevel@tonic-gate    get_confirm "Do you wish to setup Service Search Descriptors (y/n/h)?" "n" "ssd_help"
1911*7c478bd9Sstevel@tonic-gate    [ "$?" -eq 0 ] && return
1912*7c478bd9Sstevel@tonic-gate
1913*7c478bd9Sstevel@tonic-gate    # Display menu for SSD choices.
1914*7c478bd9Sstevel@tonic-gate    while :
1915*7c478bd9Sstevel@tonic-gate    do
1916*7c478bd9Sstevel@tonic-gate	display_msg prompt_ssd_menu
1917*7c478bd9Sstevel@tonic-gate	get_ans "Enter menu choice:" "Quit"
1918*7c478bd9Sstevel@tonic-gate	case "$ANS" in
1919*7c478bd9Sstevel@tonic-gate	    [Aa] | add) add_ssd ;;
1920*7c478bd9Sstevel@tonic-gate	    [Dd] | delete) delete_ssd ;;
1921*7c478bd9Sstevel@tonic-gate	    [Mm] | modify) modify_ssd ;;
1922*7c478bd9Sstevel@tonic-gate	    [Pp] | print | display) display_ssd ;;
1923*7c478bd9Sstevel@tonic-gate	    [Xx] | reset | clear) reset_ssd_file ;;
1924*7c478bd9Sstevel@tonic-gate	    [Hh] | Help | help)	display_msg ssd_menu_help
1925*7c478bd9Sstevel@tonic-gate				${ECHO} " Press return to continue."
1926*7c478bd9Sstevel@tonic-gate				read __A ;;
1927*7c478bd9Sstevel@tonic-gate	    [Qq] | Quit | quit)	return ;;
1928*7c478bd9Sstevel@tonic-gate	    *)    ${ECHO} "Invalid choice: $ANS please re-enter from menu." ;;
1929*7c478bd9Sstevel@tonic-gate	esac
1930*7c478bd9Sstevel@tonic-gate    done
1931*7c478bd9Sstevel@tonic-gate}
1932*7c478bd9Sstevel@tonic-gate
1933*7c478bd9Sstevel@tonic-gate
1934*7c478bd9Sstevel@tonic-gate#
1935*7c478bd9Sstevel@tonic-gate# reset_ssd_file(): Blank out current SSD file.
1936*7c478bd9Sstevel@tonic-gate#
1937*7c478bd9Sstevel@tonic-gatereset_ssd_file()
1938*7c478bd9Sstevel@tonic-gate{
1939*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In reset_ssd_file()"
1940*7c478bd9Sstevel@tonic-gate
1941*7c478bd9Sstevel@tonic-gate    rm -f ${SSD_FILE}
1942*7c478bd9Sstevel@tonic-gate    touch ${SSD_FILE}
1943*7c478bd9Sstevel@tonic-gate}
1944*7c478bd9Sstevel@tonic-gate
1945*7c478bd9Sstevel@tonic-gate
1946*7c478bd9Sstevel@tonic-gate#
1947*7c478bd9Sstevel@tonic-gate# create_ssd_file(): Create a temporary file for SSD's.
1948*7c478bd9Sstevel@tonic-gate#
1949*7c478bd9Sstevel@tonic-gatecreate_ssd_file()
1950*7c478bd9Sstevel@tonic-gate{
1951*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In create_ssd_file()"
1952*7c478bd9Sstevel@tonic-gate
1953*7c478bd9Sstevel@tonic-gate    # Build a list of SSD's and store in temp file.
1954*7c478bd9Sstevel@tonic-gate    ${GREP} "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} | \
1955*7c478bd9Sstevel@tonic-gate	sed 's/LDAP_SERV_SRCH_DES=//' \
1956*7c478bd9Sstevel@tonic-gate	> ${SSD_FILE}
1957*7c478bd9Sstevel@tonic-gate}
1958*7c478bd9Sstevel@tonic-gate
1959*7c478bd9Sstevel@tonic-gate
1960*7c478bd9Sstevel@tonic-gate#
1961*7c478bd9Sstevel@tonic-gate# ssd_2_config(): Append the SSD file to the output file.
1962*7c478bd9Sstevel@tonic-gate#
1963*7c478bd9Sstevel@tonic-gatessd_2_config()
1964*7c478bd9Sstevel@tonic-gate{
1965*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_config()"
1966*7c478bd9Sstevel@tonic-gate
1967*7c478bd9Sstevel@tonic-gate    # Convert to config file format using sed.
1968*7c478bd9Sstevel@tonic-gate    sed -e "s/^/LDAP_SERV_SRCH_DES=/" ${SSD_FILE} >> ${OUTPUT_FILE}
1969*7c478bd9Sstevel@tonic-gate}
1970*7c478bd9Sstevel@tonic-gate
1971*7c478bd9Sstevel@tonic-gate
1972*7c478bd9Sstevel@tonic-gate#
1973*7c478bd9Sstevel@tonic-gate# ssd_2_profile(): Add SSD's to the GEN_CMD string.
1974*7c478bd9Sstevel@tonic-gate#
1975*7c478bd9Sstevel@tonic-gatessd_2_profile()
1976*7c478bd9Sstevel@tonic-gate{
1977*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_profile()"
1978*7c478bd9Sstevel@tonic-gate
1979*7c478bd9Sstevel@tonic-gate    GEN_TMPFILE=${TMPDIR}/ssd_tmpfile
1980*7c478bd9Sstevel@tonic-gate    touch ${GEN_TMPFILE}
1981*7c478bd9Sstevel@tonic-gate
1982*7c478bd9Sstevel@tonic-gate    # Add and convert each SSD to string.
1983*7c478bd9Sstevel@tonic-gate    while read SSD_LINE
1984*7c478bd9Sstevel@tonic-gate    do
1985*7c478bd9Sstevel@tonic-gate	${ECHO} " -a \"serviceSearchDescriptor=${SSD_LINE}\"\c" >> ${GEN_TMPFILE}
1986*7c478bd9Sstevel@tonic-gate    done <${SSD_FILE}
1987*7c478bd9Sstevel@tonic-gate
1988*7c478bd9Sstevel@tonic-gate    # Add SSD's to GEN_CMD.
1989*7c478bd9Sstevel@tonic-gate    GEN_CMD="${GEN_CMD} `cat ${GEN_TMPFILE}`"
1990*7c478bd9Sstevel@tonic-gate}
1991*7c478bd9Sstevel@tonic-gate
1992*7c478bd9Sstevel@tonic-gate
1993*7c478bd9Sstevel@tonic-gate#
1994*7c478bd9Sstevel@tonic-gate# prompt_config_info(): This function prompts the user for the config
1995*7c478bd9Sstevel@tonic-gate# info that is not specified in the input file.
1996*7c478bd9Sstevel@tonic-gate#
1997*7c478bd9Sstevel@tonic-gateprompt_config_info()
1998*7c478bd9Sstevel@tonic-gate{
1999*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_config_info()"
2000*7c478bd9Sstevel@tonic-gate
2001*7c478bd9Sstevel@tonic-gate    # Prompt for iDS server name.
2002*7c478bd9Sstevel@tonic-gate    get_ids_server
2003*7c478bd9Sstevel@tonic-gate
2004*7c478bd9Sstevel@tonic-gate    # Prompt for iDS port number.
2005*7c478bd9Sstevel@tonic-gate    get_ids_port
2006*7c478bd9Sstevel@tonic-gate
2007*7c478bd9Sstevel@tonic-gate    # Check iDS version for compatibility.
2008*7c478bd9Sstevel@tonic-gate    chk_ids_version
2009*7c478bd9Sstevel@tonic-gate
2010*7c478bd9Sstevel@tonic-gate    # Check if the server supports the VLV.
2011*7c478bd9Sstevel@tonic-gate    chk_vlv_indexes
2012*7c478bd9Sstevel@tonic-gate
2013*7c478bd9Sstevel@tonic-gate    # Get the Directory manager DN and passwd.
2014*7c478bd9Sstevel@tonic-gate    get_dirmgr_dn
2015*7c478bd9Sstevel@tonic-gate    get_dirmgr_pw
2016*7c478bd9Sstevel@tonic-gate
2017*7c478bd9Sstevel@tonic-gate    #
2018*7c478bd9Sstevel@tonic-gate    # LDAP CLIENT PROFILE SPECIFIC INFORMATION.
2019*7c478bd9Sstevel@tonic-gate    #   (i.e. The fields that show up in the profile.)
2020*7c478bd9Sstevel@tonic-gate    #
2021*7c478bd9Sstevel@tonic-gate    get_domain "domain_help"
2022*7c478bd9Sstevel@tonic-gate
2023*7c478bd9Sstevel@tonic-gate    get_basedn
2024*7c478bd9Sstevel@tonic-gate
2025*7c478bd9Sstevel@tonic-gate    get_profile_name
2026*7c478bd9Sstevel@tonic-gate    get_srv_list
2027*7c478bd9Sstevel@tonic-gate    get_pref_srv
2028*7c478bd9Sstevel@tonic-gate    get_search_scope
2029*7c478bd9Sstevel@tonic-gate
2030*7c478bd9Sstevel@tonic-gate    # If cred is "anonymous", make auth == "none"
2031*7c478bd9Sstevel@tonic-gate    get_cred_level
2032*7c478bd9Sstevel@tonic-gate    if [ "$LDAP_CRED_LEVEL" != "anonymous" ]; then
2033*7c478bd9Sstevel@tonic-gate	get_auth
2034*7c478bd9Sstevel@tonic-gate    fi
2035*7c478bd9Sstevel@tonic-gate
2036*7c478bd9Sstevel@tonic-gate    get_followref
2037*7c478bd9Sstevel@tonic-gate
2038*7c478bd9Sstevel@tonic-gate    # Query user about timelimt.
2039*7c478bd9Sstevel@tonic-gate    get_confirm "Do you want to modify the server timelimit value (y/n/h)?" "n" "tlim_help"
2040*7c478bd9Sstevel@tonic-gate    NEED_TIME=$?
2041*7c478bd9Sstevel@tonic-gate    [ $NEED_TIME -eq 1 ] && get_timelimit
2042*7c478bd9Sstevel@tonic-gate
2043*7c478bd9Sstevel@tonic-gate    # Query user about sizelimit.
2044*7c478bd9Sstevel@tonic-gate    get_confirm "Do you want to modify the server sizelimit value (y/n/h)?" "n" "slim_help"
2045*7c478bd9Sstevel@tonic-gate    NEED_SIZE=$?
2046*7c478bd9Sstevel@tonic-gate    [ $NEED_SIZE -eq 1 ] && get_sizelimit
2047*7c478bd9Sstevel@tonic-gate
2048*7c478bd9Sstevel@tonic-gate    # Does the user want to store passwords in crypt format?
2049*7c478bd9Sstevel@tonic-gate    get_want_crypt
2050*7c478bd9Sstevel@tonic-gate
2051*7c478bd9Sstevel@tonic-gate    # Prompt for any Service Authentication Methods?
2052*7c478bd9Sstevel@tonic-gate    get_confirm "Do you want to setup a Service Authentication Methods (y/n/h)?" "n" "srvauth_help"
2053*7c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
2054*7c478bd9Sstevel@tonic-gate	# Does the user want to set Service Authentication Method for pam_ldap?
2055*7c478bd9Sstevel@tonic-gate	get_confirm "Do you want to setup a Service Auth. Method for \"pam_ldap\" (y/n/h)?" "n" "pam_ldap_help"
2056*7c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_PAM=$?
2057*7c478bd9Sstevel@tonic-gate	[ $NEED_SRVAUTH_PAM -eq 1 ] && get_srv_authMethod_pam
2058*7c478bd9Sstevel@tonic-gate
2059*7c478bd9Sstevel@tonic-gate	# Does the user want to set Service Authentication Method for keyserv?
2060*7c478bd9Sstevel@tonic-gate	get_confirm "Do you want to setup a Service Auth. Method for \"keyserv\" (y/n/h)?" "n" "keyserv_help"
2061*7c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_KEY=$?
2062*7c478bd9Sstevel@tonic-gate	[ $NEED_SRVAUTH_KEY -eq 1 ] && get_srv_authMethod_key
2063*7c478bd9Sstevel@tonic-gate
2064*7c478bd9Sstevel@tonic-gate	# Does the user want to set Service Authentication Method for passwd-cmd?
2065*7c478bd9Sstevel@tonic-gate	get_confirm "Do you want to setup a Service Auth. Method for \"passwd-cmd\" (y/n/h)?" "n" "passwd-cmd_help"
2066*7c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_CMD=$?
2067*7c478bd9Sstevel@tonic-gate	[ $NEED_SRVAUTH_CMD -eq 1 ] && get_srv_authMethod_cmd
2068*7c478bd9Sstevel@tonic-gate    fi
2069*7c478bd9Sstevel@tonic-gate
2070*7c478bd9Sstevel@tonic-gate    # Get Timeouts
2071*7c478bd9Sstevel@tonic-gate    get_srch_time
2072*7c478bd9Sstevel@tonic-gate    get_prof_ttl
2073*7c478bd9Sstevel@tonic-gate    get_bind_limit
2074*7c478bd9Sstevel@tonic-gate
2075*7c478bd9Sstevel@tonic-gate    # Reset the sdd_file and prompt user for SSD.  Will use menus
2076*7c478bd9Sstevel@tonic-gate    # to build an SSD File.
2077*7c478bd9Sstevel@tonic-gate    reset_ssd_file
2078*7c478bd9Sstevel@tonic-gate    prompt_ssd
2079*7c478bd9Sstevel@tonic-gate
2080*7c478bd9Sstevel@tonic-gate    # Display FULL debugging info.
2081*7c478bd9Sstevel@tonic-gate    disp_full_debug
2082*7c478bd9Sstevel@tonic-gate
2083*7c478bd9Sstevel@tonic-gate    # Extra blank line to separate prompt lines from steps.
2084*7c478bd9Sstevel@tonic-gate    ${ECHO} " "
2085*7c478bd9Sstevel@tonic-gate}
2086*7c478bd9Sstevel@tonic-gate
2087*7c478bd9Sstevel@tonic-gate
2088*7c478bd9Sstevel@tonic-gate######################################################################
2089*7c478bd9Sstevel@tonic-gate# FUNCTIONS  FOR display_summary() START HERE.
2090*7c478bd9Sstevel@tonic-gate######################################################################
2091*7c478bd9Sstevel@tonic-gate
2092*7c478bd9Sstevel@tonic-gate
2093*7c478bd9Sstevel@tonic-gate#
2094*7c478bd9Sstevel@tonic-gate# get_proxyagent(): Get the proxyagent DN.
2095*7c478bd9Sstevel@tonic-gate#
2096*7c478bd9Sstevel@tonic-gateget_proxyagent()
2097*7c478bd9Sstevel@tonic-gate{
2098*7c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT="cn=proxyagent,ou=profile,${LDAP_BASEDN}"  # default
2099*7c478bd9Sstevel@tonic-gate    get_ans "Enter DN for proxy agent:" "$LDAP_PROXYAGENT"
2100*7c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT=$ANS
2101*7c478bd9Sstevel@tonic-gate}
2102*7c478bd9Sstevel@tonic-gate
2103*7c478bd9Sstevel@tonic-gate
2104*7c478bd9Sstevel@tonic-gate#
2105*7c478bd9Sstevel@tonic-gate# get_proxy_pw(): Get the proxyagent passwd.
2106*7c478bd9Sstevel@tonic-gate#
2107*7c478bd9Sstevel@tonic-gateget_proxy_pw()
2108*7c478bd9Sstevel@tonic-gate{
2109*7c478bd9Sstevel@tonic-gate    get_passwd "Enter passwd for proxyagent:"
2110*7c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT_CRED=$ANS
2111*7c478bd9Sstevel@tonic-gate}
2112*7c478bd9Sstevel@tonic-gate
2113*7c478bd9Sstevel@tonic-gate
2114*7c478bd9Sstevel@tonic-gate#
2115*7c478bd9Sstevel@tonic-gate# display_summary(): Display a summary of values entered and let the
2116*7c478bd9Sstevel@tonic-gate#                    user modify values at will.
2117*7c478bd9Sstevel@tonic-gate#
2118*7c478bd9Sstevel@tonic-gatedisplay_summary()
2119*7c478bd9Sstevel@tonic-gate{
2120*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In display_summary()"
2121*7c478bd9Sstevel@tonic-gate
2122*7c478bd9Sstevel@tonic-gate    # Create lookup table for function names.  First entry is dummy for
2123*7c478bd9Sstevel@tonic-gate    # shift.
2124*7c478bd9Sstevel@tonic-gate    TBL1="dummy"
2125*7c478bd9Sstevel@tonic-gate    TBL2="get_domain get_basedn get_profile_name"
2126*7c478bd9Sstevel@tonic-gate    TBL3="get_srv_list get_pref_srv get_search_scope get_cred_level"
2127*7c478bd9Sstevel@tonic-gate    TBL4="get_auth get_followref"
2128*7c478bd9Sstevel@tonic-gate    TBL5="get_timelimit get_sizelimit get_want_crypt"
2129*7c478bd9Sstevel@tonic-gate    TBL6="get_srv_authMethod_pam get_srv_authMethod_key get_srv_authMethod_cmd"
2130*7c478bd9Sstevel@tonic-gate    TBL7="get_srch_time get_prof_ttl get_bind_limit"
2131*7c478bd9Sstevel@tonic-gate    TBL8="prompt_ssd"
2132*7c478bd9Sstevel@tonic-gate    FUNC_TBL="$TBL1 $TBL2 $TBL3 $TBL4 $TBL5 $TBL6 $TBL7 $TBL8"
2133*7c478bd9Sstevel@tonic-gate
2134*7c478bd9Sstevel@tonic-gate    # Since menu prompt string is long, set here.
2135*7c478bd9Sstevel@tonic-gate    _MENU_PROMPT="Enter config value to change: (1-19 0=commit changes)"
2136*7c478bd9Sstevel@tonic-gate
2137*7c478bd9Sstevel@tonic-gate    # Infinite loop.  Test for 0, and break in loop.
2138*7c478bd9Sstevel@tonic-gate    while :
2139*7c478bd9Sstevel@tonic-gate    do
2140*7c478bd9Sstevel@tonic-gate	# Display menu and get value in range.
2141*7c478bd9Sstevel@tonic-gate	display_msg summary_menu
2142*7c478bd9Sstevel@tonic-gate	get_menu_choice "${_MENU_PROMPT}" "0" "19" "0"
2143*7c478bd9Sstevel@tonic-gate	_CH=$MN_CH
2144*7c478bd9Sstevel@tonic-gate
2145*7c478bd9Sstevel@tonic-gate	# Make sure where not exiting.
2146*7c478bd9Sstevel@tonic-gate	if [ $_CH -eq 0 ]; then
2147*7c478bd9Sstevel@tonic-gate	    break       # Break out of loop if 0 selected.
2148*7c478bd9Sstevel@tonic-gate	fi
2149*7c478bd9Sstevel@tonic-gate
2150*7c478bd9Sstevel@tonic-gate	# Call appropriate function from function table.
2151*7c478bd9Sstevel@tonic-gate	set $FUNC_TBL
2152*7c478bd9Sstevel@tonic-gate	shift $_CH
2153*7c478bd9Sstevel@tonic-gate	$1          # Call the appropriate function.
2154*7c478bd9Sstevel@tonic-gate    done
2155*7c478bd9Sstevel@tonic-gate
2156*7c478bd9Sstevel@tonic-gate    # If cred level is still see if user wants a change?
2157*7c478bd9Sstevel@tonic-gate    if ${ECHO} "$LDAP_CRED_LEVEL" | ${GREP} "proxy" > /dev/null 2>&1
2158*7c478bd9Sstevel@tonic-gate    then
2159*7c478bd9Sstevel@tonic-gate	if [ "$LDAP_AUTHMETHOD" != "none" ]; then
2160*7c478bd9Sstevel@tonic-gate	    NEED_PROXY=1    # I assume integer test is faster?
2161*7c478bd9Sstevel@tonic-gate	    get_proxyagent
2162*7c478bd9Sstevel@tonic-gate	    get_proxy_pw
2163*7c478bd9Sstevel@tonic-gate	else
2164*7c478bd9Sstevel@tonic-gate	    ${ECHO} "WARNING: Since Authentication method is 'none'."
2165*7c478bd9Sstevel@tonic-gate	    ${ECHO} "         Credential level will be set to 'anonymous'."
2166*7c478bd9Sstevel@tonic-gate	    LDAP_CRED_LEVEL="anonymous"
2167*7c478bd9Sstevel@tonic-gate	fi
2168*7c478bd9Sstevel@tonic-gate    fi
2169*7c478bd9Sstevel@tonic-gate
2170*7c478bd9Sstevel@tonic-gate    # Display FULL debugging info.
2171*7c478bd9Sstevel@tonic-gate    disp_full_debug
2172*7c478bd9Sstevel@tonic-gate
2173*7c478bd9Sstevel@tonic-gate    # Final confirmation message. (ARE YOU SURE!)
2174*7c478bd9Sstevel@tonic-gate    ${ECHO} " "
2175*7c478bd9Sstevel@tonic-gate    get_confirm_nodef "WARNING: About to start committing changes. (y=continue, n=EXIT)"
2176*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
2177*7c478bd9Sstevel@tonic-gate	${ECHO} "Terminating setup without making changes at users request."
2178*7c478bd9Sstevel@tonic-gate	exit 1
2179*7c478bd9Sstevel@tonic-gate    fi
2180*7c478bd9Sstevel@tonic-gate
2181*7c478bd9Sstevel@tonic-gate    # Print newline
2182*7c478bd9Sstevel@tonic-gate    ${ECHO} " "
2183*7c478bd9Sstevel@tonic-gate}
2184*7c478bd9Sstevel@tonic-gate
2185*7c478bd9Sstevel@tonic-gate
2186*7c478bd9Sstevel@tonic-gate#
2187*7c478bd9Sstevel@tonic-gate# create_config_file(): Write config data to config file specified.
2188*7c478bd9Sstevel@tonic-gate#
2189*7c478bd9Sstevel@tonic-gatecreate_config_file()
2190*7c478bd9Sstevel@tonic-gate{
2191*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In create_config_file()"
2192*7c478bd9Sstevel@tonic-gate
2193*7c478bd9Sstevel@tonic-gate    # If output file exists, delete it.
2194*7c478bd9Sstevel@tonic-gate    [ -f $OUTPUT_FILE ] && rm $OUTPUT_FILE
2195*7c478bd9Sstevel@tonic-gate
2196*7c478bd9Sstevel@tonic-gate    # Create output file.
2197*7c478bd9Sstevel@tonic-gate    cat > $OUTPUT_FILE <<EOF
2198*7c478bd9Sstevel@tonic-gate#!/bin/sh
2199*7c478bd9Sstevel@tonic-gate# $OUTPUT_FILE - This file contains configuration information for
2200*7c478bd9Sstevel@tonic-gate#                Native LDAP.  Use the idsconfig tool to load it.
2201*7c478bd9Sstevel@tonic-gate#
2202*7c478bd9Sstevel@tonic-gate# WARNING: This file was generated by idsconfig, and is intended to
2203*7c478bd9Sstevel@tonic-gate#          be loaded by idsconfig as is.  DO NOT EDIT THIS FILE!
2204*7c478bd9Sstevel@tonic-gate#
2205*7c478bd9Sstevel@tonic-gateIDS_SERVER="$IDS_SERVER"
2206*7c478bd9Sstevel@tonic-gateIDS_PORT=$IDS_PORT
2207*7c478bd9Sstevel@tonic-gateIDS_TIMELIMIT=$IDS_TIMELIMIT
2208*7c478bd9Sstevel@tonic-gateIDS_SIZELIMIT=$IDS_SIZELIMIT
2209*7c478bd9Sstevel@tonic-gateLDAP_ROOTDN="$LDAP_ROOTDN"
2210*7c478bd9Sstevel@tonic-gateLDAP_ROOTPWD=$LDAP_ROOTPWD
2211*7c478bd9Sstevel@tonic-gateLDAP_DOMAIN="$LDAP_DOMAIN"
2212*7c478bd9Sstevel@tonic-gateLDAP_SUFFIX="$LDAP_SUFFIX"
2213*7c478bd9Sstevel@tonic-gate
2214*7c478bd9Sstevel@tonic-gate# Internal program variables that need to be set.
2215*7c478bd9Sstevel@tonic-gateNEED_PROXY=$NEED_PROXY
2216*7c478bd9Sstevel@tonic-gateNEED_TIME=$NEED_TIME
2217*7c478bd9Sstevel@tonic-gateNEED_SIZE=$NEED_SIZE
2218*7c478bd9Sstevel@tonic-gateNEED_CRYPT=$NEED_CRYPT
2219*7c478bd9Sstevel@tonic-gate
2220*7c478bd9Sstevel@tonic-gate# LDAP PROFILE related defaults
2221*7c478bd9Sstevel@tonic-gateLDAP_PROFILE_NAME="$LDAP_PROFILE_NAME"
2222*7c478bd9Sstevel@tonic-gateDEL_OLD_PROFILE=1
2223*7c478bd9Sstevel@tonic-gateLDAP_BASEDN="$LDAP_BASEDN"
2224*7c478bd9Sstevel@tonic-gateLDAP_SERVER_LIST="$LDAP_SERVER_LIST"
2225*7c478bd9Sstevel@tonic-gateLDAP_AUTHMETHOD="$LDAP_AUTHMETHOD"
2226*7c478bd9Sstevel@tonic-gateLDAP_FOLLOWREF=$LDAP_FOLLOWREF
2227*7c478bd9Sstevel@tonic-gateLDAP_SEARCH_SCOPE="$LDAP_SEARCH_SCOPE"
2228*7c478bd9Sstevel@tonic-gateNEED_SRVAUTH_PAM=$NEED_SRVAUTH_PAM
2229*7c478bd9Sstevel@tonic-gateNEED_SRVAUTH_KEY=$NEED_SRVAUTH_KEY
2230*7c478bd9Sstevel@tonic-gateNEED_SRVAUTH_CMD=$NEED_SRVAUTH_CMD
2231*7c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_PAM="$LDAP_SRV_AUTHMETHOD_PAM"
2232*7c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_KEY="$LDAP_SRV_AUTHMETHOD_KEY"
2233*7c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_CMD="$LDAP_SRV_AUTHMETHOD_CMD"
2234*7c478bd9Sstevel@tonic-gateLDAP_SEARCH_TIME_LIMIT=$LDAP_SEARCH_TIME_LIMIT
2235*7c478bd9Sstevel@tonic-gateLDAP_PREF_SRVLIST="$LDAP_PREF_SRVLIST"
2236*7c478bd9Sstevel@tonic-gateLDAP_PROFILE_TTL=$LDAP_PROFILE_TTL
2237*7c478bd9Sstevel@tonic-gateLDAP_CRED_LEVEL="$LDAP_CRED_LEVEL"
2238*7c478bd9Sstevel@tonic-gateLDAP_BIND_LIMIT=$LDAP_BIND_LIMIT
2239*7c478bd9Sstevel@tonic-gate
2240*7c478bd9Sstevel@tonic-gate# Proxy Agent
2241*7c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT="$LDAP_PROXYAGENT"
2242*7c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT_CRED=$LDAP_PROXYAGENT_CRED
2243*7c478bd9Sstevel@tonic-gate
2244*7c478bd9Sstevel@tonic-gate# Export all the variables (just in case)
2245*7c478bd9Sstevel@tonic-gateexport IDS_HOME IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST LDAP_BASEDN
2246*7c478bd9Sstevel@tonic-gateexport LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED
2247*7c478bd9Sstevel@tonic-gateexport NEED_PROXY
2248*7c478bd9Sstevel@tonic-gateexport LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST 
2249*7c478bd9Sstevel@tonic-gateexport LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT
2250*7c478bd9Sstevel@tonic-gateexport LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT
2251*7c478bd9Sstevel@tonic-gateexport NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD
2252*7c478bd9Sstevel@tonic-gateexport LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD
2253*7c478bd9Sstevel@tonic-gateexport LDAP_SERV_SRCH_DES SSD_FILE
2254*7c478bd9Sstevel@tonic-gate
2255*7c478bd9Sstevel@tonic-gate# Service Search Descriptors start here if present:
2256*7c478bd9Sstevel@tonic-gateEOF
2257*7c478bd9Sstevel@tonic-gate    # Add service search descriptors.
2258*7c478bd9Sstevel@tonic-gate    ssd_2_config "${OUTPUT_FILE}"
2259*7c478bd9Sstevel@tonic-gate
2260*7c478bd9Sstevel@tonic-gate    # Add the end of FILE tag.
2261*7c478bd9Sstevel@tonic-gate    ${ECHO} "" >> ${OUTPUT_FILE}
2262*7c478bd9Sstevel@tonic-gate    ${ECHO} "# End of $OUTPUT_FILE" >> ${OUTPUT_FILE}
2263*7c478bd9Sstevel@tonic-gate}
2264*7c478bd9Sstevel@tonic-gate
2265*7c478bd9Sstevel@tonic-gate
2266*7c478bd9Sstevel@tonic-gate#
2267*7c478bd9Sstevel@tonic-gate# chk_vlv_indexes(): Do ldapsearch to see if server supports VLV.
2268*7c478bd9Sstevel@tonic-gate#
2269*7c478bd9Sstevel@tonic-gatechk_vlv_indexes()
2270*7c478bd9Sstevel@tonic-gate{
2271*7c478bd9Sstevel@tonic-gate    # Do ldapsearch to see if server supports VLV.
2272*7c478bd9Sstevel@tonic-gate    ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkVLV 2>&1
2273*7c478bd9Sstevel@tonic-gate    eval "${GREP} 2.16.840.1.113730.3.4.9 ${TMPDIR}/checkVLV ${VERB}"
2274*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2275*7c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: VLV is not supported on LDAP server!"
2276*7c478bd9Sstevel@tonic-gate	cleanup
2277*7c478bd9Sstevel@tonic-gate	exit 1
2278*7c478bd9Sstevel@tonic-gate    fi
2279*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  VLV controls found on LDAP server."
2280*7c478bd9Sstevel@tonic-gate}
2281*7c478bd9Sstevel@tonic-gate
2282*7c478bd9Sstevel@tonic-gate#
2283*7c478bd9Sstevel@tonic-gate# get_backend(): this function gets the relevant backend
2284*7c478bd9Sstevel@tonic-gate#                (database) for LDAP_BASED.
2285*7c478bd9Sstevel@tonic-gate#                Description: set IDS_DATABASE; exit on failure.
2286*7c478bd9Sstevel@tonic-gate#                Prerequisite: LDAP_BASEDN and LDAP_SUFFIX are
2287*7c478bd9Sstevel@tonic-gate#                valid.
2288*7c478bd9Sstevel@tonic-gate#
2289*7c478bd9Sstevel@tonic-gate#                backend is retrieved from suffixes and subsuffixes
2290*7c478bd9Sstevel@tonic-gate#                defined under "cn=mapping tree,cn=config". The
2291*7c478bd9Sstevel@tonic-gate#                nsslapd-state attribute of these suffixes entries
2292*7c478bd9Sstevel@tonic-gate#                is filled with either Backend, Disabled or referrals
2293*7c478bd9Sstevel@tonic-gate#                related values. We only want those that have a true
2294*7c478bd9Sstevel@tonic-gate#                backend database to select the relevant backend.
2295*7c478bd9Sstevel@tonic-gate#
2296*7c478bd9Sstevel@tonic-gateget_backend()
2297*7c478bd9Sstevel@tonic-gate{
2298*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_backend()"
2299*7c478bd9Sstevel@tonic-gate
2300*7c478bd9Sstevel@tonic-gate    cur_suffix=${LDAP_BASEDN}
2301*7c478bd9Sstevel@tonic-gate    prev_suffix=
2302*7c478bd9Sstevel@tonic-gate    IDS_DATABASE=
2303*7c478bd9Sstevel@tonic-gate    while [ "${cur_suffix}" != "${prev_suffix}" ]
2304*7c478bd9Sstevel@tonic-gate    do
2305*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP suffix: ${cur_suffix}"
2306*7c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} " \
2307*7c478bd9Sstevel@tonic-gate		"-b \"cn=\\\"${cur_suffix}\\\",cn=mapping tree,cn=config\" " \
2308*7c478bd9Sstevel@tonic-gate		"-s base nsslapd-state=Backend nsslapd-backend 2>&1 " \
2309*7c478bd9Sstevel@tonic-gate		"| ${GREP} 'nsslapd-backend=' " \
2310*7c478bd9Sstevel@tonic-gate		"> ${TMPDIR}/ids_database_name 2>&1"
2311*7c478bd9Sstevel@tonic-gate	NUM_DBS=`wc -l ${TMPDIR}/ids_database_name | awk '{print $1}'`
2312*7c478bd9Sstevel@tonic-gate	case ${NUM_DBS} in
2313*7c478bd9Sstevel@tonic-gate	0) # not a suffix, or suffix not activated; try next
2314*7c478bd9Sstevel@tonic-gate	    prev_suffix=${cur_suffix}
2315*7c478bd9Sstevel@tonic-gate	    cur_suffix=`${ECHO} ${cur_suffix} | cut -f2- -d','`
2316*7c478bd9Sstevel@tonic-gate	    ;;
2317*7c478bd9Sstevel@tonic-gate	1) # suffix found; get database name
2318*7c478bd9Sstevel@tonic-gate	    IDS_DATABASE=`cat ${TMPDIR}/ids_database_name | cut -d= -f2`
2319*7c478bd9Sstevel@tonic-gate	    ;;
2320*7c478bd9Sstevel@tonic-gate	*) # can not handle more than one database per suffix
2321*7c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: More than one database is configured "
2322*7c478bd9Sstevel@tonic-gate	    ${ECHO} "       for $LDAP_SUFFIX!"
2323*7c478bd9Sstevel@tonic-gate	    ${ECHO} "       $PROG can not configure suffixes where "
2324*7c478bd9Sstevel@tonic-gate	    ${ECHO} "       more than one database is used for one suffix."
2325*7c478bd9Sstevel@tonic-gate	    cleanup
2326*7c478bd9Sstevel@tonic-gate	    exit 1
2327*7c478bd9Sstevel@tonic-gate	    ;;
2328*7c478bd9Sstevel@tonic-gate	esac
2329*7c478bd9Sstevel@tonic-gate	if [ -n "${IDS_DATABASE}" ]; then
2330*7c478bd9Sstevel@tonic-gate	    break
2331*7c478bd9Sstevel@tonic-gate	fi
2332*7c478bd9Sstevel@tonic-gate    done
2333*7c478bd9Sstevel@tonic-gate
2334*7c478bd9Sstevel@tonic-gate    if [ -z "${IDS_DATABASE}" ]; then
2335*7c478bd9Sstevel@tonic-gate	# should not happen, since LDAP_BASEDN is supposed to be valid
2336*7c478bd9Sstevel@tonic-gate	${ECHO} "Could not find a valid backend for ${LDAP_BASEDN}."
2337*7c478bd9Sstevel@tonic-gate	${ECHO} "Exiting."
2338*7c478bd9Sstevel@tonic-gate	cleanup
2339*7c478bd9Sstevel@tonic-gate	exit 1
2340*7c478bd9Sstevel@tonic-gate    fi
2341*7c478bd9Sstevel@tonic-gate
2342*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "IDS_DATABASE: ${IDS_DATABASE}"
2343*7c478bd9Sstevel@tonic-gate}
2344*7c478bd9Sstevel@tonic-gate
2345*7c478bd9Sstevel@tonic-gate#
2346*7c478bd9Sstevel@tonic-gate# validate_suffix(): This function validates ${LDAP_SUFFIX}
2347*7c478bd9Sstevel@tonic-gate#                  THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION.
2348*7c478bd9Sstevel@tonic-gate#
2349*7c478bd9Sstevel@tonic-gatevalidate_suffix()
2350*7c478bd9Sstevel@tonic-gate{
2351*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In validate_suffix()"
2352*7c478bd9Sstevel@tonic-gate
2353*7c478bd9Sstevel@tonic-gate    # Check LDAP_SUFFIX is not null
2354*7c478bd9Sstevel@tonic-gate    if [ -z "${LDAP_SUFFIX}" ]; then
2355*7c478bd9Sstevel@tonic-gate	${ECHO} "Invalid suffix (null suffix)"
2356*7c478bd9Sstevel@tonic-gate	cleanup
2357*7c478bd9Sstevel@tonic-gate	exit 1
2358*7c478bd9Sstevel@tonic-gate    fi
2359*7c478bd9Sstevel@tonic-gate
2360*7c478bd9Sstevel@tonic-gate    # Check LDAP_SUFFIX does exist
2361*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_SUFFIX}\" -s base \"objectclass=*\" > ${TMPDIR}/checkSuffix 2>&1"
2362*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2363*7c478bd9Sstevel@tonic-gate	${ECHO} "Invalid suffix ${LDAP_SUFFIX}"
2364*7c478bd9Sstevel@tonic-gate	cleanup
2365*7c478bd9Sstevel@tonic-gate	exit 1
2366*7c478bd9Sstevel@tonic-gate    fi
2367*7c478bd9Sstevel@tonic-gate
2368*7c478bd9Sstevel@tonic-gate    # Check LDAP_SUFFIX and LDAP_BASEDN are consistent
2369*7c478bd9Sstevel@tonic-gate    # Convert to lower case for basename.
2370*7c478bd9Sstevel@tonic-gate    format_string "${LDAP_BASEDN}"
2371*7c478bd9Sstevel@tonic-gate    LOWER_BASEDN="${FMT_STR}"
2372*7c478bd9Sstevel@tonic-gate    format_string "${LDAP_SUFFIX}"
2373*7c478bd9Sstevel@tonic-gate    LOWER_SUFFIX="${FMT_STR}"
2374*7c478bd9Sstevel@tonic-gate
2375*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}"
2376*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}"
2377*7c478bd9Sstevel@tonic-gate
2378*7c478bd9Sstevel@tonic-gate    if [ "${LOWER_BASEDN}" != "${LOWER_SUFFIX}" ]; then
2379*7c478bd9Sstevel@tonic-gate    	sub_basedn=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"`
2380*7c478bd9Sstevel@tonic-gate    	if [ "$sub_basedn" = "${LOWER_BASEDN}" ]; then
2381*7c478bd9Sstevel@tonic-gate	    ${ECHO} "Invalid suffix ${LOWER_SUFFIX}"
2382*7c478bd9Sstevel@tonic-gate	    ${ECHO} "for Base DN ${LOWER_BASEDN}"
2383*7c478bd9Sstevel@tonic-gate	    cleanup
2384*7c478bd9Sstevel@tonic-gate	    exit 1
2385*7c478bd9Sstevel@tonic-gate	fi
2386*7c478bd9Sstevel@tonic-gate    fi
2387*7c478bd9Sstevel@tonic-gate}
2388*7c478bd9Sstevel@tonic-gate
2389*7c478bd9Sstevel@tonic-gate#
2390*7c478bd9Sstevel@tonic-gate# validate_info(): This function validates the basic info collected
2391*7c478bd9Sstevel@tonic-gate#                  So that some problems are caught right away.
2392*7c478bd9Sstevel@tonic-gate#                  THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION.
2393*7c478bd9Sstevel@tonic-gate#
2394*7c478bd9Sstevel@tonic-gatevalidate_info()
2395*7c478bd9Sstevel@tonic-gate{
2396*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In validate_info()"
2397*7c478bd9Sstevel@tonic-gate
2398*7c478bd9Sstevel@tonic-gate    # Set SERVER_ARGS, AUTH_ARGS, and LDAP_ARGS for the config file.
2399*7c478bd9Sstevel@tonic-gate    SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}"
2400*7c478bd9Sstevel@tonic-gate    AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}"
2401*7c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
2402*7c478bd9Sstevel@tonic-gate    export SERVER_ARGS
2403*7c478bd9Sstevel@tonic-gate
2404*7c478bd9Sstevel@tonic-gate    # Check the Root DN and Root DN passwd.
2405*7c478bd9Sstevel@tonic-gate    # Use eval instead of $EVAL because not part of setup. (validate)
2406*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1"
2407*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2408*7c478bd9Sstevel@tonic-gate	eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}"
2409*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
2410*7c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: Root DN passwd is invalid."
2411*7c478bd9Sstevel@tonic-gate	else
2412*7c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR2: Invalid Root DN <${LDAP_ROOTDN}>."
2413*7c478bd9Sstevel@tonic-gate	fi
2414*7c478bd9Sstevel@tonic-gate	cleanup
2415*7c478bd9Sstevel@tonic-gate	exit 1
2416*7c478bd9Sstevel@tonic-gate    fi
2417*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  RootDN ... OK"
2418*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  RootDN passwd ... OK"
2419*7c478bd9Sstevel@tonic-gate
2420*7c478bd9Sstevel@tonic-gate    # Check if the server supports the VLV.
2421*7c478bd9Sstevel@tonic-gate    chk_vlv_indexes
2422*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  VLV indexes ... OK"
2423*7c478bd9Sstevel@tonic-gate
2424*7c478bd9Sstevel@tonic-gate    # Check LDAP suffix
2425*7c478bd9Sstevel@tonic-gate    validate_suffix
2426*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP suffix ... OK"
2427*7c478bd9Sstevel@tonic-gate
2428*7c478bd9Sstevel@tonic-gate    # Get backend
2429*7c478bd9Sstevel@tonic-gate    get_backend
2430*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP backend ... OK"
2431*7c478bd9Sstevel@tonic-gate
2432*7c478bd9Sstevel@tonic-gate}
2433*7c478bd9Sstevel@tonic-gate
2434*7c478bd9Sstevel@tonic-gate#
2435*7c478bd9Sstevel@tonic-gate# format_string(): take a string as argument and set FMT_STR
2436*7c478bd9Sstevel@tonic-gate# to be the same string formatted as follow:
2437*7c478bd9Sstevel@tonic-gate# - only lower case characters
2438*7c478bd9Sstevel@tonic-gate# - no unnecessary spaces around , and =
2439*7c478bd9Sstevel@tonic-gate#
2440*7c478bd9Sstevel@tonic-gateformat_string()
2441*7c478bd9Sstevel@tonic-gate{
2442*7c478bd9Sstevel@tonic-gate    FMT_STR=`${ECHO} "$1" | tr '[A-Z]' '[a-z]' |
2443*7c478bd9Sstevel@tonic-gate	sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'`
2444*7c478bd9Sstevel@tonic-gate}
2445*7c478bd9Sstevel@tonic-gate
2446*7c478bd9Sstevel@tonic-gate#
2447*7c478bd9Sstevel@tonic-gate# check_basedn_suffix(): check that there is an existing
2448*7c478bd9Sstevel@tonic-gate# valid suffix to hold current base DN
2449*7c478bd9Sstevel@tonic-gate# return:
2450*7c478bd9Sstevel@tonic-gate#   0: valid suffix found
2451*7c478bd9Sstevel@tonic-gate#   1: no valid suffix found, or user gives up
2452*7c478bd9Sstevel@tonic-gate#   2: give it another try
2453*7c478bd9Sstevel@tonic-gate#
2454*7c478bd9Sstevel@tonic-gatecheck_basedn_suffix()
2455*7c478bd9Sstevel@tonic-gate{
2456*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In check_basedn_suffix()"
2457*7c478bd9Sstevel@tonic-gate
2458*7c478bd9Sstevel@tonic-gate    # find out existing suffixes
2459*7c478bd9Sstevel@tonic-gate    discover_serv_suffix
2460*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2461*7c478bd9Sstevel@tonic-gate	${ECHO} "No suffixes found. Exiting."
2462*7c478bd9Sstevel@tonic-gate	return 1
2463*7c478bd9Sstevel@tonic-gate    fi
2464*7c478bd9Sstevel@tonic-gate
2465*7c478bd9Sstevel@tonic-gate    ${ECHO} "  Validating LDAP Base DN and Suffix ..."
2466*7c478bd9Sstevel@tonic-gate
2467*7c478bd9Sstevel@tonic-gate    # check that LDAP Base DN might be added
2468*7c478bd9Sstevel@tonic-gate    cur_ldap_entry=${LDAP_BASEDN}
2469*7c478bd9Sstevel@tonic-gate    prev_ldap_entry=
2470*7c478bd9Sstevel@tonic-gate    while [ "${cur_ldap_entry}" != "${prev_ldap_entry}" ]
2471*7c478bd9Sstevel@tonic-gate    do
2472*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP entry: ${cur_ldap_entry}"
2473*7c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "${cur_ldap_entry}" \
2474*7c478bd9Sstevel@tonic-gate		-s one "objectclass=*" > /dev/null 2>&1
2475*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
2476*7c478bd9Sstevel@tonic-gate	    break
2477*7c478bd9Sstevel@tonic-gate	else
2478*7c478bd9Sstevel@tonic-gate	    prev_ldap_entry=${cur_ldap_entry}
2479*7c478bd9Sstevel@tonic-gate	    cur_ldap_entry=`${ECHO} ${cur_ldap_entry} | cut -f2- -d','`
2480*7c478bd9Sstevel@tonic-gate	fi
2481*7c478bd9Sstevel@tonic-gate    done
2482*7c478bd9Sstevel@tonic-gate
2483*7c478bd9Sstevel@tonic-gate    if [ "${cur_ldap_entry}" = "${prev_ldap_entry}" ]; then
2484*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "No valid LDAP suffix found"
2485*7c478bd9Sstevel@tonic-gate	display_msg ldap_suffix_list
2486*7c478bd9Sstevel@tonic-gate	get_confirm "Do you want to continue (h=help):" \
2487*7c478bd9Sstevel@tonic-gate	    "y" ldap_suffix_list_help
2488*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
2489*7c478bd9Sstevel@tonic-gate	    return 1 # users gives up
2490*7c478bd9Sstevel@tonic-gate	else
2491*7c478bd9Sstevel@tonic-gate	    return 2 # continue
2492*7c478bd9Sstevel@tonic-gate	fi
2493*7c478bd9Sstevel@tonic-gate    else
2494*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "found valid LDAP entry: ${cur_ldap_entry}"
2495*7c478bd9Sstevel@tonic-gate
2496*7c478bd9Sstevel@tonic-gate	# Now looking for relevant suffix for this entry.
2497*7c478bd9Sstevel@tonic-gate	# LDAP_SUFFIX will then be used to add necessary
2498*7c478bd9Sstevel@tonic-gate	# base objects. See add_base_objects().
2499*7c478bd9Sstevel@tonic-gate	format_string "${cur_ldap_entry}"
2500*7c478bd9Sstevel@tonic-gate	lower_entry="${FMT_STR}"
2501*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "final suffix list: ${LDAP_SUFFIX_LIST}"
2502*7c478bd9Sstevel@tonic-gate	oIFS=$IFS
2503*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to new line"
2504*7c478bd9Sstevel@tonic-gate	IFS='
2505*7c478bd9Sstevel@tonic-gate'
2506*7c478bd9Sstevel@tonic-gate	for suff in ${LDAP_SUFFIX_LIST}
2507*7c478bd9Sstevel@tonic-gate	do
2508*7c478bd9Sstevel@tonic-gate	    [ $DEBUG -eq 1 ] && ${ECHO} "testing suffix: ${suff}"
2509*7c478bd9Sstevel@tonic-gate	    format_string "${suff}"
2510*7c478bd9Sstevel@tonic-gate	    lower_suff="${FMT_STR}"
2511*7c478bd9Sstevel@tonic-gate	    if [ "${lower_entry}" = "${lower_suff}" ]; then
2512*7c478bd9Sstevel@tonic-gate		LDAP_SUFFIX="${suff}"
2513*7c478bd9Sstevel@tonic-gate		break
2514*7c478bd9Sstevel@tonic-gate	    else
2515*7c478bd9Sstevel@tonic-gate		dcstmp=`basename "${lower_entry}" "${lower_suff}"`
2516*7c478bd9Sstevel@tonic-gate		if [ "${dcstmp}" = "${lower_entry}" ]; then
2517*7c478bd9Sstevel@tonic-gate		    # invalid suffix, try next one
2518*7c478bd9Sstevel@tonic-gate		    continue
2519*7c478bd9Sstevel@tonic-gate		else
2520*7c478bd9Sstevel@tonic-gate		    # valid suffix found
2521*7c478bd9Sstevel@tonic-gate		    LDAP_SUFFIX="${suff}"
2522*7c478bd9Sstevel@tonic-gate		    break
2523*7c478bd9Sstevel@tonic-gate		fi
2524*7c478bd9Sstevel@tonic-gate	    fi
2525*7c478bd9Sstevel@tonic-gate	done
2526*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to original value"
2527*7c478bd9Sstevel@tonic-gate	IFS=$oIFS
2528*7c478bd9Sstevel@tonic-gate
2529*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "LDAP_SUFFIX: ${LDAP_SUFFIX}"
2530*7c478bd9Sstevel@tonic-gate
2531*7c478bd9Sstevel@tonic-gate	if [ -z "${LDAP_SUFFIX}" ]; then
2532*7c478bd9Sstevel@tonic-gate	    # should not happen, since we found the entry
2533*7c478bd9Sstevel@tonic-gate	    ${ECHO} "Could not find a valid suffix for ${LDAP_BASEDN}."
2534*7c478bd9Sstevel@tonic-gate	    ${ECHO} "Exiting."
2535*7c478bd9Sstevel@tonic-gate	    return 1
2536*7c478bd9Sstevel@tonic-gate	fi
2537*7c478bd9Sstevel@tonic-gate
2538*7c478bd9Sstevel@tonic-gate	# Getting relevant database (backend)
2539*7c478bd9Sstevel@tonic-gate	# IDS_DATABASE will then be used to create indexes.
2540*7c478bd9Sstevel@tonic-gate	get_backend
2541*7c478bd9Sstevel@tonic-gate
2542*7c478bd9Sstevel@tonic-gate	return 0
2543*7c478bd9Sstevel@tonic-gate    fi
2544*7c478bd9Sstevel@tonic-gate}
2545*7c478bd9Sstevel@tonic-gate
2546*7c478bd9Sstevel@tonic-gate#
2547*7c478bd9Sstevel@tonic-gate# discover_serv_suffix(): This function queries the server to find
2548*7c478bd9Sstevel@tonic-gate#    suffixes available
2549*7c478bd9Sstevel@tonic-gate#  return: 0: OK, suffix found
2550*7c478bd9Sstevel@tonic-gate#          1: suffix not determined
2551*7c478bd9Sstevel@tonic-gatediscover_serv_suffix()
2552*7c478bd9Sstevel@tonic-gate{
2553*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In discover_serv_suffix()"
2554*7c478bd9Sstevel@tonic-gate
2555*7c478bd9Sstevel@tonic-gate    # Search the server for the TOP of the TREE.
2556*7c478bd9Sstevel@tonic-gate    ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkTOP 2>&1
2557*7c478bd9Sstevel@tonic-gate    ${GREP} -i namingcontexts ${TMPDIR}/checkTOP | \
2558*7c478bd9Sstevel@tonic-gate	${GREP} -i -v NetscapeRoot > ${TMPDIR}/treeTOP
2559*7c478bd9Sstevel@tonic-gate    NUM_TOP=`wc -l ${TMPDIR}/treeTOP | awk '{print $1}'`
2560*7c478bd9Sstevel@tonic-gate    case $NUM_TOP in
2561*7c478bd9Sstevel@tonic-gate	0)
2562*7c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: No suffix found in LDAP tree"
2563*7c478bd9Sstevel@tonic-gate	    return 1
2564*7c478bd9Sstevel@tonic-gate	    ;;
2565*7c478bd9Sstevel@tonic-gate	*)  # build the list of suffixes; take out 'namingContexts=' in
2566*7c478bd9Sstevel@tonic-gate	    # each line of ${TMPDIR}/treeTOP
2567*7c478bd9Sstevel@tonic-gate	    LDAP_SUFFIX_LIST=`cat ${TMPDIR}/treeTOP |
2568*7c478bd9Sstevel@tonic-gate		awk '{ printf("%s\n",substr($0,16,length-15)) }'`
2569*7c478bd9Sstevel@tonic-gate	    [ $DEBUG -eq 1 ] && ${ECHO} "final list: ${LDAP_SUFFIX_LIST}"
2570*7c478bd9Sstevel@tonic-gate
2571*7c478bd9Sstevel@tonic-gate	    ;;
2572*7c478bd9Sstevel@tonic-gate    esac
2573*7c478bd9Sstevel@tonic-gate
2574*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SUFFIX_LIST = $LDAP_SUFFIX_LIST"
2575*7c478bd9Sstevel@tonic-gate    return 0
2576*7c478bd9Sstevel@tonic-gate}
2577*7c478bd9Sstevel@tonic-gate
2578*7c478bd9Sstevel@tonic-gate
2579*7c478bd9Sstevel@tonic-gate#
2580*7c478bd9Sstevel@tonic-gate# modify_cn(): Change the cn from MUST to MAY in ipNetwork.
2581*7c478bd9Sstevel@tonic-gate#
2582*7c478bd9Sstevel@tonic-gatemodify_cn()
2583*7c478bd9Sstevel@tonic-gate{
2584*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_cn()"
2585*7c478bd9Sstevel@tonic-gate
2586*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
2587*7c478bd9Sstevel@tonic-gatedn: cn=schema
2588*7c478bd9Sstevel@tonic-gatechangetype: modify
2589*7c478bd9Sstevel@tonic-gateadd: objectclasses
2590*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( ipNetworkNumber ) MAY ( ipNetmaskNumber $ manager $ cn $ l $ description ) X-ORIGIN 'RFC 2307' ))
2591*7c478bd9Sstevel@tonic-gateEOF
2592*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ipNetwork_cn
2593*7c478bd9Sstevel@tonic-gate
2594*7c478bd9Sstevel@tonic-gate    # Modify the cn for ipNetwork.
2595*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ipNetwork_cn ${VERB}"
2596*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2597*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of cn for ipNetwork failed!"
2598*7c478bd9Sstevel@tonic-gate	cleanup
2599*7c478bd9Sstevel@tonic-gate	exit 1
2600*7c478bd9Sstevel@tonic-gate    fi
2601*7c478bd9Sstevel@tonic-gate}
2602*7c478bd9Sstevel@tonic-gate
2603*7c478bd9Sstevel@tonic-gate
2604*7c478bd9Sstevel@tonic-gate# modify_timelimit(): Modify timelimit to user value.
2605*7c478bd9Sstevel@tonic-gatemodify_timelimit()
2606*7c478bd9Sstevel@tonic-gate{
2607*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_timelimit()"
2608*7c478bd9Sstevel@tonic-gate
2609*7c478bd9Sstevel@tonic-gate    # Here doc to modify timelimit.
2610*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
2611*7c478bd9Sstevel@tonic-gatedn: cn=config
2612*7c478bd9Sstevel@tonic-gatechangetype: modify
2613*7c478bd9Sstevel@tonic-gatereplace: nsslapd-timelimit
2614*7c478bd9Sstevel@tonic-gatensslapd-timelimit: ${IDS_TIMELIMIT}
2615*7c478bd9Sstevel@tonic-gateEOF
2616*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_timelimit
2617*7c478bd9Sstevel@tonic-gate
2618*7c478bd9Sstevel@tonic-gate    # Add the entry.
2619*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_timelimit ${VERB}"
2620*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2621*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of nsslapd-timelimit failed!"
2622*7c478bd9Sstevel@tonic-gate	cleanup
2623*7c478bd9Sstevel@tonic-gate	exit 1
2624*7c478bd9Sstevel@tonic-gate    fi
2625*7c478bd9Sstevel@tonic-gate
2626*7c478bd9Sstevel@tonic-gate    # Display messages for modifications made in patch.
2627*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Changed timelimit to ${IDS_TIMELIMIT} in cn=config."
2628*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
2629*7c478bd9Sstevel@tonic-gate}
2630*7c478bd9Sstevel@tonic-gate
2631*7c478bd9Sstevel@tonic-gate
2632*7c478bd9Sstevel@tonic-gate# modify_sizelimit(): Modify sizelimit to user value.
2633*7c478bd9Sstevel@tonic-gatemodify_sizelimit()
2634*7c478bd9Sstevel@tonic-gate{
2635*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_sizelimit()"
2636*7c478bd9Sstevel@tonic-gate
2637*7c478bd9Sstevel@tonic-gate    # Here doc to modify sizelimit.
2638*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
2639*7c478bd9Sstevel@tonic-gatedn: cn=config
2640*7c478bd9Sstevel@tonic-gatechangetype: modify
2641*7c478bd9Sstevel@tonic-gatereplace: nsslapd-sizelimit
2642*7c478bd9Sstevel@tonic-gatensslapd-sizelimit: ${IDS_SIZELIMIT}
2643*7c478bd9Sstevel@tonic-gateEOF
2644*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_sizelimit
2645*7c478bd9Sstevel@tonic-gate
2646*7c478bd9Sstevel@tonic-gate    # Add the entry.
2647*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_sizelimit ${VERB}"
2648*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2649*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of nsslapd-sizelimit failed!"
2650*7c478bd9Sstevel@tonic-gate	cleanup
2651*7c478bd9Sstevel@tonic-gate	exit 1
2652*7c478bd9Sstevel@tonic-gate    fi
2653*7c478bd9Sstevel@tonic-gate
2654*7c478bd9Sstevel@tonic-gate    # Display messages for modifications made in patch.
2655*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Changed sizelimit to ${IDS_SIZELIMIT} in cn=config."
2656*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
2657*7c478bd9Sstevel@tonic-gate}
2658*7c478bd9Sstevel@tonic-gate
2659*7c478bd9Sstevel@tonic-gate
2660*7c478bd9Sstevel@tonic-gate# modify_pwd_crypt(): Modify the passwd storage scheme to support CRYPT.
2661*7c478bd9Sstevel@tonic-gatemodify_pwd_crypt()
2662*7c478bd9Sstevel@tonic-gate{
2663*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_pwd_crypt()"
2664*7c478bd9Sstevel@tonic-gate
2665*7c478bd9Sstevel@tonic-gate    # Here doc to modify passwordstoragescheme.
2666*7c478bd9Sstevel@tonic-gate    # IDS 5.2 moved passwordchangesceme off to a new data structure.
2667*7c478bd9Sstevel@tonic-gate    if [ $IDS_MAJVER -le 5 ] && [ $IDS_MINVER -le 1 ]; then
2668*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2669*7c478bd9Sstevel@tonic-gatedn: cn=config
2670*7c478bd9Sstevel@tonic-gatechangetype: modify
2671*7c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme
2672*7c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt
2673*7c478bd9Sstevel@tonic-gateEOF
2674*7c478bd9Sstevel@tonic-gate	) > ${TMPDIR}/ids_crypt
2675*7c478bd9Sstevel@tonic-gate    else
2676*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2677*7c478bd9Sstevel@tonic-gatedn: cn=Password Policy,cn=config
2678*7c478bd9Sstevel@tonic-gatechangetype: modify
2679*7c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme
2680*7c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt
2681*7c478bd9Sstevel@tonic-gateEOF
2682*7c478bd9Sstevel@tonic-gate	) > ${TMPDIR}/ids_crypt
2683*7c478bd9Sstevel@tonic-gate    fi
2684*7c478bd9Sstevel@tonic-gate
2685*7c478bd9Sstevel@tonic-gate    # Add the entry.
2686*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_crypt ${VERB}"
2687*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
2688*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of passwordstoragescheme failed!"
2689*7c478bd9Sstevel@tonic-gate	cleanup
2690*7c478bd9Sstevel@tonic-gate	exit 1
2691*7c478bd9Sstevel@tonic-gate    fi
2692*7c478bd9Sstevel@tonic-gate
2693*7c478bd9Sstevel@tonic-gate    # Display messages for modifications made in patch.
2694*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Changed passwordstoragescheme to \"crypt\" in cn=config."
2695*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
2696*7c478bd9Sstevel@tonic-gate}
2697*7c478bd9Sstevel@tonic-gate
2698*7c478bd9Sstevel@tonic-gate
2699*7c478bd9Sstevel@tonic-gate#
2700*7c478bd9Sstevel@tonic-gate# add_eq_indexes(): Add indexes to improve search performance.
2701*7c478bd9Sstevel@tonic-gate#
2702*7c478bd9Sstevel@tonic-gateadd_eq_indexes()
2703*7c478bd9Sstevel@tonic-gate{
2704*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_eq_indexes()"
2705*7c478bd9Sstevel@tonic-gate
2706*7c478bd9Sstevel@tonic-gate    # Set eq indexes to add.
2707*7c478bd9Sstevel@tonic-gate    _INDEXES="uidNumber ipNetworkNumber gidnumber oncrpcnumber automountKey"
2708*7c478bd9Sstevel@tonic-gate
2709*7c478bd9Sstevel@tonic-gate    # Set _EXT to use as shortcut.
2710*7c478bd9Sstevel@tonic-gate    _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config"
2711*7c478bd9Sstevel@tonic-gate
2712*7c478bd9Sstevel@tonic-gate
2713*7c478bd9Sstevel@tonic-gate    # Display message to id current step.
2714*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Processing eq,pres indexes:"
2715*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
2716*7c478bd9Sstevel@tonic-gate
2717*7c478bd9Sstevel@tonic-gate    # For loop to create indexes.
2718*7c478bd9Sstevel@tonic-gate    for i in ${_INDEXES}; do
2719*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  Adding index for ${i}"
2720*7c478bd9Sstevel@tonic-gate
2721*7c478bd9Sstevel@tonic-gate	# Check if entry exists first, if so, skip to next.
2722*7c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1
2723*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
2724*7c478bd9Sstevel@tonic-gate	    # Display index skipped.
2725*7c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres) skipped already exists"
2726*7c478bd9Sstevel@tonic-gate	    continue
2727*7c478bd9Sstevel@tonic-gate	fi
2728*7c478bd9Sstevel@tonic-gate
2729*7c478bd9Sstevel@tonic-gate	# Here doc to create LDIF.
2730*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2731*7c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT}
2732*7c478bd9Sstevel@tonic-gateobjectClass: top
2733*7c478bd9Sstevel@tonic-gateobjectClass: nsIndex
2734*7c478bd9Sstevel@tonic-gatecn: ${i}
2735*7c478bd9Sstevel@tonic-gatensSystemIndex: false
2736*7c478bd9Sstevel@tonic-gatensIndexType: pres
2737*7c478bd9Sstevel@tonic-gatensIndexType: eq
2738*7c478bd9Sstevel@tonic-gateEOF
2739*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i}
2740*7c478bd9Sstevel@tonic-gate
2741*7c478bd9Sstevel@tonic-gate	# Add the index.
2742*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}"
2743*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
2744*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding EQ,PRES index for ${i} failed!"
2745*7c478bd9Sstevel@tonic-gate	    cleanup
2746*7c478bd9Sstevel@tonic-gate	    exit 1
2747*7c478bd9Sstevel@tonic-gate	fi
2748*7c478bd9Sstevel@tonic-gate
2749*7c478bd9Sstevel@tonic-gate	# Build date for task name.
2750*7c478bd9Sstevel@tonic-gate	_YR=`date '+%y'`
2751*7c478bd9Sstevel@tonic-gate	_MN=`date '+%m'`
2752*7c478bd9Sstevel@tonic-gate	_DY=`date '+%d'`
2753*7c478bd9Sstevel@tonic-gate	_H=`date '+%H'`
2754*7c478bd9Sstevel@tonic-gate	_M=`date '+%M'`
2755*7c478bd9Sstevel@tonic-gate	_S=`date '+%S'`
2756*7c478bd9Sstevel@tonic-gate
2757*7c478bd9Sstevel@tonic-gate	# Build task name
2758*7c478bd9Sstevel@tonic-gate	TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}"
2759*7c478bd9Sstevel@tonic-gate
2760*7c478bd9Sstevel@tonic-gate	# Build the task entry to add.
2761*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2762*7c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config
2763*7c478bd9Sstevel@tonic-gatechangetype: add
2764*7c478bd9Sstevel@tonic-gateobjectclass: top
2765*7c478bd9Sstevel@tonic-gateobjectclass: extensibleObject
2766*7c478bd9Sstevel@tonic-gatecn: ${TASKNAME}
2767*7c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE}
2768*7c478bd9Sstevel@tonic-gatensIndexAttribute: ${i}
2769*7c478bd9Sstevel@tonic-gateEOF
2770*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i}
2771*7c478bd9Sstevel@tonic-gate
2772*7c478bd9Sstevel@tonic-gate	# Add the task.
2773*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}"
2774*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
2775*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding task for ${i} failed!"
2776*7c478bd9Sstevel@tonic-gate	    cleanup
2777*7c478bd9Sstevel@tonic-gate	    exit 1
2778*7c478bd9Sstevel@tonic-gate	fi
2779*7c478bd9Sstevel@tonic-gate
2780*7c478bd9Sstevel@tonic-gate	# Wait for task to finish, display current status.
2781*7c478bd9Sstevel@tonic-gate	while :
2782*7c478bd9Sstevel@tonic-gate	do
2783*7c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1"
2784*7c478bd9Sstevel@tonic-gate	    ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1
2785*7c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
2786*7c478bd9Sstevel@tonic-gate		break
2787*7c478bd9Sstevel@tonic-gate	    fi
2788*7c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}"
2789*7c478bd9Sstevel@tonic-gate	    TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}`
2790*7c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres)  $TASK_STATUS                  \r\c"
2791*7c478bd9Sstevel@tonic-gate	    ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1
2792*7c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
2793*7c478bd9Sstevel@tonic-gate		break
2794*7c478bd9Sstevel@tonic-gate	    fi
2795*7c478bd9Sstevel@tonic-gate	    sleep 2
2796*7c478bd9Sstevel@tonic-gate	done
2797*7c478bd9Sstevel@tonic-gate
2798*7c478bd9Sstevel@tonic-gate	# Print newline because of \c.
2799*7c478bd9Sstevel@tonic-gate	${ECHO} " "
2800*7c478bd9Sstevel@tonic-gate    done
2801*7c478bd9Sstevel@tonic-gate}
2802*7c478bd9Sstevel@tonic-gate
2803*7c478bd9Sstevel@tonic-gate
2804*7c478bd9Sstevel@tonic-gate#
2805*7c478bd9Sstevel@tonic-gate# add_sub_indexes(): Add indexes to improve search performance.
2806*7c478bd9Sstevel@tonic-gate#
2807*7c478bd9Sstevel@tonic-gateadd_sub_indexes()
2808*7c478bd9Sstevel@tonic-gate{
2809*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_sub_indexes()"
2810*7c478bd9Sstevel@tonic-gate
2811*7c478bd9Sstevel@tonic-gate    # Set eq indexes to add.
2812*7c478bd9Sstevel@tonic-gate    _INDEXES="ipHostNumber membernisnetgroup nisnetgrouptriple"
2813*7c478bd9Sstevel@tonic-gate
2814*7c478bd9Sstevel@tonic-gate    # Set _EXT to use as shortcut.
2815*7c478bd9Sstevel@tonic-gate    _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config"
2816*7c478bd9Sstevel@tonic-gate
2817*7c478bd9Sstevel@tonic-gate
2818*7c478bd9Sstevel@tonic-gate    # Display message to id current step.
2819*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Processing eq,pres,sub indexes:"
2820*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
2821*7c478bd9Sstevel@tonic-gate
2822*7c478bd9Sstevel@tonic-gate    # For loop to create indexes.
2823*7c478bd9Sstevel@tonic-gate    for i in ${_INDEXES}; do
2824*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  Adding index for ${i}"
2825*7c478bd9Sstevel@tonic-gate
2826*7c478bd9Sstevel@tonic-gate	# Check if entry exists first, if so, skip to next.
2827*7c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1
2828*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
2829*7c478bd9Sstevel@tonic-gate	    # Display index skipped.
2830*7c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres,sub) skipped already exists"
2831*7c478bd9Sstevel@tonic-gate	    continue
2832*7c478bd9Sstevel@tonic-gate	fi
2833*7c478bd9Sstevel@tonic-gate
2834*7c478bd9Sstevel@tonic-gate	# Here doc to create LDIF.
2835*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2836*7c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT}
2837*7c478bd9Sstevel@tonic-gateobjectClass: top
2838*7c478bd9Sstevel@tonic-gateobjectClass: nsIndex
2839*7c478bd9Sstevel@tonic-gatecn: ${i}
2840*7c478bd9Sstevel@tonic-gatensSystemIndex: false
2841*7c478bd9Sstevel@tonic-gatensIndexType: pres
2842*7c478bd9Sstevel@tonic-gatensIndexType: eq
2843*7c478bd9Sstevel@tonic-gatensIndexType: sub
2844*7c478bd9Sstevel@tonic-gateEOF
2845*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i}
2846*7c478bd9Sstevel@tonic-gate
2847*7c478bd9Sstevel@tonic-gate	# Add the index.
2848*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}"
2849*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
2850*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding EQ,PRES,SUB index for ${i} failed!"
2851*7c478bd9Sstevel@tonic-gate	    cleanup
2852*7c478bd9Sstevel@tonic-gate	    exit 1
2853*7c478bd9Sstevel@tonic-gate	fi
2854*7c478bd9Sstevel@tonic-gate
2855*7c478bd9Sstevel@tonic-gate	# Build date for task name.
2856*7c478bd9Sstevel@tonic-gate	_YR=`date '+%y'`
2857*7c478bd9Sstevel@tonic-gate	_MN=`date '+%m'`
2858*7c478bd9Sstevel@tonic-gate	_DY=`date '+%d'`
2859*7c478bd9Sstevel@tonic-gate	_H=`date '+%H'`
2860*7c478bd9Sstevel@tonic-gate	_M=`date '+%M'`
2861*7c478bd9Sstevel@tonic-gate	_S=`date '+%S'`
2862*7c478bd9Sstevel@tonic-gate
2863*7c478bd9Sstevel@tonic-gate	# Build task name
2864*7c478bd9Sstevel@tonic-gate	TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}"
2865*7c478bd9Sstevel@tonic-gate
2866*7c478bd9Sstevel@tonic-gate	# Build the task entry to add.
2867*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2868*7c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config
2869*7c478bd9Sstevel@tonic-gatechangetype: add
2870*7c478bd9Sstevel@tonic-gateobjectclass: top
2871*7c478bd9Sstevel@tonic-gateobjectclass: extensibleObject
2872*7c478bd9Sstevel@tonic-gatecn: ${TASKNAME}
2873*7c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE}
2874*7c478bd9Sstevel@tonic-gatensIndexAttribute: ${i}
2875*7c478bd9Sstevel@tonic-gateEOF
2876*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i}
2877*7c478bd9Sstevel@tonic-gate
2878*7c478bd9Sstevel@tonic-gate	# Add the task.
2879*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}"
2880*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
2881*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding task for ${i} failed!"
2882*7c478bd9Sstevel@tonic-gate	    cleanup
2883*7c478bd9Sstevel@tonic-gate	    exit 1
2884*7c478bd9Sstevel@tonic-gate	fi
2885*7c478bd9Sstevel@tonic-gate
2886*7c478bd9Sstevel@tonic-gate	# Wait for task to finish, display current status.
2887*7c478bd9Sstevel@tonic-gate	while :
2888*7c478bd9Sstevel@tonic-gate	do
2889*7c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1"
2890*7c478bd9Sstevel@tonic-gate	    ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1
2891*7c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
2892*7c478bd9Sstevel@tonic-gate		break
2893*7c478bd9Sstevel@tonic-gate	    fi
2894*7c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}"
2895*7c478bd9Sstevel@tonic-gate	    TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}`
2896*7c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres,sub)  $TASK_STATUS                  \r\c"
2897*7c478bd9Sstevel@tonic-gate	    ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1
2898*7c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
2899*7c478bd9Sstevel@tonic-gate		break
2900*7c478bd9Sstevel@tonic-gate	    fi
2901*7c478bd9Sstevel@tonic-gate	    sleep 2
2902*7c478bd9Sstevel@tonic-gate	done
2903*7c478bd9Sstevel@tonic-gate
2904*7c478bd9Sstevel@tonic-gate	# Print newline because of \c.
2905*7c478bd9Sstevel@tonic-gate	${ECHO} " "
2906*7c478bd9Sstevel@tonic-gate    done
2907*7c478bd9Sstevel@tonic-gate}
2908*7c478bd9Sstevel@tonic-gate
2909*7c478bd9Sstevel@tonic-gate
2910*7c478bd9Sstevel@tonic-gate#
2911*7c478bd9Sstevel@tonic-gate# add_vlv_indexes(): Add VLV indexes to improve search performance.
2912*7c478bd9Sstevel@tonic-gate#
2913*7c478bd9Sstevel@tonic-gateadd_vlv_indexes()
2914*7c478bd9Sstevel@tonic-gate{
2915*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_indexes()"
2916*7c478bd9Sstevel@tonic-gate
2917*7c478bd9Sstevel@tonic-gate    # Set eq indexes to add.
2918*7c478bd9Sstevel@tonic-gate    # Note semi colon separators because some filters contain colons
2919*7c478bd9Sstevel@tonic-gate    _INDEX1="${LDAP_DOMAIN}.getgrent;${LDAP_DOMAIN}_group_vlv_index;ou=group;objectClass=posixGroup"
2920*7c478bd9Sstevel@tonic-gate    _INDEX2="${LDAP_DOMAIN}.gethostent;${LDAP_DOMAIN}_hosts_vlv_index;ou=hosts;objectClass=ipHost"
2921*7c478bd9Sstevel@tonic-gate    _INDEX3="${LDAP_DOMAIN}.getnetent;${LDAP_DOMAIN}_networks_vlv_index;ou=networks;objectClass=ipNetwork"
2922*7c478bd9Sstevel@tonic-gate    _INDEX4="${LDAP_DOMAIN}.getpwent;${LDAP_DOMAIN}_passwd_vlv_index;ou=people;objectClass=posixAccount"
2923*7c478bd9Sstevel@tonic-gate    _INDEX5="${LDAP_DOMAIN}.getrpcent;${LDAP_DOMAIN}_rpc_vlv_index;ou=rpc;objectClass=oncRpc"
2924*7c478bd9Sstevel@tonic-gate    _INDEX6="${LDAP_DOMAIN}.getspent;${LDAP_DOMAIN}_shadow_vlv_index;ou=people;objectClass=shadowAccount"
2925*7c478bd9Sstevel@tonic-gate
2926*7c478bd9Sstevel@tonic-gate    # Indexes added during NIS to LDAP transition
2927*7c478bd9Sstevel@tonic-gate    _INDEX7="${LDAP_DOMAIN}.getauhoent;${LDAP_DOMAIN}_auho_vlv_index;automountmapname=auto_home;objectClass=automount"
2928*7c478bd9Sstevel@tonic-gate    _INDEX8="${LDAP_DOMAIN}.getsoluent;${LDAP_DOMAIN}_solu_vlv_index;ou=people;objectClass=SolarisUserAttr"
2929*7c478bd9Sstevel@tonic-gate    _INDEX9="${LDAP_DOMAIN}.getauduent;${LDAP_DOMAIN}_audu_vlv_index;ou=people;objectClass=SolarisAuditUser"
2930*7c478bd9Sstevel@tonic-gate    _INDEX10="${LDAP_DOMAIN}.getauthent;${LDAP_DOMAIN}_auth_vlv_index;ou=SolarisAuthAttr;objectClass=SolarisAuthAttr"
2931*7c478bd9Sstevel@tonic-gate    _INDEX11="${LDAP_DOMAIN}.getexecent;${LDAP_DOMAIN}_exec_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisExecAttr)(SolarisKernelSecurityPolicy=*)"
2932*7c478bd9Sstevel@tonic-gate    _INDEX12="${LDAP_DOMAIN}.getprofent;${LDAP_DOMAIN}_prof_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisProfAttr)(SolarisAttrLongDesc=*)"
2933*7c478bd9Sstevel@tonic-gate    _INDEX13="${LDAP_DOMAIN}.getmailent;${LDAP_DOMAIN}_mail_vlv_index;ou=aliases;objectClass=mailGroup"
2934*7c478bd9Sstevel@tonic-gate    _INDEX14="${LDAP_DOMAIN}.getbootent;${LDAP_DOMAIN}__boot_vlv_index;ou=ethers;&(objectClass=bootableDevice)(bootParameter=*)"
2935*7c478bd9Sstevel@tonic-gate    _INDEX15="${LDAP_DOMAIN}.getethent;${LDAP_DOMAIN}_ethers_vlv_index;ou=ethers;&(objectClass=ieee802Device)(macAddress=*)"
2936*7c478bd9Sstevel@tonic-gate    _INDEX16="${LDAP_DOMAIN}.getngrpent;${LDAP_DOMAIN}_netgroup_vlv_index;ou=netgroup;objectClass=nisNetgroup"
2937*7c478bd9Sstevel@tonic-gate    _INDEX17="${LDAP_DOMAIN}.getipnent;${LDAP_DOMAIN}_ipn_vlv_index;ou=networks;&(objectClass=ipNetwork)(cn=*)"
2938*7c478bd9Sstevel@tonic-gate    _INDEX18="${LDAP_DOMAIN}.getmaskent;${LDAP_DOMAIN}_mask_vlv_index;ou=networks;&(objectClass=ipNetwork)(ipNetmaskNumber=*)"
2939*7c478bd9Sstevel@tonic-gate    _INDEX19="${LDAP_DOMAIN}.getprent;${LDAP_DOMAIN}_pr_vlv_index;ou=printers;objectClass=printerService"
2940*7c478bd9Sstevel@tonic-gate    _INDEX20="${LDAP_DOMAIN}.getip4ent;${LDAP_DOMAIN}_ip4_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*.*)"
2941*7c478bd9Sstevel@tonic-gate    _INDEX21="${LDAP_DOMAIN}.getip6ent;${LDAP_DOMAIN}_ip6_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*:*)"
2942*7c478bd9Sstevel@tonic-gate
2943*7c478bd9Sstevel@tonic-gate    _INDEXES="$_INDEX1 $_INDEX2 $_INDEX3 $_INDEX4 $_INDEX5 $_INDEX6 $_INDEX7 $_INDEX8 $_INDEX9 $_INDEX10 $_INDEX11 $_INDEX12 $_INDEX13 $_INDEX14 $_INDEX15 $_INDEX16 $_INDEX17 $_INDEX18 $_INDEX19 $_INDEX20 $_INDEX21 "
2944*7c478bd9Sstevel@tonic-gate
2945*7c478bd9Sstevel@tonic-gate
2946*7c478bd9Sstevel@tonic-gate    # Set _EXT to use as shortcut.
2947*7c478bd9Sstevel@tonic-gate    _EXT="cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config"
2948*7c478bd9Sstevel@tonic-gate
2949*7c478bd9Sstevel@tonic-gate
2950*7c478bd9Sstevel@tonic-gate    # Display message to id current step.
2951*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Processing VLV indexes:"
2952*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
2953*7c478bd9Sstevel@tonic-gate
2954*7c478bd9Sstevel@tonic-gate    # Reset temp file for vlvindex commands.
2955*7c478bd9Sstevel@tonic-gate    [ -f ${TMPDIR}/vlvindex_list ] &&  rm ${TMPDIR}/vlvindex_list
2956*7c478bd9Sstevel@tonic-gate    touch ${TMPDIR}/vlvindex_list
2957*7c478bd9Sstevel@tonic-gate
2958*7c478bd9Sstevel@tonic-gate    # Get the instance name from iDS server.
2959*7c478bd9Sstevel@tonic-gate    _INSTANCE="<server-instance>"    # Default to old output.
2960*7c478bd9Sstevel@tonic-gate
2961*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} -v ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-instancedir | ${GREP} 'nsslapd-instancedir=' | cut -d'=' -f2- > ${TMPDIR}/instance_name 2>&1"
2962*7c478bd9Sstevel@tonic-gate
2963*7c478bd9Sstevel@tonic-gate    ${GREP} "slapd-" ${TMPDIR}/instance_name > /dev/null 2>&1 # Check if seems right?
2964*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then # If success, grab name after "slapd-".
2965*7c478bd9Sstevel@tonic-gate	_INST_DIR=`cat ${TMPDIR}/instance_name`
2966*7c478bd9Sstevel@tonic-gate	_INSTANCE=`basename "${_INST_DIR}" | cut -d'-' -f2-`
2967*7c478bd9Sstevel@tonic-gate    fi
2968*7c478bd9Sstevel@tonic-gate
2969*7c478bd9Sstevel@tonic-gate    # For loop to create indexes.
2970*7c478bd9Sstevel@tonic-gate    for p in ${_INDEXES}; do
2971*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  Adding index for ${i}"
2972*7c478bd9Sstevel@tonic-gate
2973*7c478bd9Sstevel@tonic-gate	# Break p (pair) into i and j parts.
2974*7c478bd9Sstevel@tonic-gate        i=`${ECHO} $p | cut -d';' -f1`
2975*7c478bd9Sstevel@tonic-gate        j=`${ECHO} $p | cut -d';' -f2`
2976*7c478bd9Sstevel@tonic-gate        k=`${ECHO} $p | cut -d';' -f3`
2977*7c478bd9Sstevel@tonic-gate        m=`${ECHO} $p | cut -d';' -f4`
2978*7c478bd9Sstevel@tonic-gate
2979*7c478bd9Sstevel@tonic-gate	# Set _jEXT to use as shortcut.
2980*7c478bd9Sstevel@tonic-gate	_jEXT="cn=${j},${_EXT}"
2981*7c478bd9Sstevel@tonic-gate
2982*7c478bd9Sstevel@tonic-gate	# Check if entry exists first, if so, skip to next.
2983*7c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_jEXT}" -s base "objectclass=*" > /dev/null 2>&1
2984*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
2985*7c478bd9Sstevel@tonic-gate	    # Display index skipped.
2986*7c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} vlv_index skipped already exists"
2987*7c478bd9Sstevel@tonic-gate	    continue
2988*7c478bd9Sstevel@tonic-gate	fi
2989*7c478bd9Sstevel@tonic-gate
2990*7c478bd9Sstevel@tonic-gate	# Compute the VLV Scope from the LDAP_SEARCH_SCOPE.
2991*7c478bd9Sstevel@tonic-gate	# NOTE: A value of "base (0)" does not make sense.
2992*7c478bd9Sstevel@tonic-gate        case "$LDAP_SEARCH_SCOPE" in
2993*7c478bd9Sstevel@tonic-gate            sub) VLV_SCOPE="2" ;;
2994*7c478bd9Sstevel@tonic-gate            *)   VLV_SCOPE="1" ;;
2995*7c478bd9Sstevel@tonic-gate        esac
2996*7c478bd9Sstevel@tonic-gate
2997*7c478bd9Sstevel@tonic-gate	# Here doc to create LDIF.
2998*7c478bd9Sstevel@tonic-gate	( cat <<EOF
2999*7c478bd9Sstevel@tonic-gatedn: ${_jEXT}
3000*7c478bd9Sstevel@tonic-gateobjectClass: top
3001*7c478bd9Sstevel@tonic-gateobjectClass: vlvSearch
3002*7c478bd9Sstevel@tonic-gatecn: ${j}
3003*7c478bd9Sstevel@tonic-gatevlvbase: ${k},${LDAP_BASEDN}
3004*7c478bd9Sstevel@tonic-gatevlvscope: ${VLV_SCOPE}
3005*7c478bd9Sstevel@tonic-gatevlvfilter: (${m})
3006*7c478bd9Sstevel@tonic-gateaci: (target="ldap:///${_jEXT}")(targetattr="*")(version 3.0; acl "Config";allow(read,search,compare)userdn="ldap:///anyone";)
3007*7c478bd9Sstevel@tonic-gate
3008*7c478bd9Sstevel@tonic-gatedn: cn=${i},${_jEXT}
3009*7c478bd9Sstevel@tonic-gatecn: ${i}
3010*7c478bd9Sstevel@tonic-gatevlvSort: cn uid
3011*7c478bd9Sstevel@tonic-gateobjectclass: top
3012*7c478bd9Sstevel@tonic-gateobjectclass: vlvIndex
3013*7c478bd9Sstevel@tonic-gateEOF
3014*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_index_${i}
3015*7c478bd9Sstevel@tonic-gate
3016*7c478bd9Sstevel@tonic-gate	# Add the index.
3017*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}"
3018*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
3019*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding VLV index for ${i} failed!"
3020*7c478bd9Sstevel@tonic-gate	    cleanup
3021*7c478bd9Sstevel@tonic-gate	    exit 1
3022*7c478bd9Sstevel@tonic-gate	fi
3023*7c478bd9Sstevel@tonic-gate
3024*7c478bd9Sstevel@tonic-gate	# Print message that index was created.
3025*7c478bd9Sstevel@tonic-gate	${ECHO} "      ${i} vlv_index   Entry created"
3026*7c478bd9Sstevel@tonic-gate
3027*7c478bd9Sstevel@tonic-gate	# Add command to list of vlvindex commands to run.
3028*7c478bd9Sstevel@tonic-gate	${ECHO} "  directoryserver -s ${_INSTANCE} vlvindex -n ${IDS_DATABASE} -T ${i}" >> ${TMPDIR}/vlvindex_list
3029*7c478bd9Sstevel@tonic-gate    done
3030*7c478bd9Sstevel@tonic-gate}
3031*7c478bd9Sstevel@tonic-gate
3032*7c478bd9Sstevel@tonic-gate
3033*7c478bd9Sstevel@tonic-gate#
3034*7c478bd9Sstevel@tonic-gate# display_vlv_cmds(): Display VLV index commands to run on server.
3035*7c478bd9Sstevel@tonic-gate#
3036*7c478bd9Sstevel@tonic-gatedisplay_vlv_cmds()
3037*7c478bd9Sstevel@tonic-gate{
3038*7c478bd9Sstevel@tonic-gate    if [ -s "${TMPDIR}/vlvindex_list" ]; then
3039*7c478bd9Sstevel@tonic-gate	display_msg display_vlv_list
3040*7c478bd9Sstevel@tonic-gate	cat ${TMPDIR}/vlvindex_list
3041*7c478bd9Sstevel@tonic-gate    fi
3042*7c478bd9Sstevel@tonic-gate}
3043*7c478bd9Sstevel@tonic-gate
3044*7c478bd9Sstevel@tonic-gate
3045*7c478bd9Sstevel@tonic-gate#
3046*7c478bd9Sstevel@tonic-gate# update_schema_attr(): Update Schema to support Naming.
3047*7c478bd9Sstevel@tonic-gate#
3048*7c478bd9Sstevel@tonic-gateupdate_schema_attr()
3049*7c478bd9Sstevel@tonic-gate{
3050*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_attr()"
3051*7c478bd9Sstevel@tonic-gate
3052*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3053*7c478bd9Sstevel@tonic-gatedn: cn=schema
3054*7c478bd9Sstevel@tonic-gatechangetype: modify
3055*7c478bd9Sstevel@tonic-gateadd: attributetypes
3056*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'NIS public key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3057*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'NIS secret key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3058*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3059*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3060*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'automount Key Value' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3061*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'automount information' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3062*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3063*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3064*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3065*7c478bd9Sstevel@tonic-gateattributetypes: ( rfc822mailMember-oid NAME 'rfc822mailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3066*7c478bd9Sstevel@tonic-gateattributetypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3067*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3068*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
3069*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3070*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
3071*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3072*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
3073*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
3074*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.22 NAME 'SolarisCertificatePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3075*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.23 NAME 'SolarisCertificatePassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3076*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
3077*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3078*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
3079*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferredServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
3080*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferredServerOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3081*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3082*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.4 NAME 'SolarisAttrKeyValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3083*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.5 NAME 'SolarisAuditAlways' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3084*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.6 NAME 'SolarisAuditNever' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3085*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.7 NAME 'SolarisAttrShortDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3086*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.8 NAME 'SolarisAttrLongDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3087*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.9 NAME 'SolarisKernelSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3088*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.10 NAME 'SolarisProfileType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3089*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.11 NAME 'SolarisProfileId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3090*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.12 NAME 'SolarisUserQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3091*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.13 NAME 'SolarisAttrReserved1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3092*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.14 NAME 'SolarisAttrReserved2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3093*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.1 NAME 'SolarisProjectID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
3094*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.2 NAME 'SolarisProjectName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
3095*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.3 NAME 'SolarisProjectAttr' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3096*7c478bd9Sstevel@tonic-gateattributetypes: ( memberGid-oid NAME 'memberGid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3097*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3098*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
3099*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3100*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
3101*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
3102*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3103*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3104*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live before a client DUA should re-read this configuration profile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
3105*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
3106*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3107*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3108*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3109*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3110*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Search scope used by a service of the DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
3111*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication Method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
3112*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer.  This URI SHOULD be used as a relative distinguished name (RDN).  If printer-xri-supported is implemented, then this URI value MUST be listed in a member value of printer-xri-supported.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
3113*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The unordered list of XRI (extended resource identifiers) supported by this printer.  Each member of the list consists of a URI (uniform resource identifier) followed by optional authentication and security metaparameters.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
3114*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-specific administrative name of this printer, more end-user friendly than a URI.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
3115*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configured' DESC 'The configured language in which error and status messages will be generated (by default) by this printer.  Also, a possible language for printer string attributes set by operator, system administrator, or manufacturer.  Also, the (declared) language of the "printer-name", "printer-location", "printer-info", and "printer-make-and-model" attributes of this printer. For example: "en-us" (US English) or "fr-fr" (French in France) Legal values of language tags conform to [RFC3066] "Tags for the Identification of Languages".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
3116*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'Identifies the location of the printer. This could include things like: "in Room 123A", "second floor of building XYZ".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE )
3117*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Identifies the descriptive information about this printer.  This could include things like: "This printer can be used for printing color transparencies for HR presentations", or "Out of courtesy for others, please print only small (1-5 page) jobs at this printer", or even "This printer is going away on July 1, 1997, please find a new printer".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE )
3118*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI used to obtain more information about this specific printer.  For example, this could be an HTTP type URI referencing an HTML page accessible to a Web Browser.  The information obtained from this URI is intended for end user consumption.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
3119*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Identifies the make and model of the device.  The device manufacturer MAY initially populate this attribute.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
3120*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DESC 'Identifies the IPP protocol version(s) that this printer supports, including major and minor versions, i.e., the version numbers for which this Printer implementation meets the conformance requirements.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3121*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-supported' DESC 'Indicates whether or not the printer supports more than one document per job, i.e., more than one Send-Document or Send-Data operation with document data.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
3122*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC 'The configured charset in which error and status messages will be generated (by default) by this printer.  Also, a possible charset for printer string attributes set by operator, system administrator, or manufacturer.  For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1).  Legal values are defined by the IANA Registry of Coded Character Sets and the "(preferred MIME name)" SHALL be used as the tag.  For coherence with IPP Model, charset tags in this attribute SHALL be lowercase normalized.  This attribute SHOULD be static (time of registration) and SHOULD NOT be dynamically refreshed attributetypes: (subsequently).' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{63} SINGLE-VALUE )
3123*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'Identifies the set of charsets supported for attribute type values of type Directory String for this directory entry.  For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1).  Legal values are defined by the IANA Registry of Coded Character Sets and the preferred MIME name.' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{63} )
3124*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language-supported' DESC 'Identifies the natural language(s) supported for this directory entry.  For example: "en-us" (US English) or "fr-fr" (French in France).  Legal values conform to [RFC3066], Tags for the Identification of Languages.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{63} )
3125*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible document formats in which data may be interpreted and printed by this printer.  Legal values are MIME types come from the IANA Registry of Internet Media Types.' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3126*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Indicates whether this printer is capable of any type of color printing at all, including highlight color.' EQUALITY booleanMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.7  SINGLE-VALUE )
3127*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DESC 'Compression algorithms supported by this printer.  For example: "deflate, gzip".  Legal values include; "none", "deflate" attributetypes: (public domain ZIP), "gzip" (GNU ZIP), "compress" (UNIX).' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
3128*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'The nominal number of pages per minute which may be output by this printer (e.g., a simplex or black-and-white printer).  This attribute is informative, NOT a service guarantee.  Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
3129*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DESC 'The nominal number of color pages per minute which may be output by this printer (e.g., a simplex or color printer).  This attribute is informative, NOT a service guarantee.  Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
3130*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer. Legal values include; "none", "staple", "punch", "cover", "bind", "saddle-stitch", "edge-stitch", "staple-top-left", "staple-bottom-left", "staple-top-right", "staple-bottom-right", "edge-stitch-left", "edge-stitch-top", "edge-stitch-right", "edge-stitch-bottom", "staple-dual-left", "staple-dual-top", "staple-dual-right", "staple-dual-bottom".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
3131*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium. Legal values include; 1, 2, and 4.  Implementations may support other values.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27 )
3132*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotations supported by this printer.  Legal values include; "one-sided", "two-sided-long-edge", "two-sided-short-edge".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3133*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supported by this printer.  For example: "iso-a4",  "envelope", or "na-letter-white".  Legal values  conform to ISO 10175, Document Printing Application (DPA), and any IANA registered extensions.' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
3134*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DESC 'Site-specific names of media supported by this printer, in the language in "printer-natural-language-configured".  For example: "purchasing-form" (site-specific name) as opposed to (in "printer-media-supported"): "na-letter" (standard keyword from ISO 10175).' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
3135*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer.  Each resolution value is a string with 3 fields:  1) Cross feed direction resolution (positive integer), 2) Feed direction resolution (positive integer), 3) Resolution unit.  Legal values are "dpi" (dots per inch) and "dpcm" (dots per centimeter).  Each resolution field is delimited by ">".  For example:  "300> 300> dpi>".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
3136*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' DESC 'List of print qualities supported for printing documents on this printer.  For example: "draft, normal".  Legal values include; "unknown", "draft", "normal", "high".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3137*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DESC 'Indicates the number of job priority levels supported.  An IPP conformant printer which supports job priority must always support a full range of priorities from "1" to "100" (to ensure consistent behavior), therefore this attribute describes the "granularity".  Legal values of this attribute are from "1" to "100".' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
3138*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'The maximum number of copies of a document that may be printed as a single job.  A value of "0" indicates no maximum limit.  A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
3139*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DESC 'The maximum size in kilobytes (1,024 octets actually) incoming print job that this printer will accept.  A value of "0" indicates no maximum limit.  A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
3140*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'The name of the current human operator responsible for operating this printer.  It is suggested that this string include information that would enable other humans to reach the operator, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE )
3141*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The name of the current human service person responsible for servicing this printer.  It is suggested that this string include information that would enable other humans to reach the service person, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
3142*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-supported' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer.  Legal values include; "unknown", "face-up", and "face-down".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3143*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer. Legal values include; "unknown", "first-to-last", "last-to-first".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3144*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer. Legal values include; "unknown", "bursting", "decollating", "page-collating", "offset-stacking".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3145*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'Site-specific administrative names of this printer in addition the printer name specified for printer-name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
3146*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.63 NAME 'sun-printer-bsdaddr' DESC 'Sets the server, print queue destination name and whether the client generates protocol extensions. "Solaris" specifies a Solaris print server extension. The value is represented by the following value: server "," destination ", Solaris".' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
3147*7c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.64 NAME 'sun-printer-kvp' DESC 'This attribute contains a set of key value pairs which may have meaning to the print subsystem or may be user defined. Each value is represented by the following: key "=" value.' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
3148*7c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.57 NAME 'nisplusTimeZone' DESC 'tzone column from NIS+ timezone table' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
3149*7c478bd9Sstevel@tonic-gateEOF
3150*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_attr
3151*7c478bd9Sstevel@tonic-gate
3152*7c478bd9Sstevel@tonic-gate    # Add the entry.
3153*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_attr ${VERB}"
3154*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3155*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of schema attributes failed!"
3156*7c478bd9Sstevel@tonic-gate	cleanup
3157*7c478bd9Sstevel@tonic-gate	exit 1
3158*7c478bd9Sstevel@tonic-gate    fi
3159*7c478bd9Sstevel@tonic-gate
3160*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3161*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Schema attributes have been updated."
3162*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3163*7c478bd9Sstevel@tonic-gate}
3164*7c478bd9Sstevel@tonic-gate
3165*7c478bd9Sstevel@tonic-gate
3166*7c478bd9Sstevel@tonic-gate#
3167*7c478bd9Sstevel@tonic-gate# update_schema_obj(): Update the schema objectclass definitions.
3168*7c478bd9Sstevel@tonic-gate#
3169*7c478bd9Sstevel@tonic-gateupdate_schema_obj()
3170*7c478bd9Sstevel@tonic-gate{
3171*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_obj()"
3172*7c478bd9Sstevel@tonic-gate
3173*7c478bd9Sstevel@tonic-gate    # Add the objectclass definitions.
3174*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3175*7c478bd9Sstevel@tonic-gatedn: cn=schema
3176*7c478bd9Sstevel@tonic-gatechangetype: modify
3177*7c478bd9Sstevel@tonic-gateadd: objectclasses
3178*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.14 NAME 'NisKeyObject' SUP 'top' MUST (objectclass $ cn $ nisPublickey $ nisSecretkey) MAY (uidNumber $ description))
3179*7c478bd9Sstevel@tonic-gate
3180*7c478bd9Sstevel@tonic-gatedn: cn=schema
3181*7c478bd9Sstevel@tonic-gatechangetype: modify
3182*7c478bd9Sstevel@tonic-gateadd: objectclasses
3183*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP 'top' MUST (objectclass $ nisDomain) MAY ())
3184*7c478bd9Sstevel@tonic-gate
3185*7c478bd9Sstevel@tonic-gatedn: cn=schema
3186*7c478bd9Sstevel@tonic-gatechangetype: modify
3187*7c478bd9Sstevel@tonic-gateadd: objectclasses
3188*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP 'top' MUST (objectclass $ automountMapName) MAY (description))
3189*7c478bd9Sstevel@tonic-gate
3190*7c478bd9Sstevel@tonic-gatedn: cn=schema
3191*7c478bd9Sstevel@tonic-gatechangetype: modify
3192*7c478bd9Sstevel@tonic-gateadd: objectclasses
3193*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP 'top' MUST (objectclass $ automountKey $ automountInformation ) MAY (description))
3194*7c478bd9Sstevel@tonic-gate
3195*7c478bd9Sstevel@tonic-gatedn: cn=schema
3196*7c478bd9Sstevel@tonic-gatechangetype: modify
3197*7c478bd9Sstevel@tonic-gateadd: objectclasses
3198*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.7 NAME 'SolarisNamingProfile' SUP 'top' MUST (objectclass $ cn $ SolarisLDAPservers $ SolarisSearchBaseDN) MAY (SolarisBindDN $ SolarisBindPassword $ SolarisAuthMethod $ SolarisTransportSecurity $ SolarisCertificatePath $ SolarisCertificatePassword $ SolarisDataSearchDN $ SolarisSearchScope $ SolarisSearchTimeLimit $ SolarisPreferredServer $ SolarisPreferredServerOnly $ SolarisCacheTTL $ SolarisSearchReferral))
3199*7c478bd9Sstevel@tonic-gate
3200*7c478bd9Sstevel@tonic-gatedn: cn=schema
3201*7c478bd9Sstevel@tonic-gatechangetype: modify
3202*7c478bd9Sstevel@tonic-gateadd: objectclasses
3203*7c478bd9Sstevel@tonic-gateobjectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' SUP 'top' MUST (objectclass $ mail) MAY (cn $ mgrpRFC822MailMember))
3204*7c478bd9Sstevel@tonic-gate
3205*7c478bd9Sstevel@tonic-gatedn: cn=schema
3206*7c478bd9Sstevel@tonic-gatechangetype: modify
3207*7c478bd9Sstevel@tonic-gateadd: objectclasses
3208*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP 'top' MUST (objectclass $ cn) MAY (rfc822mailMember))
3209*7c478bd9Sstevel@tonic-gate
3210*7c478bd9Sstevel@tonic-gatedn: cn=schema
3211*7c478bd9Sstevel@tonic-gatechangetype: modify
3212*7c478bd9Sstevel@tonic-gateadd: objectclasses
3213*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' SUP 'top' MUST (objectclass $ cn) MAY (nisNetIdUser $ nisNetIdGroup $ nisNetIdHost))
3214*7c478bd9Sstevel@tonic-gate
3215*7c478bd9Sstevel@tonic-gatedn: cn=schema
3216*7c478bd9Sstevel@tonic-gatechangetype: modify
3217*7c478bd9Sstevel@tonic-gateadd: objectclasses
3218*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.2 NAME 'SolarisAuditUser' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisAuditAlways $ SolarisAuditNever))
3219*7c478bd9Sstevel@tonic-gate
3220*7c478bd9Sstevel@tonic-gatedn: cn=schema
3221*7c478bd9Sstevel@tonic-gatechangetype: modify
3222*7c478bd9Sstevel@tonic-gateadd: objectclasses
3223*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.3 NAME 'SolarisUserAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisUserQualifier $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrKeyValue))
3224*7c478bd9Sstevel@tonic-gate
3225*7c478bd9Sstevel@tonic-gatedn: cn=schema
3226*7c478bd9Sstevel@tonic-gatechangetype: modify
3227*7c478bd9Sstevel@tonic-gateadd: objectclasses
3228*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.4 NAME 'SolarisAuthAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrShortDesc $ SolarisAttrLongDesc $ SolarisAttrKeyValue))
3229*7c478bd9Sstevel@tonic-gate
3230*7c478bd9Sstevel@tonic-gatedn: cn=schema
3231*7c478bd9Sstevel@tonic-gatechangetype: modify
3232*7c478bd9Sstevel@tonic-gateadd: objectclasses
3233*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.5 NAME 'SolarisProfAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrLongDesc $ SolarisAttrKeyValue))
3234*7c478bd9Sstevel@tonic-gate
3235*7c478bd9Sstevel@tonic-gatedn: cn=schema
3236*7c478bd9Sstevel@tonic-gatechangetype: modify
3237*7c478bd9Sstevel@tonic-gateadd: objectclasses
3238*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.6 NAME 'SolarisExecAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisKernelSecurityPolicy $ SolarisProfileType $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisProfileID $ SolarisAttrKeyValue))
3239*7c478bd9Sstevel@tonic-gate
3240*7c478bd9Sstevel@tonic-gatedn: cn=schema
3241*7c478bd9Sstevel@tonic-gatechangetype: modify
3242*7c478bd9Sstevel@tonic-gateadd: objectclasses
3243*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.1 NAME 'SolarisProject' SUP 'top' MUST (objectclass $ SolarisProjectID $ SolarisProjectName) MAY (memberUid $ memberGid $ description $ SolarisProjectAttr))
3244*7c478bd9Sstevel@tonic-gate
3245*7c478bd9Sstevel@tonic-gatedn: cn=schema
3246*7c478bd9Sstevel@tonic-gatechangetype: modify
3247*7c478bd9Sstevel@tonic-gateadd: objectclasses
3248*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP 'top' DESC 'Abstraction of a base configuration for a DUA' MUST (cn) MAY (defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL))
3249*7c478bd9Sstevel@tonic-gate
3250*7c478bd9Sstevel@tonic-gatedn: cn=schema
3251*7c478bd9Sstevel@tonic-gatechangetype: modify
3252*7c478bd9Sstevel@tonic-gateadd: objectclasses
3253*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.2549 NAME 'slpService' DESC 'DUMMY definition' SUP 'top' MUST (objectclass) MAY ())
3254*7c478bd9Sstevel@tonic-gate
3255*7c478bd9Sstevel@tonic-gatedn: cn=schema
3256*7c478bd9Sstevel@tonic-gatechangetype: modify
3257*7c478bd9Sstevel@tonic-gateadd: objectclasses
3258*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.254 NAME 'slpServicePrinter' DESC 'Service Location Protocol (SLP) information.' AUXILIARY SUP 'slpService')
3259*7c478bd9Sstevel@tonic-gate
3260*7c478bd9Sstevel@tonic-gatedn: cn=schema
3261*7c478bd9Sstevel@tonic-gatechangetype: modify
3262*7c478bd9Sstevel@tonic-gateadd: objectclasses
3263*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer related information.' ABSTRACT SUP 'top' MAY ( printer-name $ printer-natural-language-configured $ printer-location $ printer-info $ printer-more-info $ printer-make-and-model $ printer-multiple-document-jobs-supported $ printer-charset-configured $ printer-charset-supported $ printer-generated-natural-language-supported $ printer-document-format-supported $ printer-color-supported $ printer-compression-supported $ printer-pages-per-minute $ printer-pages-per-minute-color $ printer-finishings-supported $ printer-number-up-supported $ printer-sides-supported $ printer-media-supported $ printer-media-local-supported $ printer-resolution-supported $ printer-print-quality-supported $ printer-job-priority-supported $ printer-copies-supported $ printer-job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supported $ printer-output-features-supported ))
3264*7c478bd9Sstevel@tonic-gate
3265*7c478bd9Sstevel@tonic-gatedn: cn=schema
3266*7c478bd9Sstevel@tonic-gatechangetype: modify
3267*7c478bd9Sstevel@tonic-gateadd: objectclasses
3268*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer information.' STRUCTURAL SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported ))
3269*7c478bd9Sstevel@tonic-gate
3270*7c478bd9Sstevel@tonic-gatedn: cn=schema
3271*7c478bd9Sstevel@tonic-gatechangetype: modify
3272*7c478bd9Sstevel@tonic-gateadd: objectclasses
3273*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printer information.' AUXILIARY SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported ))
3274*7c478bd9Sstevel@tonic-gate
3275*7c478bd9Sstevel@tonic-gatedn: cn=schema
3276*7c478bd9Sstevel@tonic-gatechangetype: modify
3277*7c478bd9Sstevel@tonic-gateadd: objectclasses
3278*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' AUXILIARY SUP 'top' MAY   ( printer-ipp-versions-supported $ printer-multiple-document-jobs-supported ))
3279*7c478bd9Sstevel@tonic-gate
3280*7c478bd9Sstevel@tonic-gatedn: cn=schema
3281*7c478bd9Sstevel@tonic-gatechangetype: modify
3282*7c478bd9Sstevel@tonic-gateadd: objectclasses
3283*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' AUXILIARY SUP 'top' MUST ( printer-name ) MAY ( printer-aliases))
3284*7c478bd9Sstevel@tonic-gate
3285*7c478bd9Sstevel@tonic-gatedn: cn=schema
3286*7c478bd9Sstevel@tonic-gatechangetype: modify
3287*7c478bd9Sstevel@tonic-gateadd: objectclasses
3288*7c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.14 NAME 'sunPrinter' DESC 'Sun printer information' SUP 'top' AUXILIARY MUST (objectclass $ printer-name)  MAY (sun-printer-bsdaddr $ sun-printer-kvp))
3289*7c478bd9Sstevel@tonic-gate
3290*7c478bd9Sstevel@tonic-gatedn: cn=schema
3291*7c478bd9Sstevel@tonic-gatechangetype: modify
3292*7c478bd9Sstevel@tonic-gateadd: objectclasses
3293*7c478bd9Sstevel@tonic-gateobjectclasses:	( 1.3.6.1.4.1.42.2.27.5.2.12 NAME 'nisplusTimeZoneData' DESC 'NIS+ timezone table data' SUP top STRUCTURAL MUST ( cn ) MAY ( nisplusTimeZone $ description ) )
3294*7c478bd9Sstevel@tonic-gateEOF
3295*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_obj
3296*7c478bd9Sstevel@tonic-gate
3297*7c478bd9Sstevel@tonic-gate    # Add the entry.
3298*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_obj ${VERB}"
3299*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3300*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of schema objectclass definitions failed!"
3301*7c478bd9Sstevel@tonic-gate	cleanup
3302*7c478bd9Sstevel@tonic-gate	exit 1
3303*7c478bd9Sstevel@tonic-gate    fi
3304*7c478bd9Sstevel@tonic-gate
3305*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3306*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Schema objectclass definitions have been added."
3307*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3308*7c478bd9Sstevel@tonic-gate}
3309*7c478bd9Sstevel@tonic-gate
3310*7c478bd9Sstevel@tonic-gate
3311*7c478bd9Sstevel@tonic-gate#
3312*7c478bd9Sstevel@tonic-gate# modify_top_aci(): Modify the ACI for the top entry to disable self modify
3313*7c478bd9Sstevel@tonic-gate#                   of user attributes.
3314*7c478bd9Sstevel@tonic-gate#
3315*7c478bd9Sstevel@tonic-gatemodify_top_aci()
3316*7c478bd9Sstevel@tonic-gate{
3317*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_top_aci()"
3318*7c478bd9Sstevel@tonic-gate
3319*7c478bd9Sstevel@tonic-gate    # Set ACI Name
3320*7c478bd9Sstevel@tonic-gate    ACI_NAME="LDAP_Naming_Services_deny_write_access"
3321*7c478bd9Sstevel@tonic-gate
3322*7c478bd9Sstevel@tonic-gate    # Search for ACI_NAME
3323*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_top_aci 2>&1"
3324*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3325*7c478bd9Sstevel@tonic-gate	${ECHO} "Error searching aci for ${LDAP_BASEDN}"
3326*7c478bd9Sstevel@tonic-gate	cat ${TMPDIR}/chk_top_aci
3327*7c478bd9Sstevel@tonic-gate	cleanup
3328*7c478bd9Sstevel@tonic-gate	exit 1
3329*7c478bd9Sstevel@tonic-gate    fi
3330*7c478bd9Sstevel@tonic-gate    ${GREP} "${ACI_NAME}" ${TMPDIR}/chk_top_aci > /dev/null 2>&1
3331*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
3332*7c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. Top level ACI ${ACI_NAME} already exists for ${LDAP_BASEDN}."
3333*7c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
3334*7c478bd9Sstevel@tonic-gate	return 0
3335*7c478bd9Sstevel@tonic-gate    fi
3336*7c478bd9Sstevel@tonic-gate
3337*7c478bd9Sstevel@tonic-gate    # Crate LDIF for top level ACI.
3338*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3339*7c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN}
3340*7c478bd9Sstevel@tonic-gatechangetype: modify
3341*7c478bd9Sstevel@tonic-gateadd: aci
3342*7c478bd9Sstevel@tonic-gateaci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";)
3343*7c478bd9Sstevel@tonic-gate-
3344*7c478bd9Sstevel@tonic-gateEOF
3345*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/top_aci
3346*7c478bd9Sstevel@tonic-gate
3347*7c478bd9Sstevel@tonic-gate    # Add the entry.
3348*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/top_aci ${VERB}"
3349*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3350*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Modify of top level ACI failed! (restricts self modify)"
3351*7c478bd9Sstevel@tonic-gate	cleanup
3352*7c478bd9Sstevel@tonic-gate	exit 1
3353*7c478bd9Sstevel@tonic-gate    fi
3354*7c478bd9Sstevel@tonic-gate
3355*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3356*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. ACI for ${LDAP_BASEDN} modified to disable self modify."
3357*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3358*7c478bd9Sstevel@tonic-gate}
3359*7c478bd9Sstevel@tonic-gate
3360*7c478bd9Sstevel@tonic-gate
3361*7c478bd9Sstevel@tonic-gate#
3362*7c478bd9Sstevel@tonic-gate# add_vlv_aci(): Add access control information (aci) for VLV.
3363*7c478bd9Sstevel@tonic-gate#
3364*7c478bd9Sstevel@tonic-gateadd_vlv_aci()
3365*7c478bd9Sstevel@tonic-gate{
3366*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_aci()"
3367*7c478bd9Sstevel@tonic-gate
3368*7c478bd9Sstevel@tonic-gate    # Add the VLV ACI.
3369*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3370*7c478bd9Sstevel@tonic-gatedn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
3371*7c478bd9Sstevel@tonic-gatechangetype: modify
3372*7c478bd9Sstevel@tonic-gatereplace: aci
3373*7c478bd9Sstevel@tonic-gateaci: (targetattr != "aci") (version 3.0; acl "VLV Request Control"; allow(read,search,compare) userdn = "ldap:///anyone";)
3374*7c478bd9Sstevel@tonic-gateEOF
3375*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_aci
3376*7c478bd9Sstevel@tonic-gate
3377*7c478bd9Sstevel@tonic-gate    # Add the entry.
3378*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/vlv_aci ${VERB}"
3379*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3380*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Add of VLV ACI failed!"
3381*7c478bd9Sstevel@tonic-gate	cleanup
3382*7c478bd9Sstevel@tonic-gate	exit 1
3383*7c478bd9Sstevel@tonic-gate    fi
3384*7c478bd9Sstevel@tonic-gate
3385*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3386*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Add of VLV Access Control Information (ACI)."
3387*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3388*7c478bd9Sstevel@tonic-gate}
3389*7c478bd9Sstevel@tonic-gate
3390*7c478bd9Sstevel@tonic-gate
3391*7c478bd9Sstevel@tonic-gate#
3392*7c478bd9Sstevel@tonic-gate# set_nisdomain(): Add the NisDomainObject to the Base DN.
3393*7c478bd9Sstevel@tonic-gate#
3394*7c478bd9Sstevel@tonic-gateset_nisdomain()
3395*7c478bd9Sstevel@tonic-gate{
3396*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In set_nisdomain()"
3397*7c478bd9Sstevel@tonic-gate
3398*7c478bd9Sstevel@tonic-gate    # Check if nisDomain is already set.
3399*7c478bd9Sstevel@tonic-gate    ${LDAPSEARCH} ${SERVER_ARGS} -b "${LDAP_BASEDN}" -s base "objectclass=*" > ${TMPDIR}/chk_nisdomain 2>&1
3400*7c478bd9Sstevel@tonic-gate    eval "${GREP} -i nisDomain ${TMPDIR}/chk_nisdomain ${VERB}"
3401*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
3402*7c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. NisDomainObject for ${LDAP_BASEDN} was already set."
3403*7c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
3404*7c478bd9Sstevel@tonic-gate	return 0
3405*7c478bd9Sstevel@tonic-gate    fi
3406*7c478bd9Sstevel@tonic-gate
3407*7c478bd9Sstevel@tonic-gate    # Add the new top level containers.
3408*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3409*7c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN}
3410*7c478bd9Sstevel@tonic-gatechangetype: modify
3411*7c478bd9Sstevel@tonic-gateobjectclass: nisDomainObject
3412*7c478bd9Sstevel@tonic-gatenisdomain: ${LDAP_DOMAIN}
3413*7c478bd9Sstevel@tonic-gateEOF
3414*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/nis_domain
3415*7c478bd9Sstevel@tonic-gate
3416*7c478bd9Sstevel@tonic-gate    # Add the entry.
3417*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/nis_domain ${VERB}"
3418*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3419*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of NisDomainObject in ${LDAP_BASEDN} failed."
3420*7c478bd9Sstevel@tonic-gate	cleanup
3421*7c478bd9Sstevel@tonic-gate	exit 1
3422*7c478bd9Sstevel@tonic-gate    fi
3423*7c478bd9Sstevel@tonic-gate
3424*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3425*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. NisDomainObject added to ${LDAP_BASEDN}."
3426*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3427*7c478bd9Sstevel@tonic-gate}
3428*7c478bd9Sstevel@tonic-gate
3429*7c478bd9Sstevel@tonic-gate
3430*7c478bd9Sstevel@tonic-gate#
3431*7c478bd9Sstevel@tonic-gate# check_attrName(): Check that the attribute name is valid.
3432*7c478bd9Sstevel@tonic-gate#              $1   Key to check.
3433*7c478bd9Sstevel@tonic-gate#         Returns   0 : valid name	1 : invalid name
3434*7c478bd9Sstevel@tonic-gate#
3435*7c478bd9Sstevel@tonic-gatecheck_attrName()
3436*7c478bd9Sstevel@tonic-gate{
3437*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In check_attrName()"
3438*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "check_attrName: Input Param = $1"
3439*7c478bd9Sstevel@tonic-gate
3440*7c478bd9Sstevel@tonic-gate    ${ECHO} $1 | ${EGREP} '^[0-9]+(\.[0-9]+)*$' > /dev/null 2>&1
3441*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
3442*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \
3443*7c478bd9Sstevel@tonic-gate			attributeTypes | ${EGREP} -i '^attributetypes[ ]*=[ ]*\([ ]*$1 ' ${VERB}"
3444*7c478bd9Sstevel@tonic-gate    else
3445*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \
3446*7c478bd9Sstevel@tonic-gate			attributeTypes | ${EGREP} -i \"'$1'\" ${VERB}"
3447*7c478bd9Sstevel@tonic-gate    fi
3448*7c478bd9Sstevel@tonic-gate
3449*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3450*7c478bd9Sstevel@tonic-gate	return 1
3451*7c478bd9Sstevel@tonic-gate    else
3452*7c478bd9Sstevel@tonic-gate	return 0
3453*7c478bd9Sstevel@tonic-gate    fi
3454*7c478bd9Sstevel@tonic-gate}
3455*7c478bd9Sstevel@tonic-gate
3456*7c478bd9Sstevel@tonic-gate
3457*7c478bd9Sstevel@tonic-gate#
3458*7c478bd9Sstevel@tonic-gate# get_objectclass():   Determine the objectclass for the given attribute name
3459*7c478bd9Sstevel@tonic-gate#              $1   Attribute name to check.
3460*7c478bd9Sstevel@tonic-gate#      _ATTR_NAME   Return value, Object Name or NULL if unknown to idsconfig.
3461*7c478bd9Sstevel@tonic-gate#
3462*7c478bd9Sstevel@tonic-gate#      NOTE: An attribute name can be valid but still we might not be able
3463*7c478bd9Sstevel@tonic-gate#            to determine the objectclass from the table.
3464*7c478bd9Sstevel@tonic-gate#            In such cases, the user needs to create the necessary object(s).
3465*7c478bd9Sstevel@tonic-gate#
3466*7c478bd9Sstevel@tonic-gateget_objectclass()
3467*7c478bd9Sstevel@tonic-gate{
3468*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_objectclass()"
3469*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: Input Param = $1"
3470*7c478bd9Sstevel@tonic-gate
3471*7c478bd9Sstevel@tonic-gate    # Set return value to NULL string.
3472*7c478bd9Sstevel@tonic-gate    _ATTR_NAME=""
3473*7c478bd9Sstevel@tonic-gate
3474*7c478bd9Sstevel@tonic-gate    # Test key for type:
3475*7c478bd9Sstevel@tonic-gate    case `${ECHO} ${1} | tr '[A-Z]' '[a-z]'` in
3476*7c478bd9Sstevel@tonic-gate	ou | organizationalunitname | 2.5.4.11) _ATTR_NAME="organizationalUnit" ;;
3477*7c478bd9Sstevel@tonic-gate	dc | domaincomponent | 0.9.2342.19200300.100.1.25) _ATTR_NAME="domain" ;;
3478*7c478bd9Sstevel@tonic-gate	 o | organizationname | 2.5.4.10) _ATTR_NAME="organization" ;;
3479*7c478bd9Sstevel@tonic-gate	 c | countryname | 2.5.4.6) _ATTR_NAME="country" ;;
3480*7c478bd9Sstevel@tonic-gate	 *)  _ATTR_NAME="" ;;
3481*7c478bd9Sstevel@tonic-gate    esac
3482*7c478bd9Sstevel@tonic-gate
3483*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: _ATTR_NAME = $_ATTR_NAME"
3484*7c478bd9Sstevel@tonic-gate}
3485*7c478bd9Sstevel@tonic-gate
3486*7c478bd9Sstevel@tonic-gate
3487*7c478bd9Sstevel@tonic-gate#
3488*7c478bd9Sstevel@tonic-gate# add_base_objects(): Add any necessary base objects.
3489*7c478bd9Sstevel@tonic-gate#
3490*7c478bd9Sstevel@tonic-gateadd_base_objects()
3491*7c478bd9Sstevel@tonic-gate{
3492*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_base_objects()"
3493*7c478bd9Sstevel@tonic-gate
3494*7c478bd9Sstevel@tonic-gate    # Convert to lower case for basename.
3495*7c478bd9Sstevel@tonic-gate    format_string "${LDAP_BASEDN}"
3496*7c478bd9Sstevel@tonic-gate    LOWER_BASEDN="${FMT_STR}"
3497*7c478bd9Sstevel@tonic-gate    format_string "${LDAP_SUFFIX}"
3498*7c478bd9Sstevel@tonic-gate    LOWER_SUFFIX="${FMT_STR}"
3499*7c478bd9Sstevel@tonic-gate
3500*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}"
3501*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}"
3502*7c478bd9Sstevel@tonic-gate
3503*7c478bd9Sstevel@tonic-gate    # Create additional components.
3504*7c478bd9Sstevel@tonic-gate    if [ "${LOWER_BASEDN}" = "${LOWER_SUFFIX}" ]; then
3505*7c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "Base DN and Suffix equivalent"
3506*7c478bd9Sstevel@tonic-gate    else
3507*7c478bd9Sstevel@tonic-gate	# first, test that the suffix is valid
3508*7c478bd9Sstevel@tonic-gate	dcstmp=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"`
3509*7c478bd9Sstevel@tonic-gate	if [ "$dcstmp" = "${LOWER_BASEDN}" ]; then
3510*7c478bd9Sstevel@tonic-gate	    # should not happen since check_basedn_suffix() succeeded
3511*7c478bd9Sstevel@tonic-gate	    ${ECHO} "Invalid suffix ${LOWER_SUFFIX}"
3512*7c478bd9Sstevel@tonic-gate	    ${ECHO} "for Base DN ${LOWER_BASEDN}"
3513*7c478bd9Sstevel@tonic-gate	    cleanup
3514*7c478bd9Sstevel@tonic-gate	    exit 1
3515*7c478bd9Sstevel@tonic-gate	fi
3516*7c478bd9Sstevel@tonic-gate	# OK, suffix is valid, start working with LDAP_BASEDN
3517*7c478bd9Sstevel@tonic-gate	# field separator is ',' (i.e., space is a valid character)
3518*7c478bd9Sstevel@tonic-gate	dcstmp2="`${ECHO} ${LDAP_BASEDN} |
3519*7c478bd9Sstevel@tonic-gate		sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'`"
3520*7c478bd9Sstevel@tonic-gate	dcs=""
3521*7c478bd9Sstevel@tonic-gate	# use dcstmp to count the loop, and dcstmp2 to get the correct
3522*7c478bd9Sstevel@tonic-gate	# string case
3523*7c478bd9Sstevel@tonic-gate	# dcs should be in reverse order, only for these components
3524*7c478bd9Sstevel@tonic-gate	# that need to be added
3525*7c478bd9Sstevel@tonic-gate	while [ -n "${dcstmp}" ]
3526*7c478bd9Sstevel@tonic-gate	do
3527*7c478bd9Sstevel@tonic-gate	    i2=`${ECHO} "$dcstmp2" | cut -f1 -d','`
3528*7c478bd9Sstevel@tonic-gate	    dk=`${ECHO} $i2 | awk -F= '{print $1}'`
3529*7c478bd9Sstevel@tonic-gate	    dc=`${ECHO} $i2 | awk -F= '{print $2}'`
3530*7c478bd9Sstevel@tonic-gate	    dcs="$dk=$dc,$dcs";
3531*7c478bd9Sstevel@tonic-gate	    dcstmp2=`${ECHO} "$dcstmp2" | cut -f2- -d','`
3532*7c478bd9Sstevel@tonic-gate	    dcstmp=`${ECHO} "$dcstmp" | cut -f2- -d','`
3533*7c478bd9Sstevel@tonic-gate	    [ $DEBUG -eq 1 ] && \
3534*7c478bd9Sstevel@tonic-gate		${ECHO} "dcs: ${dcs}\ndcstmp: ${dcstmp}\ndcstmp2: ${dcstmp2}\n"
3535*7c478bd9Sstevel@tonic-gate	done
3536*7c478bd9Sstevel@tonic-gate
3537*7c478bd9Sstevel@tonic-gate
3538*7c478bd9Sstevel@tonic-gate
3539*7c478bd9Sstevel@tonic-gate	lastdc=${LDAP_SUFFIX}
3540*7c478bd9Sstevel@tonic-gate	dc=`${ECHO} "${dcs}" | cut -f1 -d','`
3541*7c478bd9Sstevel@tonic-gate	dcstmp=`${ECHO} "${dcs}" | cut -f2- -d','`
3542*7c478bd9Sstevel@tonic-gate	while [ -n "${dc}" ]; do
3543*7c478bd9Sstevel@tonic-gate	    # Get Key and component from $dc.
3544*7c478bd9Sstevel@tonic-gate	    dk2=`${ECHO} $dc | awk -F= '{print $1}'`
3545*7c478bd9Sstevel@tonic-gate	    dc2=`${ECHO} $dc | awk -F= '{print $2}'`
3546*7c478bd9Sstevel@tonic-gate
3547*7c478bd9Sstevel@tonic-gate	    # At this point, ${dk2} is a valid attribute name
3548*7c478bd9Sstevel@tonic-gate
3549*7c478bd9Sstevel@tonic-gate	    # Check if entry exists first, if so, skip to next.
3550*7c478bd9Sstevel@tonic-gate	    ${LDAPSEARCH} ${SERVER_ARGS} -b "${dk2}=${dc2},$lastdc" -s base "objectclass=*" > /dev/null 2>&1
3551*7c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
3552*7c478bd9Sstevel@tonic-gate	        # Set the $lastdc to new dc.
3553*7c478bd9Sstevel@tonic-gate	        lastdc="${dk2}=${dc2},$lastdc"
3554*7c478bd9Sstevel@tonic-gate
3555*7c478bd9Sstevel@tonic-gate		# Process next component.
3556*7c478bd9Sstevel@tonic-gate		dc=`${ECHO} "${dcstmp}" | cut -f1 -d','`
3557*7c478bd9Sstevel@tonic-gate		dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','`
3558*7c478bd9Sstevel@tonic-gate		continue
3559*7c478bd9Sstevel@tonic-gate
3560*7c478bd9Sstevel@tonic-gate	    fi
3561*7c478bd9Sstevel@tonic-gate
3562*7c478bd9Sstevel@tonic-gate	    # Determine the objectclass for the entry.
3563*7c478bd9Sstevel@tonic-gate            get_objectclass $dk2
3564*7c478bd9Sstevel@tonic-gate	    OBJ_Name=${_ATTR_NAME}
3565*7c478bd9Sstevel@tonic-gate	    if [ "${OBJ_Name}" = "" ]; then
3566*7c478bd9Sstevel@tonic-gate	        ${ECHO} "Cannot determine objectclass for $dk2"
3567*7c478bd9Sstevel@tonic-gate	        ${ECHO} "Please create ${dk2}=${dc2},$lastdc entry and rerun idsconfig"
3568*7c478bd9Sstevel@tonic-gate	        exit 1
3569*7c478bd9Sstevel@tonic-gate	    fi
3570*7c478bd9Sstevel@tonic-gate
3571*7c478bd9Sstevel@tonic-gate	    # Add the new container.
3572*7c478bd9Sstevel@tonic-gate	    ( cat <<EOF
3573*7c478bd9Sstevel@tonic-gatedn: ${dk2}=${dc2},$lastdc
3574*7c478bd9Sstevel@tonic-gate${dk2}: $dc2
3575*7c478bd9Sstevel@tonic-gateobjectClass: top
3576*7c478bd9Sstevel@tonic-gateobjectClass: ${OBJ_Name}
3577*7c478bd9Sstevel@tonic-gateEOF
3578*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/base_objects
3579*7c478bd9Sstevel@tonic-gate
3580*7c478bd9Sstevel@tonic-gate
3581*7c478bd9Sstevel@tonic-gate	    # Set the $lastdc to new dc.
3582*7c478bd9Sstevel@tonic-gate	    lastdc="${dk2}=${dc2},$lastdc"
3583*7c478bd9Sstevel@tonic-gate
3584*7c478bd9Sstevel@tonic-gate	    # Add the entry.
3585*7c478bd9Sstevel@tonic-gate	    ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/base_objects ${VERB}"
3586*7c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
3587*7c478bd9Sstevel@tonic-gate		${ECHO} "  ERROR: update of base objects ${dc} failed."
3588*7c478bd9Sstevel@tonic-gate		cleanup
3589*7c478bd9Sstevel@tonic-gate		exit 1
3590*7c478bd9Sstevel@tonic-gate	    fi
3591*7c478bd9Sstevel@tonic-gate
3592*7c478bd9Sstevel@tonic-gate	    # Display message that schema is updated.
3593*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ${STEP}. Created DN component ${dc}."
3594*7c478bd9Sstevel@tonic-gate	    STEP=`expr $STEP + 1`
3595*7c478bd9Sstevel@tonic-gate
3596*7c478bd9Sstevel@tonic-gate	    # Process next component.
3597*7c478bd9Sstevel@tonic-gate	    dc=`${ECHO} "${dcstmp}" | cut -f1 -d','`
3598*7c478bd9Sstevel@tonic-gate	    dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','`
3599*7c478bd9Sstevel@tonic-gate	done
3600*7c478bd9Sstevel@tonic-gate    fi
3601*7c478bd9Sstevel@tonic-gate}
3602*7c478bd9Sstevel@tonic-gate
3603*7c478bd9Sstevel@tonic-gate
3604*7c478bd9Sstevel@tonic-gate#
3605*7c478bd9Sstevel@tonic-gate# add_new_containers(): Add the top level classes.
3606*7c478bd9Sstevel@tonic-gate#
3607*7c478bd9Sstevel@tonic-gate#    $1 = Base DN
3608*7c478bd9Sstevel@tonic-gate#
3609*7c478bd9Sstevel@tonic-gateadd_new_containers()
3610*7c478bd9Sstevel@tonic-gate{
3611*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_new_containers()"
3612*7c478bd9Sstevel@tonic-gate
3613*7c478bd9Sstevel@tonic-gate    for ou in people group rpc protocols networks netgroup \
3614*7c478bd9Sstevel@tonic-gate	aliases hosts services ethers profile printers \
3615*7c478bd9Sstevel@tonic-gate	SolarisAuthAttr SolarisProfAttr Timezone ; do
3616*7c478bd9Sstevel@tonic-gate
3617*7c478bd9Sstevel@tonic-gate	# Check if nismaps already exist.
3618*7c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"ou=${ou},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
3619*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
3620*7c478bd9Sstevel@tonic-gate	    continue
3621*7c478bd9Sstevel@tonic-gate	fi
3622*7c478bd9Sstevel@tonic-gate
3623*7c478bd9Sstevel@tonic-gate	# Create TMP file to add.
3624*7c478bd9Sstevel@tonic-gate	( cat <<EOF
3625*7c478bd9Sstevel@tonic-gatedn: ou=${ou},${LDAP_BASEDN}
3626*7c478bd9Sstevel@tonic-gateou: ${ou}
3627*7c478bd9Sstevel@tonic-gateobjectClass: top
3628*7c478bd9Sstevel@tonic-gateobjectClass: organizationalUnit
3629*7c478bd9Sstevel@tonic-gateEOF
3630*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/toplevel.${ou}
3631*7c478bd9Sstevel@tonic-gate
3632*7c478bd9Sstevel@tonic-gate	# Add the entry.
3633*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/toplevel.${ou} ${VERB}"
3634*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
3635*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Add of ou=${ou} container failed!"
3636*7c478bd9Sstevel@tonic-gate	    cleanup
3637*7c478bd9Sstevel@tonic-gate	    exit 1
3638*7c478bd9Sstevel@tonic-gate	fi
3639*7c478bd9Sstevel@tonic-gate    done
3640*7c478bd9Sstevel@tonic-gate
3641*7c478bd9Sstevel@tonic-gate    # Display message that top level OU containers complete.
3642*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Top level \"ou\" containers complete."
3643*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3644*7c478bd9Sstevel@tonic-gate}
3645*7c478bd9Sstevel@tonic-gate
3646*7c478bd9Sstevel@tonic-gate
3647*7c478bd9Sstevel@tonic-gate#
3648*7c478bd9Sstevel@tonic-gate# add_auto_maps(): Add the automount map entries.
3649*7c478bd9Sstevel@tonic-gate#
3650*7c478bd9Sstevel@tonic-gate# auto_home, auto_direct, auto_master, auto_shared
3651*7c478bd9Sstevel@tonic-gate#
3652*7c478bd9Sstevel@tonic-gateadd_auto_maps()
3653*7c478bd9Sstevel@tonic-gate{
3654*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_auto_maps()"
3655*7c478bd9Sstevel@tonic-gate
3656*7c478bd9Sstevel@tonic-gate    # Set AUTO_MAPS for maps to create.
3657*7c478bd9Sstevel@tonic-gate    AUTO_MAPS="auto_home auto_direct auto_master auto_shared"
3658*7c478bd9Sstevel@tonic-gate
3659*7c478bd9Sstevel@tonic-gate    for automap in $AUTO_MAPS; do
3660*7c478bd9Sstevel@tonic-gate	# Check if automaps already exist.
3661*7c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"automountMapName=${automap},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
3662*7c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
3663*7c478bd9Sstevel@tonic-gate	    continue
3664*7c478bd9Sstevel@tonic-gate	fi
3665*7c478bd9Sstevel@tonic-gate
3666*7c478bd9Sstevel@tonic-gate	# Create the tmp file to add.
3667*7c478bd9Sstevel@tonic-gate	( cat <<EOF
3668*7c478bd9Sstevel@tonic-gatedn: automountMapName=${automap},${LDAP_BASEDN}
3669*7c478bd9Sstevel@tonic-gateautomountMapName: ${automap}
3670*7c478bd9Sstevel@tonic-gateobjectClass: top
3671*7c478bd9Sstevel@tonic-gateobjectClass: automountMap
3672*7c478bd9Sstevel@tonic-gateEOF
3673*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/automap.${automap}
3674*7c478bd9Sstevel@tonic-gate
3675*7c478bd9Sstevel@tonic-gate	# Add the entry.
3676*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/automap.${automap} ${VERB}"
3677*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
3678*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Add of automap ${automap} failed!"
3679*7c478bd9Sstevel@tonic-gate	    cleanup
3680*7c478bd9Sstevel@tonic-gate	    exit 1
3681*7c478bd9Sstevel@tonic-gate	fi
3682*7c478bd9Sstevel@tonic-gate    done
3683*7c478bd9Sstevel@tonic-gate
3684*7c478bd9Sstevel@tonic-gate    # Display message that automount entries are updated.
3685*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. automount maps: $AUTO_MAPS processed."
3686*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3687*7c478bd9Sstevel@tonic-gate}
3688*7c478bd9Sstevel@tonic-gate
3689*7c478bd9Sstevel@tonic-gate
3690*7c478bd9Sstevel@tonic-gate#
3691*7c478bd9Sstevel@tonic-gate# add_proxyagent(): Add entry for nameservice to use to access server.
3692*7c478bd9Sstevel@tonic-gate#
3693*7c478bd9Sstevel@tonic-gateadd_proxyagent()
3694*7c478bd9Sstevel@tonic-gate{
3695*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_proxyagent()"
3696*7c478bd9Sstevel@tonic-gate
3697*7c478bd9Sstevel@tonic-gate    # Check if nismaps already exist.
3698*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_PROXYAGENT}\" -s base \"objectclass=*\" ${VERB}"
3699*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
3700*7c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} already exists."
3701*7c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
3702*7c478bd9Sstevel@tonic-gate	return 0
3703*7c478bd9Sstevel@tonic-gate    fi
3704*7c478bd9Sstevel@tonic-gate
3705*7c478bd9Sstevel@tonic-gate    # Get cn and sn names from LDAP_PROXYAGENT.
3706*7c478bd9Sstevel@tonic-gate    cn_tmp=`${ECHO} ${LDAP_PROXYAGENT} | cut -f1 -d, | cut -f2 -d=`
3707*7c478bd9Sstevel@tonic-gate
3708*7c478bd9Sstevel@tonic-gate    # Create the tmp file to add.
3709*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3710*7c478bd9Sstevel@tonic-gatedn: ${LDAP_PROXYAGENT}
3711*7c478bd9Sstevel@tonic-gatecn: ${cn_tmp}
3712*7c478bd9Sstevel@tonic-gatesn: ${cn_tmp}
3713*7c478bd9Sstevel@tonic-gateobjectclass: top
3714*7c478bd9Sstevel@tonic-gateobjectclass: person
3715*7c478bd9Sstevel@tonic-gateuserpassword: ${LDAP_PROXYAGENT_CRED}
3716*7c478bd9Sstevel@tonic-gateEOF
3717*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxyagent
3718*7c478bd9Sstevel@tonic-gate
3719*7c478bd9Sstevel@tonic-gate    # Add the entry.
3720*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/proxyagent ${VERB}"
3721*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3722*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Adding proxyagent failed!"
3723*7c478bd9Sstevel@tonic-gate	cleanup
3724*7c478bd9Sstevel@tonic-gate	exit 1
3725*7c478bd9Sstevel@tonic-gate    fi
3726*7c478bd9Sstevel@tonic-gate
3727*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3728*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} added."
3729*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3730*7c478bd9Sstevel@tonic-gate}
3731*7c478bd9Sstevel@tonic-gate
3732*7c478bd9Sstevel@tonic-gate
3733*7c478bd9Sstevel@tonic-gate#
3734*7c478bd9Sstevel@tonic-gate# allow_proxy_read_pw(): Give Proxy Agent read permission for password.
3735*7c478bd9Sstevel@tonic-gate#
3736*7c478bd9Sstevel@tonic-gateallow_proxy_read_pw()
3737*7c478bd9Sstevel@tonic-gate{
3738*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In allow_proxy_read_pw()"
3739*7c478bd9Sstevel@tonic-gate
3740*7c478bd9Sstevel@tonic-gate    # Set ACI Name
3741*7c478bd9Sstevel@tonic-gate    PROXY_ACI_NAME="LDAP_Naming_Services_proxy_password_read"
3742*7c478bd9Sstevel@tonic-gate
3743*7c478bd9Sstevel@tonic-gate    # Search for ACI_NAME
3744*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_proxyread_aci 2>&1"
3745*7c478bd9Sstevel@tonic-gate    ${GREP} "${PROXY_ACI_NAME}" ${TMPDIR}/chk_proxyread_aci > /dev/null 2>&1
3746*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
3747*7c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. Proxy ACI ${PROXY_ACI_NAME=} already exists for ${LDAP_BASEDN}."
3748*7c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
3749*7c478bd9Sstevel@tonic-gate	return 0
3750*7c478bd9Sstevel@tonic-gate    fi
3751*7c478bd9Sstevel@tonic-gate
3752*7c478bd9Sstevel@tonic-gate    # Create the tmp file to add.
3753*7c478bd9Sstevel@tonic-gate    ( cat <<EOF
3754*7c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN}
3755*7c478bd9Sstevel@tonic-gatechangetype: modify
3756*7c478bd9Sstevel@tonic-gateadd: aci
3757*7c478bd9Sstevel@tonic-gateaci: (target="ldap:///${LDAP_BASEDN}")(targetattr="userPassword")(version 3.0; acl ${PROXY_ACI_NAME}; allow (compare,read,search) userdn = "ldap:///${LDAP_PROXYAGENT}";)
3758*7c478bd9Sstevel@tonic-gateEOF
3759*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxy_read
3760*7c478bd9Sstevel@tonic-gate
3761*7c478bd9Sstevel@tonic-gate    # Add the entry.
3762*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/proxy_read ${VERB}"
3763*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3764*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Allow ${LDAP_PROXYAGENT} to read password failed!"
3765*7c478bd9Sstevel@tonic-gate	cleanup
3766*7c478bd9Sstevel@tonic-gate	exit 1
3767*7c478bd9Sstevel@tonic-gate    fi
3768*7c478bd9Sstevel@tonic-gate
3769*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3770*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Give ${LDAP_PROXYAGENT} read permission for password."
3771*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3772*7c478bd9Sstevel@tonic-gate}
3773*7c478bd9Sstevel@tonic-gate
3774*7c478bd9Sstevel@tonic-gate
3775*7c478bd9Sstevel@tonic-gate#
3776*7c478bd9Sstevel@tonic-gate# add_profile(): Add client profile to server.
3777*7c478bd9Sstevel@tonic-gate#
3778*7c478bd9Sstevel@tonic-gateadd_profile()
3779*7c478bd9Sstevel@tonic-gate{
3780*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_profile()"
3781*7c478bd9Sstevel@tonic-gate
3782*7c478bd9Sstevel@tonic-gate    # If profile name already exists, DELETE it, and add new one.
3783*7c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
3784*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
3785*7c478bd9Sstevel@tonic-gate	# Create Delete file.
3786*7c478bd9Sstevel@tonic-gate	( cat <<EOF
3787*7c478bd9Sstevel@tonic-gatecn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN}
3788*7c478bd9Sstevel@tonic-gateEOF
3789*7c478bd9Sstevel@tonic-gate) > ${TMPDIR}/del_profile
3790*7c478bd9Sstevel@tonic-gate
3791*7c478bd9Sstevel@tonic-gate	# Check if DEL_OLD_PROFILE is set.  (If not ERROR)
3792*7c478bd9Sstevel@tonic-gate	if [ $DEL_OLD_PROFILE -eq 0 ]; then
3793*7c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: Profile name ${LDAP_PROFILE_NAME} exists! Add failed!"
3794*7c478bd9Sstevel@tonic-gate	    exit 1
3795*7c478bd9Sstevel@tonic-gate	fi
3796*7c478bd9Sstevel@tonic-gate
3797*7c478bd9Sstevel@tonic-gate	# Delete the OLD profile.
3798*7c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPDELETE} ${LDAP_ARGS} -f ${TMPDIR}/del_profile ${VERB}"
3799*7c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
3800*7c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Attempt to DELETE profile failed!"
3801*7c478bd9Sstevel@tonic-gate	    cleanup
3802*7c478bd9Sstevel@tonic-gate	    exit 1
3803*7c478bd9Sstevel@tonic-gate	fi
3804*7c478bd9Sstevel@tonic-gate    fi
3805*7c478bd9Sstevel@tonic-gate
3806*7c478bd9Sstevel@tonic-gate    # Build the "ldapclient genprofile" command string to execute.
3807*7c478bd9Sstevel@tonic-gate    GEN_CMD="ldapclient genprofile -a \"profileName=${LDAP_PROFILE_NAME}\""
3808*7c478bd9Sstevel@tonic-gate
3809*7c478bd9Sstevel@tonic-gate    # Add required argument defaultSearchBase.
3810*7c478bd9Sstevel@tonic-gate    GEN_CMD="${GEN_CMD} -a \"defaultSearchBase=${LDAP_BASEDN}\""
3811*7c478bd9Sstevel@tonic-gate
3812*7c478bd9Sstevel@tonic-gate    # Add optional parameters.
3813*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SERVER_LIST" ] && \
3814*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"defaultServerList=${LDAP_SERVER_LIST}\""
3815*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SEARCH_SCOPE" ] && \
3816*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"defaultSearchScope=${LDAP_SEARCH_SCOPE}\""
3817*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_CRED_LEVEL" ] && \
3818*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"credentialLevel=${LDAP_CRED_LEVEL}\""
3819*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_AUTHMETHOD" ] && \
3820*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"authenticationMethod=${LDAP_AUTHMETHOD}\""
3821*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_FOLLOWREF" ] && \
3822*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"followReferrals=${LDAP_FOLLOWREF}\""
3823*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SEARCH_TIME_LIMIT" ] && \
3824*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"searchTimeLimit=${LDAP_SEARCH_TIME_LIMIT}\""
3825*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_PROFILE_TTL" ] && \
3826*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"profileTTL=${LDAP_PROFILE_TTL}\""
3827*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_BIND_LIMIT" ] && \
3828*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"bindTimeLimit=${LDAP_BIND_LIMIT}\""
3829*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_PREF_SRVLIST" ] && \
3830*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"preferredServerList=${LDAP_PREF_SRVLIST}\""
3831*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SRV_AUTHMETHOD_PAM" ] && \
3832*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_PAM}\""
3833*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SRV_AUTHMETHOD_KEY" ] && \
3834*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_KEY}\""
3835*7c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SRV_AUTHMETHOD_CMD" ] && \
3836*7c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_CMD}\""
3837*7c478bd9Sstevel@tonic-gate
3838*7c478bd9Sstevel@tonic-gate    # Check if there are any service search descriptors to ad.
3839*7c478bd9Sstevel@tonic-gate    if [ -s "${SSD_FILE}" ]; then
3840*7c478bd9Sstevel@tonic-gate	ssd_2_profile
3841*7c478bd9Sstevel@tonic-gate    fi
3842*7c478bd9Sstevel@tonic-gate
3843*7c478bd9Sstevel@tonic-gate    # Execute "ldapclient genprofile" to create profile.
3844*7c478bd9Sstevel@tonic-gate    eval ${GEN_CMD} > ${TMPDIR}/gen_profile 2> ${TMPDIR}/gen_profile_ERR
3845*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3846*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: ldapclient genprofile failed!"
3847*7c478bd9Sstevel@tonic-gate	cleanup
3848*7c478bd9Sstevel@tonic-gate	exit 1
3849*7c478bd9Sstevel@tonic-gate    fi
3850*7c478bd9Sstevel@tonic-gate
3851*7c478bd9Sstevel@tonic-gate    # Add the generated profile..
3852*7c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/gen_profile ${VERB}"
3853*7c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
3854*7c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Attempt to add profile failed!"
3855*7c478bd9Sstevel@tonic-gate	cleanup
3856*7c478bd9Sstevel@tonic-gate	exit 1
3857*7c478bd9Sstevel@tonic-gate    fi
3858*7c478bd9Sstevel@tonic-gate
3859*7c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
3860*7c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Generated client profile and loaded on server."
3861*7c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
3862*7c478bd9Sstevel@tonic-gate}
3863*7c478bd9Sstevel@tonic-gate
3864*7c478bd9Sstevel@tonic-gate
3865*7c478bd9Sstevel@tonic-gate#
3866*7c478bd9Sstevel@tonic-gate# cleanup(): Remove the TMPDIR and all files in it.
3867*7c478bd9Sstevel@tonic-gate#
3868*7c478bd9Sstevel@tonic-gatecleanup()
3869*7c478bd9Sstevel@tonic-gate{
3870*7c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In cleanup()"
3871*7c478bd9Sstevel@tonic-gate
3872*7c478bd9Sstevel@tonic-gate    rm -fr ${TMPDIR}
3873*7c478bd9Sstevel@tonic-gate}
3874*7c478bd9Sstevel@tonic-gate
3875*7c478bd9Sstevel@tonic-gate
3876*7c478bd9Sstevel@tonic-gate#
3877*7c478bd9Sstevel@tonic-gate# 			* * * MAIN * * *
3878*7c478bd9Sstevel@tonic-gate#
3879*7c478bd9Sstevel@tonic-gate# Description:
3880*7c478bd9Sstevel@tonic-gate# This script assumes that the iPlanet Directory Server (iDS) is
3881*7c478bd9Sstevel@tonic-gate# installed and that setup has been run.  This script takes the
3882*7c478bd9Sstevel@tonic-gate# iDS server from that point and sets up the infrastructure for
3883*7c478bd9Sstevel@tonic-gate# LDAP Naming Services.  After running this script, ldapaddent(1M)
3884*7c478bd9Sstevel@tonic-gate# or some other tools can be used to populate data.
3885*7c478bd9Sstevel@tonic-gate
3886*7c478bd9Sstevel@tonic-gate# Initialize the variables that need to be set to NULL, or some
3887*7c478bd9Sstevel@tonic-gate# other initial value before the rest of the functions can be called.
3888*7c478bd9Sstevel@tonic-gateinit
3889*7c478bd9Sstevel@tonic-gate
3890*7c478bd9Sstevel@tonic-gate# Parse command line arguments.
3891*7c478bd9Sstevel@tonic-gateparse_arg $*
3892*7c478bd9Sstevel@tonic-gateshift $?
3893*7c478bd9Sstevel@tonic-gate
3894*7c478bd9Sstevel@tonic-gate# Print extra line to separate from prompt.
3895*7c478bd9Sstevel@tonic-gate${ECHO} " "
3896*7c478bd9Sstevel@tonic-gate
3897*7c478bd9Sstevel@tonic-gate# Either Load the user specified config file
3898*7c478bd9Sstevel@tonic-gate# or prompt user for config info.
3899*7c478bd9Sstevel@tonic-gateif [ -n "$INPUT_FILE" ]
3900*7c478bd9Sstevel@tonic-gatethen
3901*7c478bd9Sstevel@tonic-gate    load_config_file
3902*7c478bd9Sstevel@tonic-gate    INTERACTIVE=0      # Turns off prompts that occur later.
3903*7c478bd9Sstevel@tonic-gate    validate_info      # Validate basic info in file.
3904*7c478bd9Sstevel@tonic-gate    chk_ids_version    # Check iDS version for compatibility.
3905*7c478bd9Sstevel@tonic-gateelse
3906*7c478bd9Sstevel@tonic-gate    # Display BACKUP warning to user.
3907*7c478bd9Sstevel@tonic-gate    display_msg backup_server
3908*7c478bd9Sstevel@tonic-gate    get_confirm "Do you wish to continue with server setup (y/n/h)?" "n" "backup_help"
3909*7c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then    # if No, cleanup and exit.
3910*7c478bd9Sstevel@tonic-gate	cleanup ; exit 1
3911*7c478bd9Sstevel@tonic-gate    fi
3912*7c478bd9Sstevel@tonic-gate
3913*7c478bd9Sstevel@tonic-gate    # Prompt for values.
3914*7c478bd9Sstevel@tonic-gate    prompt_config_info
3915*7c478bd9Sstevel@tonic-gate    display_summary    # Allow user to modify results.
3916*7c478bd9Sstevel@tonic-gate    INTERACTIVE=1      # Insures future prompting.
3917*7c478bd9Sstevel@tonic-gatefi
3918*7c478bd9Sstevel@tonic-gate
3919*7c478bd9Sstevel@tonic-gate# Modify slapd.oc.conf to ALLOW cn instead of REQUIRE.
3920*7c478bd9Sstevel@tonic-gatemodify_cn
3921*7c478bd9Sstevel@tonic-gate
3922*7c478bd9Sstevel@tonic-gate# Modify timelimit to user value.
3923*7c478bd9Sstevel@tonic-gate[ $NEED_TIME -eq 1 ] && modify_timelimit
3924*7c478bd9Sstevel@tonic-gate
3925*7c478bd9Sstevel@tonic-gate# Modify sizelimit to user value.
3926*7c478bd9Sstevel@tonic-gate[ $NEED_SIZE -eq 1 ] && modify_sizelimit
3927*7c478bd9Sstevel@tonic-gate
3928*7c478bd9Sstevel@tonic-gate# Modify the password storage scheme to support CRYPT.
3929*7c478bd9Sstevel@tonic-gateif [ "$NEED_CRYPT" = "TRUE" ]; then
3930*7c478bd9Sstevel@tonic-gate    modify_pwd_crypt
3931*7c478bd9Sstevel@tonic-gatefi
3932*7c478bd9Sstevel@tonic-gate
3933*7c478bd9Sstevel@tonic-gate# Update the schema (Attributes, Objectclass Definitions)
3934*7c478bd9Sstevel@tonic-gateupdate_schema_attr
3935*7c478bd9Sstevel@tonic-gateupdate_schema_obj
3936*7c478bd9Sstevel@tonic-gate
3937*7c478bd9Sstevel@tonic-gate# Add base objects (if needed)
3938*7c478bd9Sstevel@tonic-gateadd_base_objects
3939*7c478bd9Sstevel@tonic-gate
3940*7c478bd9Sstevel@tonic-gate# Update the NisDomainObject.
3941*7c478bd9Sstevel@tonic-gate#   The Base DN might of just been created, so this MUST happen after
3942*7c478bd9Sstevel@tonic-gate#   the base objects have been added!
3943*7c478bd9Sstevel@tonic-gateset_nisdomain
3944*7c478bd9Sstevel@tonic-gate
3945*7c478bd9Sstevel@tonic-gate# Add top level classes (new containers)
3946*7c478bd9Sstevel@tonic-gateadd_new_containers
3947*7c478bd9Sstevel@tonic-gate
3948*7c478bd9Sstevel@tonic-gate# Add common nismaps.
3949*7c478bd9Sstevel@tonic-gateadd_auto_maps
3950*7c478bd9Sstevel@tonic-gate
3951*7c478bd9Sstevel@tonic-gate# Modify top ACI.
3952*7c478bd9Sstevel@tonic-gatemodify_top_aci
3953*7c478bd9Sstevel@tonic-gate
3954*7c478bd9Sstevel@tonic-gate# Add Access Control Information for VLV.
3955*7c478bd9Sstevel@tonic-gateadd_vlv_aci
3956*7c478bd9Sstevel@tonic-gate
3957*7c478bd9Sstevel@tonic-gate# if Proxy needed, Add Proxy Agent and give read permission for password.
3958*7c478bd9Sstevel@tonic-gateif [ $NEED_PROXY -eq 1 ]; then
3959*7c478bd9Sstevel@tonic-gate    add_proxyagent
3960*7c478bd9Sstevel@tonic-gate    allow_proxy_read_pw
3961*7c478bd9Sstevel@tonic-gatefi
3962*7c478bd9Sstevel@tonic-gate
3963*7c478bd9Sstevel@tonic-gate# Generate client profile and add it to the server.
3964*7c478bd9Sstevel@tonic-gateadd_profile
3965*7c478bd9Sstevel@tonic-gate
3966*7c478bd9Sstevel@tonic-gate# Add Indexes to improve Search Performance.
3967*7c478bd9Sstevel@tonic-gateadd_eq_indexes
3968*7c478bd9Sstevel@tonic-gateadd_sub_indexes
3969*7c478bd9Sstevel@tonic-gateadd_vlv_indexes
3970*7c478bd9Sstevel@tonic-gate
3971*7c478bd9Sstevel@tonic-gate# Display setup complete message
3972*7c478bd9Sstevel@tonic-gatedisplay_msg setup_complete
3973*7c478bd9Sstevel@tonic-gate
3974*7c478bd9Sstevel@tonic-gate# Display VLV index commands to be executed on server.
3975*7c478bd9Sstevel@tonic-gatedisplay_vlv_cmds
3976*7c478bd9Sstevel@tonic-gate
3977*7c478bd9Sstevel@tonic-gate# Create config file if requested.
3978*7c478bd9Sstevel@tonic-gate[ -n "$OUTPUT_FILE" ] && create_config_file
3979*7c478bd9Sstevel@tonic-gate
3980*7c478bd9Sstevel@tonic-gate# Removed the TMPDIR and all files in it.
3981*7c478bd9Sstevel@tonic-gatecleanup
3982*7c478bd9Sstevel@tonic-gate
3983*7c478bd9Sstevel@tonic-gateexit 0
3984*7c478bd9Sstevel@tonic-gate# end of MAIN.
3985