17c478bd9Sstevel@tonic-gate#!/bin/sh 27c478bd9Sstevel@tonic-gate# 345916cd2Sjpk# ident "%Z%%M% %I% %E% SMI" 445916cd2Sjpk# 57c478bd9Sstevel@tonic-gate# CDDL HEADER START 67c478bd9Sstevel@tonic-gate# 77c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 845916cd2Sjpk# Common Development and Distribution License (the "License"). 945916cd2Sjpk# You may not use this file except in compliance with the License. 107c478bd9Sstevel@tonic-gate# 117c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 127c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 137c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 147c478bd9Sstevel@tonic-gate# and limitations under the License. 157c478bd9Sstevel@tonic-gate# 167c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 177c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 187c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 197c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 207c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 217c478bd9Sstevel@tonic-gate# 227c478bd9Sstevel@tonic-gate# CDDL HEADER END 237c478bd9Sstevel@tonic-gate# 247c478bd9Sstevel@tonic-gate# 25*cb5caa98Sdjl# idsconfig -- script to setup iDS 5.x/6.x for Native LDAP II. 267c478bd9Sstevel@tonic-gate# 2745916cd2Sjpk# Copyright 2006 Sun Microsystems, Inc. All rights reserved. 287c478bd9Sstevel@tonic-gate# Use is subject to license terms. 297c478bd9Sstevel@tonic-gate# 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate# 327c478bd9Sstevel@tonic-gate# display_msg(): Displays message corresponding to the tag passed in. 337c478bd9Sstevel@tonic-gate# 347c478bd9Sstevel@tonic-gatedisplay_msg() 357c478bd9Sstevel@tonic-gate{ 367c478bd9Sstevel@tonic-gate case "$1" in 377c478bd9Sstevel@tonic-gate usage) cat <<EOF 387c478bd9Sstevel@tonic-gate $PROG: [ -v ] [ -i input file ] [ -o output file ] 397c478bd9Sstevel@tonic-gate i <input file> Get setup info from input file. 407c478bd9Sstevel@tonic-gate o <output file> Generate a server configuration output file. 417c478bd9Sstevel@tonic-gate v Verbose mode 427c478bd9Sstevel@tonic-gateEOF 437c478bd9Sstevel@tonic-gate ;; 447c478bd9Sstevel@tonic-gate backup_server) cat <<EOF 457c478bd9Sstevel@tonic-gateIt is strongly recommended that you BACKUP the directory server 467c478bd9Sstevel@tonic-gatebefore running $PROG. 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gateHit Ctrl-C at any time before the final confirmation to exit. 497c478bd9Sstevel@tonic-gate 507c478bd9Sstevel@tonic-gateEOF 517c478bd9Sstevel@tonic-gate ;; 527c478bd9Sstevel@tonic-gate setup_complete) cat <<EOF 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate$PROG: Setup of iDS server ${IDS_SERVER} is complete. 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gateEOF 577c478bd9Sstevel@tonic-gate ;; 587c478bd9Sstevel@tonic-gate display_vlv_list) cat <<EOF 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gateNote: idsconfig has created entries for VLV indexes. Use the 617c478bd9Sstevel@tonic-gate directoryserver(1m) script on ${IDS_SERVER} to stop 627c478bd9Sstevel@tonic-gate the server and then enter the following vlvindex 637c478bd9Sstevel@tonic-gate sub-commands to create the actual VLV indexes: 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gateEOF 667c478bd9Sstevel@tonic-gate ;; 677c478bd9Sstevel@tonic-gate cred_level_menu) cat <<EOF 687c478bd9Sstevel@tonic-gateThe following are the supported credential levels: 697c478bd9Sstevel@tonic-gate 1 anonymous 707c478bd9Sstevel@tonic-gate 2 proxy 717c478bd9Sstevel@tonic-gate 3 proxy anonymous 72*cb5caa98Sdjl 4 self 73*cb5caa98Sdjl 5 self proxy 74*cb5caa98Sdjl 6 self proxy anonymous 757c478bd9Sstevel@tonic-gateEOF 767c478bd9Sstevel@tonic-gate ;; 777c478bd9Sstevel@tonic-gate auth_method_menu) cat <<EOF 787c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods: 797c478bd9Sstevel@tonic-gate 1 none 807c478bd9Sstevel@tonic-gate 2 simple 817c478bd9Sstevel@tonic-gate 3 sasl/DIGEST-MD5 827c478bd9Sstevel@tonic-gate 4 tls:simple 837c478bd9Sstevel@tonic-gate 5 tls:sasl/DIGEST-MD5 84*cb5caa98Sdjl 6 sasl/GSSAPI 857c478bd9Sstevel@tonic-gateEOF 867c478bd9Sstevel@tonic-gate ;; 877c478bd9Sstevel@tonic-gate srvauth_method_menu) cat <<EOF 887c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods: 897c478bd9Sstevel@tonic-gate 1 simple 907c478bd9Sstevel@tonic-gate 2 sasl/DIGEST-MD5 917c478bd9Sstevel@tonic-gate 3 tls:simple 927c478bd9Sstevel@tonic-gate 4 tls:sasl/DIGEST-MD5 93*cb5caa98Sdjl 5 sasl/GSSAPI 947c478bd9Sstevel@tonic-gateEOF 957c478bd9Sstevel@tonic-gate ;; 967c478bd9Sstevel@tonic-gate prompt_ssd_menu) cat <<EOF 977c478bd9Sstevel@tonic-gate A Add a Service Search Descriptor 987c478bd9Sstevel@tonic-gate D Delete a SSD 997c478bd9Sstevel@tonic-gate M Modify a SSD 1007c478bd9Sstevel@tonic-gate P Display all SSD's 1017c478bd9Sstevel@tonic-gate H Help 1027c478bd9Sstevel@tonic-gate X Clear all SSD's 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate Q Exit menu 1057c478bd9Sstevel@tonic-gateEOF 1067c478bd9Sstevel@tonic-gate ;; 107017e8b01Svl summary_menu) 108017e8b01Svl 109017e8b01Svl SUFFIX_INFO= 110017e8b01Svl DB_INFO= 111017e8b01Svl 112017e8b01Svl [ -n "${NEED_CREATE_SUFFIX}" ] && 113017e8b01Svl { 114017e8b01Svl SUFFIX_INFO=`cat <<EOF 115017e8b01Svl 116017e8b01Svl Suffix to create : $LDAP_SUFFIX 117017e8b01SvlEOF 118017e8b01Svl` 119017e8b01Svl [ -n "${NEED_CREATE_BACKEND}" ] && 120017e8b01Svl DB_INFO=`cat <<EOF 121017e8b01Svl 122017e8b01Svl Database to create : $IDS_DATABASE 123017e8b01SvlEOF 124017e8b01Svl` 125017e8b01Svl } 126017e8b01Svl 127017e8b01Svl cat <<EOF 1287c478bd9Sstevel@tonic-gate Summary of Configuration 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate 1 Domain to serve : $LDAP_DOMAIN 131017e8b01Svl 2 Base DN to setup : $LDAP_BASEDN$SUFFIX_INFO$DB_INFO 1327c478bd9Sstevel@tonic-gate 3 Profile name to create : $LDAP_PROFILE_NAME 1337c478bd9Sstevel@tonic-gate 4 Default Server List : $LDAP_SERVER_LIST 1347c478bd9Sstevel@tonic-gate 5 Preferred Server List : $LDAP_PREF_SRVLIST 1357c478bd9Sstevel@tonic-gate 6 Default Search Scope : $LDAP_SEARCH_SCOPE 1367c478bd9Sstevel@tonic-gate 7 Credential Level : $LDAP_CRED_LEVEL 1377c478bd9Sstevel@tonic-gate 8 Authentication Method : $LDAP_AUTHMETHOD 1387c478bd9Sstevel@tonic-gate 9 Enable Follow Referrals : $LDAP_FOLLOWREF 1397c478bd9Sstevel@tonic-gate 10 iDS Time Limit : $IDS_TIMELIMIT 1407c478bd9Sstevel@tonic-gate 11 iDS Size Limit : $IDS_SIZELIMIT 1417c478bd9Sstevel@tonic-gate 12 Enable crypt password storage : $NEED_CRYPT 1427c478bd9Sstevel@tonic-gate 13 Service Auth Method pam_ldap : $LDAP_SRV_AUTHMETHOD_PAM 1437c478bd9Sstevel@tonic-gate 14 Service Auth Method keyserv : $LDAP_SRV_AUTHMETHOD_KEY 1447c478bd9Sstevel@tonic-gate 15 Service Auth Method passwd-cmd: $LDAP_SRV_AUTHMETHOD_CMD 1457c478bd9Sstevel@tonic-gate 16 Search Time Limit : $LDAP_SEARCH_TIME_LIMIT 1467c478bd9Sstevel@tonic-gate 17 Profile Time to Live : $LDAP_PROFILE_TTL 1477c478bd9Sstevel@tonic-gate 18 Bind Limit : $LDAP_BIND_LIMIT 1487c478bd9Sstevel@tonic-gate 19 Service Search Descriptors Menu 1497c478bd9Sstevel@tonic-gate 150017e8b01SvlEOF 151017e8b01Svl ;; 152017e8b01Svl sfx_not_suitable) cat <<EOF 153017e8b01Svl 154017e8b01SvlSorry, suffix ${LDAP_SUFFIX} is not suitable for Base DN ${LDAP_BASEDN} 155017e8b01Svl 156017e8b01SvlEOF 157017e8b01Svl ;; 158017e8b01Svl obj_not_found) cat <<EOF 159017e8b01Svl 160017e8b01SvlSorry, ${PROG} can't find an objectclass for "$_ATT" attribute 161017e8b01Svl 162017e8b01SvlEOF 163017e8b01Svl ;; 164017e8b01Svl sfx_config_incons) cat <<EOF 165017e8b01Svl 166017e8b01SvlSorry, there is no suffix mapping for ${LDAP_SUFFIX}, 167017e8b01Svlwhile ldbm database exists, server configuration needs to be fixed manually, 168017e8b01Svllook at cn=mapping tree,cn=config and cn=ldbm database,cn=plugins,cn=config 169017e8b01Svl 170017e8b01SvlEOF 171017e8b01Svl ;; 172017e8b01Svl ldbm_db_exist) cat <<EOF 173017e8b01Svl 174017e8b01SvlDatabase "${IDS_DATABASE}" already exists, 175017e8b01Svlhowever "${IDS_DATABASE_AVAIL}" name is available 176017e8b01Svl 177017e8b01SvlEOF 178017e8b01Svl ;; 179017e8b01Svl unable_find_db_name) cat <<EOF 180017e8b01Svl 181017e8b01SvlUnable to find any available database name close to "${IDS_DATABASE}" 182017e8b01Svl 183017e8b01SvlEOF 184017e8b01Svl ;; 185017e8b01Svl create_ldbm_db_error) cat <<EOF 186017e8b01Svl 187017e8b01SvlERROR: unable to create suffix ${LDAP_SUFFIX} 188017e8b01Svl due to server error that occurred during creation of ldbm database 189017e8b01Svl 190017e8b01SvlEOF 191017e8b01Svl ;; 192017e8b01Svl create_suffix_entry_error) cat <<EOF 193017e8b01Svl 194017e8b01SvlERROR: unable to create entry ${LDAP_SUFFIX} of ${LDAP_SUFFIX_OBJ} class 195017e8b01Svl 1967c478bd9Sstevel@tonic-gateEOF 1977c478bd9Sstevel@tonic-gate ;; 1987c478bd9Sstevel@tonic-gate ldap_suffix_list) cat <<EOF 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gateNo valid suffixes (naming contexts) were found for LDAP base DN: 2017c478bd9Sstevel@tonic-gate${LDAP_BASEDN} 2027c478bd9Sstevel@tonic-gate 2037c478bd9Sstevel@tonic-gateAvailable suffixes are: 2047c478bd9Sstevel@tonic-gate${LDAP_SUFFIX_LIST} 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gateEOF 2077c478bd9Sstevel@tonic-gate ;; 2087c478bd9Sstevel@tonic-gate sorry) cat <<EOF 2097c478bd9Sstevel@tonic-gate 2107c478bd9Sstevel@tonic-gateHELP - No help is available for this topic. 2117c478bd9Sstevel@tonic-gate 212017e8b01SvlEOF 213017e8b01Svl ;; 214017e8b01Svl create_suffix_help) cat <<EOF 215017e8b01Svl 216017e8b01SvlHELP - Our Base DN is ${LDAP_BASEDN} 217017e8b01Svl and we need to create a Directory Suffix, 218017e8b01Svl which can be equal to Base DN itself or be any of Base DN parents. 219017e8b01Svl All intermediate entries up to suffix will be created on demand. 220017e8b01Svl 221017e8b01SvlEOF 222017e8b01Svl ;; 223017e8b01Svl enter_ldbm_db_help) cat <<EOF 224017e8b01Svl 225017e8b01SvlHELP - ldbm database is an internal database for storage of our suffix data. 226017e8b01Svl Database name must be alphanumeric due to Directory Server restriction. 227017e8b01Svl 2287c478bd9Sstevel@tonic-gateEOF 2297c478bd9Sstevel@tonic-gate ;; 2307c478bd9Sstevel@tonic-gate backup_help) cat <<EOF 2317c478bd9Sstevel@tonic-gate 2327c478bd9Sstevel@tonic-gateHELP - Since idsconfig modifies the directory server configuration, 2337c478bd9Sstevel@tonic-gate it is strongly recommended that you backup the server prior 2347c478bd9Sstevel@tonic-gate to running this utility. This is especially true if the server 2357c478bd9Sstevel@tonic-gate being configured is a production server. 2367c478bd9Sstevel@tonic-gate 2377c478bd9Sstevel@tonic-gateEOF 2387c478bd9Sstevel@tonic-gate ;; 2397c478bd9Sstevel@tonic-gate port_help) cat <<EOF 2407c478bd9Sstevel@tonic-gate 2417c478bd9Sstevel@tonic-gateHELP - Enter the port number the directory server is configured to 2427c478bd9Sstevel@tonic-gate use for LDAP. 2437c478bd9Sstevel@tonic-gate 2447c478bd9Sstevel@tonic-gateEOF 2457c478bd9Sstevel@tonic-gate ;; 2467c478bd9Sstevel@tonic-gate domain_help) cat <<EOF 2477c478bd9Sstevel@tonic-gate 2487c478bd9Sstevel@tonic-gateHELP - This is the DNS domain name this server will be serving. You 2497c478bd9Sstevel@tonic-gate must provide this name even if the server is not going to be populated 2507c478bd9Sstevel@tonic-gate with hostnames. Any unqualified hostname stored in the directory 2517c478bd9Sstevel@tonic-gate will be fully qualified using this DNS domain name. 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gateEOF 2547c478bd9Sstevel@tonic-gate ;; 2557c478bd9Sstevel@tonic-gate basedn_help) cat <<EOF 2567c478bd9Sstevel@tonic-gate 2577c478bd9Sstevel@tonic-gateHELP - This parameter defines the default location in the directory tree for 2587c478bd9Sstevel@tonic-gate the naming services entries. You can override this default by using 2597c478bd9Sstevel@tonic-gate serviceSearchDescriptors (SSD). You will be given the option to set up 2607c478bd9Sstevel@tonic-gate an SSD later on in the setup. 2617c478bd9Sstevel@tonic-gate 2627c478bd9Sstevel@tonic-gateEOF 2637c478bd9Sstevel@tonic-gate ;; 2647c478bd9Sstevel@tonic-gate profile_help) cat <<EOF 2657c478bd9Sstevel@tonic-gate 2667c478bd9Sstevel@tonic-gateHELP - Name of the configuration profile with which the clients will be 2677c478bd9Sstevel@tonic-gate configured. A directory server can store various profiles for multiple 2687c478bd9Sstevel@tonic-gate groups of clients. The initialization tool, (ldapclient(1M)), assumes 2697c478bd9Sstevel@tonic-gate "default" unless another is specified. 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gateEOF 2727c478bd9Sstevel@tonic-gate ;; 2737c478bd9Sstevel@tonic-gate def_srvlist_help) cat <<EOF 2747c478bd9Sstevel@tonic-gate 2757c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve clients using this profile. 2767c478bd9Sstevel@tonic-gate All these servers should contain consistent data and provide similar 2777c478bd9Sstevel@tonic-gate functionality. This list is not ordered, and clients might change the 2787c478bd9Sstevel@tonic-gate order given in this list. Note that this is a space separated list of 2797c478bd9Sstevel@tonic-gate *IP addresses* (not host names). Providing port numbers is optional. 2807c478bd9Sstevel@tonic-gate 2817c478bd9Sstevel@tonic-gateEOF 2827c478bd9Sstevel@tonic-gate ;; 2837c478bd9Sstevel@tonic-gate pref_srvlist_help) cat <<EOF 2847c478bd9Sstevel@tonic-gate 2857c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve this client profile. 2867c478bd9Sstevel@tonic-gate Unlike the default server list, which is not ordered, the preferred 2877c478bd9Sstevel@tonic-gate servers must be entered IN THE ORDER you wish to have them contacted. 2887c478bd9Sstevel@tonic-gate If you do specify a preferred server list, clients will always contact 2897c478bd9Sstevel@tonic-gate them before attempting to contact any of the servers on the default 2907c478bd9Sstevel@tonic-gate server list. Note that you must enter the preferred server list as a 2917c478bd9Sstevel@tonic-gate space-separated list of *IP addresses* (not host names). Providing port 2927c478bd9Sstevel@tonic-gate numbers is optional. 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gateEOF 2957c478bd9Sstevel@tonic-gate ;; 2967c478bd9Sstevel@tonic-gate srch_scope_help) cat <<EOF 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gateHELP - Default search scope to be used for all searches unless they are 2997c478bd9Sstevel@tonic-gate overwritten using serviceSearchDescriptors. The valid options 3007c478bd9Sstevel@tonic-gate are "one", which would specify the search will only be performed 3017c478bd9Sstevel@tonic-gate at the base DN for the given service, or "sub", which would specify 3027c478bd9Sstevel@tonic-gate the search will be performed through *all* levels below the base DN 3037c478bd9Sstevel@tonic-gate for the given service. 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gateEOF 3067c478bd9Sstevel@tonic-gate ;; 3077c478bd9Sstevel@tonic-gate cred_lvl_help) cat <<EOF 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gateHELP - This parameter defines what credentials the clients use to 3107c478bd9Sstevel@tonic-gate authenticate to the directory server. This list might contain 3117c478bd9Sstevel@tonic-gate multiple credential levels and is ordered. If a proxy level 3127c478bd9Sstevel@tonic-gate is configured, you will also be prompted to enter a bind DN 3137c478bd9Sstevel@tonic-gate for the proxy agent along with a password. This proxy agent 3147c478bd9Sstevel@tonic-gate will be created if it does not exist. 3157c478bd9Sstevel@tonic-gate 3167c478bd9Sstevel@tonic-gateEOF 3177c478bd9Sstevel@tonic-gate ;; 3187c478bd9Sstevel@tonic-gate auth_help) cat <<EOF 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gateHELP - The default authentication method(s) to be used by all services 3217c478bd9Sstevel@tonic-gate in the client using this profile. This is a ordered list of 3227c478bd9Sstevel@tonic-gate authentication methods separated by a ';'. The supported methods 3237c478bd9Sstevel@tonic-gate are provided in a menu. Note that sasl/DIGEST-MD5 binds require 3247c478bd9Sstevel@tonic-gate passwords to be stored un-encrypted on the server. 3257c478bd9Sstevel@tonic-gate 3267c478bd9Sstevel@tonic-gateEOF 3277c478bd9Sstevel@tonic-gate ;; 3287c478bd9Sstevel@tonic-gate srvauth_help) cat <<EOF 3297c478bd9Sstevel@tonic-gate 3307c478bd9Sstevel@tonic-gateHELP - The authentication methods to be used by a given service. Currently 3317c478bd9Sstevel@tonic-gate 3 services support this feature: pam_ldap, keyserv, and passwd-cmd. 3327c478bd9Sstevel@tonic-gate The authentication method specified in this attribute overrides 3337c478bd9Sstevel@tonic-gate the default authentication method defined in the profile. This 3347c478bd9Sstevel@tonic-gate feature can be used to select stronger authentication methods for 3357c478bd9Sstevel@tonic-gate services which require increased security. 3367c478bd9Sstevel@tonic-gate 3377c478bd9Sstevel@tonic-gateEOF 3387c478bd9Sstevel@tonic-gate ;; 3397c478bd9Sstevel@tonic-gate pam_ldap_help) cat <<EOF 3407c478bd9Sstevel@tonic-gate 3417c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by pam_ldap when contacting 3427c478bd9Sstevel@tonic-gate the directory server. This is a ordered list, and, if provided, will 3437c478bd9Sstevel@tonic-gate override the default authentication method parameter. 3447c478bd9Sstevel@tonic-gate 3457c478bd9Sstevel@tonic-gateEOF 3467c478bd9Sstevel@tonic-gate ;; 3477c478bd9Sstevel@tonic-gate keyserv_help) cat <<EOF 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by newkey(1M) and chkey(1) 3507c478bd9Sstevel@tonic-gate when contacting the directory server. This is a ordered list and 3517c478bd9Sstevel@tonic-gate if provided will override the default authentication method 3527c478bd9Sstevel@tonic-gate parameter. 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gateEOF 3557c478bd9Sstevel@tonic-gate ;; 3567c478bd9Sstevel@tonic-gate passwd-cmd_help) cat <<EOF 3577c478bd9Sstevel@tonic-gate 3587c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by passwd(1) command when 3597c478bd9Sstevel@tonic-gate contacting the directory server. This is a ordered list and if 3607c478bd9Sstevel@tonic-gate provided will override the default authentication method parameter. 3617c478bd9Sstevel@tonic-gate 3627c478bd9Sstevel@tonic-gateEOF 3637c478bd9Sstevel@tonic-gate ;; 3647c478bd9Sstevel@tonic-gate referrals_help) cat <<EOF 3657c478bd9Sstevel@tonic-gate 3667c478bd9Sstevel@tonic-gateHELP - This parameter indicates whether the client should follow 3677c478bd9Sstevel@tonic-gate ldap referrals if it encounters one during naming lookups. 3687c478bd9Sstevel@tonic-gate 3697c478bd9Sstevel@tonic-gateEOF 3707c478bd9Sstevel@tonic-gate ;; 3717c478bd9Sstevel@tonic-gate tlim_help) cat <<EOF 3727c478bd9Sstevel@tonic-gate 3737c478bd9Sstevel@tonic-gateHELP - The server time limit value indicates the maximum amount of time the 3747c478bd9Sstevel@tonic-gate server would spend on a query from the client before abandoning it. 3757c478bd9Sstevel@tonic-gate A value of '-1' indicates no limit. 3767c478bd9Sstevel@tonic-gate 3777c478bd9Sstevel@tonic-gateEOF 3787c478bd9Sstevel@tonic-gate ;; 3797c478bd9Sstevel@tonic-gate slim_help) cat <<EOF 3807c478bd9Sstevel@tonic-gate 3817c478bd9Sstevel@tonic-gateHELP - The server sizelimit value indicates the maximum number of entries 3827c478bd9Sstevel@tonic-gate the server would return in respond to a query from the client. A 3837c478bd9Sstevel@tonic-gate value of '-1' indicates no limit. 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gateEOF 3867c478bd9Sstevel@tonic-gate ;; 3877c478bd9Sstevel@tonic-gate crypt_help) cat <<EOF 3887c478bd9Sstevel@tonic-gate 3897c478bd9Sstevel@tonic-gateHELP - By default iDS does not store userPassword attribute values using 3907c478bd9Sstevel@tonic-gate unix "crypt" format. If you need to keep your passwords in the crypt 3917c478bd9Sstevel@tonic-gate format for NIS/NIS+ and pam_unix compatibility, choose 'yes'. If 3927c478bd9Sstevel@tonic-gate passwords are stored using any other format than crypt, pam_ldap 3937c478bd9Sstevel@tonic-gate MUST be used by clients to authenticate users to the system. Note 3947c478bd9Sstevel@tonic-gate that if you wish to use sasl/DIGEST-MD5 in conjunction with pam_ldap, 3957c478bd9Sstevel@tonic-gate user passwords must be stored in the clear format. 3967c478bd9Sstevel@tonic-gate 3977c478bd9Sstevel@tonic-gateEOF 3987c478bd9Sstevel@tonic-gate ;; 3997c478bd9Sstevel@tonic-gate srchtime_help) cat <<EOF 4007c478bd9Sstevel@tonic-gate 4017c478bd9Sstevel@tonic-gateHELP - The search time limit the client will enforce for directory 4027c478bd9Sstevel@tonic-gate lookups. 4037c478bd9Sstevel@tonic-gate 4047c478bd9Sstevel@tonic-gateEOF 4057c478bd9Sstevel@tonic-gate ;; 4067c478bd9Sstevel@tonic-gate profttl_help) cat <<EOF 4077c478bd9Sstevel@tonic-gate 4087c478bd9Sstevel@tonic-gateHELP - The time to live value for profile. The client will refresh its 4097c478bd9Sstevel@tonic-gate cached version of the configuration profile at this TTL interval. 4107c478bd9Sstevel@tonic-gate 4117c478bd9Sstevel@tonic-gateEOF 4127c478bd9Sstevel@tonic-gate ;; 4137c478bd9Sstevel@tonic-gate bindlim_help) cat <<EOF 4147c478bd9Sstevel@tonic-gate 4157c478bd9Sstevel@tonic-gateHELP - The time limit for the bind operation to the directory. This 4167c478bd9Sstevel@tonic-gate value controls the responsiveness of the client in case a server 4177c478bd9Sstevel@tonic-gate becomes unavailable. The smallest timeout value for a given 4187c478bd9Sstevel@tonic-gate network architecture/conditions would work best. This is very 4197c478bd9Sstevel@tonic-gate similar to setting TCP timeout, but only for LDAP bind operation. 4207c478bd9Sstevel@tonic-gate 4217c478bd9Sstevel@tonic-gateEOF 4227c478bd9Sstevel@tonic-gate ;; 4237c478bd9Sstevel@tonic-gate ssd_help) cat <<EOF 4247c478bd9Sstevel@tonic-gate 4257c478bd9Sstevel@tonic-gateHELP - Using Service Search Descriptors (SSD), you can override the 4267c478bd9Sstevel@tonic-gate default configuration for a given service. The SSD can be 4277c478bd9Sstevel@tonic-gate used to override the default search base DN, the default search 4287c478bd9Sstevel@tonic-gate scope, and the default search filter to be used for directory 4297c478bd9Sstevel@tonic-gate lookups. SSD are supported for all services (databases) 4307c478bd9Sstevel@tonic-gate defined in nsswitch.conf(4). The default base DN is defined 4317c478bd9Sstevel@tonic-gate in ldap(1). 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate Note: SSD are powerful tools in defining configuration profiles 4347c478bd9Sstevel@tonic-gate and provide a great deal of flexibility. However, care 4357c478bd9Sstevel@tonic-gate must be taken in creating them. If you decide to make use 4367c478bd9Sstevel@tonic-gate of SSDs, consult the documentation first. 4377c478bd9Sstevel@tonic-gate 4387c478bd9Sstevel@tonic-gateEOF 4397c478bd9Sstevel@tonic-gate ;; 4407c478bd9Sstevel@tonic-gate ssd_menu_help) cat <<EOF 4417c478bd9Sstevel@tonic-gate 4427c478bd9Sstevel@tonic-gateHELP - Using this menu SSD can be added, updated, or deleted from 4437c478bd9Sstevel@tonic-gate the profile. 4447c478bd9Sstevel@tonic-gate 4457c478bd9Sstevel@tonic-gate A - This option creates a new SSD by prompting for the 4467c478bd9Sstevel@tonic-gate service name, base DN, and scope. Service name is 4477c478bd9Sstevel@tonic-gate any valid service as defined in ldap(1). base is 4487c478bd9Sstevel@tonic-gate either the distinguished name to the container where 4497c478bd9Sstevel@tonic-gate this service will use, or a relative DN followed 4507c478bd9Sstevel@tonic-gate by a ','. 4517c478bd9Sstevel@tonic-gate D - Delete a previously created SSD. 4527c478bd9Sstevel@tonic-gate M - Modify a previously created SSD. 4537c478bd9Sstevel@tonic-gate P - Display a list of all the previously created SSD. 4547c478bd9Sstevel@tonic-gate X - Delete all of the previously created SSD. 4557c478bd9Sstevel@tonic-gate 4567c478bd9Sstevel@tonic-gate Q - Exit the menu and continue with the server configuration. 4577c478bd9Sstevel@tonic-gate 4587c478bd9Sstevel@tonic-gateEOF 4597c478bd9Sstevel@tonic-gate ;; 4607c478bd9Sstevel@tonic-gate ldap_suffix_list_help) cat <<EOF 4617c478bd9Sstevel@tonic-gate 4627c478bd9Sstevel@tonic-gateHELP - No valid suffixes (naming contexts) are available on server 4637c478bd9Sstevel@tonic-gate ${IDS_SERVER}:${IDS_PORT}. 4647c478bd9Sstevel@tonic-gate You must set an LDAP Base DN that can be contained in 4657c478bd9Sstevel@tonic-gate an existing suffix. 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gateEOF 4687c478bd9Sstevel@tonic-gate ;; 4697c478bd9Sstevel@tonic-gate esac 4707c478bd9Sstevel@tonic-gate} 4717c478bd9Sstevel@tonic-gate 4727c478bd9Sstevel@tonic-gate 4737c478bd9Sstevel@tonic-gate# 4747c478bd9Sstevel@tonic-gate# get_ans(): gets an answer from the user. 4757c478bd9Sstevel@tonic-gate# $1 instruction/comment/description/question 4767c478bd9Sstevel@tonic-gate# $2 default value 4777c478bd9Sstevel@tonic-gate# 4787c478bd9Sstevel@tonic-gateget_ans() 4797c478bd9Sstevel@tonic-gate{ 4807c478bd9Sstevel@tonic-gate if [ -z "$2" ] 4817c478bd9Sstevel@tonic-gate then 4827c478bd9Sstevel@tonic-gate ${ECHO} "$1 \c" 4837c478bd9Sstevel@tonic-gate else 4847c478bd9Sstevel@tonic-gate ${ECHO} "$1 [$2] \c" 4857c478bd9Sstevel@tonic-gate fi 4867c478bd9Sstevel@tonic-gate 4877c478bd9Sstevel@tonic-gate read ANS 4887c478bd9Sstevel@tonic-gate if [ -z "$ANS" ] 4897c478bd9Sstevel@tonic-gate then 4907c478bd9Sstevel@tonic-gate ANS=$2 4917c478bd9Sstevel@tonic-gate fi 4927c478bd9Sstevel@tonic-gate} 4937c478bd9Sstevel@tonic-gate 4947c478bd9Sstevel@tonic-gate 4957c478bd9Sstevel@tonic-gate# 4967c478bd9Sstevel@tonic-gate# get_ans_req(): gets an answer (required) from the user, NULL value not allowed. 4977c478bd9Sstevel@tonic-gate# $@ instruction/comment/description/question 4987c478bd9Sstevel@tonic-gate# 4997c478bd9Sstevel@tonic-gateget_ans_req() 5007c478bd9Sstevel@tonic-gate{ 5017c478bd9Sstevel@tonic-gate ANS="" # Set ANS to NULL. 5027c478bd9Sstevel@tonic-gate while [ "$ANS" = "" ] 5037c478bd9Sstevel@tonic-gate do 5047c478bd9Sstevel@tonic-gate get_ans "$@" 5057c478bd9Sstevel@tonic-gate [ "$ANS" = "" ] && ${ECHO} "NULL value not allowed!" 5067c478bd9Sstevel@tonic-gate done 5077c478bd9Sstevel@tonic-gate} 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate 5107c478bd9Sstevel@tonic-gate# 5117c478bd9Sstevel@tonic-gate# get_number(): Querys and verifies that number entered is numeric. 5127c478bd9Sstevel@tonic-gate# Function will repeat prompt user for number value. 5137c478bd9Sstevel@tonic-gate# $1 Message text. 5147c478bd9Sstevel@tonic-gate# $2 default value. 5157c478bd9Sstevel@tonic-gate# $3 Help argument. 5167c478bd9Sstevel@tonic-gate# 5177c478bd9Sstevel@tonic-gateget_number() 5187c478bd9Sstevel@tonic-gate{ 5197c478bd9Sstevel@tonic-gate ANS="" # Set ANS to NULL. 5207c478bd9Sstevel@tonic-gate NUM="" 5217c478bd9Sstevel@tonic-gate 5227c478bd9Sstevel@tonic-gate get_ans "$1" "$2" 5237c478bd9Sstevel@tonic-gate 5247c478bd9Sstevel@tonic-gate # Verify that value is numeric. 5257c478bd9Sstevel@tonic-gate while not_numeric $ANS 5267c478bd9Sstevel@tonic-gate do 5277c478bd9Sstevel@tonic-gate case "$ANS" in 5287c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 5297c478bd9Sstevel@tonic-gate * ) ${ECHO} "Invalid value: \"${ANS}\". \c" 5307c478bd9Sstevel@tonic-gate ;; 5317c478bd9Sstevel@tonic-gate esac 5327c478bd9Sstevel@tonic-gate # Get a new value. 5337c478bd9Sstevel@tonic-gate get_ans "Enter a numeric value:" "$2" 5347c478bd9Sstevel@tonic-gate done 5357c478bd9Sstevel@tonic-gate NUM=$ANS 5367c478bd9Sstevel@tonic-gate} 5377c478bd9Sstevel@tonic-gate 5387c478bd9Sstevel@tonic-gate 5397c478bd9Sstevel@tonic-gate# 5407c478bd9Sstevel@tonic-gate# get_negone_num(): Only allows a -1 or positive integer. 5417c478bd9Sstevel@tonic-gate# Used for values where -1 has special meaning. 5427c478bd9Sstevel@tonic-gate# 5437c478bd9Sstevel@tonic-gate# $1 - Prompt message. 5447c478bd9Sstevel@tonic-gate# $2 - Default value (require). 5457c478bd9Sstevel@tonic-gate# $3 - Optional help argument. 5467c478bd9Sstevel@tonic-gateget_negone_num() 5477c478bd9Sstevel@tonic-gate{ 5487c478bd9Sstevel@tonic-gate while : 5497c478bd9Sstevel@tonic-gate do 5507c478bd9Sstevel@tonic-gate get_number "$1" "$2" "$3" 5517c478bd9Sstevel@tonic-gate if is_negative $ANS 5527c478bd9Sstevel@tonic-gate then 5537c478bd9Sstevel@tonic-gate if [ "$ANS" = "-1" ]; then 5547c478bd9Sstevel@tonic-gate break # -1 is OK, so break. 5557c478bd9Sstevel@tonic-gate else # Need to re-enter number. 5567c478bd9Sstevel@tonic-gate ${ECHO} "Invalid number: please enter -1 or positive number." 5577c478bd9Sstevel@tonic-gate fi 5587c478bd9Sstevel@tonic-gate else 5597c478bd9Sstevel@tonic-gate break # Positive number 5607c478bd9Sstevel@tonic-gate fi 5617c478bd9Sstevel@tonic-gate done 5627c478bd9Sstevel@tonic-gate} 5637c478bd9Sstevel@tonic-gate 5647c478bd9Sstevel@tonic-gate 5657c478bd9Sstevel@tonic-gate# 5667c478bd9Sstevel@tonic-gate# get_passwd(): Reads a password from the user and verify with second. 5677c478bd9Sstevel@tonic-gate# $@ instruction/comment/description/question 5687c478bd9Sstevel@tonic-gate# 5697c478bd9Sstevel@tonic-gateget_passwd() 5707c478bd9Sstevel@tonic-gate{ 5717c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd()" 5727c478bd9Sstevel@tonic-gate 5737c478bd9Sstevel@tonic-gate # Temporary PASSWD variables 5747c478bd9Sstevel@tonic-gate _PASS1="" 5757c478bd9Sstevel@tonic-gate _PASS2="" 5767c478bd9Sstevel@tonic-gate 5777c478bd9Sstevel@tonic-gate /usr/bin/stty -echo # Turn echo OFF 5787c478bd9Sstevel@tonic-gate 5797c478bd9Sstevel@tonic-gate # Endless loop that continues until passwd and re-entered passwd 5807c478bd9Sstevel@tonic-gate # match. 5817c478bd9Sstevel@tonic-gate while : 5827c478bd9Sstevel@tonic-gate do 5837c478bd9Sstevel@tonic-gate ANS="" # Set ANS to NULL. 5847c478bd9Sstevel@tonic-gate 5857c478bd9Sstevel@tonic-gate # Don't allow NULL for first try. 5867c478bd9Sstevel@tonic-gate while [ "$ANS" = "" ] 5877c478bd9Sstevel@tonic-gate do 5887c478bd9Sstevel@tonic-gate get_ans "$@" 5897c478bd9Sstevel@tonic-gate [ "$ANS" = "" ] && ${ECHO} "" && ${ECHO} "NULL passwd not allowed!" 5907c478bd9Sstevel@tonic-gate done 5917c478bd9Sstevel@tonic-gate _PASS1=$ANS # Store first try. 5927c478bd9Sstevel@tonic-gate 5937c478bd9Sstevel@tonic-gate # Get second try. 5947c478bd9Sstevel@tonic-gate ${ECHO} "" 5957c478bd9Sstevel@tonic-gate get_ans "Re-enter passwd:" 5967c478bd9Sstevel@tonic-gate _PASS2=$ANS 5977c478bd9Sstevel@tonic-gate 5987c478bd9Sstevel@tonic-gate # Test if passwords are identical. 5997c478bd9Sstevel@tonic-gate if [ "$_PASS1" = "$_PASS2" ]; then 6007c478bd9Sstevel@tonic-gate break 6017c478bd9Sstevel@tonic-gate fi 6027c478bd9Sstevel@tonic-gate 6037c478bd9Sstevel@tonic-gate # Move cursor down to next line and print ERROR message. 6047c478bd9Sstevel@tonic-gate ${ECHO} "" 6057c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: passwords don't match; try again." 6067c478bd9Sstevel@tonic-gate done 6077c478bd9Sstevel@tonic-gate 6087c478bd9Sstevel@tonic-gate /usr/bin/stty echo # Turn echo ON 6097c478bd9Sstevel@tonic-gate 6107c478bd9Sstevel@tonic-gate ${ECHO} "" 6117c478bd9Sstevel@tonic-gate} 6127c478bd9Sstevel@tonic-gate 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate# 6157c478bd9Sstevel@tonic-gate# get_passwd_nochk(): Reads a password from the user w/o check. 6167c478bd9Sstevel@tonic-gate# $@ instruction/comment/description/question 6177c478bd9Sstevel@tonic-gate# 6187c478bd9Sstevel@tonic-gateget_passwd_nochk() 6197c478bd9Sstevel@tonic-gate{ 6207c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd_nochk()" 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate /usr/bin/stty -echo # Turn echo OFF 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate get_ans "$@" 6257c478bd9Sstevel@tonic-gate 6267c478bd9Sstevel@tonic-gate /usr/bin/stty echo # Turn echo ON 6277c478bd9Sstevel@tonic-gate 6287c478bd9Sstevel@tonic-gate ${ECHO} "" 6297c478bd9Sstevel@tonic-gate} 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate 6327c478bd9Sstevel@tonic-gate# 6337c478bd9Sstevel@tonic-gate# get_menu_choice(): Get a menu choice from user. Continue prompting 6347c478bd9Sstevel@tonic-gate# till the choice is in required range. 6357c478bd9Sstevel@tonic-gate# $1 .. Message text. 6367c478bd9Sstevel@tonic-gate# $2 .. min value 6377c478bd9Sstevel@tonic-gate# $3 .. max value 6387c478bd9Sstevel@tonic-gate# $4 .. OPTIONAL: default value 6397c478bd9Sstevel@tonic-gate# 6407c478bd9Sstevel@tonic-gate# Return value: 6417c478bd9Sstevel@tonic-gate# MN_CH will contain the value selected. 6427c478bd9Sstevel@tonic-gate# 6437c478bd9Sstevel@tonic-gateget_menu_choice() 6447c478bd9Sstevel@tonic-gate{ 6457c478bd9Sstevel@tonic-gate # Check for req parameter. 6467c478bd9Sstevel@tonic-gate if [ $# -lt 3 ]; then 6477c478bd9Sstevel@tonic-gate ${ECHO} "get_menu_choice(): Did not get required parameters." 6487c478bd9Sstevel@tonic-gate return 1 6497c478bd9Sstevel@tonic-gate fi 6507c478bd9Sstevel@tonic-gate 6517c478bd9Sstevel@tonic-gate while : 6527c478bd9Sstevel@tonic-gate do 6537c478bd9Sstevel@tonic-gate get_ans "$1" "$4" 6547c478bd9Sstevel@tonic-gate MN_CH=$ANS 6557c478bd9Sstevel@tonic-gate is_negative $MN_CH 6567c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 6577c478bd9Sstevel@tonic-gate if [ $MN_CH -ge $2 ]; then 6587c478bd9Sstevel@tonic-gate if [ $MN_CH -le $3 ]; then 6597c478bd9Sstevel@tonic-gate return 6607c478bd9Sstevel@tonic-gate fi 6617c478bd9Sstevel@tonic-gate fi 6627c478bd9Sstevel@tonic-gate fi 6637c478bd9Sstevel@tonic-gate ${ECHO} "Invalid choice: $MN_CH" 6647c478bd9Sstevel@tonic-gate done 6657c478bd9Sstevel@tonic-gate} 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate 6687c478bd9Sstevel@tonic-gate# 6697c478bd9Sstevel@tonic-gate# get_confirm(): Get confirmation from the user. (Y/Yes or N/No) 6707c478bd9Sstevel@tonic-gate# $1 - Message 6717c478bd9Sstevel@tonic-gate# $2 - default value. 6727c478bd9Sstevel@tonic-gate# 6737c478bd9Sstevel@tonic-gateget_confirm() 6747c478bd9Sstevel@tonic-gate{ 6757c478bd9Sstevel@tonic-gate _ANSWER= 6767c478bd9Sstevel@tonic-gate 6777c478bd9Sstevel@tonic-gate while : 6787c478bd9Sstevel@tonic-gate do 6797c478bd9Sstevel@tonic-gate # Display Internal ERROR if $2 not set. 6807c478bd9Sstevel@tonic-gate if [ -z "$2" ] 6817c478bd9Sstevel@tonic-gate then 6827c478bd9Sstevel@tonic-gate ${ECHO} "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional." 6837c478bd9Sstevel@tonic-gate exit 2 6847c478bd9Sstevel@tonic-gate fi 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate # Display prompt. 6877c478bd9Sstevel@tonic-gate ${ECHO} "$1 [$2] \c" 6887c478bd9Sstevel@tonic-gate 6897c478bd9Sstevel@tonic-gate # Get the ANSWER. 6907c478bd9Sstevel@tonic-gate read _ANSWER 6917c478bd9Sstevel@tonic-gate if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then 6927c478bd9Sstevel@tonic-gate _ANSWER=$2 6937c478bd9Sstevel@tonic-gate fi 6947c478bd9Sstevel@tonic-gate case "$_ANSWER" in 6957c478bd9Sstevel@tonic-gate [Yy] | yes | Yes | YES) return 1 ;; 6967c478bd9Sstevel@tonic-gate [Nn] | no | No | NO) return 0 ;; 6977c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg ${3:-sorry};; 6987c478bd9Sstevel@tonic-gate * ) ${ECHO} "Please enter y or n." ;; 6997c478bd9Sstevel@tonic-gate esac 7007c478bd9Sstevel@tonic-gate done 7017c478bd9Sstevel@tonic-gate} 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate# 7057c478bd9Sstevel@tonic-gate# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No) 7067c478bd9Sstevel@tonic-gate# No default value supported. 7077c478bd9Sstevel@tonic-gate# 7087c478bd9Sstevel@tonic-gateget_confirm_nodef() 7097c478bd9Sstevel@tonic-gate{ 7107c478bd9Sstevel@tonic-gate _ANSWER= 7117c478bd9Sstevel@tonic-gate 7127c478bd9Sstevel@tonic-gate while : 7137c478bd9Sstevel@tonic-gate do 7147c478bd9Sstevel@tonic-gate ${ECHO} "$@ \c" 7157c478bd9Sstevel@tonic-gate read _ANSWER 7167c478bd9Sstevel@tonic-gate case "$_ANSWER" in 7177c478bd9Sstevel@tonic-gate [Yy] | yes | Yes | YES) return 1 ;; 7187c478bd9Sstevel@tonic-gate [Nn] | no | No | NO) return 0 ;; 7197c478bd9Sstevel@tonic-gate * ) ${ECHO} "Please enter y or n." ;; 7207c478bd9Sstevel@tonic-gate esac 7217c478bd9Sstevel@tonic-gate done 7227c478bd9Sstevel@tonic-gate} 7237c478bd9Sstevel@tonic-gate 7247c478bd9Sstevel@tonic-gate 7257c478bd9Sstevel@tonic-gate# 7267c478bd9Sstevel@tonic-gate# is_numeric(): Tells is a string is numeric. 7277c478bd9Sstevel@tonic-gate# 0 = Numeric 7287c478bd9Sstevel@tonic-gate# 1 = NOT Numeric 7297c478bd9Sstevel@tonic-gate# 7307c478bd9Sstevel@tonic-gateis_numeric() 7317c478bd9Sstevel@tonic-gate{ 7327c478bd9Sstevel@tonic-gate # Check for parameter. 7337c478bd9Sstevel@tonic-gate if [ $# -ne 1 ]; then 7347c478bd9Sstevel@tonic-gate return 1 7357c478bd9Sstevel@tonic-gate fi 7367c478bd9Sstevel@tonic-gate 7377c478bd9Sstevel@tonic-gate # Determine if numeric. 7387c478bd9Sstevel@tonic-gate expr "$1" + 1 > /dev/null 2>&1 7397c478bd9Sstevel@tonic-gate if [ $? -ge 2 ]; then 7407c478bd9Sstevel@tonic-gate return 1 7417c478bd9Sstevel@tonic-gate fi 7427c478bd9Sstevel@tonic-gate 7437c478bd9Sstevel@tonic-gate # Made it here, it's Numeric. 7447c478bd9Sstevel@tonic-gate return 0 7457c478bd9Sstevel@tonic-gate} 7467c478bd9Sstevel@tonic-gate 7477c478bd9Sstevel@tonic-gate 7487c478bd9Sstevel@tonic-gate# 7497c478bd9Sstevel@tonic-gate# not_numeric(): Reverses the return values of is_numeric. Useful 7507c478bd9Sstevel@tonic-gate# for if and while statements that want to test for 7517c478bd9Sstevel@tonic-gate# non-numeric data. 7527c478bd9Sstevel@tonic-gate# 0 = NOT Numeric 7537c478bd9Sstevel@tonic-gate# 1 = Numeric 7547c478bd9Sstevel@tonic-gate# 7557c478bd9Sstevel@tonic-gatenot_numeric() 7567c478bd9Sstevel@tonic-gate{ 7577c478bd9Sstevel@tonic-gate is_numeric $1 7587c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 7597c478bd9Sstevel@tonic-gate return 1 7607c478bd9Sstevel@tonic-gate else 7617c478bd9Sstevel@tonic-gate return 0 7627c478bd9Sstevel@tonic-gate fi 7637c478bd9Sstevel@tonic-gate} 7647c478bd9Sstevel@tonic-gate 7657c478bd9Sstevel@tonic-gate 7667c478bd9Sstevel@tonic-gate# 7677c478bd9Sstevel@tonic-gate# is_negative(): Tells is a Numeric value is less than zero. 7687c478bd9Sstevel@tonic-gate# 0 = Negative Numeric 7697c478bd9Sstevel@tonic-gate# 1 = Positive Numeric 7707c478bd9Sstevel@tonic-gate# 2 = NOT Numeric 7717c478bd9Sstevel@tonic-gate# 7727c478bd9Sstevel@tonic-gateis_negative() 7737c478bd9Sstevel@tonic-gate{ 7747c478bd9Sstevel@tonic-gate # Check for parameter. 7757c478bd9Sstevel@tonic-gate if [ $# -ne 1 ]; then 7767c478bd9Sstevel@tonic-gate return 1 7777c478bd9Sstevel@tonic-gate fi 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate # Determine if numeric. Can't use expr because -0 is 7807c478bd9Sstevel@tonic-gate # considered positive?? 7817c478bd9Sstevel@tonic-gate if is_numeric $1; then 7827c478bd9Sstevel@tonic-gate case "$1" in 7837c478bd9Sstevel@tonic-gate -*) return 0 ;; # Negative Numeric 7847c478bd9Sstevel@tonic-gate *) return 1 ;; # Positive Numeric 7857c478bd9Sstevel@tonic-gate esac 7867c478bd9Sstevel@tonic-gate else 7877c478bd9Sstevel@tonic-gate return 2 7887c478bd9Sstevel@tonic-gate fi 7897c478bd9Sstevel@tonic-gate} 7907c478bd9Sstevel@tonic-gate 7917c478bd9Sstevel@tonic-gate 7927c478bd9Sstevel@tonic-gate# 7937c478bd9Sstevel@tonic-gate# check_domainname(): check validity of a domain name. Currently we check 7947c478bd9Sstevel@tonic-gate# that it has at least two components. 7957c478bd9Sstevel@tonic-gate# $1 the domain name to be checked 7967c478bd9Sstevel@tonic-gate# 7977c478bd9Sstevel@tonic-gatecheck_domainname() 7987c478bd9Sstevel@tonic-gate{ 7997c478bd9Sstevel@tonic-gate if [ ! -z "$1" ] 8007c478bd9Sstevel@tonic-gate then 8017c478bd9Sstevel@tonic-gate t=`expr "$1" : '[^.]\{1,\}[.][^.]\{1,\}'` 8027c478bd9Sstevel@tonic-gate if [ "$t" = 0 ] 8037c478bd9Sstevel@tonic-gate then 8047c478bd9Sstevel@tonic-gate return 1 8057c478bd9Sstevel@tonic-gate fi 8067c478bd9Sstevel@tonic-gate fi 8077c478bd9Sstevel@tonic-gate return 0 8087c478bd9Sstevel@tonic-gate} 8097c478bd9Sstevel@tonic-gate 8107c478bd9Sstevel@tonic-gate 8117c478bd9Sstevel@tonic-gate# 8127c478bd9Sstevel@tonic-gate# check_baseDN(): check validity of the baseDN name. 8137c478bd9Sstevel@tonic-gate# $1 the baseDN name to be checked 8147c478bd9Sstevel@tonic-gate# 8157c478bd9Sstevel@tonic-gate# NOTE: The check_baseDN function does not catch all invalid DN's. 8167c478bd9Sstevel@tonic-gate# Its purpose is to reduce the number of invalid DN's to 8177c478bd9Sstevel@tonic-gate# get past the input routine. The invalid DN's will be 8187c478bd9Sstevel@tonic-gate# caught by the LDAP server when they are attempted to be 8197c478bd9Sstevel@tonic-gate# created. 8207c478bd9Sstevel@tonic-gate# 8217c478bd9Sstevel@tonic-gatecheck_baseDN() 8227c478bd9Sstevel@tonic-gate{ 8237c478bd9Sstevel@tonic-gate ck_DN=$1 8247c478bd9Sstevel@tonic-gate ${ECHO} " Checking LDAP Base DN ..." 8257c478bd9Sstevel@tonic-gate if [ ! -z "$ck_DN" ]; then 8267c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "Checking baseDN: $ck_DN" 8277c478bd9Sstevel@tonic-gate # Check for = (assignment operator) 8287c478bd9Sstevel@tonic-gate ${ECHO} "$ck_DN" | ${GREP} "=" > /dev/null 2>&1 8297c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 8307c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: No '=' in baseDN." 8317c478bd9Sstevel@tonic-gate return 1 8327c478bd9Sstevel@tonic-gate fi 8337c478bd9Sstevel@tonic-gate 8347c478bd9Sstevel@tonic-gate # Check all keys. 8357c478bd9Sstevel@tonic-gate while : 8367c478bd9Sstevel@tonic-gate do 8377c478bd9Sstevel@tonic-gate # Get first key. 8387c478bd9Sstevel@tonic-gate dkey=`${ECHO} $ck_DN | cut -d'=' -f1` 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate # Check that the key string is valid 8417c478bd9Sstevel@tonic-gate check_attrName $dkey 8427c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 8437c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: invalid key=${dkey}" 8447c478bd9Sstevel@tonic-gate return 1 8457c478bd9Sstevel@tonic-gate fi 8467c478bd9Sstevel@tonic-gate 8477c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: valid key=${dkey}" 8487c478bd9Sstevel@tonic-gate 8497c478bd9Sstevel@tonic-gate # Remove first key from DN 8507c478bd9Sstevel@tonic-gate ck_DN=`${ECHO} $ck_DN | cut -s -d',' -f2-` 8517c478bd9Sstevel@tonic-gate 8527c478bd9Sstevel@tonic-gate # Break loop if nothing left. 8537c478bd9Sstevel@tonic-gate if [ "$ck_DN" = "" ]; then 8547c478bd9Sstevel@tonic-gate break 8557c478bd9Sstevel@tonic-gate fi 8567c478bd9Sstevel@tonic-gate done 8577c478bd9Sstevel@tonic-gate fi 8587c478bd9Sstevel@tonic-gate return 0 8597c478bd9Sstevel@tonic-gate} 8607c478bd9Sstevel@tonic-gate 8617c478bd9Sstevel@tonic-gate 8627c478bd9Sstevel@tonic-gate# 8637c478bd9Sstevel@tonic-gate# domain_2_dc(): Convert a domain name into dc string. 8647c478bd9Sstevel@tonic-gate# $1 .. Domain name. 8657c478bd9Sstevel@tonic-gate# 8667c478bd9Sstevel@tonic-gatedomain_2_dc() 8677c478bd9Sstevel@tonic-gate{ 8687c478bd9Sstevel@tonic-gate _DOM=$1 # Domain parameter. 8697c478bd9Sstevel@tonic-gate _DOM_2_DC="" # Return value from function. 8707c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 8717c478bd9Sstevel@tonic-gate 8727c478bd9Sstevel@tonic-gate export _DOM_2_DC # Make visible for others. 8737c478bd9Sstevel@tonic-gate 8747c478bd9Sstevel@tonic-gate # Convert "."'s to spaces for "for" loop. 8757c478bd9Sstevel@tonic-gate domtmp="`${ECHO} ${_DOM} | tr '.' ' '`" 8767c478bd9Sstevel@tonic-gate for i in $domtmp; do 8777c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 8787c478bd9Sstevel@tonic-gate _DOM_2_DC="dc=${i}" 8797c478bd9Sstevel@tonic-gate _FIRST=0 8807c478bd9Sstevel@tonic-gate else 8817c478bd9Sstevel@tonic-gate _DOM_2_DC="${_DOM_2_DC},dc=${i}" 8827c478bd9Sstevel@tonic-gate fi 8837c478bd9Sstevel@tonic-gate done 8847c478bd9Sstevel@tonic-gate} 8857c478bd9Sstevel@tonic-gate 8867c478bd9Sstevel@tonic-gate 8877c478bd9Sstevel@tonic-gate# 8887c478bd9Sstevel@tonic-gate# is_root_user(): Check to see if logged in as root user. 8897c478bd9Sstevel@tonic-gate# 8907c478bd9Sstevel@tonic-gateis_root_user() 8917c478bd9Sstevel@tonic-gate{ 8927c478bd9Sstevel@tonic-gate case `id` in 8937c478bd9Sstevel@tonic-gate uid=0\(root\)*) return 0 ;; 8947c478bd9Sstevel@tonic-gate * ) return 1 ;; 8957c478bd9Sstevel@tonic-gate esac 8967c478bd9Sstevel@tonic-gate} 8977c478bd9Sstevel@tonic-gate 8987c478bd9Sstevel@tonic-gate 8997c478bd9Sstevel@tonic-gate# 9007c478bd9Sstevel@tonic-gate# parse_arg(): Parses the command line arguments and sets the 9017c478bd9Sstevel@tonic-gate# appropriate variables. 9027c478bd9Sstevel@tonic-gate# 9037c478bd9Sstevel@tonic-gateparse_arg() 9047c478bd9Sstevel@tonic-gate{ 9057c478bd9Sstevel@tonic-gate while getopts "dvhi:o:" ARG 9067c478bd9Sstevel@tonic-gate do 9077c478bd9Sstevel@tonic-gate case $ARG in 9087c478bd9Sstevel@tonic-gate d) DEBUG=1;; 9097c478bd9Sstevel@tonic-gate v) VERB="";; 9107c478bd9Sstevel@tonic-gate i) INPUT_FILE=$OPTARG;; 9117c478bd9Sstevel@tonic-gate o) OUTPUT_FILE=$OPTARG;; 9127c478bd9Sstevel@tonic-gate \?) display_msg usage 9137c478bd9Sstevel@tonic-gate exit 1;; 9147c478bd9Sstevel@tonic-gate *) ${ECHO} "**ERROR: Supported option missing handler!" 9157c478bd9Sstevel@tonic-gate display_msg usage 9167c478bd9Sstevel@tonic-gate exit 1;; 9177c478bd9Sstevel@tonic-gate esac 9187c478bd9Sstevel@tonic-gate done 9197c478bd9Sstevel@tonic-gate return `expr $OPTIND - 1` 9207c478bd9Sstevel@tonic-gate} 9217c478bd9Sstevel@tonic-gate 9227c478bd9Sstevel@tonic-gate 9237c478bd9Sstevel@tonic-gate# 9247c478bd9Sstevel@tonic-gate# init(): initializes variables and options 9257c478bd9Sstevel@tonic-gate# 9267c478bd9Sstevel@tonic-gateinit() 9277c478bd9Sstevel@tonic-gate{ 9287c478bd9Sstevel@tonic-gate # General variables. 9297c478bd9Sstevel@tonic-gate PROG=`basename $0` # Program name 9307c478bd9Sstevel@tonic-gate PID=$$ # Program ID 9317c478bd9Sstevel@tonic-gate VERB='> /dev/null 2>&1' # NULL or "> /dev/null" 9327c478bd9Sstevel@tonic-gate ECHO="/bin/echo" # print message on screen 9337c478bd9Sstevel@tonic-gate EVAL="eval" # eval or echo 9347c478bd9Sstevel@tonic-gate EGREP="/usr/bin/egrep" 9357c478bd9Sstevel@tonic-gate GREP="/usr/bin/grep" 9367c478bd9Sstevel@tonic-gate DEBUG=0 # Set Debug OFF 9377c478bd9Sstevel@tonic-gate BACKUP=no_ldap # backup suffix 9387c478bd9Sstevel@tonic-gate HOST="" # NULL or <hostname> 939*cb5caa98Sdjl NAWK="/usr/bin/nawk" 9407c478bd9Sstevel@tonic-gate 9417c478bd9Sstevel@tonic-gate DOM="" # Set to NULL 9427c478bd9Sstevel@tonic-gate # If DNS domain (resolv.conf) exists use that, otherwise use domainname. 9437c478bd9Sstevel@tonic-gate if [ -f /etc/resolv.conf ]; then 9447c478bd9Sstevel@tonic-gate DOM=`/usr/xpg4/bin/grep -i -E '^domain|^search' /etc/resolv.conf \ 9457c478bd9Sstevel@tonic-gate | awk '{ print $2 }' | tail -1` 9467c478bd9Sstevel@tonic-gate fi 9477c478bd9Sstevel@tonic-gate 9487c478bd9Sstevel@tonic-gate # If for any reason the DOM did not get set (error'd resolv.conf) set 9497c478bd9Sstevel@tonic-gate # DOM to the domainname command's output. 9507c478bd9Sstevel@tonic-gate if [ "$DOM" = "" ]; then 9517c478bd9Sstevel@tonic-gate DOM=`domainname` # domain from domainname command. 9527c478bd9Sstevel@tonic-gate fi 9537c478bd9Sstevel@tonic-gate 9547c478bd9Sstevel@tonic-gate STEP=1 9557c478bd9Sstevel@tonic-gate INTERACTIVE=1 # 0 = on, 1 = off (For input file mode) 9567c478bd9Sstevel@tonic-gate DEL_OLD_PROFILE=0 # 0 (default), 1 = delete old profile. 9577c478bd9Sstevel@tonic-gate 9587c478bd9Sstevel@tonic-gate # idsconfig specific variables. 9597c478bd9Sstevel@tonic-gate INPUT_FILE="" 9607c478bd9Sstevel@tonic-gate OUTPUT_FILE="" 9617c478bd9Sstevel@tonic-gate NEED_PROXY=0 # 0 = No Proxy, 1 = Create Proxy. 9627c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT="" 9637c478bd9Sstevel@tonic-gate LDAP_SUFFIX="" 9647c478bd9Sstevel@tonic-gate LDAP_DOMAIN=$DOM # domainname on Server (default value) 9657c478bd9Sstevel@tonic-gate GEN_CMD="" 9667c478bd9Sstevel@tonic-gate 9677c478bd9Sstevel@tonic-gate # LDAP COMMANDS 9687c478bd9Sstevel@tonic-gate LDAPSEARCH="/bin/ldapsearch -r" 9697c478bd9Sstevel@tonic-gate LDAPMODIFY=/bin/ldapmodify 9707c478bd9Sstevel@tonic-gate LDAPADD=/bin/ldapadd 9717c478bd9Sstevel@tonic-gate LDAPDELETE=/bin/ldapdelete 9727c478bd9Sstevel@tonic-gate LDAP_GEN_PROFILE=/usr/sbin/ldap_gen_profile 9737c478bd9Sstevel@tonic-gate 9747c478bd9Sstevel@tonic-gate # iDS specific information 9757c478bd9Sstevel@tonic-gate IDS_SERVER="" 9767c478bd9Sstevel@tonic-gate IDS_PORT=389 9777c478bd9Sstevel@tonic-gate NEED_TIME=0 9787c478bd9Sstevel@tonic-gate NEED_SIZE=0 9797c478bd9Sstevel@tonic-gate NEED_SRVAUTH_PAM=0 9807c478bd9Sstevel@tonic-gate NEED_SRVAUTH_KEY=0 9817c478bd9Sstevel@tonic-gate NEED_SRVAUTH_CMD=0 9827c478bd9Sstevel@tonic-gate IDS_TIMELIMIT="" 9837c478bd9Sstevel@tonic-gate IDS_SIZELIMIT="" 9847c478bd9Sstevel@tonic-gate 9857c478bd9Sstevel@tonic-gate # LDAP PROFILE related defaults 9867c478bd9Sstevel@tonic-gate LDAP_ROOTDN="cn=Directory Manager" # Provide common default. 9877c478bd9Sstevel@tonic-gate LDAP_ROOTPWD="" # NULL passwd as default (i.e. invalid) 9887c478bd9Sstevel@tonic-gate LDAP_PROFILE_NAME="default" 9897c478bd9Sstevel@tonic-gate LDAP_BASEDN="" 9907c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST="" 9917c478bd9Sstevel@tonic-gate LDAP_AUTHMETHOD="" 9927c478bd9Sstevel@tonic-gate LDAP_FOLLOWREF="FALSE" 9937c478bd9Sstevel@tonic-gate NEED_CRYPT="" 9947c478bd9Sstevel@tonic-gate LDAP_SEARCH_SCOPE="one" 9957c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="" 9967c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="" 9977c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="" 9987c478bd9Sstevel@tonic-gate LDAP_SEARCH_TIME_LIMIT=30 9997c478bd9Sstevel@tonic-gate LDAP_PREF_SRVLIST="" 10007c478bd9Sstevel@tonic-gate LDAP_PROFILE_TTL=43200 10017c478bd9Sstevel@tonic-gate LDAP_CRED_LEVEL="proxy" 10027c478bd9Sstevel@tonic-gate LDAP_BIND_LIMIT=10 10037c478bd9Sstevel@tonic-gate 10047c478bd9Sstevel@tonic-gate # Prevent new files from being read by group or others. 10057c478bd9Sstevel@tonic-gate umask 077 10067c478bd9Sstevel@tonic-gate 10077c478bd9Sstevel@tonic-gate # Service Search Descriptors 10087c478bd9Sstevel@tonic-gate LDAP_SERV_SRCH_DES="" 10097c478bd9Sstevel@tonic-gate 10107c478bd9Sstevel@tonic-gate # Set and create TMPDIR. 10117c478bd9Sstevel@tonic-gate TMPDIR="/tmp/idsconfig.${PID}" 10127c478bd9Sstevel@tonic-gate if mkdir -m 700 ${TMPDIR} 10137c478bd9Sstevel@tonic-gate then 10147c478bd9Sstevel@tonic-gate # Cleanup on exit. 10157c478bd9Sstevel@tonic-gate trap 'rm -rf ${TMPDIR}; /usr/bin/stty echo; exit' 1 2 3 6 15 10167c478bd9Sstevel@tonic-gate else 10177c478bd9Sstevel@tonic-gate echo "ERROR: unable to create a safe temporary directory." 10187c478bd9Sstevel@tonic-gate exit 1 10197c478bd9Sstevel@tonic-gate fi 10207c478bd9Sstevel@tonic-gate LDAP_ROOTPWF=${TMPDIR}/rootPWD 10217c478bd9Sstevel@tonic-gate 10227c478bd9Sstevel@tonic-gate # Set the SSD file name after setting TMPDIR. 10237c478bd9Sstevel@tonic-gate SSD_FILE=${TMPDIR}/ssd_list 1024*cb5caa98Sdjl 1025*cb5caa98Sdjl # GSSAPI setup 1026*cb5caa98Sdjl LDAP_KRB_REALM="" 1027*cb5caa98Sdjl LDAP_GSSAPI_PROFILE="" 1028*cb5caa98Sdjl SCHEMA_UPDATED=0 10297c478bd9Sstevel@tonic-gate 10307c478bd9Sstevel@tonic-gate export DEBUG VERB ECHO EVAL EGREP GREP STEP TMPDIR 10317c478bd9Sstevel@tonic-gate export IDS_SERVER IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST 10327c478bd9Sstevel@tonic-gate export LDAP_BASEDN LDAP_ROOTPWF 10337c478bd9Sstevel@tonic-gate export LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED 10347c478bd9Sstevel@tonic-gate export NEED_PROXY 10357c478bd9Sstevel@tonic-gate export LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST 10367c478bd9Sstevel@tonic-gate export LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT 10377c478bd9Sstevel@tonic-gate export LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT 10387c478bd9Sstevel@tonic-gate export NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD 10397c478bd9Sstevel@tonic-gate export LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD 10407c478bd9Sstevel@tonic-gate export LDAP_SERV_SRCH_DES SSD_FILE 1041*cb5caa98Sdjl export GEN_CMD LDAP_KRB_REALM LDAP_GSSAPI_PROFILE SCHEMA_UPDATED 10427c478bd9Sstevel@tonic-gate} 10437c478bd9Sstevel@tonic-gate 10447c478bd9Sstevel@tonic-gate 10457c478bd9Sstevel@tonic-gate# 10467c478bd9Sstevel@tonic-gate# disp_full_debug(): List of all debug variables usually interested in. 10477c478bd9Sstevel@tonic-gate# Grouped to avoid MASSIVE code duplication. 10487c478bd9Sstevel@tonic-gate# 10497c478bd9Sstevel@tonic-gatedisp_full_debug() 10507c478bd9Sstevel@tonic-gate{ 10517c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_SERVER = $IDS_SERVER" 10527c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_PORT = $IDS_PORT" 10537c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_ROOTDN = $LDAP_ROOTDN" 10547c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_ROOTPWD = $LDAP_ROOTPWD" 10557c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_DOMAIN = $LDAP_DOMAIN" 10567c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SUFFIX = $LDAP_SUFFIX" 10577c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_BASEDN = $LDAP_BASEDN" 10587c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROFILE_NAME = $LDAP_PROFILE_NAME" 10597c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SERVER_LIST = $LDAP_SERVER_LIST" 10607c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PREF_SRVLIST = $LDAP_PREF_SRVLIST" 10617c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SEARCH_SCOPE = $LDAP_SEARCH_SCOPE" 10627c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_CRED_LEVEL = $LDAP_CRED_LEVEL" 10637c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_AUTHMETHOD = $LDAP_AUTHMETHOD" 10647c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_FOLLOWREF = $LDAP_FOLLOWREF" 10657c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_TIMELIMIT = $IDS_TIMELIMIT" 10667c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " IDS_SIZELIMIT = $IDS_SIZELIMIT" 10677c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_CRYPT = $NEED_CRYPT" 10687c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_SRVAUTH_PAM = $NEED_SRVAUTH_PAM" 10697c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_SRVAUTH_KEY = $NEED_SRVAUTH_KEY" 10707c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_SRVAUTH_CMD = $NEED_SRVAUTH_CMD" 10717c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SRV_AUTHMETHOD_PAM = $LDAP_SRV_AUTHMETHOD_PAM" 10727c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SRV_AUTHMETHOD_KEY = $LDAP_SRV_AUTHMETHOD_KEY" 10737c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SRV_AUTHMETHOD_CMD = $LDAP_SRV_AUTHMETHOD_CMD" 10747c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SEARCH_TIME_LIMIT = $LDAP_SEARCH_TIME_LIMIT" 10757c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROFILE_TTL = $LDAP_PROFILE_TTL" 10767c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_BIND_LIMIT = $LDAP_BIND_LIMIT" 10777c478bd9Sstevel@tonic-gate 10787c478bd9Sstevel@tonic-gate # Only display proxy stuff if needed. 10797c478bd9Sstevel@tonic-gate if [ $NEED_PROXY -eq 1 ]; then 10807c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROXYAGENT = $LDAP_PROXYAGENT" 10817c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_PROXYAGENT_CRED = $LDAP_PROXYAGENT_CRED" 10827c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " NEED_PROXY = $NEED_PROXY" 10837c478bd9Sstevel@tonic-gate fi 10847c478bd9Sstevel@tonic-gate 10857c478bd9Sstevel@tonic-gate # Service Search Descriptors are a special case. 10867c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SERV_SRCH_DES = $LDAP_SERV_SRCH_DES" 10877c478bd9Sstevel@tonic-gate} 10887c478bd9Sstevel@tonic-gate 10897c478bd9Sstevel@tonic-gate 10907c478bd9Sstevel@tonic-gate# 10917c478bd9Sstevel@tonic-gate# load_config_file(): Loads the config file. 10927c478bd9Sstevel@tonic-gate# 10937c478bd9Sstevel@tonic-gateload_config_file() 10947c478bd9Sstevel@tonic-gate{ 10957c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In load_config_file()" 10967c478bd9Sstevel@tonic-gate 10977c478bd9Sstevel@tonic-gate # Remove SSD lines from input file before sourcing. 10987c478bd9Sstevel@tonic-gate # The SSD lines must be removed because some forms of the 10997c478bd9Sstevel@tonic-gate # data could cause SHELL errors. 11007c478bd9Sstevel@tonic-gate ${GREP} -v "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} > ${TMPDIR}/inputfile.noSSD 11017c478bd9Sstevel@tonic-gate 11027c478bd9Sstevel@tonic-gate # Source the input file. 11037c478bd9Sstevel@tonic-gate . ${TMPDIR}/inputfile.noSSD 11047c478bd9Sstevel@tonic-gate 11057c478bd9Sstevel@tonic-gate # If LDAP_SUFFIX is no set, try to utilize LDAP_TREETOP since older 11067c478bd9Sstevel@tonic-gate # config files use LDAP_TREETOP 11077c478bd9Sstevel@tonic-gate LDAP_SUFFIX="${LDAP_SUFFIX:-$LDAP_TREETOP}" 11087c478bd9Sstevel@tonic-gate 11097c478bd9Sstevel@tonic-gate # Save password to temporary file. 11107c478bd9Sstevel@tonic-gate save_password 11117c478bd9Sstevel@tonic-gate 11127c478bd9Sstevel@tonic-gate # Create the SSD file. 11137c478bd9Sstevel@tonic-gate create_ssd_file 11147c478bd9Sstevel@tonic-gate 11157c478bd9Sstevel@tonic-gate # Display FULL debugging info. 11167c478bd9Sstevel@tonic-gate disp_full_debug 11177c478bd9Sstevel@tonic-gate} 11187c478bd9Sstevel@tonic-gate 11197c478bd9Sstevel@tonic-gate# 11207c478bd9Sstevel@tonic-gate# save_password(): Save password to temporary file. 11217c478bd9Sstevel@tonic-gate# 11227c478bd9Sstevel@tonic-gatesave_password() 11237c478bd9Sstevel@tonic-gate{ 11247c478bd9Sstevel@tonic-gate cat > ${LDAP_ROOTPWF} <<EOF 11257c478bd9Sstevel@tonic-gate${LDAP_ROOTPWD} 11267c478bd9Sstevel@tonic-gateEOF 11277c478bd9Sstevel@tonic-gate} 11287c478bd9Sstevel@tonic-gate 11297c478bd9Sstevel@tonic-gate###################################################################### 11307c478bd9Sstevel@tonic-gate# FUNCTIONS FOR prompt_config_info() START HERE. 11317c478bd9Sstevel@tonic-gate###################################################################### 11327c478bd9Sstevel@tonic-gate 11337c478bd9Sstevel@tonic-gate# 11347c478bd9Sstevel@tonic-gate# get_ids_server(): Prompt for iDS server name. 11357c478bd9Sstevel@tonic-gate# 11367c478bd9Sstevel@tonic-gateget_ids_server() 11377c478bd9Sstevel@tonic-gate{ 11387c478bd9Sstevel@tonic-gate while : 11397c478bd9Sstevel@tonic-gate do 11407c478bd9Sstevel@tonic-gate # Prompt for server name. 1141*cb5caa98Sdjl get_ans "Enter the JES Directory Server's hostname to setup:" "$IDS_SERVER" 1142*cb5caa98Sdjl IDS_SERVER="$ANS" 11437c478bd9Sstevel@tonic-gate 11447c478bd9Sstevel@tonic-gate # Ping server to see if live. If valid break out of loop. 11457c478bd9Sstevel@tonic-gate ping $IDS_SERVER > /dev/null 2>&1 11467c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 11477c478bd9Sstevel@tonic-gate break 11487c478bd9Sstevel@tonic-gate fi 11497c478bd9Sstevel@tonic-gate 11507c478bd9Sstevel@tonic-gate # Invalid server, enter a new name. 11517c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Server '${IDS_SERVER}' is invalid or unreachable." 11527c478bd9Sstevel@tonic-gate IDS_SERVER="" 11537c478bd9Sstevel@tonic-gate done 11547c478bd9Sstevel@tonic-gate 11557c478bd9Sstevel@tonic-gate # Set SERVER_ARGS and LDAP_ARGS since values might of changed. 11567c478bd9Sstevel@tonic-gate SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}" 11577c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 11587c478bd9Sstevel@tonic-gate export SERVER_ARGS 11597c478bd9Sstevel@tonic-gate 11607c478bd9Sstevel@tonic-gate} 11617c478bd9Sstevel@tonic-gate 11627c478bd9Sstevel@tonic-gate# 11637c478bd9Sstevel@tonic-gate# get_ids_port(): Prompt for iDS port number. 11647c478bd9Sstevel@tonic-gate# 11657c478bd9Sstevel@tonic-gateget_ids_port() 11667c478bd9Sstevel@tonic-gate{ 11677c478bd9Sstevel@tonic-gate # Get a valid iDS port number. 11687c478bd9Sstevel@tonic-gate while : 11697c478bd9Sstevel@tonic-gate do 11707c478bd9Sstevel@tonic-gate # Enter port number. 11717c478bd9Sstevel@tonic-gate get_number "Enter the port number for iDS (h=help):" "$IDS_PORT" "port_help" 11727c478bd9Sstevel@tonic-gate IDS_PORT=$ANS 11737c478bd9Sstevel@tonic-gate # Do a simple search to check hostname and port number. 11747c478bd9Sstevel@tonic-gate # If search returns SUCCESS, break out, host and port must 11757c478bd9Sstevel@tonic-gate # be valid. 11767c478bd9Sstevel@tonic-gate ${LDAPSEARCH} -h ${IDS_SERVER} -p ${IDS_PORT} -b "" -s base "objectclass=*" > /dev/null 2>&1 11777c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 11787c478bd9Sstevel@tonic-gate break 11797c478bd9Sstevel@tonic-gate fi 11807c478bd9Sstevel@tonic-gate 11817c478bd9Sstevel@tonic-gate # Invalid host/port pair, Re-enter. 11827c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Invalid host or port: ${IDS_SERVER}:${IDS_PORT}, Please re-enter!" 11837c478bd9Sstevel@tonic-gate get_ids_server 11847c478bd9Sstevel@tonic-gate done 11857c478bd9Sstevel@tonic-gate 11867c478bd9Sstevel@tonic-gate # Set SERVER_ARGS and LDAP_ARGS since values might of changed. 11877c478bd9Sstevel@tonic-gate SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}" 11887c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 11897c478bd9Sstevel@tonic-gate export SERVER_ARGS 11907c478bd9Sstevel@tonic-gate} 11917c478bd9Sstevel@tonic-gate 11927c478bd9Sstevel@tonic-gate 11937c478bd9Sstevel@tonic-gate# 11947c478bd9Sstevel@tonic-gate# chk_ids_version(): Read the slapd config file and set variables 11957c478bd9Sstevel@tonic-gate# 11967c478bd9Sstevel@tonic-gatechk_ids_version() 11977c478bd9Sstevel@tonic-gate{ 11987c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()" 11997c478bd9Sstevel@tonic-gate 12007c478bd9Sstevel@tonic-gate # check iDS version number. 12017c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base \"objectclass=*\" version | ${GREP} \"^version=\" | cut -f2 -d'/' | cut -f1 -d' ' > ${TMPDIR}/checkDSver 2>&1" 12027c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 12037c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Can not determine the version number of iDS!" 12047c478bd9Sstevel@tonic-gate exit 1 12057c478bd9Sstevel@tonic-gate fi 12067c478bd9Sstevel@tonic-gate IDS_VER=`cat ${TMPDIR}/checkDSver` 12077c478bd9Sstevel@tonic-gate IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.` 12087c478bd9Sstevel@tonic-gate IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.` 1209*cb5caa98Sdjl if [ "${IDS_MAJVER}" != "5" ] && [ "${IDS_MAJVER}" != "6" ]; then 1210*cb5caa98Sdjl ${ECHO} "ERROR: $PROG only works with JES DS version 5.x and 6.x, not ${IDS_VER}." 12117c478bd9Sstevel@tonic-gate exit 1 12127c478bd9Sstevel@tonic-gate fi 12137c478bd9Sstevel@tonic-gate if [ $DEBUG -eq 1 ]; then 12147c478bd9Sstevel@tonic-gate ${ECHO} " IDS_MAJVER = $IDS_MAJVER" 12157c478bd9Sstevel@tonic-gate ${ECHO} " IDS_MINVER = $IDS_MINVER" 12167c478bd9Sstevel@tonic-gate fi 12177c478bd9Sstevel@tonic-gate} 12187c478bd9Sstevel@tonic-gate 12197c478bd9Sstevel@tonic-gate 12207c478bd9Sstevel@tonic-gate# 12217c478bd9Sstevel@tonic-gate# get_dirmgr_dn(): Get the directory manger DN. 12227c478bd9Sstevel@tonic-gate# 12237c478bd9Sstevel@tonic-gateget_dirmgr_dn() 12247c478bd9Sstevel@tonic-gate{ 12257c478bd9Sstevel@tonic-gate get_ans "Enter the directory manager DN:" "$LDAP_ROOTDN" 12267c478bd9Sstevel@tonic-gate LDAP_ROOTDN=$ANS 12277c478bd9Sstevel@tonic-gate 12287c478bd9Sstevel@tonic-gate # Update ENV variables using DN. 12297c478bd9Sstevel@tonic-gate AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}" 12307c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 12317c478bd9Sstevel@tonic-gate export AUTH_ARGS LDAP_ARGS 12327c478bd9Sstevel@tonic-gate} 12337c478bd9Sstevel@tonic-gate 12347c478bd9Sstevel@tonic-gate 12357c478bd9Sstevel@tonic-gate# 12367c478bd9Sstevel@tonic-gate# get_dirmgr_pw(): Get the Root DN passwd. (Root DN found in slapd.conf) 12377c478bd9Sstevel@tonic-gate# 12387c478bd9Sstevel@tonic-gateget_dirmgr_pw() 12397c478bd9Sstevel@tonic-gate{ 12407c478bd9Sstevel@tonic-gate while : 12417c478bd9Sstevel@tonic-gate do 12427c478bd9Sstevel@tonic-gate # Get passwd. 12437c478bd9Sstevel@tonic-gate get_passwd_nochk "Enter passwd for ${LDAP_ROOTDN} :" 12447c478bd9Sstevel@tonic-gate LDAP_ROOTPWD=$ANS 12457c478bd9Sstevel@tonic-gate 12467c478bd9Sstevel@tonic-gate # Store password in file. 12477c478bd9Sstevel@tonic-gate save_password 12487c478bd9Sstevel@tonic-gate 12497c478bd9Sstevel@tonic-gate # Update ENV variables using DN's PW. 12507c478bd9Sstevel@tonic-gate AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}" 12517c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 12527c478bd9Sstevel@tonic-gate export AUTH_ARGS LDAP_ARGS 12537c478bd9Sstevel@tonic-gate 12547c478bd9Sstevel@tonic-gate # Verify that ROOTDN and ROOTPWD are valid. 12557c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1" 12567c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 12577c478bd9Sstevel@tonic-gate eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}" 12587c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 12597c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Root DN passwd is invalid." 12607c478bd9Sstevel@tonic-gate else 12617c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Invalid Root DN <${LDAP_ROOTDN}>." 12627c478bd9Sstevel@tonic-gate get_dirmgr_dn 12637c478bd9Sstevel@tonic-gate fi 12647c478bd9Sstevel@tonic-gate else 12657c478bd9Sstevel@tonic-gate break # Both are valid. 12667c478bd9Sstevel@tonic-gate fi 12677c478bd9Sstevel@tonic-gate done 12687c478bd9Sstevel@tonic-gate 12697c478bd9Sstevel@tonic-gate 12707c478bd9Sstevel@tonic-gate} 12717c478bd9Sstevel@tonic-gate 12727c478bd9Sstevel@tonic-gate 12737c478bd9Sstevel@tonic-gate# 12747c478bd9Sstevel@tonic-gate# get_domain(): Get the Domain that will be served by the LDAP server. 12757c478bd9Sstevel@tonic-gate# $1 - Help argument. 12767c478bd9Sstevel@tonic-gate# 12777c478bd9Sstevel@tonic-gateget_domain() 12787c478bd9Sstevel@tonic-gate{ 12797c478bd9Sstevel@tonic-gate # Use LDAP_DOMAIN as default. 12807c478bd9Sstevel@tonic-gate get_ans "Enter the domainname to be served (h=help):" $LDAP_DOMAIN 12817c478bd9Sstevel@tonic-gate 12827c478bd9Sstevel@tonic-gate # Check domainname, and have user re-enter if not valid. 12837c478bd9Sstevel@tonic-gate check_domainname $ANS 12847c478bd9Sstevel@tonic-gate while [ $? -ne 0 ] 12857c478bd9Sstevel@tonic-gate do 12867c478bd9Sstevel@tonic-gate case "$ANS" in 12877c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg ${1:-sorry} ;; 12887c478bd9Sstevel@tonic-gate * ) ${ECHO} "Invalid domainname: \"${ANS}\"." 12897c478bd9Sstevel@tonic-gate ;; 12907c478bd9Sstevel@tonic-gate esac 12917c478bd9Sstevel@tonic-gate get_ans "Enter domainname to be served (h=help):" $DOM 12927c478bd9Sstevel@tonic-gate 12937c478bd9Sstevel@tonic-gate check_domainname $ANS 12947c478bd9Sstevel@tonic-gate done 12957c478bd9Sstevel@tonic-gate 12967c478bd9Sstevel@tonic-gate # Set the domainname to valid name. 12977c478bd9Sstevel@tonic-gate LDAP_DOMAIN=$ANS 12987c478bd9Sstevel@tonic-gate} 12997c478bd9Sstevel@tonic-gate 13007c478bd9Sstevel@tonic-gate 13017c478bd9Sstevel@tonic-gate# 13027c478bd9Sstevel@tonic-gate# get_basedn(): Query for the Base DN. 13037c478bd9Sstevel@tonic-gate# 13047c478bd9Sstevel@tonic-gateget_basedn() 13057c478bd9Sstevel@tonic-gate{ 13067c478bd9Sstevel@tonic-gate # Set the $_DOM_2_DC and assign to LDAP_BASEDN as default. 13077c478bd9Sstevel@tonic-gate # Then call get_basedn(). This method remakes the default 13087c478bd9Sstevel@tonic-gate # each time just in case the domain changed. 13097c478bd9Sstevel@tonic-gate domain_2_dc $LDAP_DOMAIN 13107c478bd9Sstevel@tonic-gate LDAP_BASEDN=$_DOM_2_DC 13117c478bd9Sstevel@tonic-gate 13127c478bd9Sstevel@tonic-gate # Get Base DN. 13137c478bd9Sstevel@tonic-gate while : 13147c478bd9Sstevel@tonic-gate do 1315017e8b01Svl get_ans_req "Enter LDAP Base DN (h=help):" "${_DOM_2_DC}" 13167c478bd9Sstevel@tonic-gate check_baseDN "$ANS" 13177c478bd9Sstevel@tonic-gate while [ $? -ne 0 ] 13187c478bd9Sstevel@tonic-gate do 13197c478bd9Sstevel@tonic-gate case "$ANS" in 13207c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg basedn_help ;; 13217c478bd9Sstevel@tonic-gate * ) ${ECHO} "Invalid base DN: \"${ANS}\"." 13227c478bd9Sstevel@tonic-gate ;; 13237c478bd9Sstevel@tonic-gate esac 13247c478bd9Sstevel@tonic-gate 13257c478bd9Sstevel@tonic-gate # Re-Enter the BaseDN 1326017e8b01Svl get_ans_req "Enter LDAP Base DN (h=help):" "${_DOM_2_DC}" 13277c478bd9Sstevel@tonic-gate check_baseDN "$ANS" 13287c478bd9Sstevel@tonic-gate done 13297c478bd9Sstevel@tonic-gate 1330017e8b01Svl # Set base DN and check its suffix 13317c478bd9Sstevel@tonic-gate LDAP_BASEDN=${ANS} 1332017e8b01Svl check_basedn_suffix || 1333017e8b01Svl { 1334017e8b01Svl cleanup 1335017e8b01Svl exit 1 1336017e8b01Svl } 13377c478bd9Sstevel@tonic-gate 1338017e8b01Svl # suffix may need to be created, in that case get suffix from user 1339017e8b01Svl [ -n "${NEED_CREATE_SUFFIX}" ] && 1340017e8b01Svl { 1341017e8b01Svl get_suffix || continue 1342017e8b01Svl } 1343017e8b01Svl 1344017e8b01Svl # suffix is ok, break out of the base dn inquire loop 1345017e8b01Svl break 13467c478bd9Sstevel@tonic-gate done 13477c478bd9Sstevel@tonic-gate} 13487c478bd9Sstevel@tonic-gate 1349*cb5caa98Sdjlget_krb_realm() { 1350*cb5caa98Sdjl 1351*cb5caa98Sdjl # To upper cases 1352*cb5caa98Sdjl LDAP_KRB_REALM=`${ECHO} ${LDAP_DOMAIN} | ${NAWK} '{ print toupper($0) }'` 1353*cb5caa98Sdjl get_ans_req "Enter Kerberos Realm:" "$LDAP_KRB_REALM" 1354*cb5caa98Sdjl # To upper cases 1355*cb5caa98Sdjl LDAP_KRB_REALM=`${ECHO} ${ANS} | ${NAWK} '{ print toupper($0) }'` 1356*cb5caa98Sdjl} 1357*cb5caa98Sdjl 1358*cb5caa98Sdjl# $1: DN 1359*cb5caa98Sdjl# $2: ldif file 1360*cb5caa98Sdjladd_entry_by_DN() { 1361*cb5caa98Sdjl 1362*cb5caa98Sdjl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${1}\" -s base \"objectclass=*\" ${VERB}" 1363*cb5caa98Sdjl if [ $? -eq 0 ]; then 1364*cb5caa98Sdjl ${ECHO} " ${1} already exists" 1365*cb5caa98Sdjl return 0 1366*cb5caa98Sdjl else 1367*cb5caa98Sdjl ${EVAL} "${LDAPADD} ${LDAP_ARGS} -f ${2} ${VERB}" 1368*cb5caa98Sdjl if [ $? -eq 0 ]; then 1369*cb5caa98Sdjl ${ECHO} " ${1} is added" 1370*cb5caa98Sdjl return 0 1371*cb5caa98Sdjl else 1372*cb5caa98Sdjl ${ECHO} " ERROR: failed to add ${1}" 1373*cb5caa98Sdjl return 1 1374*cb5caa98Sdjl fi 1375*cb5caa98Sdjl fi 1376*cb5caa98Sdjl 1377*cb5caa98Sdjl} 1378*cb5caa98Sdjl# 1379*cb5caa98Sdjl# Kerberos princiapl to DN mapping rules 1380*cb5caa98Sdjl# 1381*cb5caa98Sdjl# Add rules for host credentails and user credentials 1382*cb5caa98Sdjl# 1383*cb5caa98Sdjladd_id_mapping_rules() { 1384*cb5caa98Sdjl 1385*cb5caa98Sdjl ${ECHO} " Adding Kerberos principal to DN mapping rules..." 1386*cb5caa98Sdjl 1387*cb5caa98Sdjl _C_DN="cn=GSSAPI,cn=identity mapping,cn=config" 1388*cb5caa98Sdjl ( cat << EOF 1389*cb5caa98Sdjldn: cn=GSSAPI,cn=identity mapping,cn=config 1390*cb5caa98SdjlobjectClass: top 1391*cb5caa98SdjlobjectClass: nsContainer 1392*cb5caa98Sdjlcn: GSSAPI 1393*cb5caa98SdjlEOF 1394*cb5caa98Sdjl) > ${TMPDIR}/GSSAPI_container.ldif 1395*cb5caa98Sdjl 1396*cb5caa98Sdjl add_entry_by_DN "${_C_DN}" "${TMPDIR}/GSSAPI_container.ldif" 1397*cb5caa98Sdjl if [ $? -ne 0 ]; 1398*cb5caa98Sdjl then 1399*cb5caa98Sdjl ${RM} ${TMPDIR}/GSSAPI_container.ldif 1400*cb5caa98Sdjl return 1401*cb5caa98Sdjl fi 1402*cb5caa98Sdjl 1403*cb5caa98Sdjl _H_CN="host_auth_${LDAP_KRB_REALM}" 1404*cb5caa98Sdjl _H_DN="cn=${_H_CN}, ${_C_DN}" 1405*cb5caa98Sdjl ( cat << EOF 1406*cb5caa98Sdjldn: ${_H_DN} 1407*cb5caa98SdjlobjectClass: top 1408*cb5caa98SdjlobjectClass: nsContainer 1409*cb5caa98SdjlobjectClass: dsIdentityMapping 1410*cb5caa98SdjlobjectClass: dsPatternMatching 1411*cb5caa98Sdjlcn: ${_H_CN} 1412*cb5caa98SdjldsMatching-pattern: \${Principal} 1413*cb5caa98SdjldsMatching-regexp: host\/(.*).${LDAP_DOMAIN}@${LDAP_KRB_REALM} 1414*cb5caa98SdjldsSearchBaseDN: ou=hosts,${LDAP_BASEDN} 1415*cb5caa98SdjldsSearchFilter: (&(objectClass=ipHost)(cn=\$1)) 1416*cb5caa98SdjldsSearchScope: one 1417*cb5caa98Sdjl 1418*cb5caa98SdjlEOF 1419*cb5caa98Sdjl) > ${TMPDIR}/${_H_CN}.ldif 1420*cb5caa98Sdjl 1421*cb5caa98Sdjl add_entry_by_DN "${_H_DN}" "${TMPDIR}/${_H_CN}.ldif" 1422*cb5caa98Sdjl 1423*cb5caa98Sdjl _U_CN="user_auth_${LDAP_KRB_REALM}" 1424*cb5caa98Sdjl _U_DN="cn=${_U_CN}, ${_C_DN}" 1425*cb5caa98Sdjl ( cat << EOF 1426*cb5caa98Sdjldn: ${_U_DN} 1427*cb5caa98SdjlobjectClass: top 1428*cb5caa98SdjlobjectClass: nsContainer 1429*cb5caa98SdjlobjectClass: dsIdentityMapping 1430*cb5caa98SdjlobjectClass: dsPatternMatching 1431*cb5caa98Sdjlcn: ${_U_CN} 1432*cb5caa98SdjldsMatching-pattern: \${Principal} 1433*cb5caa98SdjldsMatching-regexp: (.*)@${LDAP_KRB_REALM} 1434*cb5caa98SdjldsMappedDN: uid=\$1,ou=People,${LDAP_BASEDN} 1435*cb5caa98Sdjl 1436*cb5caa98SdjlEOF 1437*cb5caa98Sdjl) > ${TMPDIR}/${_U_CN}.ldif 1438*cb5caa98Sdjl 1439*cb5caa98Sdjl add_entry_by_DN "${_U_DN}" "${TMPDIR}/${_U_CN}.ldif" 1440*cb5caa98Sdjl 1441*cb5caa98Sdjl} 1442*cb5caa98Sdjl 1443*cb5caa98Sdjl 1444*cb5caa98Sdjl# 1445*cb5caa98Sdjl# Modify ACL to allow root to read all the password and only self can read 1446*cb5caa98Sdjl# its own password when sasl/GSSAPI bind is used 14477c478bd9Sstevel@tonic-gate# 1448*cb5caa98Sdjlmodify_userpassword_acl_for_gssapi() { 1449*cb5caa98Sdjl 1450*cb5caa98Sdjl _P_DN="ou=People,${LDAP_BASEDN}" 1451*cb5caa98Sdjl _H_DN="ou=Hosts,${LDAP_BASEDN}" 1452*cb5caa98Sdjl _P_ACI="self-read-pwd" 1453*cb5caa98Sdjl 1454*cb5caa98Sdjl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${_P_DN}\" -s base \"objectclass=*\" > /dev/null 2>&1" 1455*cb5caa98Sdjl if [ $? -ne 0 ]; then 1456*cb5caa98Sdjl ${ECHO} " ${_P_DN} does not exist" 1457*cb5caa98Sdjl # Not Found. Create a new entry 1458*cb5caa98Sdjl ( cat << EOF 1459*cb5caa98Sdjldn: ${_P_DN} 1460*cb5caa98Sdjlou: People 1461*cb5caa98SdjlobjectClass: top 1462*cb5caa98SdjlobjectClass: organizationalUnit 1463*cb5caa98SdjlEOF 1464*cb5caa98Sdjl) > ${TMPDIR}/gssapi_people.ldif 1465*cb5caa98Sdjl 1466*cb5caa98Sdjl add_entry_by_DN "${_P_DN}" "${TMPDIR}/gssapi_people.ldif" 1467*cb5caa98Sdjl else 1468*cb5caa98Sdjl ${ECHO} " ${_P_DN} already exists" 1469*cb5caa98Sdjl fi 1470*cb5caa98Sdjl 1471*cb5caa98Sdjl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${_P_DN}\" -s base \"objectclass=*\" aci > ${TMPDIR}/chk_gssapi_aci 2>&1" 1472*cb5caa98Sdjl 1473*cb5caa98Sdjl if [ $? -eq 0 ]; then 1474*cb5caa98Sdjl ${EVAL} "${GREP} ${_P_ACI} ${TMPDIR}/chk_gssapi_aci > /dev/null 2>&1" 1475*cb5caa98Sdjl if [ $? -eq 0 ]; then 1476*cb5caa98Sdjl ${ECHO} " userpassword ACL ${_P_ACI} already exists." 1477*cb5caa98Sdjl return 1478*cb5caa98Sdjl else 1479*cb5caa98Sdjl ${ECHO} " userpassword ACL ${_P_ACI} not found. Create a new one." 1480*cb5caa98Sdjl fi 1481*cb5caa98Sdjl else 1482*cb5caa98Sdjl ${ECHO} " Error searching aci for ${_P_DN}" 1483*cb5caa98Sdjl cat ${TMPDIR}/chk_gssapi_aci 1484*cb5caa98Sdjl cleanup 1485*cb5caa98Sdjl exit 1 1486*cb5caa98Sdjl fi 1487*cb5caa98Sdjl ( cat << EOF 1488*cb5caa98Sdjldn: ${_P_DN} 1489*cb5caa98Sdjlchangetype: modify 1490*cb5caa98Sdjladd: aci 1491*cb5caa98Sdjlaci: (targetattr="userPassword")(version 3.0; acl self-read-pwd; allow (read,search) userdn="ldap:///self" and authmethod="sasl GSSAPI";) 1492*cb5caa98Sdjl- 1493*cb5caa98Sdjladd: aci 1494*cb5caa98Sdjlaci: (targetattr="userPassword")(version 3.0; acl host-read-pwd; allow (read,search) userdn="ldap:///cn=*+ipHostNumber=*,ou=Hosts,${LDAP_BASEDN}" and authmethod="sasl GSSAPI";) 1495*cb5caa98SdjlEOF 1496*cb5caa98Sdjl) > ${TMPDIR}/user_gssapi.ldif 1497*cb5caa98Sdjl LDAP_TYPE_OR_VALUE_EXISTS=20 1498*cb5caa98Sdjl ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/user_gssapi.ldif ${VERB}" 1499*cb5caa98Sdjl 1500*cb5caa98Sdjl case $? in 1501*cb5caa98Sdjl 0) 1502*cb5caa98Sdjl ${ECHO} " ${_P_DN} uaserpassword ACL is updated." 1503*cb5caa98Sdjl ;; 1504*cb5caa98Sdjl 20) 1505*cb5caa98Sdjl ${ECHO} " ${_P_DN} uaserpassword ACL already exists." 1506*cb5caa98Sdjl ;; 1507*cb5caa98Sdjl *) 1508*cb5caa98Sdjl ${ECHO} " ERROR: update of userpassword ACL for ${_P_DN} failed!" 1509*cb5caa98Sdjl cleanup 1510*cb5caa98Sdjl exit 1 1511*cb5caa98Sdjl ;; 1512*cb5caa98Sdjl esac 1513*cb5caa98Sdjl} 1514*cb5caa98Sdjl# 1515*cb5caa98Sdjl# $1: objectclass or attributetyp 1516*cb5caa98Sdjl# $2: name 1517*cb5caa98Sdjlsearch_update_schema() { 1518*cb5caa98Sdjl 1519*cb5caa98Sdjl ATTR="${1}es" 1520*cb5caa98Sdjl 1521*cb5caa98Sdjl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b cn=schema -s base \"objectclass=*\" ${ATTR} | ${GREP} -i \"${2}\" ${VERB}" 1522*cb5caa98Sdjl if [ $? -ne 0 ]; then 1523*cb5caa98Sdjl ${ECHO} "${1} ${2} does not exist." 1524*cb5caa98Sdjl update_schema_attr 1525*cb5caa98Sdjl update_schema_obj 1526*cb5caa98Sdjl SCHEMA_UPDATED=1 1527*cb5caa98Sdjl else 1528*cb5caa98Sdjl ${ECHO} "${1} ${2} already exists. Schema has been updated" 1529*cb5caa98Sdjl fi 1530*cb5caa98Sdjl} 1531*cb5caa98Sdjl 1532*cb5caa98Sdjl# 1533*cb5caa98Sdjl# $1: 1 - interactive, 0 - no 1534*cb5caa98Sdjl# 1535*cb5caa98Sdjlcreate_gssapi_profile() { 1536*cb5caa98Sdjl 1537*cb5caa98Sdjl 1538*cb5caa98Sdjl if [ ${1} -eq 1 ]; then 1539*cb5caa98Sdjl echo 1540*cb5caa98Sdjl echo "You can create a sasl/GSSAPI enabled profile with default values now." 1541*cb5caa98Sdjl get_confirm "Do you want to create a sasl/GSSAPI default profile ?" "n" 1542*cb5caa98Sdjl 1543*cb5caa98Sdjl if [ $? -eq 0 ]; then 1544*cb5caa98Sdjl return 1545*cb5caa98Sdjl fi 1546*cb5caa98Sdjl fi 1547*cb5caa98Sdjl 1548*cb5caa98Sdjl # Add profile container if it does not exist 1549*cb5caa98Sdjl eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" > /dev/null 2>&1" 1550*cb5caa98Sdjl if [ $? -ne 0 ]; then 1551*cb5caa98Sdjl ( cat << EOF 1552*cb5caa98Sdjldn: ou=profile,${LDAP_BASEDN} 1553*cb5caa98Sdjlou: profile 1554*cb5caa98SdjlobjectClass: top 1555*cb5caa98SdjlobjectClass: organizationalUnit 1556*cb5caa98SdjlEOF 1557*cb5caa98Sdjl) > ${TMPDIR}/profile_people.ldif 1558*cb5caa98Sdjl 1559*cb5caa98Sdjl add_entry_by_DN "ou=profile,${LDAP_BASEDN}" "${TMPDIR}/profile_people.ldif" 1560*cb5caa98Sdjl 1561*cb5caa98Sdjl fi 1562*cb5caa98Sdjl 1563*cb5caa98Sdjl search_update_schema "objectclass" "DUAConfigProfile" 1564*cb5caa98Sdjl 1565*cb5caa98Sdjl _P_NAME="gssapi_${LDAP_KRB_REALM}" 1566*cb5caa98Sdjl if [ ${1} -eq 1 ]; then 1567*cb5caa98Sdjl _P_TMP=${LDAP_PROFILE_NAME} 1568*cb5caa98Sdjl LDAP_PROFILE_NAME=${_P_NAME} 1569*cb5caa98Sdjl get_profile_name 1570*cb5caa98Sdjl LDAP_GSSAPI_PROFILE=${LDAP_PROFILE_NAME} 1571*cb5caa98Sdjl LDAP_PROFILE_NAME=${_P_TMP} 1572*cb5caa98Sdjl fi 1573*cb5caa98Sdjl 1574*cb5caa98Sdjl _P_DN="cn=${LDAP_GSSAPI_PROFILE},ou=profile,${LDAP_BASEDN}" 1575*cb5caa98Sdjl if [ ${DEL_OLD_PROFILE} -eq 1 ]; then 1576*cb5caa98Sdjl DEL_OLD_PROFILE=0 1577*cb5caa98Sdjl ${EVAL} "${LDAPDELETE} ${LDAP_ARGS} ${_P_DN} ${VERB}" 1578*cb5caa98Sdjl fi 1579*cb5caa98Sdjl 1580*cb5caa98Sdjl _SVR=`getent hosts ${IDS_SERVER} | ${NAWK} '{ print $1 }'` 1581*cb5caa98Sdjl if [ ${IDS_PORT} -ne 389 ]; then 1582*cb5caa98Sdjl _SVR="${_SVR}:${IDS_PORT}" 1583*cb5caa98Sdjl fi 1584*cb5caa98Sdjl 1585*cb5caa98Sdjl (cat << EOF 1586*cb5caa98Sdjldn: ${_P_DN} 1587*cb5caa98SdjlobjectClass: top 1588*cb5caa98SdjlobjectClass: DUAConfigProfile 1589*cb5caa98SdjldefaultServerList: ${_SVR} 1590*cb5caa98SdjldefaultSearchBase: ${LDAP_BASEDN} 1591*cb5caa98SdjlauthenticationMethod: sasl/GSSAPI 1592*cb5caa98SdjlfollowReferrals: ${LDAP_FOLLOWREF} 1593*cb5caa98SdjldefaultSearchScope: ${LDAP_SEARCH_SCOPE} 1594*cb5caa98SdjlsearchTimeLimit: ${LDAP_SEARCH_TIME_LIMIT} 1595*cb5caa98SdjlprofileTTL: ${LDAP_PROFILE_TTL} 1596*cb5caa98Sdjlcn: ${LDAP_GSSAPI_PROFILE} 1597*cb5caa98SdjlcredentialLevel: self 1598*cb5caa98SdjlbindTimeLimit: ${LDAP_BIND_LIMIT} 1599*cb5caa98SdjlEOF 1600*cb5caa98Sdjl) > ${TMPDIR}/gssapi_profile.ldif 1601*cb5caa98Sdjl 1602*cb5caa98Sdjl add_entry_by_DN "${_P_DN}" "${TMPDIR}/gssapi_profile.ldif" 1603*cb5caa98Sdjl 1604*cb5caa98Sdjl} 1605*cb5caa98Sdjl# 1606*cb5caa98Sdjl# Set up GSSAPI if necessary 1607*cb5caa98Sdjl# 1608*cb5caa98Sdjlgssapi_setup() { 1609*cb5caa98Sdjl 1610*cb5caa98Sdjl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" supportedSASLMechanisms | ${GREP} GSSAPI ${VERB}" 1611*cb5caa98Sdjl if [ $? -ne 0 ]; then 1612*cb5caa98Sdjl ${ECHO} " sasl/GSSAPI is not supported by this LDAP server" 1613*cb5caa98Sdjl return 1614*cb5caa98Sdjl fi 1615*cb5caa98Sdjl 1616*cb5caa98Sdjl get_confirm "GSSAPI is supported. Do you want to set up gssapi:(y/n)" "n" 1617*cb5caa98Sdjl if [ $? -eq 0 ]; then 1618*cb5caa98Sdjl ${ECHO} 1619*cb5caa98Sdjl ${ECHO} "GSSAPI is not set up." 1620*cb5caa98Sdjl ${ECHO} "sasl/GSSAPI bind may not workif it's not set up before." 1621*cb5caa98Sdjl else 1622*cb5caa98Sdjl get_krb_realm 1623*cb5caa98Sdjl add_id_mapping_rules 1624*cb5caa98Sdjl modify_userpassword_acl_for_gssapi 1625*cb5caa98Sdjl create_gssapi_profile 1 1626*cb5caa98Sdjl ${ECHO} 1627*cb5caa98Sdjl ${ECHO} "GSSAPI setup is done." 1628*cb5caa98Sdjl fi 1629*cb5caa98Sdjl 1630*cb5caa98Sdjl cat << EOF 1631*cb5caa98Sdjl 1632*cb5caa98SdjlYou can continue to create a profile and 1633*cb5caa98Sdjlconfigure the LDAP server. 1634*cb5caa98SdjlOr you can stop now. 1635*cb5caa98Sdjl 1636*cb5caa98SdjlEOF 1637*cb5caa98Sdjl get_confirm "Do you want to stop:(y/n)" "n" 1638*cb5caa98Sdjl if [ $? -eq 1 ]; then 1639*cb5caa98Sdjl cleanup 1640*cb5caa98Sdjl exit 1641*cb5caa98Sdjl fi 1642*cb5caa98Sdjl 1643*cb5caa98Sdjl} 1644*cb5caa98Sdjlgssapi_setup_auto() { 1645*cb5caa98Sdjl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" supportedSASLMechanisms | ${GREP} GSSAPI ${VERB}" 1646*cb5caa98Sdjl if [ $? -ne 0 ]; then 1647*cb5caa98Sdjl ${ECHO} 1648*cb5caa98Sdjl ${ECHO} "sasl/GSSAPI is not supported by this LDAP server" 1649*cb5caa98Sdjl ${ECHO} 1650*cb5caa98Sdjl return 1651*cb5caa98Sdjl fi 1652*cb5caa98Sdjl if [ -z "${LDAP_KRB_REALM}" ]; then 1653*cb5caa98Sdjl ${ECHO} 1654*cb5caa98Sdjl ${ECHO} "LDAP_KRB_REALM is not set. Skip gssapi setup." 1655*cb5caa98Sdjl ${ECHO} "sasl/GSSAPI bind won't work properly." 1656*cb5caa98Sdjl ${ECHO} 1657*cb5caa98Sdjl return 1658*cb5caa98Sdjl fi 1659*cb5caa98Sdjl if [ -z "${LDAP_GSSAPI_PROFILE}" ]; then 1660*cb5caa98Sdjl ${ECHO} 1661*cb5caa98Sdjl ${ECHO} "LDAP_GSSAPI_PROFILE is not set. Default is gssapi_${LDAP_KRB_REALM}" 1662*cb5caa98Sdjl ${ECHO} 1663*cb5caa98Sdjl LDAP_GSSAPI_PROFILE="gssapi_${LDAP_KRB_REALM}" 1664*cb5caa98Sdjl fi 1665*cb5caa98Sdjl add_id_mapping_rules 1666*cb5caa98Sdjl modify_userpassword_acl_for_gssapi 1667*cb5caa98Sdjl create_gssapi_profile 0 1668*cb5caa98Sdjl} 16697c478bd9Sstevel@tonic-gate# get_profile_name(): Enter the profile name. 16707c478bd9Sstevel@tonic-gate# 16717c478bd9Sstevel@tonic-gateget_profile_name() 16727c478bd9Sstevel@tonic-gate{ 16737c478bd9Sstevel@tonic-gate # Reset Delete Old Profile since getting new profile name. 16747c478bd9Sstevel@tonic-gate DEL_OLD_PROFILE=0 16757c478bd9Sstevel@tonic-gate 16767c478bd9Sstevel@tonic-gate # Loop until valid profile name, or replace. 16777c478bd9Sstevel@tonic-gate while : 16787c478bd9Sstevel@tonic-gate do 16797c478bd9Sstevel@tonic-gate # Prompt for profile name. 16807c478bd9Sstevel@tonic-gate get_ans "Enter the profile name (h=help):" "$LDAP_PROFILE_NAME" 16817c478bd9Sstevel@tonic-gate 16827c478bd9Sstevel@tonic-gate # Check for Help. 16837c478bd9Sstevel@tonic-gate case "$ANS" in 16847c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg profile_help 16857c478bd9Sstevel@tonic-gate continue ;; 16867c478bd9Sstevel@tonic-gate * ) ;; 16877c478bd9Sstevel@tonic-gate esac 16887c478bd9Sstevel@tonic-gate 16897c478bd9Sstevel@tonic-gate # Search to see if profile name already exists. 16907c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${ANS},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 16917c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 16927c478bd9Sstevel@tonic-gate get_confirm_nodef "Are you sure you want to overwire profile cn=${ANS}?" 16937c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 16947c478bd9Sstevel@tonic-gate DEL_OLD_PROFILE=1 16957c478bd9Sstevel@tonic-gate return 0 # Replace old profile name. 16967c478bd9Sstevel@tonic-gate else 16977c478bd9Sstevel@tonic-gate ${ECHO} "Please re-enter a new profile name." 16987c478bd9Sstevel@tonic-gate fi 16997c478bd9Sstevel@tonic-gate else 17007c478bd9Sstevel@tonic-gate break # Unique profile name. 17017c478bd9Sstevel@tonic-gate fi 17027c478bd9Sstevel@tonic-gate done 17037c478bd9Sstevel@tonic-gate 17047c478bd9Sstevel@tonic-gate # Set Profile Name. 17057c478bd9Sstevel@tonic-gate LDAP_PROFILE_NAME=$ANS 17067c478bd9Sstevel@tonic-gate} 17077c478bd9Sstevel@tonic-gate 17087c478bd9Sstevel@tonic-gate 17097c478bd9Sstevel@tonic-gate# 17107c478bd9Sstevel@tonic-gate# get_srv_list(): Get the default server list. 17117c478bd9Sstevel@tonic-gate# 17127c478bd9Sstevel@tonic-gateget_srv_list() 17137c478bd9Sstevel@tonic-gate{ 17147c478bd9Sstevel@tonic-gate # If LDAP_SERVER_LIST is NULL, then set, otherwise leave alone. 17157c478bd9Sstevel@tonic-gate if [ -z "${LDAP_SERVER_LIST}" ]; then 17167c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST=`getent hosts ${IDS_SERVER} | awk '{print $1}'` 17177c478bd9Sstevel@tonic-gate if [ ${IDS_PORT} -ne 389 ]; then 17187c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST="${LDAP_SERVER_LIST}:${IDS_PORT}" 17197c478bd9Sstevel@tonic-gate fi 17207c478bd9Sstevel@tonic-gate fi 17217c478bd9Sstevel@tonic-gate 17227c478bd9Sstevel@tonic-gate # Prompt for new LDAP_SERVER_LIST. 17237c478bd9Sstevel@tonic-gate while : 17247c478bd9Sstevel@tonic-gate do 17257c478bd9Sstevel@tonic-gate get_ans "Default server list (h=help):" $LDAP_SERVER_LIST 17267c478bd9Sstevel@tonic-gate 17277c478bd9Sstevel@tonic-gate # If help continue, otherwise break. 17287c478bd9Sstevel@tonic-gate case "$ANS" in 17297c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg def_srvlist_help ;; 17307c478bd9Sstevel@tonic-gate * ) break ;; 17317c478bd9Sstevel@tonic-gate esac 17327c478bd9Sstevel@tonic-gate done 17337c478bd9Sstevel@tonic-gate LDAP_SERVER_LIST=$ANS 17347c478bd9Sstevel@tonic-gate} 17357c478bd9Sstevel@tonic-gate 17367c478bd9Sstevel@tonic-gate 17377c478bd9Sstevel@tonic-gate# 17387c478bd9Sstevel@tonic-gate# get_pref_srv(): The preferred server list (Overrides the server list) 17397c478bd9Sstevel@tonic-gate# 17407c478bd9Sstevel@tonic-gateget_pref_srv() 17417c478bd9Sstevel@tonic-gate{ 17427c478bd9Sstevel@tonic-gate while : 17437c478bd9Sstevel@tonic-gate do 17447c478bd9Sstevel@tonic-gate get_ans "Preferred server list (h=help):" $LDAP_PREF_SRVLIST 17457c478bd9Sstevel@tonic-gate 17467c478bd9Sstevel@tonic-gate # If help continue, otherwise break. 17477c478bd9Sstevel@tonic-gate case "$ANS" in 17487c478bd9Sstevel@tonic-gate [Hh] | help | Help | \?) display_msg pref_srvlist_help ;; 17497c478bd9Sstevel@tonic-gate * ) break ;; 17507c478bd9Sstevel@tonic-gate esac 17517c478bd9Sstevel@tonic-gate done 17527c478bd9Sstevel@tonic-gate LDAP_PREF_SRVLIST=$ANS 17537c478bd9Sstevel@tonic-gate} 17547c478bd9Sstevel@tonic-gate 17557c478bd9Sstevel@tonic-gate 17567c478bd9Sstevel@tonic-gate# 17577c478bd9Sstevel@tonic-gate# get_search_scope(): Get the search scope from the user. 17587c478bd9Sstevel@tonic-gate# 17597c478bd9Sstevel@tonic-gateget_search_scope() 17607c478bd9Sstevel@tonic-gate{ 17617c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_search_scope()" 17627c478bd9Sstevel@tonic-gate 17637c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 17647c478bd9Sstevel@tonic-gate while : 17657c478bd9Sstevel@tonic-gate do 17667c478bd9Sstevel@tonic-gate get_ans "Choose desired search scope (one, sub, h=help): " "one" 17677c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 17687c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 17697c478bd9Sstevel@tonic-gate one) LDAP_SEARCH_SCOPE="one" 17707c478bd9Sstevel@tonic-gate return 1 ;; 17717c478bd9Sstevel@tonic-gate sub) LDAP_SEARCH_SCOPE="sub" 17727c478bd9Sstevel@tonic-gate return 2 ;; 17737c478bd9Sstevel@tonic-gate h) display_msg srch_scope_help ;; 17747c478bd9Sstevel@tonic-gate *) ${ECHO} "Please enter \"one\", \"sub\", or \"h\"." ;; 17757c478bd9Sstevel@tonic-gate esac 17767c478bd9Sstevel@tonic-gate done 17777c478bd9Sstevel@tonic-gate 17787c478bd9Sstevel@tonic-gate} 17797c478bd9Sstevel@tonic-gate 17807c478bd9Sstevel@tonic-gate 17817c478bd9Sstevel@tonic-gate# 17827c478bd9Sstevel@tonic-gate# get_cred_level(): Function to display menu to user and get the 17837c478bd9Sstevel@tonic-gate# credential level. 17847c478bd9Sstevel@tonic-gate# 17857c478bd9Sstevel@tonic-gateget_cred_level() 17867c478bd9Sstevel@tonic-gate{ 17877c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_cred_level()" 17887c478bd9Sstevel@tonic-gate 17897c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 17907c478bd9Sstevel@tonic-gate display_msg cred_level_menu 17917c478bd9Sstevel@tonic-gate while : 17927c478bd9Sstevel@tonic-gate do 17937c478bd9Sstevel@tonic-gate get_ans "Choose Credential level [h=help]:" "1" 17947c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 17957c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 17967c478bd9Sstevel@tonic-gate 1) LDAP_CRED_LEVEL="anonymous" 17977c478bd9Sstevel@tonic-gate return 1 ;; 17987c478bd9Sstevel@tonic-gate 2) LDAP_CRED_LEVEL="proxy" 17997c478bd9Sstevel@tonic-gate return 2 ;; 18007c478bd9Sstevel@tonic-gate 3) LDAP_CRED_LEVEL="proxy anonymous" 18017c478bd9Sstevel@tonic-gate return 3 ;; 1802*cb5caa98Sdjl 4) LDAP_CRED_LEVEL="self" 1803*cb5caa98Sdjl SELF_GSSAPI=1 1804*cb5caa98Sdjl return 4 ;; 1805*cb5caa98Sdjl 5) LDAP_CRED_LEVEL="self proxy" 1806*cb5caa98Sdjl SELF_GSSAPI=1 1807*cb5caa98Sdjl return 5 ;; 1808*cb5caa98Sdjl 6) LDAP_CRED_LEVEL="self proxy anonymous" 1809*cb5caa98Sdjl SELF_GSSAPI=1 1810*cb5caa98Sdjl return 6 ;; 18117c478bd9Sstevel@tonic-gate h) display_msg cred_lvl_help ;; 1812*cb5caa98Sdjl *) ${ECHO} "Please enter 1, 2, 3, 4, 5 or 6." ;; 18137c478bd9Sstevel@tonic-gate esac 18147c478bd9Sstevel@tonic-gate done 18157c478bd9Sstevel@tonic-gate} 18167c478bd9Sstevel@tonic-gate 18177c478bd9Sstevel@tonic-gate 18187c478bd9Sstevel@tonic-gate# 18197c478bd9Sstevel@tonic-gate# srvauth_menu_handler(): Enter the Service Authentication method. 18207c478bd9Sstevel@tonic-gate# 18217c478bd9Sstevel@tonic-gatesrvauth_menu_handler() 18227c478bd9Sstevel@tonic-gate{ 18237c478bd9Sstevel@tonic-gate # Display Auth menu 18247c478bd9Sstevel@tonic-gate display_msg srvauth_method_menu 18257c478bd9Sstevel@tonic-gate 18267c478bd9Sstevel@tonic-gate # Get a Valid choice. 18277c478bd9Sstevel@tonic-gate while : 18287c478bd9Sstevel@tonic-gate do 18297c478bd9Sstevel@tonic-gate # Display appropriate prompt and get answer. 18307c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 18317c478bd9Sstevel@tonic-gate get_ans "Choose Service Authentication Method:" "1" 18327c478bd9Sstevel@tonic-gate else 18337c478bd9Sstevel@tonic-gate get_ans "Choose Service Authentication Method (0=reset):" 18347c478bd9Sstevel@tonic-gate fi 18357c478bd9Sstevel@tonic-gate 18367c478bd9Sstevel@tonic-gate # Determine choice. 18377c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 18387c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 18397c478bd9Sstevel@tonic-gate 1) _AUTHMETHOD="simple" 18407c478bd9Sstevel@tonic-gate break ;; 18417c478bd9Sstevel@tonic-gate 2) _AUTHMETHOD="sasl/DIGEST-MD5" 18427c478bd9Sstevel@tonic-gate break ;; 18437c478bd9Sstevel@tonic-gate 3) _AUTHMETHOD="tls:simple" 18447c478bd9Sstevel@tonic-gate break ;; 18457c478bd9Sstevel@tonic-gate 4) _AUTHMETHOD="tls:sasl/DIGEST-MD5" 18467c478bd9Sstevel@tonic-gate break ;; 1847*cb5caa98Sdjl 5) _AUTHMETHOD="sasl/GSSAPI" 1848*cb5caa98Sdjl break ;; 18497c478bd9Sstevel@tonic-gate 0) _AUTHMETHOD="" 18507c478bd9Sstevel@tonic-gate _FIRST=1 18517c478bd9Sstevel@tonic-gate break ;; 1852*cb5caa98Sdjl *) ${ECHO} "Please enter 1-5 or 0 to reset." ;; 18537c478bd9Sstevel@tonic-gate esac 18547c478bd9Sstevel@tonic-gate done 18557c478bd9Sstevel@tonic-gate} 18567c478bd9Sstevel@tonic-gate 18577c478bd9Sstevel@tonic-gate 18587c478bd9Sstevel@tonic-gate# 18597c478bd9Sstevel@tonic-gate# auth_menu_handler(): Enter the Authentication method. 18607c478bd9Sstevel@tonic-gate# 18617c478bd9Sstevel@tonic-gateauth_menu_handler() 18627c478bd9Sstevel@tonic-gate{ 18637c478bd9Sstevel@tonic-gate # Display Auth menu 18647c478bd9Sstevel@tonic-gate display_msg auth_method_menu 18657c478bd9Sstevel@tonic-gate 18667c478bd9Sstevel@tonic-gate # Get a Valid choice. 18677c478bd9Sstevel@tonic-gate while : 18687c478bd9Sstevel@tonic-gate do 18697c478bd9Sstevel@tonic-gate # Display appropriate prompt and get answer. 18707c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 18717c478bd9Sstevel@tonic-gate get_ans "Choose Authentication Method (h=help):" "1" 18727c478bd9Sstevel@tonic-gate else 18737c478bd9Sstevel@tonic-gate get_ans "Choose Authentication Method (0=reset, h=help):" 18747c478bd9Sstevel@tonic-gate fi 18757c478bd9Sstevel@tonic-gate 18767c478bd9Sstevel@tonic-gate # Determine choice. 18777c478bd9Sstevel@tonic-gate _MENU_CHOICE=$ANS 18787c478bd9Sstevel@tonic-gate case "$_MENU_CHOICE" in 18797c478bd9Sstevel@tonic-gate 1) _AUTHMETHOD="none" 18807c478bd9Sstevel@tonic-gate break ;; 18817c478bd9Sstevel@tonic-gate 2) _AUTHMETHOD="simple" 18827c478bd9Sstevel@tonic-gate break ;; 18837c478bd9Sstevel@tonic-gate 3) _AUTHMETHOD="sasl/DIGEST-MD5" 18847c478bd9Sstevel@tonic-gate break ;; 18857c478bd9Sstevel@tonic-gate 4) _AUTHMETHOD="tls:simple" 18867c478bd9Sstevel@tonic-gate break ;; 18877c478bd9Sstevel@tonic-gate 5) _AUTHMETHOD="tls:sasl/DIGEST-MD5" 18887c478bd9Sstevel@tonic-gate break ;; 1889*cb5caa98Sdjl 6) _AUTHMETHOD="sasl/GSSAPI" 1890*cb5caa98Sdjl break ;; 18917c478bd9Sstevel@tonic-gate 0) _AUTHMETHOD="" 18927c478bd9Sstevel@tonic-gate _FIRST=1 18937c478bd9Sstevel@tonic-gate break ;; 18947c478bd9Sstevel@tonic-gate h) display_msg auth_help ;; 1895*cb5caa98Sdjl *) ${ECHO} "Please enter 1-6, 0=reset, or h=help." ;; 18967c478bd9Sstevel@tonic-gate esac 18977c478bd9Sstevel@tonic-gate done 18987c478bd9Sstevel@tonic-gate} 18997c478bd9Sstevel@tonic-gate 19007c478bd9Sstevel@tonic-gate 19017c478bd9Sstevel@tonic-gate# 19027c478bd9Sstevel@tonic-gate# get_auth(): Enter the Authentication method. 19037c478bd9Sstevel@tonic-gate# 19047c478bd9Sstevel@tonic-gateget_auth() 19057c478bd9Sstevel@tonic-gate{ 19067c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_auth()" 19077c478bd9Sstevel@tonic-gate 19087c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 19097c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 19107c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 19117c478bd9Sstevel@tonic-gate 19127c478bd9Sstevel@tonic-gate while : 19137c478bd9Sstevel@tonic-gate do 19147c478bd9Sstevel@tonic-gate # Call Menu handler 19157c478bd9Sstevel@tonic-gate auth_menu_handler 19167c478bd9Sstevel@tonic-gate 19177c478bd9Sstevel@tonic-gate # Add Auth Method to list. 19187c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 19197c478bd9Sstevel@tonic-gate LDAP_AUTHMETHOD="${_AUTHMETHOD}" 19207c478bd9Sstevel@tonic-gate _FIRST=0 19217c478bd9Sstevel@tonic-gate else 19227c478bd9Sstevel@tonic-gate LDAP_AUTHMETHOD="${LDAP_AUTHMETHOD};${_AUTHMETHOD}" 19237c478bd9Sstevel@tonic-gate fi 19247c478bd9Sstevel@tonic-gate 19257c478bd9Sstevel@tonic-gate # Display current Authentication Method. 19267c478bd9Sstevel@tonic-gate ${ECHO} "" 19277c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_AUTHMETHOD}" 19287c478bd9Sstevel@tonic-gate ${ECHO} "" 19297c478bd9Sstevel@tonic-gate 19307c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 19317c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 19327c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 19337c478bd9Sstevel@tonic-gate break; 19347c478bd9Sstevel@tonic-gate fi 19357c478bd9Sstevel@tonic-gate done 19367c478bd9Sstevel@tonic-gate} 19377c478bd9Sstevel@tonic-gate 19387c478bd9Sstevel@tonic-gate 19397c478bd9Sstevel@tonic-gate# 19407c478bd9Sstevel@tonic-gate# get_followref(): Whether or not to follow referrals. 19417c478bd9Sstevel@tonic-gate# 19427c478bd9Sstevel@tonic-gateget_followref() 19437c478bd9Sstevel@tonic-gate{ 19447c478bd9Sstevel@tonic-gate get_confirm "Do you want the clients to follow referrals (y/n/h)?" "n" "referrals_help" 19457c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 19467c478bd9Sstevel@tonic-gate LDAP_FOLLOWREF="TRUE" 19477c478bd9Sstevel@tonic-gate else 19487c478bd9Sstevel@tonic-gate LDAP_FOLLOWREF="FALSE" 19497c478bd9Sstevel@tonic-gate fi 19507c478bd9Sstevel@tonic-gate} 19517c478bd9Sstevel@tonic-gate 19527c478bd9Sstevel@tonic-gate 19537c478bd9Sstevel@tonic-gate# 19547c478bd9Sstevel@tonic-gate# get_timelimit(): Set the time limit. -1 is max time. 19557c478bd9Sstevel@tonic-gate# 19567c478bd9Sstevel@tonic-gateget_timelimit() 19577c478bd9Sstevel@tonic-gate{ 19587c478bd9Sstevel@tonic-gate # Get current timeout value from cn=config. 19597c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-timelimit > ${TMPDIR}/chk_timeout 2>&1" 19607c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 19617c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Could not reach LDAP server to check current timeout!" 19627c478bd9Sstevel@tonic-gate cleanup 19637c478bd9Sstevel@tonic-gate exit 1 19647c478bd9Sstevel@tonic-gate fi 19657c478bd9Sstevel@tonic-gate CURR_TIMELIMIT=`${GREP} timelimit ${TMPDIR}/chk_timeout | cut -f2 -d=` 19667c478bd9Sstevel@tonic-gate 19677c478bd9Sstevel@tonic-gate get_negone_num "Enter the time limit for iDS (current=${CURR_TIMELIMIT}):" "-1" 19687c478bd9Sstevel@tonic-gate IDS_TIMELIMIT=$NUM 19697c478bd9Sstevel@tonic-gate} 19707c478bd9Sstevel@tonic-gate 19717c478bd9Sstevel@tonic-gate 19727c478bd9Sstevel@tonic-gate# 19737c478bd9Sstevel@tonic-gate# get_sizelimit(): Set the size limit. -1 is max size. 19747c478bd9Sstevel@tonic-gate# 19757c478bd9Sstevel@tonic-gateget_sizelimit() 19767c478bd9Sstevel@tonic-gate{ 19777c478bd9Sstevel@tonic-gate # Get current sizelimit value from cn=config. 19787c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-sizelimit > ${TMPDIR}/chk_sizelimit 2>&1" 19797c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 19807c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Could not reach LDAP server to check current sizelimit!" 19817c478bd9Sstevel@tonic-gate cleanup 19827c478bd9Sstevel@tonic-gate exit 1 19837c478bd9Sstevel@tonic-gate fi 19847c478bd9Sstevel@tonic-gate CURR_SIZELIMIT=`${GREP} sizelimit ${TMPDIR}/chk_sizelimit | cut -f2 -d=` 19857c478bd9Sstevel@tonic-gate 19867c478bd9Sstevel@tonic-gate get_negone_num "Enter the size limit for iDS (current=${CURR_SIZELIMIT}):" "-1" 19877c478bd9Sstevel@tonic-gate IDS_SIZELIMIT=$NUM 19887c478bd9Sstevel@tonic-gate} 19897c478bd9Sstevel@tonic-gate 19907c478bd9Sstevel@tonic-gate 19917c478bd9Sstevel@tonic-gate# 19927c478bd9Sstevel@tonic-gate# get_want_crypt(): Ask user if want to store passwords in crypt? 19937c478bd9Sstevel@tonic-gate# 19947c478bd9Sstevel@tonic-gateget_want_crypt() 19957c478bd9Sstevel@tonic-gate{ 19967c478bd9Sstevel@tonic-gate get_confirm "Do you want to store passwords in \"crypt\" format (y/n/h)?" "n" "crypt_help" 19977c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 19987c478bd9Sstevel@tonic-gate NEED_CRYPT="TRUE" 19997c478bd9Sstevel@tonic-gate else 20007c478bd9Sstevel@tonic-gate NEED_CRYPT="FALSE" 20017c478bd9Sstevel@tonic-gate fi 20027c478bd9Sstevel@tonic-gate} 20037c478bd9Sstevel@tonic-gate 20047c478bd9Sstevel@tonic-gate 20057c478bd9Sstevel@tonic-gate# 20067c478bd9Sstevel@tonic-gate# get_srv_authMethod_pam(): Get the Service Auth Method for pam_ldap from user. 20077c478bd9Sstevel@tonic-gate# 20087c478bd9Sstevel@tonic-gate# NOTE: This function is base on get_auth(). 20097c478bd9Sstevel@tonic-gate# 20107c478bd9Sstevel@tonic-gateget_srv_authMethod_pam() 20117c478bd9Sstevel@tonic-gate{ 20127c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_pam()" 20137c478bd9Sstevel@tonic-gate 20147c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 20157c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 20167c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 20177c478bd9Sstevel@tonic-gate 20187c478bd9Sstevel@tonic-gate while : 20197c478bd9Sstevel@tonic-gate do 20207c478bd9Sstevel@tonic-gate # Call Menu handler 20217c478bd9Sstevel@tonic-gate srvauth_menu_handler 20227c478bd9Sstevel@tonic-gate 20237c478bd9Sstevel@tonic-gate # Add Auth Method to list. 20247c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 20257c478bd9Sstevel@tonic-gate if [ "$_AUTHMETHOD" = "" ]; then 20267c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="" 20277c478bd9Sstevel@tonic-gate else 20287c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="pam_ldap:${_AUTHMETHOD}" 20297c478bd9Sstevel@tonic-gate fi 20307c478bd9Sstevel@tonic-gate _FIRST=0 20317c478bd9Sstevel@tonic-gate else 20327c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_PAM="${LDAP_SRV_AUTHMETHOD_PAM};${_AUTHMETHOD}" 20337c478bd9Sstevel@tonic-gate fi 20347c478bd9Sstevel@tonic-gate 20357c478bd9Sstevel@tonic-gate # Display current Authentication Method. 20367c478bd9Sstevel@tonic-gate ${ECHO} "" 20377c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_PAM}" 20387c478bd9Sstevel@tonic-gate ${ECHO} "" 20397c478bd9Sstevel@tonic-gate 20407c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 20417c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 20427c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 20437c478bd9Sstevel@tonic-gate break; 20447c478bd9Sstevel@tonic-gate fi 20457c478bd9Sstevel@tonic-gate done 20467c478bd9Sstevel@tonic-gate 20477c478bd9Sstevel@tonic-gate # Check in case user reset string and exited loop. 20487c478bd9Sstevel@tonic-gate if [ "$LDAP_SRV_AUTHMETHOD_PAM" = "" ]; then 20497c478bd9Sstevel@tonic-gate NEED_SRVAUTH_PAM=0 20507c478bd9Sstevel@tonic-gate fi 20517c478bd9Sstevel@tonic-gate} 20527c478bd9Sstevel@tonic-gate 20537c478bd9Sstevel@tonic-gate 20547c478bd9Sstevel@tonic-gate# 20557c478bd9Sstevel@tonic-gate# get_srv_authMethod_key(): Get the Service Auth Method for keyserv from user. 20567c478bd9Sstevel@tonic-gate# 20577c478bd9Sstevel@tonic-gate# NOTE: This function is base on get_auth(). 20587c478bd9Sstevel@tonic-gate# 20597c478bd9Sstevel@tonic-gateget_srv_authMethod_key() 20607c478bd9Sstevel@tonic-gate{ 20617c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_key()" 20627c478bd9Sstevel@tonic-gate 20637c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 20647c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 20657c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 20667c478bd9Sstevel@tonic-gate 20677c478bd9Sstevel@tonic-gate while : 20687c478bd9Sstevel@tonic-gate do 20697c478bd9Sstevel@tonic-gate # Call Menu handler 20707c478bd9Sstevel@tonic-gate srvauth_menu_handler 20717c478bd9Sstevel@tonic-gate 20727c478bd9Sstevel@tonic-gate # Add Auth Method to list. 20737c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 20747c478bd9Sstevel@tonic-gate if [ "$_AUTHMETHOD" = "" ]; then 20757c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="" 20767c478bd9Sstevel@tonic-gate else 20777c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="keyserv:${_AUTHMETHOD}" 20787c478bd9Sstevel@tonic-gate fi 20797c478bd9Sstevel@tonic-gate _FIRST=0 20807c478bd9Sstevel@tonic-gate else 20817c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_KEY="${LDAP_SRV_AUTHMETHOD_KEY};${_AUTHMETHOD}" 20827c478bd9Sstevel@tonic-gate fi 20837c478bd9Sstevel@tonic-gate 20847c478bd9Sstevel@tonic-gate # Display current Authentication Method. 20857c478bd9Sstevel@tonic-gate ${ECHO} "" 20867c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_KEY}" 20877c478bd9Sstevel@tonic-gate ${ECHO} "" 20887c478bd9Sstevel@tonic-gate 20897c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 20907c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 20917c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 20927c478bd9Sstevel@tonic-gate break; 20937c478bd9Sstevel@tonic-gate fi 20947c478bd9Sstevel@tonic-gate done 20957c478bd9Sstevel@tonic-gate 20967c478bd9Sstevel@tonic-gate # Check in case user reset string and exited loop. 20977c478bd9Sstevel@tonic-gate if [ "$LDAP_SRV_AUTHMETHOD_KEY" = "" ]; then 20987c478bd9Sstevel@tonic-gate NEED_SRVAUTH_KEY=0 20997c478bd9Sstevel@tonic-gate fi 21007c478bd9Sstevel@tonic-gate} 21017c478bd9Sstevel@tonic-gate 21027c478bd9Sstevel@tonic-gate 21037c478bd9Sstevel@tonic-gate# 21047c478bd9Sstevel@tonic-gate# get_srv_authMethod_cmd(): Get the Service Auth Method for passwd-cmd from user. 21057c478bd9Sstevel@tonic-gate# 21067c478bd9Sstevel@tonic-gate# NOTE: This function is base on get_auth(). 21077c478bd9Sstevel@tonic-gate# 21087c478bd9Sstevel@tonic-gateget_srv_authMethod_cmd() 21097c478bd9Sstevel@tonic-gate{ 21107c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_cmd()" 21117c478bd9Sstevel@tonic-gate 21127c478bd9Sstevel@tonic-gate _FIRST=1 # Flag for first time. 21137c478bd9Sstevel@tonic-gate _MENU_CHOICE=0 21147c478bd9Sstevel@tonic-gate _AUTHMETHOD="" # Tmp method. 21157c478bd9Sstevel@tonic-gate 21167c478bd9Sstevel@tonic-gate while : 21177c478bd9Sstevel@tonic-gate do 21187c478bd9Sstevel@tonic-gate # Call Menu handler 21197c478bd9Sstevel@tonic-gate srvauth_menu_handler 21207c478bd9Sstevel@tonic-gate 21217c478bd9Sstevel@tonic-gate # Add Auth Method to list. 21227c478bd9Sstevel@tonic-gate if [ $_FIRST -eq 1 ]; then 21237c478bd9Sstevel@tonic-gate if [ "$_AUTHMETHOD" = "" ]; then 21247c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="" 21257c478bd9Sstevel@tonic-gate else 21267c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="passwd-cmd:${_AUTHMETHOD}" 21277c478bd9Sstevel@tonic-gate fi 21287c478bd9Sstevel@tonic-gate _FIRST=0 21297c478bd9Sstevel@tonic-gate else 21307c478bd9Sstevel@tonic-gate LDAP_SRV_AUTHMETHOD_CMD="${LDAP_SRV_AUTHMETHOD_CMD};${_AUTHMETHOD}" 21317c478bd9Sstevel@tonic-gate fi 21327c478bd9Sstevel@tonic-gate 21337c478bd9Sstevel@tonic-gate # Display current Authentication Method. 21347c478bd9Sstevel@tonic-gate ${ECHO} "" 21357c478bd9Sstevel@tonic-gate ${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_CMD}" 21367c478bd9Sstevel@tonic-gate ${ECHO} "" 21377c478bd9Sstevel@tonic-gate 21387c478bd9Sstevel@tonic-gate # Prompt for another Auth Method, or break out. 21397c478bd9Sstevel@tonic-gate get_confirm_nodef "Do you want to add another Authentication Method?" 21407c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 21417c478bd9Sstevel@tonic-gate break; 21427c478bd9Sstevel@tonic-gate fi 21437c478bd9Sstevel@tonic-gate done 21447c478bd9Sstevel@tonic-gate 21457c478bd9Sstevel@tonic-gate # Check in case user reset string and exited loop. 21467c478bd9Sstevel@tonic-gate if [ "$LDAP_SRV_AUTHMETHOD_CMD" = "" ]; then 21477c478bd9Sstevel@tonic-gate NEED_SRVAUTH_CMD=0 21487c478bd9Sstevel@tonic-gate fi 21497c478bd9Sstevel@tonic-gate} 21507c478bd9Sstevel@tonic-gate 21517c478bd9Sstevel@tonic-gate 21527c478bd9Sstevel@tonic-gate# 21537c478bd9Sstevel@tonic-gate# get_srch_time(): Amount of time to search. 21547c478bd9Sstevel@tonic-gate# 21557c478bd9Sstevel@tonic-gateget_srch_time() 21567c478bd9Sstevel@tonic-gate{ 21577c478bd9Sstevel@tonic-gate get_negone_num "Client search time limit in seconds (h=help):" "$LDAP_SEARCH_TIME_LIMIT" "srchtime_help" 21587c478bd9Sstevel@tonic-gate LDAP_SEARCH_TIME_LIMIT=$NUM 21597c478bd9Sstevel@tonic-gate} 21607c478bd9Sstevel@tonic-gate 21617c478bd9Sstevel@tonic-gate 21627c478bd9Sstevel@tonic-gate# 21637c478bd9Sstevel@tonic-gate# get_prof_ttl(): The profile time to live (TTL) 21647c478bd9Sstevel@tonic-gate# 21657c478bd9Sstevel@tonic-gateget_prof_ttl() 21667c478bd9Sstevel@tonic-gate{ 21677c478bd9Sstevel@tonic-gate get_negone_num "Profile Time To Live in seconds (h=help):" "$LDAP_PROFILE_TTL" "profttl_help" 21687c478bd9Sstevel@tonic-gate LDAP_PROFILE_TTL=$NUM 21697c478bd9Sstevel@tonic-gate} 21707c478bd9Sstevel@tonic-gate 21717c478bd9Sstevel@tonic-gate 21727c478bd9Sstevel@tonic-gate# 21737c478bd9Sstevel@tonic-gate# get_bind_limit(): Bind time limit 21747c478bd9Sstevel@tonic-gate# 21757c478bd9Sstevel@tonic-gateget_bind_limit() 21767c478bd9Sstevel@tonic-gate{ 21777c478bd9Sstevel@tonic-gate get_negone_num "Bind time limit in seconds (h=help):" "$LDAP_BIND_LIMIT" "bindlim_help" 21787c478bd9Sstevel@tonic-gate LDAP_BIND_LIMIT=$NUM 21797c478bd9Sstevel@tonic-gate} 21807c478bd9Sstevel@tonic-gate 21817c478bd9Sstevel@tonic-gate 21827c478bd9Sstevel@tonic-gate###################################################################### 21837c478bd9Sstevel@tonic-gate# FUNCTIONS FOR Service Search Descriptor's START HERE. 21847c478bd9Sstevel@tonic-gate###################################################################### 21857c478bd9Sstevel@tonic-gate 21867c478bd9Sstevel@tonic-gate 21877c478bd9Sstevel@tonic-gate# 21887c478bd9Sstevel@tonic-gate# add_ssd(): Get SSD's from user and add to file. 21897c478bd9Sstevel@tonic-gate# 21907c478bd9Sstevel@tonic-gateadd_ssd() 21917c478bd9Sstevel@tonic-gate{ 21927c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_ssd()" 21937c478bd9Sstevel@tonic-gate 21947c478bd9Sstevel@tonic-gate # Enter the service id. Loop til unique. 21957c478bd9Sstevel@tonic-gate while : 21967c478bd9Sstevel@tonic-gate do 21977c478bd9Sstevel@tonic-gate get_ans "Enter the service id:" 21987c478bd9Sstevel@tonic-gate _SERV_ID=$ANS 21997c478bd9Sstevel@tonic-gate 22007c478bd9Sstevel@tonic-gate # Grep for name existing. 22017c478bd9Sstevel@tonic-gate ${GREP} -i "^$ANS:" ${SSD_FILE} > /dev/null 2>&1 22027c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 22037c478bd9Sstevel@tonic-gate break 22047c478bd9Sstevel@tonic-gate fi 22057c478bd9Sstevel@tonic-gate 22067c478bd9Sstevel@tonic-gate # Name exists, print message, let user decide. 22077c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Service id ${ANS} already exists." 22087c478bd9Sstevel@tonic-gate done 22097c478bd9Sstevel@tonic-gate 22107c478bd9Sstevel@tonic-gate get_ans "Enter the base:" 22117c478bd9Sstevel@tonic-gate _BASE=$ANS 22127c478bd9Sstevel@tonic-gate 22137c478bd9Sstevel@tonic-gate # Get the scope and verify that its one or sub. 22147c478bd9Sstevel@tonic-gate while : 22157c478bd9Sstevel@tonic-gate do 22167c478bd9Sstevel@tonic-gate get_ans "Enter the scope:" 22177c478bd9Sstevel@tonic-gate _SCOPE=$ANS 22187c478bd9Sstevel@tonic-gate case `${ECHO} ${_SCOPE} | tr '[A-Z]' '[a-z]'` in 22197c478bd9Sstevel@tonic-gate one) break ;; 22207c478bd9Sstevel@tonic-gate sub) break ;; 22217c478bd9Sstevel@tonic-gate *) ${ECHO} "${_SCOPE} is Not valid - Enter 'one' or 'sub'" ;; 22227c478bd9Sstevel@tonic-gate esac 22237c478bd9Sstevel@tonic-gate done 22247c478bd9Sstevel@tonic-gate 22257c478bd9Sstevel@tonic-gate # Build SSD to add to file. 22267c478bd9Sstevel@tonic-gate _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}" 22277c478bd9Sstevel@tonic-gate 22287c478bd9Sstevel@tonic-gate # Add the SSD to the file. 22297c478bd9Sstevel@tonic-gate ${ECHO} "${_SSD}" >> ${SSD_FILE} 22307c478bd9Sstevel@tonic-gate} 22317c478bd9Sstevel@tonic-gate 22327c478bd9Sstevel@tonic-gate 22337c478bd9Sstevel@tonic-gate# 22347c478bd9Sstevel@tonic-gate# delete_ssd(): Delete a SSD from the list. 22357c478bd9Sstevel@tonic-gate# 22367c478bd9Sstevel@tonic-gatedelete_ssd() 22377c478bd9Sstevel@tonic-gate{ 22387c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In delete_ssd()" 22397c478bd9Sstevel@tonic-gate 22407c478bd9Sstevel@tonic-gate # Get service id name from user for SSD to delete. 22417c478bd9Sstevel@tonic-gate get_ans_req "Enter service id to delete:" 22427c478bd9Sstevel@tonic-gate 22437c478bd9Sstevel@tonic-gate # Make sure service id exists. 22447c478bd9Sstevel@tonic-gate ${GREP} "$ANS" ${SSD_FILE} > /dev/null 2>&1 22457c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 22467c478bd9Sstevel@tonic-gate ${ECHO} "Invalid service id: $ANS not present in list." 22477c478bd9Sstevel@tonic-gate return 22487c478bd9Sstevel@tonic-gate fi 22497c478bd9Sstevel@tonic-gate 22507c478bd9Sstevel@tonic-gate # Create temporary back SSD file. 22517c478bd9Sstevel@tonic-gate cp ${SSD_FILE} ${SSD_FILE}.bak 22527c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 22537c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak" 22547c478bd9Sstevel@tonic-gate exit 1 22557c478bd9Sstevel@tonic-gate fi 22567c478bd9Sstevel@tonic-gate 22577c478bd9Sstevel@tonic-gate # Use ${GREP} to remove the SSD. Read from temp file 22587c478bd9Sstevel@tonic-gate # and write to the orig file. 22597c478bd9Sstevel@tonic-gate ${GREP} -v "$ANS" ${SSD_FILE}.bak > ${SSD_FILE} 22607c478bd9Sstevel@tonic-gate} 22617c478bd9Sstevel@tonic-gate 22627c478bd9Sstevel@tonic-gate 22637c478bd9Sstevel@tonic-gate# 22647c478bd9Sstevel@tonic-gate# modify_ssd(): Allow user to modify a SSD. 22657c478bd9Sstevel@tonic-gate# 22667c478bd9Sstevel@tonic-gatemodify_ssd() 22677c478bd9Sstevel@tonic-gate{ 22687c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_ssd()" 22697c478bd9Sstevel@tonic-gate 22707c478bd9Sstevel@tonic-gate # Prompt user for service id. 22717c478bd9Sstevel@tonic-gate get_ans_req "Enter service id to modify:" 22727c478bd9Sstevel@tonic-gate 22737c478bd9Sstevel@tonic-gate # Put into temp _LINE. 22747c478bd9Sstevel@tonic-gate _LINE=`${GREP} "^$ANS:" ${SSD_FILE}` 22757c478bd9Sstevel@tonic-gate if [ "$_LINE" = "" ]; then 22767c478bd9Sstevel@tonic-gate ${ECHO} "Invalid service id: $ANS" 22777c478bd9Sstevel@tonic-gate return 22787c478bd9Sstevel@tonic-gate fi 22797c478bd9Sstevel@tonic-gate 22807c478bd9Sstevel@tonic-gate # Display current filter for user to see. 22817c478bd9Sstevel@tonic-gate ${ECHO} "" 22827c478bd9Sstevel@tonic-gate ${ECHO} "Current SSD: $_LINE" 22837c478bd9Sstevel@tonic-gate ${ECHO} "" 22847c478bd9Sstevel@tonic-gate 22857c478bd9Sstevel@tonic-gate # Get the defaults. 22867c478bd9Sstevel@tonic-gate _CURR_BASE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 1` 22877c478bd9Sstevel@tonic-gate _CURR_SCOPE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 2` 22887c478bd9Sstevel@tonic-gate 22897c478bd9Sstevel@tonic-gate # Create temporary back SSD file. 22907c478bd9Sstevel@tonic-gate cp ${SSD_FILE} ${SSD_FILE}.bak 22917c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 22927c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak" 22937c478bd9Sstevel@tonic-gate cleanup 22947c478bd9Sstevel@tonic-gate exit 1 22957c478bd9Sstevel@tonic-gate fi 22967c478bd9Sstevel@tonic-gate 22977c478bd9Sstevel@tonic-gate # Removed the old line. 22987c478bd9Sstevel@tonic-gate ${GREP} -v "^$ANS:" ${SSD_FILE}.bak > ${SSD_FILE} 2>&1 22997c478bd9Sstevel@tonic-gate 23007c478bd9Sstevel@tonic-gate # New Entry 23017c478bd9Sstevel@tonic-gate _SERV_ID=$ANS 23027c478bd9Sstevel@tonic-gate get_ans_req "Enter the base:" "$_CURR_BASE" 23037c478bd9Sstevel@tonic-gate _BASE=$ANS 23047c478bd9Sstevel@tonic-gate get_ans_req "Enter the scope:" "$_CURR_SCOPE" 23057c478bd9Sstevel@tonic-gate _SCOPE=$ANS 23067c478bd9Sstevel@tonic-gate 23077c478bd9Sstevel@tonic-gate # Build the new SSD. 23087c478bd9Sstevel@tonic-gate _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}" 23097c478bd9Sstevel@tonic-gate 23107c478bd9Sstevel@tonic-gate # Add the SSD to the file. 23117c478bd9Sstevel@tonic-gate ${ECHO} "${_SSD}" >> ${SSD_FILE} 23127c478bd9Sstevel@tonic-gate} 23137c478bd9Sstevel@tonic-gate 23147c478bd9Sstevel@tonic-gate 23157c478bd9Sstevel@tonic-gate# 23167c478bd9Sstevel@tonic-gate# display_ssd(): Display the current SSD list. 23177c478bd9Sstevel@tonic-gate# 23187c478bd9Sstevel@tonic-gatedisplay_ssd() 23197c478bd9Sstevel@tonic-gate{ 23207c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In display_ssd()" 23217c478bd9Sstevel@tonic-gate 23227c478bd9Sstevel@tonic-gate ${ECHO} "" 23237c478bd9Sstevel@tonic-gate ${ECHO} "Current Service Search Descriptors:" 23247c478bd9Sstevel@tonic-gate ${ECHO} "==================================" 23257c478bd9Sstevel@tonic-gate cat ${SSD_FILE} 23267c478bd9Sstevel@tonic-gate ${ECHO} "" 23277c478bd9Sstevel@tonic-gate ${ECHO} "Hit return to continue." 23287c478bd9Sstevel@tonic-gate read __A 23297c478bd9Sstevel@tonic-gate} 23307c478bd9Sstevel@tonic-gate 23317c478bd9Sstevel@tonic-gate 23327c478bd9Sstevel@tonic-gate# 23337c478bd9Sstevel@tonic-gate# prompt_ssd(): Get SSD's from user. 23347c478bd9Sstevel@tonic-gate# 23357c478bd9Sstevel@tonic-gateprompt_ssd() 23367c478bd9Sstevel@tonic-gate{ 23377c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_ssd()" 23387c478bd9Sstevel@tonic-gate # See if user wants SSD's? 23397c478bd9Sstevel@tonic-gate get_confirm "Do you wish to setup Service Search Descriptors (y/n/h)?" "n" "ssd_help" 23407c478bd9Sstevel@tonic-gate [ "$?" -eq 0 ] && return 23417c478bd9Sstevel@tonic-gate 23427c478bd9Sstevel@tonic-gate # Display menu for SSD choices. 23437c478bd9Sstevel@tonic-gate while : 23447c478bd9Sstevel@tonic-gate do 23457c478bd9Sstevel@tonic-gate display_msg prompt_ssd_menu 23467c478bd9Sstevel@tonic-gate get_ans "Enter menu choice:" "Quit" 23477c478bd9Sstevel@tonic-gate case "$ANS" in 23487c478bd9Sstevel@tonic-gate [Aa] | add) add_ssd ;; 23497c478bd9Sstevel@tonic-gate [Dd] | delete) delete_ssd ;; 23507c478bd9Sstevel@tonic-gate [Mm] | modify) modify_ssd ;; 23517c478bd9Sstevel@tonic-gate [Pp] | print | display) display_ssd ;; 23527c478bd9Sstevel@tonic-gate [Xx] | reset | clear) reset_ssd_file ;; 23537c478bd9Sstevel@tonic-gate [Hh] | Help | help) display_msg ssd_menu_help 23547c478bd9Sstevel@tonic-gate ${ECHO} " Press return to continue." 23557c478bd9Sstevel@tonic-gate read __A ;; 23567c478bd9Sstevel@tonic-gate [Qq] | Quit | quit) return ;; 23577c478bd9Sstevel@tonic-gate *) ${ECHO} "Invalid choice: $ANS please re-enter from menu." ;; 23587c478bd9Sstevel@tonic-gate esac 23597c478bd9Sstevel@tonic-gate done 23607c478bd9Sstevel@tonic-gate} 23617c478bd9Sstevel@tonic-gate 23627c478bd9Sstevel@tonic-gate 23637c478bd9Sstevel@tonic-gate# 23647c478bd9Sstevel@tonic-gate# reset_ssd_file(): Blank out current SSD file. 23657c478bd9Sstevel@tonic-gate# 23667c478bd9Sstevel@tonic-gatereset_ssd_file() 23677c478bd9Sstevel@tonic-gate{ 23687c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In reset_ssd_file()" 23697c478bd9Sstevel@tonic-gate 23707c478bd9Sstevel@tonic-gate rm -f ${SSD_FILE} 23717c478bd9Sstevel@tonic-gate touch ${SSD_FILE} 23727c478bd9Sstevel@tonic-gate} 23737c478bd9Sstevel@tonic-gate 23747c478bd9Sstevel@tonic-gate 23757c478bd9Sstevel@tonic-gate# 23767c478bd9Sstevel@tonic-gate# create_ssd_file(): Create a temporary file for SSD's. 23777c478bd9Sstevel@tonic-gate# 23787c478bd9Sstevel@tonic-gatecreate_ssd_file() 23797c478bd9Sstevel@tonic-gate{ 23807c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In create_ssd_file()" 23817c478bd9Sstevel@tonic-gate 23827c478bd9Sstevel@tonic-gate # Build a list of SSD's and store in temp file. 23837c478bd9Sstevel@tonic-gate ${GREP} "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} | \ 23847c478bd9Sstevel@tonic-gate sed 's/LDAP_SERV_SRCH_DES=//' \ 23857c478bd9Sstevel@tonic-gate > ${SSD_FILE} 23867c478bd9Sstevel@tonic-gate} 23877c478bd9Sstevel@tonic-gate 23887c478bd9Sstevel@tonic-gate 23897c478bd9Sstevel@tonic-gate# 23907c478bd9Sstevel@tonic-gate# ssd_2_config(): Append the SSD file to the output file. 23917c478bd9Sstevel@tonic-gate# 23927c478bd9Sstevel@tonic-gatessd_2_config() 23937c478bd9Sstevel@tonic-gate{ 23947c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_config()" 23957c478bd9Sstevel@tonic-gate 23967c478bd9Sstevel@tonic-gate # Convert to config file format using sed. 23977c478bd9Sstevel@tonic-gate sed -e "s/^/LDAP_SERV_SRCH_DES=/" ${SSD_FILE} >> ${OUTPUT_FILE} 23987c478bd9Sstevel@tonic-gate} 23997c478bd9Sstevel@tonic-gate 24007c478bd9Sstevel@tonic-gate 24017c478bd9Sstevel@tonic-gate# 24027c478bd9Sstevel@tonic-gate# ssd_2_profile(): Add SSD's to the GEN_CMD string. 24037c478bd9Sstevel@tonic-gate# 24047c478bd9Sstevel@tonic-gatessd_2_profile() 24057c478bd9Sstevel@tonic-gate{ 24067c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_profile()" 24077c478bd9Sstevel@tonic-gate 24087c478bd9Sstevel@tonic-gate GEN_TMPFILE=${TMPDIR}/ssd_tmpfile 24097c478bd9Sstevel@tonic-gate touch ${GEN_TMPFILE} 24107c478bd9Sstevel@tonic-gate 24117c478bd9Sstevel@tonic-gate # Add and convert each SSD to string. 24127c478bd9Sstevel@tonic-gate while read SSD_LINE 24137c478bd9Sstevel@tonic-gate do 24147c478bd9Sstevel@tonic-gate ${ECHO} " -a \"serviceSearchDescriptor=${SSD_LINE}\"\c" >> ${GEN_TMPFILE} 24157c478bd9Sstevel@tonic-gate done <${SSD_FILE} 24167c478bd9Sstevel@tonic-gate 24177c478bd9Sstevel@tonic-gate # Add SSD's to GEN_CMD. 24187c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} `cat ${GEN_TMPFILE}`" 24197c478bd9Sstevel@tonic-gate} 24207c478bd9Sstevel@tonic-gate 24217c478bd9Sstevel@tonic-gate 24227c478bd9Sstevel@tonic-gate# 24237c478bd9Sstevel@tonic-gate# prompt_config_info(): This function prompts the user for the config 24247c478bd9Sstevel@tonic-gate# info that is not specified in the input file. 24257c478bd9Sstevel@tonic-gate# 24267c478bd9Sstevel@tonic-gateprompt_config_info() 24277c478bd9Sstevel@tonic-gate{ 24287c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_config_info()" 24297c478bd9Sstevel@tonic-gate 24307c478bd9Sstevel@tonic-gate # Prompt for iDS server name. 24317c478bd9Sstevel@tonic-gate get_ids_server 24327c478bd9Sstevel@tonic-gate 24337c478bd9Sstevel@tonic-gate # Prompt for iDS port number. 24347c478bd9Sstevel@tonic-gate get_ids_port 24357c478bd9Sstevel@tonic-gate 24367c478bd9Sstevel@tonic-gate # Check iDS version for compatibility. 24377c478bd9Sstevel@tonic-gate chk_ids_version 24387c478bd9Sstevel@tonic-gate 24397c478bd9Sstevel@tonic-gate # Check if the server supports the VLV. 24407c478bd9Sstevel@tonic-gate chk_vlv_indexes 24417c478bd9Sstevel@tonic-gate 24427c478bd9Sstevel@tonic-gate # Get the Directory manager DN and passwd. 24437c478bd9Sstevel@tonic-gate get_dirmgr_dn 24447c478bd9Sstevel@tonic-gate get_dirmgr_pw 24457c478bd9Sstevel@tonic-gate 24467c478bd9Sstevel@tonic-gate # 24477c478bd9Sstevel@tonic-gate # LDAP CLIENT PROFILE SPECIFIC INFORMATION. 24487c478bd9Sstevel@tonic-gate # (i.e. The fields that show up in the profile.) 24497c478bd9Sstevel@tonic-gate # 24507c478bd9Sstevel@tonic-gate get_domain "domain_help" 24517c478bd9Sstevel@tonic-gate 24527c478bd9Sstevel@tonic-gate get_basedn 24537c478bd9Sstevel@tonic-gate 2454*cb5caa98Sdjl gssapi_setup 2455*cb5caa98Sdjl 24567c478bd9Sstevel@tonic-gate get_profile_name 24577c478bd9Sstevel@tonic-gate get_srv_list 24587c478bd9Sstevel@tonic-gate get_pref_srv 24597c478bd9Sstevel@tonic-gate get_search_scope 24607c478bd9Sstevel@tonic-gate 24617c478bd9Sstevel@tonic-gate # If cred is "anonymous", make auth == "none" 24627c478bd9Sstevel@tonic-gate get_cred_level 24637c478bd9Sstevel@tonic-gate if [ "$LDAP_CRED_LEVEL" != "anonymous" ]; then 24647c478bd9Sstevel@tonic-gate get_auth 24657c478bd9Sstevel@tonic-gate fi 24667c478bd9Sstevel@tonic-gate 24677c478bd9Sstevel@tonic-gate get_followref 24687c478bd9Sstevel@tonic-gate 24697c478bd9Sstevel@tonic-gate # Query user about timelimt. 24707c478bd9Sstevel@tonic-gate get_confirm "Do you want to modify the server timelimit value (y/n/h)?" "n" "tlim_help" 24717c478bd9Sstevel@tonic-gate NEED_TIME=$? 24727c478bd9Sstevel@tonic-gate [ $NEED_TIME -eq 1 ] && get_timelimit 24737c478bd9Sstevel@tonic-gate 24747c478bd9Sstevel@tonic-gate # Query user about sizelimit. 24757c478bd9Sstevel@tonic-gate get_confirm "Do you want to modify the server sizelimit value (y/n/h)?" "n" "slim_help" 24767c478bd9Sstevel@tonic-gate NEED_SIZE=$? 24777c478bd9Sstevel@tonic-gate [ $NEED_SIZE -eq 1 ] && get_sizelimit 24787c478bd9Sstevel@tonic-gate 24797c478bd9Sstevel@tonic-gate # Does the user want to store passwords in crypt format? 24807c478bd9Sstevel@tonic-gate get_want_crypt 24817c478bd9Sstevel@tonic-gate 24827c478bd9Sstevel@tonic-gate # Prompt for any Service Authentication Methods? 24837c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Authentication Methods (y/n/h)?" "n" "srvauth_help" 24847c478bd9Sstevel@tonic-gate if [ $? -eq 1 ]; then 24857c478bd9Sstevel@tonic-gate # Does the user want to set Service Authentication Method for pam_ldap? 24867c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Auth. Method for \"pam_ldap\" (y/n/h)?" "n" "pam_ldap_help" 24877c478bd9Sstevel@tonic-gate NEED_SRVAUTH_PAM=$? 24887c478bd9Sstevel@tonic-gate [ $NEED_SRVAUTH_PAM -eq 1 ] && get_srv_authMethod_pam 24897c478bd9Sstevel@tonic-gate 24907c478bd9Sstevel@tonic-gate # Does the user want to set Service Authentication Method for keyserv? 24917c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Auth. Method for \"keyserv\" (y/n/h)?" "n" "keyserv_help" 24927c478bd9Sstevel@tonic-gate NEED_SRVAUTH_KEY=$? 24937c478bd9Sstevel@tonic-gate [ $NEED_SRVAUTH_KEY -eq 1 ] && get_srv_authMethod_key 24947c478bd9Sstevel@tonic-gate 24957c478bd9Sstevel@tonic-gate # Does the user want to set Service Authentication Method for passwd-cmd? 24967c478bd9Sstevel@tonic-gate get_confirm "Do you want to setup a Service Auth. Method for \"passwd-cmd\" (y/n/h)?" "n" "passwd-cmd_help" 24977c478bd9Sstevel@tonic-gate NEED_SRVAUTH_CMD=$? 24987c478bd9Sstevel@tonic-gate [ $NEED_SRVAUTH_CMD -eq 1 ] && get_srv_authMethod_cmd 24997c478bd9Sstevel@tonic-gate fi 2500*cb5caa98Sdjl 25017c478bd9Sstevel@tonic-gate 25027c478bd9Sstevel@tonic-gate # Get Timeouts 25037c478bd9Sstevel@tonic-gate get_srch_time 25047c478bd9Sstevel@tonic-gate get_prof_ttl 25057c478bd9Sstevel@tonic-gate get_bind_limit 25067c478bd9Sstevel@tonic-gate 25077c478bd9Sstevel@tonic-gate # Reset the sdd_file and prompt user for SSD. Will use menus 25087c478bd9Sstevel@tonic-gate # to build an SSD File. 25097c478bd9Sstevel@tonic-gate reset_ssd_file 25107c478bd9Sstevel@tonic-gate prompt_ssd 25117c478bd9Sstevel@tonic-gate 25127c478bd9Sstevel@tonic-gate # Display FULL debugging info. 25137c478bd9Sstevel@tonic-gate disp_full_debug 25147c478bd9Sstevel@tonic-gate 25157c478bd9Sstevel@tonic-gate # Extra blank line to separate prompt lines from steps. 25167c478bd9Sstevel@tonic-gate ${ECHO} " " 25177c478bd9Sstevel@tonic-gate} 25187c478bd9Sstevel@tonic-gate 25197c478bd9Sstevel@tonic-gate 25207c478bd9Sstevel@tonic-gate###################################################################### 25217c478bd9Sstevel@tonic-gate# FUNCTIONS FOR display_summary() START HERE. 25227c478bd9Sstevel@tonic-gate###################################################################### 25237c478bd9Sstevel@tonic-gate 25247c478bd9Sstevel@tonic-gate 25257c478bd9Sstevel@tonic-gate# 25267c478bd9Sstevel@tonic-gate# get_proxyagent(): Get the proxyagent DN. 25277c478bd9Sstevel@tonic-gate# 25287c478bd9Sstevel@tonic-gateget_proxyagent() 25297c478bd9Sstevel@tonic-gate{ 25307c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT="cn=proxyagent,ou=profile,${LDAP_BASEDN}" # default 25317c478bd9Sstevel@tonic-gate get_ans "Enter DN for proxy agent:" "$LDAP_PROXYAGENT" 25327c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT=$ANS 25337c478bd9Sstevel@tonic-gate} 25347c478bd9Sstevel@tonic-gate 25357c478bd9Sstevel@tonic-gate 25367c478bd9Sstevel@tonic-gate# 25377c478bd9Sstevel@tonic-gate# get_proxy_pw(): Get the proxyagent passwd. 25387c478bd9Sstevel@tonic-gate# 25397c478bd9Sstevel@tonic-gateget_proxy_pw() 25407c478bd9Sstevel@tonic-gate{ 25417c478bd9Sstevel@tonic-gate get_passwd "Enter passwd for proxyagent:" 25427c478bd9Sstevel@tonic-gate LDAP_PROXYAGENT_CRED=$ANS 25437c478bd9Sstevel@tonic-gate} 25447c478bd9Sstevel@tonic-gate 25457c478bd9Sstevel@tonic-gate 25467c478bd9Sstevel@tonic-gate# 25477c478bd9Sstevel@tonic-gate# display_summary(): Display a summary of values entered and let the 25487c478bd9Sstevel@tonic-gate# user modify values at will. 25497c478bd9Sstevel@tonic-gate# 25507c478bd9Sstevel@tonic-gatedisplay_summary() 25517c478bd9Sstevel@tonic-gate{ 25527c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In display_summary()" 25537c478bd9Sstevel@tonic-gate 25547c478bd9Sstevel@tonic-gate # Create lookup table for function names. First entry is dummy for 25557c478bd9Sstevel@tonic-gate # shift. 25567c478bd9Sstevel@tonic-gate TBL1="dummy" 25577c478bd9Sstevel@tonic-gate TBL2="get_domain get_basedn get_profile_name" 25587c478bd9Sstevel@tonic-gate TBL3="get_srv_list get_pref_srv get_search_scope get_cred_level" 25597c478bd9Sstevel@tonic-gate TBL4="get_auth get_followref" 25607c478bd9Sstevel@tonic-gate TBL5="get_timelimit get_sizelimit get_want_crypt" 25617c478bd9Sstevel@tonic-gate TBL6="get_srv_authMethod_pam get_srv_authMethod_key get_srv_authMethod_cmd" 25627c478bd9Sstevel@tonic-gate TBL7="get_srch_time get_prof_ttl get_bind_limit" 25637c478bd9Sstevel@tonic-gate TBL8="prompt_ssd" 25647c478bd9Sstevel@tonic-gate FUNC_TBL="$TBL1 $TBL2 $TBL3 $TBL4 $TBL5 $TBL6 $TBL7 $TBL8" 25657c478bd9Sstevel@tonic-gate 25667c478bd9Sstevel@tonic-gate # Since menu prompt string is long, set here. 25677c478bd9Sstevel@tonic-gate _MENU_PROMPT="Enter config value to change: (1-19 0=commit changes)" 25687c478bd9Sstevel@tonic-gate 25697c478bd9Sstevel@tonic-gate # Infinite loop. Test for 0, and break in loop. 25707c478bd9Sstevel@tonic-gate while : 25717c478bd9Sstevel@tonic-gate do 25727c478bd9Sstevel@tonic-gate # Display menu and get value in range. 25737c478bd9Sstevel@tonic-gate display_msg summary_menu 25747c478bd9Sstevel@tonic-gate get_menu_choice "${_MENU_PROMPT}" "0" "19" "0" 25757c478bd9Sstevel@tonic-gate _CH=$MN_CH 25767c478bd9Sstevel@tonic-gate 25777c478bd9Sstevel@tonic-gate # Make sure where not exiting. 25787c478bd9Sstevel@tonic-gate if [ $_CH -eq 0 ]; then 25797c478bd9Sstevel@tonic-gate break # Break out of loop if 0 selected. 25807c478bd9Sstevel@tonic-gate fi 25817c478bd9Sstevel@tonic-gate 25827c478bd9Sstevel@tonic-gate # Call appropriate function from function table. 25837c478bd9Sstevel@tonic-gate set $FUNC_TBL 25847c478bd9Sstevel@tonic-gate shift $_CH 25857c478bd9Sstevel@tonic-gate $1 # Call the appropriate function. 25867c478bd9Sstevel@tonic-gate done 25877c478bd9Sstevel@tonic-gate 25887c478bd9Sstevel@tonic-gate # If cred level is still see if user wants a change? 25897c478bd9Sstevel@tonic-gate if ${ECHO} "$LDAP_CRED_LEVEL" | ${GREP} "proxy" > /dev/null 2>&1 25907c478bd9Sstevel@tonic-gate then 25917c478bd9Sstevel@tonic-gate if [ "$LDAP_AUTHMETHOD" != "none" ]; then 25927c478bd9Sstevel@tonic-gate NEED_PROXY=1 # I assume integer test is faster? 25937c478bd9Sstevel@tonic-gate get_proxyagent 25947c478bd9Sstevel@tonic-gate get_proxy_pw 25957c478bd9Sstevel@tonic-gate else 25967c478bd9Sstevel@tonic-gate ${ECHO} "WARNING: Since Authentication method is 'none'." 25977c478bd9Sstevel@tonic-gate ${ECHO} " Credential level will be set to 'anonymous'." 25987c478bd9Sstevel@tonic-gate LDAP_CRED_LEVEL="anonymous" 25997c478bd9Sstevel@tonic-gate fi 26007c478bd9Sstevel@tonic-gate fi 26017c478bd9Sstevel@tonic-gate 26027c478bd9Sstevel@tonic-gate # Display FULL debugging info. 26037c478bd9Sstevel@tonic-gate disp_full_debug 26047c478bd9Sstevel@tonic-gate 26057c478bd9Sstevel@tonic-gate # Final confirmation message. (ARE YOU SURE!) 26067c478bd9Sstevel@tonic-gate ${ECHO} " " 26077c478bd9Sstevel@tonic-gate get_confirm_nodef "WARNING: About to start committing changes. (y=continue, n=EXIT)" 26087c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 26097c478bd9Sstevel@tonic-gate ${ECHO} "Terminating setup without making changes at users request." 2610017e8b01Svl cleanup 26117c478bd9Sstevel@tonic-gate exit 1 26127c478bd9Sstevel@tonic-gate fi 26137c478bd9Sstevel@tonic-gate 26147c478bd9Sstevel@tonic-gate # Print newline 26157c478bd9Sstevel@tonic-gate ${ECHO} " " 26167c478bd9Sstevel@tonic-gate} 26177c478bd9Sstevel@tonic-gate 26187c478bd9Sstevel@tonic-gate 26197c478bd9Sstevel@tonic-gate# 26207c478bd9Sstevel@tonic-gate# create_config_file(): Write config data to config file specified. 26217c478bd9Sstevel@tonic-gate# 26227c478bd9Sstevel@tonic-gatecreate_config_file() 26237c478bd9Sstevel@tonic-gate{ 26247c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In create_config_file()" 26257c478bd9Sstevel@tonic-gate 26267c478bd9Sstevel@tonic-gate # If output file exists, delete it. 26277c478bd9Sstevel@tonic-gate [ -f $OUTPUT_FILE ] && rm $OUTPUT_FILE 26287c478bd9Sstevel@tonic-gate 26297c478bd9Sstevel@tonic-gate # Create output file. 26307c478bd9Sstevel@tonic-gate cat > $OUTPUT_FILE <<EOF 26317c478bd9Sstevel@tonic-gate#!/bin/sh 26327c478bd9Sstevel@tonic-gate# $OUTPUT_FILE - This file contains configuration information for 26337c478bd9Sstevel@tonic-gate# Native LDAP. Use the idsconfig tool to load it. 26347c478bd9Sstevel@tonic-gate# 26357c478bd9Sstevel@tonic-gate# WARNING: This file was generated by idsconfig, and is intended to 26367c478bd9Sstevel@tonic-gate# be loaded by idsconfig as is. DO NOT EDIT THIS FILE! 26377c478bd9Sstevel@tonic-gate# 26387c478bd9Sstevel@tonic-gateIDS_SERVER="$IDS_SERVER" 26397c478bd9Sstevel@tonic-gateIDS_PORT=$IDS_PORT 26407c478bd9Sstevel@tonic-gateIDS_TIMELIMIT=$IDS_TIMELIMIT 26417c478bd9Sstevel@tonic-gateIDS_SIZELIMIT=$IDS_SIZELIMIT 26427c478bd9Sstevel@tonic-gateLDAP_ROOTDN="$LDAP_ROOTDN" 26437c478bd9Sstevel@tonic-gateLDAP_ROOTPWD=$LDAP_ROOTPWD 26447c478bd9Sstevel@tonic-gateLDAP_DOMAIN="$LDAP_DOMAIN" 26457c478bd9Sstevel@tonic-gateLDAP_SUFFIX="$LDAP_SUFFIX" 2646*cb5caa98SdjlLDAP_KRB_REALM="$LDAP_KRB_REALM" 2647*cb5caa98SdjlLDAP_GSSAPI_PROFILE="$LDAP_GSSAPI_PROFILE" 26487c478bd9Sstevel@tonic-gate 26497c478bd9Sstevel@tonic-gate# Internal program variables that need to be set. 26507c478bd9Sstevel@tonic-gateNEED_PROXY=$NEED_PROXY 26517c478bd9Sstevel@tonic-gateNEED_TIME=$NEED_TIME 26527c478bd9Sstevel@tonic-gateNEED_SIZE=$NEED_SIZE 26537c478bd9Sstevel@tonic-gateNEED_CRYPT=$NEED_CRYPT 26547c478bd9Sstevel@tonic-gate 26557c478bd9Sstevel@tonic-gate# LDAP PROFILE related defaults 26567c478bd9Sstevel@tonic-gateLDAP_PROFILE_NAME="$LDAP_PROFILE_NAME" 26577c478bd9Sstevel@tonic-gateDEL_OLD_PROFILE=1 26587c478bd9Sstevel@tonic-gateLDAP_BASEDN="$LDAP_BASEDN" 26597c478bd9Sstevel@tonic-gateLDAP_SERVER_LIST="$LDAP_SERVER_LIST" 26607c478bd9Sstevel@tonic-gateLDAP_AUTHMETHOD="$LDAP_AUTHMETHOD" 26617c478bd9Sstevel@tonic-gateLDAP_FOLLOWREF=$LDAP_FOLLOWREF 26627c478bd9Sstevel@tonic-gateLDAP_SEARCH_SCOPE="$LDAP_SEARCH_SCOPE" 26637c478bd9Sstevel@tonic-gateNEED_SRVAUTH_PAM=$NEED_SRVAUTH_PAM 26647c478bd9Sstevel@tonic-gateNEED_SRVAUTH_KEY=$NEED_SRVAUTH_KEY 26657c478bd9Sstevel@tonic-gateNEED_SRVAUTH_CMD=$NEED_SRVAUTH_CMD 26667c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_PAM="$LDAP_SRV_AUTHMETHOD_PAM" 26677c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_KEY="$LDAP_SRV_AUTHMETHOD_KEY" 26687c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_CMD="$LDAP_SRV_AUTHMETHOD_CMD" 26697c478bd9Sstevel@tonic-gateLDAP_SEARCH_TIME_LIMIT=$LDAP_SEARCH_TIME_LIMIT 26707c478bd9Sstevel@tonic-gateLDAP_PREF_SRVLIST="$LDAP_PREF_SRVLIST" 26717c478bd9Sstevel@tonic-gateLDAP_PROFILE_TTL=$LDAP_PROFILE_TTL 26727c478bd9Sstevel@tonic-gateLDAP_CRED_LEVEL="$LDAP_CRED_LEVEL" 26737c478bd9Sstevel@tonic-gateLDAP_BIND_LIMIT=$LDAP_BIND_LIMIT 26747c478bd9Sstevel@tonic-gate 26757c478bd9Sstevel@tonic-gate# Proxy Agent 26767c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT="$LDAP_PROXYAGENT" 26777c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT_CRED=$LDAP_PROXYAGENT_CRED 26787c478bd9Sstevel@tonic-gate 26797c478bd9Sstevel@tonic-gate# Export all the variables (just in case) 26807c478bd9Sstevel@tonic-gateexport IDS_HOME IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST LDAP_BASEDN 26817c478bd9Sstevel@tonic-gateexport LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED 26827c478bd9Sstevel@tonic-gateexport NEED_PROXY 26837c478bd9Sstevel@tonic-gateexport LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST 26847c478bd9Sstevel@tonic-gateexport LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT 26857c478bd9Sstevel@tonic-gateexport LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT 26867c478bd9Sstevel@tonic-gateexport NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD 26877c478bd9Sstevel@tonic-gateexport LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD 2688*cb5caa98Sdjlexport LDAP_SERV_SRCH_DES SSD_FILE LDAP_KRB_REALM LDAP_GSSAPI_PROFILE 26897c478bd9Sstevel@tonic-gate 26907c478bd9Sstevel@tonic-gate# Service Search Descriptors start here if present: 26917c478bd9Sstevel@tonic-gateEOF 26927c478bd9Sstevel@tonic-gate # Add service search descriptors. 26937c478bd9Sstevel@tonic-gate ssd_2_config "${OUTPUT_FILE}" 26947c478bd9Sstevel@tonic-gate 2695017e8b01Svl # Add LDAP suffix preferences 2696017e8b01Svl print_suffix_config >> "${OUTPUT_FILE}" 2697017e8b01Svl 26987c478bd9Sstevel@tonic-gate # Add the end of FILE tag. 26997c478bd9Sstevel@tonic-gate ${ECHO} "" >> ${OUTPUT_FILE} 27007c478bd9Sstevel@tonic-gate ${ECHO} "# End of $OUTPUT_FILE" >> ${OUTPUT_FILE} 27017c478bd9Sstevel@tonic-gate} 27027c478bd9Sstevel@tonic-gate 27037c478bd9Sstevel@tonic-gate 27047c478bd9Sstevel@tonic-gate# 27057c478bd9Sstevel@tonic-gate# chk_vlv_indexes(): Do ldapsearch to see if server supports VLV. 27067c478bd9Sstevel@tonic-gate# 27077c478bd9Sstevel@tonic-gatechk_vlv_indexes() 27087c478bd9Sstevel@tonic-gate{ 27097c478bd9Sstevel@tonic-gate # Do ldapsearch to see if server supports VLV. 27107c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkVLV 2>&1 27117c478bd9Sstevel@tonic-gate eval "${GREP} 2.16.840.1.113730.3.4.9 ${TMPDIR}/checkVLV ${VERB}" 27127c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 27137c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: VLV is not supported on LDAP server!" 27147c478bd9Sstevel@tonic-gate cleanup 27157c478bd9Sstevel@tonic-gate exit 1 27167c478bd9Sstevel@tonic-gate fi 27177c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " VLV controls found on LDAP server." 27187c478bd9Sstevel@tonic-gate} 27197c478bd9Sstevel@tonic-gate 27207c478bd9Sstevel@tonic-gate# 27217c478bd9Sstevel@tonic-gate# get_backend(): this function gets the relevant backend 27227c478bd9Sstevel@tonic-gate# (database) for LDAP_BASED. 27237c478bd9Sstevel@tonic-gate# Description: set IDS_DATABASE; exit on failure. 27247c478bd9Sstevel@tonic-gate# Prerequisite: LDAP_BASEDN and LDAP_SUFFIX are 27257c478bd9Sstevel@tonic-gate# valid. 27267c478bd9Sstevel@tonic-gate# 27277c478bd9Sstevel@tonic-gate# backend is retrieved from suffixes and subsuffixes 27287c478bd9Sstevel@tonic-gate# defined under "cn=mapping tree,cn=config". The 27297c478bd9Sstevel@tonic-gate# nsslapd-state attribute of these suffixes entries 27307c478bd9Sstevel@tonic-gate# is filled with either Backend, Disabled or referrals 27317c478bd9Sstevel@tonic-gate# related values. We only want those that have a true 27327c478bd9Sstevel@tonic-gate# backend database to select the relevant backend. 27337c478bd9Sstevel@tonic-gate# 27347c478bd9Sstevel@tonic-gateget_backend() 27357c478bd9Sstevel@tonic-gate{ 27367c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_backend()" 27377c478bd9Sstevel@tonic-gate 27387c478bd9Sstevel@tonic-gate cur_suffix=${LDAP_BASEDN} 27397c478bd9Sstevel@tonic-gate prev_suffix= 27407c478bd9Sstevel@tonic-gate IDS_DATABASE= 27417c478bd9Sstevel@tonic-gate while [ "${cur_suffix}" != "${prev_suffix}" ] 27427c478bd9Sstevel@tonic-gate do 27437c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP suffix: ${cur_suffix}" 27447c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} " \ 27457c478bd9Sstevel@tonic-gate "-b \"cn=\\\"${cur_suffix}\\\",cn=mapping tree,cn=config\" " \ 27467c478bd9Sstevel@tonic-gate "-s base nsslapd-state=Backend nsslapd-backend 2>&1 " \ 27477c478bd9Sstevel@tonic-gate "| ${GREP} 'nsslapd-backend=' " \ 27487c478bd9Sstevel@tonic-gate "> ${TMPDIR}/ids_database_name 2>&1" 27497c478bd9Sstevel@tonic-gate NUM_DBS=`wc -l ${TMPDIR}/ids_database_name | awk '{print $1}'` 27507c478bd9Sstevel@tonic-gate case ${NUM_DBS} in 27517c478bd9Sstevel@tonic-gate 0) # not a suffix, or suffix not activated; try next 27527c478bd9Sstevel@tonic-gate prev_suffix=${cur_suffix} 27537c478bd9Sstevel@tonic-gate cur_suffix=`${ECHO} ${cur_suffix} | cut -f2- -d','` 27547c478bd9Sstevel@tonic-gate ;; 27557c478bd9Sstevel@tonic-gate 1) # suffix found; get database name 27567c478bd9Sstevel@tonic-gate IDS_DATABASE=`cat ${TMPDIR}/ids_database_name | cut -d= -f2` 27577c478bd9Sstevel@tonic-gate ;; 27587c478bd9Sstevel@tonic-gate *) # can not handle more than one database per suffix 27597c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: More than one database is configured " 27607c478bd9Sstevel@tonic-gate ${ECHO} " for $LDAP_SUFFIX!" 27617c478bd9Sstevel@tonic-gate ${ECHO} " $PROG can not configure suffixes where " 27627c478bd9Sstevel@tonic-gate ${ECHO} " more than one database is used for one suffix." 27637c478bd9Sstevel@tonic-gate cleanup 27647c478bd9Sstevel@tonic-gate exit 1 27657c478bd9Sstevel@tonic-gate ;; 27667c478bd9Sstevel@tonic-gate esac 27677c478bd9Sstevel@tonic-gate if [ -n "${IDS_DATABASE}" ]; then 27687c478bd9Sstevel@tonic-gate break 27697c478bd9Sstevel@tonic-gate fi 27707c478bd9Sstevel@tonic-gate done 27717c478bd9Sstevel@tonic-gate 27727c478bd9Sstevel@tonic-gate if [ -z "${IDS_DATABASE}" ]; then 27737c478bd9Sstevel@tonic-gate # should not happen, since LDAP_BASEDN is supposed to be valid 27747c478bd9Sstevel@tonic-gate ${ECHO} "Could not find a valid backend for ${LDAP_BASEDN}." 27757c478bd9Sstevel@tonic-gate ${ECHO} "Exiting." 27767c478bd9Sstevel@tonic-gate cleanup 27777c478bd9Sstevel@tonic-gate exit 1 27787c478bd9Sstevel@tonic-gate fi 27797c478bd9Sstevel@tonic-gate 27807c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "IDS_DATABASE: ${IDS_DATABASE}" 27817c478bd9Sstevel@tonic-gate} 27827c478bd9Sstevel@tonic-gate 27837c478bd9Sstevel@tonic-gate# 27847c478bd9Sstevel@tonic-gate# validate_suffix(): This function validates ${LDAP_SUFFIX} 27857c478bd9Sstevel@tonic-gate# THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION. 27867c478bd9Sstevel@tonic-gate# 27877c478bd9Sstevel@tonic-gatevalidate_suffix() 27887c478bd9Sstevel@tonic-gate{ 27897c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In validate_suffix()" 27907c478bd9Sstevel@tonic-gate 27917c478bd9Sstevel@tonic-gate # Check LDAP_SUFFIX is not null 27927c478bd9Sstevel@tonic-gate if [ -z "${LDAP_SUFFIX}" ]; then 27937c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix (null suffix)" 27947c478bd9Sstevel@tonic-gate cleanup 27957c478bd9Sstevel@tonic-gate exit 1 27967c478bd9Sstevel@tonic-gate fi 27977c478bd9Sstevel@tonic-gate 27987c478bd9Sstevel@tonic-gate # Check LDAP_SUFFIX and LDAP_BASEDN are consistent 27997c478bd9Sstevel@tonic-gate # Convert to lower case for basename. 28007c478bd9Sstevel@tonic-gate format_string "${LDAP_BASEDN}" 28017c478bd9Sstevel@tonic-gate LOWER_BASEDN="${FMT_STR}" 28027c478bd9Sstevel@tonic-gate format_string "${LDAP_SUFFIX}" 28037c478bd9Sstevel@tonic-gate LOWER_SUFFIX="${FMT_STR}" 28047c478bd9Sstevel@tonic-gate 28057c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}" 28067c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}" 28077c478bd9Sstevel@tonic-gate 28087c478bd9Sstevel@tonic-gate if [ "${LOWER_BASEDN}" != "${LOWER_SUFFIX}" ]; then 28097c478bd9Sstevel@tonic-gate sub_basedn=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"` 28107c478bd9Sstevel@tonic-gate if [ "$sub_basedn" = "${LOWER_BASEDN}" ]; then 28117c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix ${LOWER_SUFFIX}" 28127c478bd9Sstevel@tonic-gate ${ECHO} "for Base DN ${LOWER_BASEDN}" 28137c478bd9Sstevel@tonic-gate cleanup 28147c478bd9Sstevel@tonic-gate exit 1 28157c478bd9Sstevel@tonic-gate fi 28167c478bd9Sstevel@tonic-gate fi 2817017e8b01Svl 2818017e8b01Svl # Check LDAP_SUFFIX does exist 2819017e8b01Svl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_SUFFIX}\" -s base \"objectclass=*\" > ${TMPDIR}/checkSuffix 2>&1" && return 0 2820017e8b01Svl 2821017e8b01Svl # Well, suffix does not exist, try to prepare create it ... 2822017e8b01Svl NEED_CREATE_SUFFIX=1 2823017e8b01Svl prep_create_sfx_entry || 2824017e8b01Svl { 2825017e8b01Svl cleanup 2826017e8b01Svl exit 1 2827017e8b01Svl } 2828017e8b01Svl [ -n "${NEED_CREATE_BACKEND}" ] && 2829017e8b01Svl { 2830017e8b01Svl # try to use id attr value of the suffix as a database name 2831017e8b01Svl IDS_DATABASE=${_VAL} 2832017e8b01Svl prep_create_sfx_backend 2833017e8b01Svl case $? in 2834017e8b01Svl 1) # cann't use the name we want, so we can either exit or use 2835017e8b01Svl # some another available name - doing the last ... 2836017e8b01Svl IDS_DATABASE=${IDS_DATABASE_AVAIL} 2837017e8b01Svl ;; 2838017e8b01Svl 2) # unable to determine database name 2839017e8b01Svl cleanup 2840017e8b01Svl exit 1 2841017e8b01Svl ;; 2842017e8b01Svl esac 2843017e8b01Svl } 2844017e8b01Svl 2845017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "Suffix $LDAP_SUFFIX, Database $IDS_DATABASE" 28467c478bd9Sstevel@tonic-gate} 28477c478bd9Sstevel@tonic-gate 28487c478bd9Sstevel@tonic-gate# 28497c478bd9Sstevel@tonic-gate# validate_info(): This function validates the basic info collected 28507c478bd9Sstevel@tonic-gate# So that some problems are caught right away. 28517c478bd9Sstevel@tonic-gate# THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION. 28527c478bd9Sstevel@tonic-gate# 28537c478bd9Sstevel@tonic-gatevalidate_info() 28547c478bd9Sstevel@tonic-gate{ 28557c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In validate_info()" 28567c478bd9Sstevel@tonic-gate 28577c478bd9Sstevel@tonic-gate # Set SERVER_ARGS, AUTH_ARGS, and LDAP_ARGS for the config file. 28587c478bd9Sstevel@tonic-gate SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}" 28597c478bd9Sstevel@tonic-gate AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}" 28607c478bd9Sstevel@tonic-gate LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}" 28617c478bd9Sstevel@tonic-gate export SERVER_ARGS 28627c478bd9Sstevel@tonic-gate 28637c478bd9Sstevel@tonic-gate # Check the Root DN and Root DN passwd. 28647c478bd9Sstevel@tonic-gate # Use eval instead of $EVAL because not part of setup. (validate) 28657c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1" 28667c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 28677c478bd9Sstevel@tonic-gate eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}" 28687c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 28697c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Root DN passwd is invalid." 28707c478bd9Sstevel@tonic-gate else 28717c478bd9Sstevel@tonic-gate ${ECHO} "ERROR2: Invalid Root DN <${LDAP_ROOTDN}>." 28727c478bd9Sstevel@tonic-gate fi 28737c478bd9Sstevel@tonic-gate cleanup 28747c478bd9Sstevel@tonic-gate exit 1 28757c478bd9Sstevel@tonic-gate fi 28767c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " RootDN ... OK" 28777c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " RootDN passwd ... OK" 28787c478bd9Sstevel@tonic-gate 28797c478bd9Sstevel@tonic-gate # Check if the server supports the VLV. 28807c478bd9Sstevel@tonic-gate chk_vlv_indexes 28817c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " VLV indexes ... OK" 28827c478bd9Sstevel@tonic-gate 28837c478bd9Sstevel@tonic-gate # Check LDAP suffix 28847c478bd9Sstevel@tonic-gate validate_suffix 28857c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP suffix ... OK" 28867c478bd9Sstevel@tonic-gate} 28877c478bd9Sstevel@tonic-gate 28887c478bd9Sstevel@tonic-gate# 28897c478bd9Sstevel@tonic-gate# format_string(): take a string as argument and set FMT_STR 28907c478bd9Sstevel@tonic-gate# to be the same string formatted as follow: 28917c478bd9Sstevel@tonic-gate# - only lower case characters 28927c478bd9Sstevel@tonic-gate# - no unnecessary spaces around , and = 28937c478bd9Sstevel@tonic-gate# 28947c478bd9Sstevel@tonic-gateformat_string() 28957c478bd9Sstevel@tonic-gate{ 28967c478bd9Sstevel@tonic-gate FMT_STR=`${ECHO} "$1" | tr '[A-Z]' '[a-z]' | 28977c478bd9Sstevel@tonic-gate sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'` 28987c478bd9Sstevel@tonic-gate} 28997c478bd9Sstevel@tonic-gate 2900017e8b01Svl# 2901017e8b01Svl# prepare for the suffix entry creation 2902017e8b01Svl# 2903017e8b01Svl# input : LDAP_BASEDN, LDAP_SUFFIX - base dn and suffix; 2904017e8b01Svl# in/out : LDAP_SUFFIX_OBJ, LDAP_SUFFIX_ACI - initially may come from config. 2905017e8b01Svl# output : NEED_CREATE_BACKEND - backend for this suffix needs to be created; 2906017e8b01Svl# _RDN, _ATT, _VAL - suffix's RDN, id attribute name and its value. 2907017e8b01Svl# return : 0 - success, otherwise error. 2908017e8b01Svl# 2909017e8b01Svlprep_create_sfx_entry() 2910017e8b01Svl{ 2911017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "In prep_create_sfx_entry()" 2912017e8b01Svl 2913017e8b01Svl # check whether suffix corresponds to base dn 2914017e8b01Svl format_string "${LDAP_BASEDN}" 2915017e8b01Svl ${ECHO} ",${FMT_STR}" | ${GREP} ",${LDAP_SUFFIX}$" >/dev/null 2>&1 || 2916017e8b01Svl { 2917017e8b01Svl display_msg sfx_not_suitable 2918017e8b01Svl return 1 2919017e8b01Svl } 2920017e8b01Svl 2921017e8b01Svl # parse LDAP_SUFFIX 2922017e8b01Svl _RDN=`${ECHO} "${LDAP_SUFFIX}" | cut -d, -f1` 2923017e8b01Svl _ATT=`${ECHO} "${_RDN}" | cut -d= -f1` 2924017e8b01Svl _VAL=`${ECHO} "${_RDN}" | cut -d= -f2-` 2925017e8b01Svl 2926017e8b01Svl # find out an objectclass for suffix entry if it is not defined yet 2927017e8b01Svl [ -z "${LDAP_SUFFIX_OBJ}" ] && 2928017e8b01Svl { 2929017e8b01Svl get_objectclass ${_ATT} 2930017e8b01Svl [ -z "${_ATTR_NAME}" ] && 2931017e8b01Svl { 2932017e8b01Svl display_msg obj_not_found 2933017e8b01Svl return 1 2934017e8b01Svl } 2935017e8b01Svl LDAP_SUFFIX_OBJ=${_ATTR_NAME} 2936017e8b01Svl } 2937017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "Suffix entry object is ${LDAP_SUFFIX_OBJ}" 2938017e8b01Svl 2939017e8b01Svl # find out an aci for suffix entry if it is not defined yet 2940017e8b01Svl [ -z "${LDAP_SUFFIX_ACI}" ] && 2941017e8b01Svl { 2942017e8b01Svl # set Directory Server default aci 2943017e8b01Svl LDAP_SUFFIX_ACI=`cat <<EOF 2944017e8b01Svlaci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime 2945017e8b01Svl || passwordExpWarned || passwordRetryCount || retryCountResetTime || 2946017e8b01Svl accountUnlockTime || passwordAllowChangeTime") 2947017e8b01Svl ( 2948017e8b01Svl version 3.0; 2949017e8b01Svl acl "Anonymous access"; 2950017e8b01Svl allow (read, search, compare) userdn = "ldap:///anyone"; 2951017e8b01Svl ) 2952017e8b01Svlaci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || 2953017e8b01Svl nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || 2954017e8b01Svl passwordExpirationTime || passwordExpWarned || passwordRetryCount || 2955017e8b01Svl retryCountResetTime || accountUnlockTime || passwordHistory || 2956017e8b01Svl passwordAllowChangeTime") 2957017e8b01Svl ( 2958017e8b01Svl version 3.0; 2959017e8b01Svl acl "Allow self entry modification except for some attributes"; 2960017e8b01Svl allow (write) userdn = "ldap:///self"; 2961017e8b01Svl ) 2962017e8b01Svlaci: (targetattr = "*") 2963017e8b01Svl ( 2964017e8b01Svl version 3.0; 2965017e8b01Svl acl "Configuration Administrator"; 2966017e8b01Svl allow (all) userdn = "ldap:///uid=admin,ou=Administrators, 2967017e8b01Svl ou=TopologyManagement,o=NetscapeRoot"; 2968017e8b01Svl ) 2969017e8b01Svlaci: (targetattr ="*") 2970017e8b01Svl ( 2971017e8b01Svl version 3.0; 2972017e8b01Svl acl "Configuration Administrators Group"; 2973017e8b01Svl allow (all) groupdn = "ldap:///cn=Configuration Administrators, 2974017e8b01Svl ou=Groups,ou=TopologyManagement,o=NetscapeRoot"; 2975017e8b01Svl ) 2976017e8b01SvlEOF 2977017e8b01Svl` 2978017e8b01Svl } 2979017e8b01Svl [ $DEBUG -eq 1 ] && cat <<EOF 2980017e8b01SvlDEBUG: ACI for ${LDAP_SUFFIX} is 2981017e8b01Svl${LDAP_SUFFIX_ACI} 2982017e8b01SvlEOF 2983017e8b01Svl 2984017e8b01Svl NEED_CREATE_BACKEND= 2985017e8b01Svl 2986017e8b01Svl # check the suffix mapping tree ... 2987017e8b01Svl # if mapping exists, suffix should work, otherwise DS inconsistent 2988017e8b01Svl # NOTE: -b 'cn=mapping tree,cn=config' -s one 'cn=\"$1\"' won't work 2989017e8b01Svl # in case of 'cn' value in LDAP is not quoted by '"', 2990017e8b01Svl # -b 'cn=\"$1\",cn=mapping tree,cn=config' works in all cases 2991017e8b01Svl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} \ 2992017e8b01Svl -b 'cn=\"${LDAP_SUFFIX}\",cn=mapping tree,cn=config' \ 2993017e8b01Svl -s base 'objectclass=*' dn ${VERB}" && 2994017e8b01Svl { 2995017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "Suffix mapping already exists" 2996017e8b01Svl # get_backend() either gets IDS_DATABASE or exits 2997017e8b01Svl get_backend 2998017e8b01Svl return 0 2999017e8b01Svl } 3000017e8b01Svl 3001017e8b01Svl # no suffix mapping, just in case check ldbm backends consistency - 3002017e8b01Svl # there are must be NO any databases pointing to LDAP_SUFFIX 3003017e8b01Svl [ -n "`${EVAL} \"${LDAPSEARCH} ${LDAP_ARGS} \ 3004017e8b01Svl -b 'cn=ldbm database,cn=plugins,cn=config' \ 3005017e8b01Svl -s one 'nsslapd-suffix=${LDAP_SUFFIX}' dn\" 2>/dev/null`" ] && 3006017e8b01Svl { 3007017e8b01Svl display_msg sfx_config_incons 3008017e8b01Svl return 1 3009017e8b01Svl } 3010017e8b01Svl 3011017e8b01Svl # ok, no suffix mapping, no ldbm database 3012017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "DEBUG: backend needs to be created ..." 3013017e8b01Svl NEED_CREATE_BACKEND=1 3014017e8b01Svl return 0 3015017e8b01Svl} 3016017e8b01Svl 3017017e8b01Svl# 3018017e8b01Svl# prepare for the suffix backend creation 3019017e8b01Svl# 3020017e8b01Svl# input : IDS_DATABASE - requested ldbm db name (must be not null) 3021017e8b01Svl# in/out : IDS_DATABASE_AVAIL - available ldbm db name 3022017e8b01Svl# return : 0 - ldbm db name ok 3023017e8b01Svl# 1 - IDS_DATABASE exists, 3024017e8b01Svl# so IDS_DATABASE_AVAIL contains available name 3025017e8b01Svl# 2 - unable to find any available name 3026017e8b01Svl# 3027017e8b01Svlprep_create_sfx_backend() 3028017e8b01Svl{ 3029017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "In prep_create_sfx_backend()" 3030017e8b01Svl 3031017e8b01Svl # check if requested name available 3032017e8b01Svl [ "${IDS_DATABASE}" = "${IDS_DATABASE_AVAIL}" ] && return 0 3033017e8b01Svl 3034017e8b01Svl # get the list of database names start with a requested name 3035017e8b01Svl _LDBM_DBS=`${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} \ 3036017e8b01Svl -b 'cn=ldbm database,cn=plugins,cn=config' \ 3037017e8b01Svl -s one 'cn=${IDS_DATABASE}*' cn"` 2>/dev/null 3038017e8b01Svl 3039017e8b01Svl # find available db name based on a requested name 3040017e8b01Svl _i=""; _i_MAX=10 3041017e8b01Svl while [ ${_i:-0} -lt ${_i_MAX} ] 3042017e8b01Svl do 3043017e8b01Svl _name="${IDS_DATABASE}${_i}" 3044017e8b01Svl ${ECHO} "${_LDBM_DBS}" | ${GREP} -i "^cn=${_name}$" >/dev/null 2>&1 || 3045017e8b01Svl { 3046017e8b01Svl IDS_DATABASE_AVAIL="${_name}" 3047017e8b01Svl break 3048017e8b01Svl } 3049017e8b01Svl _i=`expr ${_i:-0} + 1` 3050017e8b01Svl done 3051017e8b01Svl 3052017e8b01Svl [ "${IDS_DATABASE}" = "${IDS_DATABASE_AVAIL}" ] && return 0 3053017e8b01Svl 3054017e8b01Svl [ -n "${IDS_DATABASE_AVAIL}" ] && 3055017e8b01Svl { 3056017e8b01Svl display_msg ldbm_db_exist 3057017e8b01Svl return 1 3058017e8b01Svl } 3059017e8b01Svl 3060017e8b01Svl display_msg unable_find_db_name 3061017e8b01Svl return 2 3062017e8b01Svl} 3063017e8b01Svl 3064017e8b01Svl# 3065017e8b01Svl# add suffix if needed, 3066017e8b01Svl# suffix entry and backend MUST be prepared by 3067017e8b01Svl# prep_create_sfx_entry and prep_create_sfx_backend correspondingly 3068017e8b01Svl# 3069017e8b01Svl# input : NEED_CREATE_SUFFIX, LDAP_SUFFIX, LDAP_SUFFIX_OBJ, _ATT, _VAL 3070017e8b01Svl# LDAP_SUFFIX_ACI, NEED_CREATE_BACKEND, IDS_DATABASE 3071017e8b01Svl# return : 0 - suffix successfully created, otherwise error occured 3072017e8b01Svl# 3073017e8b01Svladd_suffix() 3074017e8b01Svl{ 3075017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "In add_suffix()" 3076017e8b01Svl 3077017e8b01Svl [ -n "${NEED_CREATE_SUFFIX}" ] || return 0 3078017e8b01Svl 3079017e8b01Svl [ -n "${NEED_CREATE_BACKEND}" ] && 3080017e8b01Svl { 3081017e8b01Svl ${EVAL} "${LDAPADD} ${LDAP_ARGS} ${VERB}" <<EOF 3082017e8b01Svldn: cn="${LDAP_SUFFIX}",cn=mapping tree,cn=config 3083017e8b01Svlobjectclass: top 3084017e8b01Svlobjectclass: extensibleObject 3085017e8b01Svlobjectclass: nsMappingTree 3086017e8b01Svlcn: ${LDAP_SUFFIX} 3087017e8b01Svlnsslapd-state: backend 3088017e8b01Svlnsslapd-backend: ${IDS_DATABASE} 3089017e8b01Svl 3090017e8b01Svldn: cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config 3091017e8b01Svlobjectclass: top 3092017e8b01Svlobjectclass: extensibleObject 3093017e8b01Svlobjectclass: nsBackendInstance 3094017e8b01Svlcn: ${IDS_DATABASE} 3095017e8b01Svlnsslapd-suffix: ${LDAP_SUFFIX} 3096017e8b01SvlEOF 3097017e8b01Svl [ $? -ne 0 ] && 3098017e8b01Svl { 3099017e8b01Svl display_msg create_ldbm_db_error 3100017e8b01Svl return 1 3101017e8b01Svl } 3102017e8b01Svl 3103017e8b01Svl ${ECHO} " ${STEP}. Database ${IDS_DATABASE} successfully created" 3104017e8b01Svl STEP=`expr $STEP + 1` 3105017e8b01Svl } 3106017e8b01Svl 3107017e8b01Svl ${EVAL} "${LDAPADD} ${LDAP_ARGS} ${VERB}" <<EOF 3108017e8b01Svldn: ${LDAP_SUFFIX} 3109017e8b01Svlobjectclass: ${LDAP_SUFFIX_OBJ} 3110017e8b01Svl${_ATT}: ${_VAL} 3111017e8b01Svl${LDAP_SUFFIX_ACI} 3112017e8b01SvlEOF 3113017e8b01Svl [ $? -ne 0 ] && 3114017e8b01Svl { 3115017e8b01Svl display_msg create_suffix_entry_error 3116017e8b01Svl return 1 3117017e8b01Svl } 3118017e8b01Svl 3119017e8b01Svl ${ECHO} " ${STEP}. Suffix ${LDAP_SUFFIX} successfully created" 3120017e8b01Svl STEP=`expr $STEP + 1` 3121017e8b01Svl return 0 3122017e8b01Svl} 3123017e8b01Svl 3124017e8b01Svl# 3125017e8b01Svl# interactively get suffix and related info from a user 3126017e8b01Svl# 3127017e8b01Svl# input : LDAP_BASEDN - Base DN 3128017e8b01Svl# output : LDAP_SUFFIX - Suffix, _ATT, _VAL - id attribute and its value; 3129017e8b01Svl# LDAP_SUFFIX_OBJ, LDAP_SUFFIX_ACI - objectclass and aci; 3130017e8b01Svl# NEED_CREATE_BACKEND - tells whether backend needs to be created; 3131017e8b01Svl# IDS_DATABASE - prepared ldbm db name 3132017e8b01Svl# return : 0 - user gave a correct suffix 3133017e8b01Svl# 1 - suffix given by user cann't be created 3134017e8b01Svl# 3135017e8b01Svlget_suffix() 3136017e8b01Svl{ 3137017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "In get_suffix()" 3138017e8b01Svl 3139017e8b01Svl while : 3140017e8b01Svl do 3141017e8b01Svl get_ans "Enter suffix to be created (b=back/h=help):" ${LDAP_BASEDN} 3142017e8b01Svl case "${ANS}" in 3143017e8b01Svl [Hh] | Help | help | \? ) display_msg create_suffix_help ;; 3144017e8b01Svl [Bb] | Back | back | \< ) return 1 ;; 3145017e8b01Svl * ) 3146017e8b01Svl format_string "${ANS}" 3147017e8b01Svl LDAP_SUFFIX=${FMT_STR} 3148017e8b01Svl prep_create_sfx_entry || continue 3149017e8b01Svl 3150017e8b01Svl [ -n "${NEED_CREATE_BACKEND}" ] && 3151017e8b01Svl { 3152017e8b01Svl IDS_DATABASE_AVAIL= # reset the available db name 3153017e8b01Svl 3154017e8b01Svl reenter_suffix= 3155017e8b01Svl while : 3156017e8b01Svl do 3157017e8b01Svl get_ans "Enter ldbm database name (b=back/h=help):" \ 3158017e8b01Svl ${IDS_DATABASE_AVAIL:-${_VAL}} 3159017e8b01Svl case "${ANS}" in 3160017e8b01Svl [Hh] | \? ) display_msg enter_ldbm_db_help ;; 3161017e8b01Svl [Bb] | \< ) reenter_suffix=1; break ;; 3162017e8b01Svl * ) 3163017e8b01Svl IDS_DATABASE="${ANS}" 3164017e8b01Svl prep_create_sfx_backend && break 3165017e8b01Svl esac 3166017e8b01Svl done 3167017e8b01Svl [ -n "${reenter_suffix}" ] && continue 3168017e8b01Svl 3169017e8b01Svl [ $DEBUG -eq 1 ] && cat <<EOF 3170017e8b01SvlDEBUG: backend name for suffix ${LDAP_SUFFIX} will be ${IDS_DATABASE} 3171017e8b01SvlEOF 3172017e8b01Svl } 3173017e8b01Svl 3174017e8b01Svl # eventually everything is prepared 3175017e8b01Svl return 0 3176017e8b01Svl ;; 3177017e8b01Svl esac 3178017e8b01Svl done 3179017e8b01Svl} 3180017e8b01Svl 3181017e8b01Svl# 3182017e8b01Svl# print out a script which sets LDAP suffix related preferences 3183017e8b01Svl# 3184017e8b01Svlprint_suffix_config() 3185017e8b01Svl{ 3186017e8b01Svl cat <<EOF2 3187017e8b01Svl# LDAP suffix related preferences used only if needed 3188017e8b01SvlIDS_DATABASE="${IDS_DATABASE}" 3189017e8b01SvlLDAP_SUFFIX_OBJ="$LDAP_SUFFIX_OBJ" 3190017e8b01SvlLDAP_SUFFIX_ACI=\`cat <<EOF 3191017e8b01Svl${LDAP_SUFFIX_ACI} 3192017e8b01SvlEOF 3193017e8b01Svl\` 3194017e8b01Svlexport IDS_DATABASE LDAP_SUFFIX_OBJ LDAP_SUFFIX_ACI 3195017e8b01SvlEOF2 3196017e8b01Svl} 3197017e8b01Svl 31987c478bd9Sstevel@tonic-gate# 31997c478bd9Sstevel@tonic-gate# check_basedn_suffix(): check that there is an existing 32007c478bd9Sstevel@tonic-gate# valid suffix to hold current base DN 32017c478bd9Sstevel@tonic-gate# return: 3202017e8b01Svl# 0: valid suffix found or new one should be created, 3203017e8b01Svl# NEED_CREATE_SUFFIX flag actually indicates that 3204017e8b01Svl# 1: some error occures 32057c478bd9Sstevel@tonic-gate# 32067c478bd9Sstevel@tonic-gatecheck_basedn_suffix() 32077c478bd9Sstevel@tonic-gate{ 32087c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In check_basedn_suffix()" 32097c478bd9Sstevel@tonic-gate 3210017e8b01Svl NEED_CREATE_SUFFIX= 3211017e8b01Svl 32127c478bd9Sstevel@tonic-gate # find out existing suffixes 32137c478bd9Sstevel@tonic-gate discover_serv_suffix 32147c478bd9Sstevel@tonic-gate 32157c478bd9Sstevel@tonic-gate ${ECHO} " Validating LDAP Base DN and Suffix ..." 32167c478bd9Sstevel@tonic-gate 32177c478bd9Sstevel@tonic-gate # check that LDAP Base DN might be added 32187c478bd9Sstevel@tonic-gate cur_ldap_entry=${LDAP_BASEDN} 32197c478bd9Sstevel@tonic-gate prev_ldap_entry= 32207c478bd9Sstevel@tonic-gate while [ "${cur_ldap_entry}" != "${prev_ldap_entry}" ] 32217c478bd9Sstevel@tonic-gate do 32227c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP entry: ${cur_ldap_entry}" 32237c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "${cur_ldap_entry}" \ 32247c478bd9Sstevel@tonic-gate -s one "objectclass=*" > /dev/null 2>&1 32257c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 32267c478bd9Sstevel@tonic-gate break 32277c478bd9Sstevel@tonic-gate else 32287c478bd9Sstevel@tonic-gate prev_ldap_entry=${cur_ldap_entry} 32297c478bd9Sstevel@tonic-gate cur_ldap_entry=`${ECHO} ${cur_ldap_entry} | cut -f2- -d','` 32307c478bd9Sstevel@tonic-gate fi 32317c478bd9Sstevel@tonic-gate done 32327c478bd9Sstevel@tonic-gate 32337c478bd9Sstevel@tonic-gate if [ "${cur_ldap_entry}" = "${prev_ldap_entry}" ]; then 3234017e8b01Svl ${ECHO} " No valid suffixes were found for Base DN ${LDAP_BASEDN}" 3235017e8b01Svl 3236017e8b01Svl NEED_CREATE_SUFFIX=1 3237017e8b01Svl return 0 3238017e8b01Svl 32397c478bd9Sstevel@tonic-gate else 32407c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "found valid LDAP entry: ${cur_ldap_entry}" 32417c478bd9Sstevel@tonic-gate 32427c478bd9Sstevel@tonic-gate # Now looking for relevant suffix for this entry. 32437c478bd9Sstevel@tonic-gate # LDAP_SUFFIX will then be used to add necessary 32447c478bd9Sstevel@tonic-gate # base objects. See add_base_objects(). 32457c478bd9Sstevel@tonic-gate format_string "${cur_ldap_entry}" 32467c478bd9Sstevel@tonic-gate lower_entry="${FMT_STR}" 32477c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "final suffix list: ${LDAP_SUFFIX_LIST}" 32487c478bd9Sstevel@tonic-gate oIFS=$IFS 32497c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to new line" 32507c478bd9Sstevel@tonic-gate IFS=' 32517c478bd9Sstevel@tonic-gate' 32527c478bd9Sstevel@tonic-gate for suff in ${LDAP_SUFFIX_LIST} 32537c478bd9Sstevel@tonic-gate do 32547c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "testing suffix: ${suff}" 32557c478bd9Sstevel@tonic-gate format_string "${suff}" 32567c478bd9Sstevel@tonic-gate lower_suff="${FMT_STR}" 32577c478bd9Sstevel@tonic-gate if [ "${lower_entry}" = "${lower_suff}" ]; then 32587c478bd9Sstevel@tonic-gate LDAP_SUFFIX="${suff}" 32597c478bd9Sstevel@tonic-gate break 32607c478bd9Sstevel@tonic-gate else 32617c478bd9Sstevel@tonic-gate dcstmp=`basename "${lower_entry}" "${lower_suff}"` 32627c478bd9Sstevel@tonic-gate if [ "${dcstmp}" = "${lower_entry}" ]; then 32637c478bd9Sstevel@tonic-gate # invalid suffix, try next one 32647c478bd9Sstevel@tonic-gate continue 32657c478bd9Sstevel@tonic-gate else 32667c478bd9Sstevel@tonic-gate # valid suffix found 32677c478bd9Sstevel@tonic-gate LDAP_SUFFIX="${suff}" 32687c478bd9Sstevel@tonic-gate break 32697c478bd9Sstevel@tonic-gate fi 32707c478bd9Sstevel@tonic-gate fi 32717c478bd9Sstevel@tonic-gate done 32727c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to original value" 32737c478bd9Sstevel@tonic-gate IFS=$oIFS 32747c478bd9Sstevel@tonic-gate 32757c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LDAP_SUFFIX: ${LDAP_SUFFIX}" 32767c478bd9Sstevel@tonic-gate 32777c478bd9Sstevel@tonic-gate if [ -z "${LDAP_SUFFIX}" ]; then 32787c478bd9Sstevel@tonic-gate # should not happen, since we found the entry 32797c478bd9Sstevel@tonic-gate ${ECHO} "Could not find a valid suffix for ${LDAP_BASEDN}." 32807c478bd9Sstevel@tonic-gate ${ECHO} "Exiting." 32817c478bd9Sstevel@tonic-gate return 1 32827c478bd9Sstevel@tonic-gate fi 32837c478bd9Sstevel@tonic-gate 32847c478bd9Sstevel@tonic-gate # Getting relevant database (backend) 32857c478bd9Sstevel@tonic-gate # IDS_DATABASE will then be used to create indexes. 32867c478bd9Sstevel@tonic-gate get_backend 32877c478bd9Sstevel@tonic-gate 32887c478bd9Sstevel@tonic-gate return 0 32897c478bd9Sstevel@tonic-gate fi 32907c478bd9Sstevel@tonic-gate} 32917c478bd9Sstevel@tonic-gate 32927c478bd9Sstevel@tonic-gate# 32937c478bd9Sstevel@tonic-gate# discover_serv_suffix(): This function queries the server to find 32947c478bd9Sstevel@tonic-gate# suffixes available 32957c478bd9Sstevel@tonic-gate# return: 0: OK, suffix found 32967c478bd9Sstevel@tonic-gate# 1: suffix not determined 32977c478bd9Sstevel@tonic-gatediscover_serv_suffix() 32987c478bd9Sstevel@tonic-gate{ 32997c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In discover_serv_suffix()" 33007c478bd9Sstevel@tonic-gate 33017c478bd9Sstevel@tonic-gate # Search the server for the TOP of the TREE. 33027c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkTOP 2>&1 33037c478bd9Sstevel@tonic-gate ${GREP} -i namingcontexts ${TMPDIR}/checkTOP | \ 33047c478bd9Sstevel@tonic-gate ${GREP} -i -v NetscapeRoot > ${TMPDIR}/treeTOP 33057c478bd9Sstevel@tonic-gate NUM_TOP=`wc -l ${TMPDIR}/treeTOP | awk '{print $1}'` 33067c478bd9Sstevel@tonic-gate case $NUM_TOP in 33077c478bd9Sstevel@tonic-gate 0) 3308017e8b01Svl [ $DEBUG -eq 1 ] && ${ECHO} "DEBUG: No suffix found in LDAP tree" 33097c478bd9Sstevel@tonic-gate return 1 33107c478bd9Sstevel@tonic-gate ;; 33117c478bd9Sstevel@tonic-gate *) # build the list of suffixes; take out 'namingContexts=' in 33127c478bd9Sstevel@tonic-gate # each line of ${TMPDIR}/treeTOP 33137c478bd9Sstevel@tonic-gate LDAP_SUFFIX_LIST=`cat ${TMPDIR}/treeTOP | 33147c478bd9Sstevel@tonic-gate awk '{ printf("%s\n",substr($0,16,length-15)) }'` 33157c478bd9Sstevel@tonic-gate ;; 33167c478bd9Sstevel@tonic-gate esac 33177c478bd9Sstevel@tonic-gate 33187c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " LDAP_SUFFIX_LIST = $LDAP_SUFFIX_LIST" 33197c478bd9Sstevel@tonic-gate return 0 33207c478bd9Sstevel@tonic-gate} 33217c478bd9Sstevel@tonic-gate 33227c478bd9Sstevel@tonic-gate 33237c478bd9Sstevel@tonic-gate# 33247c478bd9Sstevel@tonic-gate# modify_cn(): Change the cn from MUST to MAY in ipNetwork. 33257c478bd9Sstevel@tonic-gate# 33267c478bd9Sstevel@tonic-gatemodify_cn() 33277c478bd9Sstevel@tonic-gate{ 33287c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_cn()" 33297c478bd9Sstevel@tonic-gate 33307c478bd9Sstevel@tonic-gate ( cat <<EOF 33317c478bd9Sstevel@tonic-gatedn: cn=schema 33327c478bd9Sstevel@tonic-gatechangetype: modify 33337c478bd9Sstevel@tonic-gateadd: objectclasses 33347c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( ipNetworkNumber ) MAY ( ipNetmaskNumber $ manager $ cn $ l $ description ) X-ORIGIN 'RFC 2307' )) 33357c478bd9Sstevel@tonic-gateEOF 33367c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ipNetwork_cn 33377c478bd9Sstevel@tonic-gate 33387c478bd9Sstevel@tonic-gate # Modify the cn for ipNetwork. 33397c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ipNetwork_cn ${VERB}" 33407c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 33417c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of cn for ipNetwork failed!" 33427c478bd9Sstevel@tonic-gate cleanup 33437c478bd9Sstevel@tonic-gate exit 1 33447c478bd9Sstevel@tonic-gate fi 33457c478bd9Sstevel@tonic-gate} 33467c478bd9Sstevel@tonic-gate 33477c478bd9Sstevel@tonic-gate 33487c478bd9Sstevel@tonic-gate# modify_timelimit(): Modify timelimit to user value. 33497c478bd9Sstevel@tonic-gatemodify_timelimit() 33507c478bd9Sstevel@tonic-gate{ 33517c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_timelimit()" 33527c478bd9Sstevel@tonic-gate 33537c478bd9Sstevel@tonic-gate # Here doc to modify timelimit. 33547c478bd9Sstevel@tonic-gate ( cat <<EOF 33557c478bd9Sstevel@tonic-gatedn: cn=config 33567c478bd9Sstevel@tonic-gatechangetype: modify 33577c478bd9Sstevel@tonic-gatereplace: nsslapd-timelimit 33587c478bd9Sstevel@tonic-gatensslapd-timelimit: ${IDS_TIMELIMIT} 33597c478bd9Sstevel@tonic-gateEOF 33607c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_timelimit 33617c478bd9Sstevel@tonic-gate 33627c478bd9Sstevel@tonic-gate # Add the entry. 33637c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_timelimit ${VERB}" 33647c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 33657c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of nsslapd-timelimit failed!" 33667c478bd9Sstevel@tonic-gate cleanup 33677c478bd9Sstevel@tonic-gate exit 1 33687c478bd9Sstevel@tonic-gate fi 33697c478bd9Sstevel@tonic-gate 33707c478bd9Sstevel@tonic-gate # Display messages for modifications made in patch. 33717c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Changed timelimit to ${IDS_TIMELIMIT} in cn=config." 33727c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 33737c478bd9Sstevel@tonic-gate} 33747c478bd9Sstevel@tonic-gate 33757c478bd9Sstevel@tonic-gate 33767c478bd9Sstevel@tonic-gate# modify_sizelimit(): Modify sizelimit to user value. 33777c478bd9Sstevel@tonic-gatemodify_sizelimit() 33787c478bd9Sstevel@tonic-gate{ 33797c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_sizelimit()" 33807c478bd9Sstevel@tonic-gate 33817c478bd9Sstevel@tonic-gate # Here doc to modify sizelimit. 33827c478bd9Sstevel@tonic-gate ( cat <<EOF 33837c478bd9Sstevel@tonic-gatedn: cn=config 33847c478bd9Sstevel@tonic-gatechangetype: modify 33857c478bd9Sstevel@tonic-gatereplace: nsslapd-sizelimit 33867c478bd9Sstevel@tonic-gatensslapd-sizelimit: ${IDS_SIZELIMIT} 33877c478bd9Sstevel@tonic-gateEOF 33887c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_sizelimit 33897c478bd9Sstevel@tonic-gate 33907c478bd9Sstevel@tonic-gate # Add the entry. 33917c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_sizelimit ${VERB}" 33927c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 33937c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of nsslapd-sizelimit failed!" 33947c478bd9Sstevel@tonic-gate cleanup 33957c478bd9Sstevel@tonic-gate exit 1 33967c478bd9Sstevel@tonic-gate fi 33977c478bd9Sstevel@tonic-gate 33987c478bd9Sstevel@tonic-gate # Display messages for modifications made in patch. 33997c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Changed sizelimit to ${IDS_SIZELIMIT} in cn=config." 34007c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 34017c478bd9Sstevel@tonic-gate} 34027c478bd9Sstevel@tonic-gate 34037c478bd9Sstevel@tonic-gate 34047c478bd9Sstevel@tonic-gate# modify_pwd_crypt(): Modify the passwd storage scheme to support CRYPT. 34057c478bd9Sstevel@tonic-gatemodify_pwd_crypt() 34067c478bd9Sstevel@tonic-gate{ 34077c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_pwd_crypt()" 34087c478bd9Sstevel@tonic-gate 34097c478bd9Sstevel@tonic-gate # Here doc to modify passwordstoragescheme. 34107c478bd9Sstevel@tonic-gate # IDS 5.2 moved passwordchangesceme off to a new data structure. 34117c478bd9Sstevel@tonic-gate if [ $IDS_MAJVER -le 5 ] && [ $IDS_MINVER -le 1 ]; then 34127c478bd9Sstevel@tonic-gate ( cat <<EOF 34137c478bd9Sstevel@tonic-gatedn: cn=config 34147c478bd9Sstevel@tonic-gatechangetype: modify 34157c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme 34167c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt 34177c478bd9Sstevel@tonic-gateEOF 34187c478bd9Sstevel@tonic-gate ) > ${TMPDIR}/ids_crypt 34197c478bd9Sstevel@tonic-gate else 34207c478bd9Sstevel@tonic-gate ( cat <<EOF 34217c478bd9Sstevel@tonic-gatedn: cn=Password Policy,cn=config 34227c478bd9Sstevel@tonic-gatechangetype: modify 34237c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme 34247c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt 34257c478bd9Sstevel@tonic-gateEOF 34267c478bd9Sstevel@tonic-gate ) > ${TMPDIR}/ids_crypt 34277c478bd9Sstevel@tonic-gate fi 34287c478bd9Sstevel@tonic-gate 34297c478bd9Sstevel@tonic-gate # Add the entry. 34307c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_crypt ${VERB}" 34317c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 34327c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of passwordstoragescheme failed!" 34337c478bd9Sstevel@tonic-gate cleanup 34347c478bd9Sstevel@tonic-gate exit 1 34357c478bd9Sstevel@tonic-gate fi 34367c478bd9Sstevel@tonic-gate 34377c478bd9Sstevel@tonic-gate # Display messages for modifications made in patch. 34387c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Changed passwordstoragescheme to \"crypt\" in cn=config." 34397c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 34407c478bd9Sstevel@tonic-gate} 34417c478bd9Sstevel@tonic-gate 34427c478bd9Sstevel@tonic-gate 34437c478bd9Sstevel@tonic-gate# 34447c478bd9Sstevel@tonic-gate# add_eq_indexes(): Add indexes to improve search performance. 34457c478bd9Sstevel@tonic-gate# 34467c478bd9Sstevel@tonic-gateadd_eq_indexes() 34477c478bd9Sstevel@tonic-gate{ 34487c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_eq_indexes()" 34497c478bd9Sstevel@tonic-gate 34507c478bd9Sstevel@tonic-gate # Set eq indexes to add. 34517c478bd9Sstevel@tonic-gate _INDEXES="uidNumber ipNetworkNumber gidnumber oncrpcnumber automountKey" 34527c478bd9Sstevel@tonic-gate 3453*cb5caa98Sdjl if [ -z "${IDS_DATABASE}" ]; then 3454*cb5caa98Sdjl get_backend 3455*cb5caa98Sdjl fi 34567c478bd9Sstevel@tonic-gate # Set _EXT to use as shortcut. 34577c478bd9Sstevel@tonic-gate _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config" 34587c478bd9Sstevel@tonic-gate 34597c478bd9Sstevel@tonic-gate 34607c478bd9Sstevel@tonic-gate # Display message to id current step. 34617c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Processing eq,pres indexes:" 34627c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 34637c478bd9Sstevel@tonic-gate 34647c478bd9Sstevel@tonic-gate # For loop to create indexes. 34657c478bd9Sstevel@tonic-gate for i in ${_INDEXES}; do 34667c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " Adding index for ${i}" 34677c478bd9Sstevel@tonic-gate 34687c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 34697c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1 34707c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 34717c478bd9Sstevel@tonic-gate # Display index skipped. 34727c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres) skipped already exists" 34737c478bd9Sstevel@tonic-gate continue 34747c478bd9Sstevel@tonic-gate fi 34757c478bd9Sstevel@tonic-gate 34767c478bd9Sstevel@tonic-gate # Here doc to create LDIF. 34777c478bd9Sstevel@tonic-gate ( cat <<EOF 34787c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT} 34797c478bd9Sstevel@tonic-gateobjectClass: top 34807c478bd9Sstevel@tonic-gateobjectClass: nsIndex 34817c478bd9Sstevel@tonic-gatecn: ${i} 34827c478bd9Sstevel@tonic-gatensSystemIndex: false 34837c478bd9Sstevel@tonic-gatensIndexType: pres 34847c478bd9Sstevel@tonic-gatensIndexType: eq 34857c478bd9Sstevel@tonic-gateEOF 34867c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i} 34877c478bd9Sstevel@tonic-gate 34887c478bd9Sstevel@tonic-gate # Add the index. 34897c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}" 34907c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 34917c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding EQ,PRES index for ${i} failed!" 34927c478bd9Sstevel@tonic-gate cleanup 34937c478bd9Sstevel@tonic-gate exit 1 34947c478bd9Sstevel@tonic-gate fi 34957c478bd9Sstevel@tonic-gate 34967c478bd9Sstevel@tonic-gate # Build date for task name. 34977c478bd9Sstevel@tonic-gate _YR=`date '+%y'` 34987c478bd9Sstevel@tonic-gate _MN=`date '+%m'` 34997c478bd9Sstevel@tonic-gate _DY=`date '+%d'` 35007c478bd9Sstevel@tonic-gate _H=`date '+%H'` 35017c478bd9Sstevel@tonic-gate _M=`date '+%M'` 35027c478bd9Sstevel@tonic-gate _S=`date '+%S'` 35037c478bd9Sstevel@tonic-gate 35047c478bd9Sstevel@tonic-gate # Build task name 35057c478bd9Sstevel@tonic-gate TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}" 35067c478bd9Sstevel@tonic-gate 35077c478bd9Sstevel@tonic-gate # Build the task entry to add. 35087c478bd9Sstevel@tonic-gate ( cat <<EOF 35097c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config 35107c478bd9Sstevel@tonic-gatechangetype: add 35117c478bd9Sstevel@tonic-gateobjectclass: top 35127c478bd9Sstevel@tonic-gateobjectclass: extensibleObject 35137c478bd9Sstevel@tonic-gatecn: ${TASKNAME} 35147c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE} 35157c478bd9Sstevel@tonic-gatensIndexAttribute: ${i} 35167c478bd9Sstevel@tonic-gateEOF 35177c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i} 35187c478bd9Sstevel@tonic-gate 35197c478bd9Sstevel@tonic-gate # Add the task. 35207c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}" 35217c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 35227c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding task for ${i} failed!" 35237c478bd9Sstevel@tonic-gate cleanup 35247c478bd9Sstevel@tonic-gate exit 1 35257c478bd9Sstevel@tonic-gate fi 35267c478bd9Sstevel@tonic-gate 35277c478bd9Sstevel@tonic-gate # Wait for task to finish, display current status. 35287c478bd9Sstevel@tonic-gate while : 35297c478bd9Sstevel@tonic-gate do 35307c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1" 35317c478bd9Sstevel@tonic-gate ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1 35327c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 35337c478bd9Sstevel@tonic-gate break 35347c478bd9Sstevel@tonic-gate fi 35357c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}" 35367c478bd9Sstevel@tonic-gate TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}` 35377c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres) $TASK_STATUS \r\c" 35387c478bd9Sstevel@tonic-gate ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1 35397c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 35407c478bd9Sstevel@tonic-gate break 35417c478bd9Sstevel@tonic-gate fi 35427c478bd9Sstevel@tonic-gate sleep 2 35437c478bd9Sstevel@tonic-gate done 35447c478bd9Sstevel@tonic-gate 35457c478bd9Sstevel@tonic-gate # Print newline because of \c. 35467c478bd9Sstevel@tonic-gate ${ECHO} " " 35477c478bd9Sstevel@tonic-gate done 35487c478bd9Sstevel@tonic-gate} 35497c478bd9Sstevel@tonic-gate 35507c478bd9Sstevel@tonic-gate 35517c478bd9Sstevel@tonic-gate# 35527c478bd9Sstevel@tonic-gate# add_sub_indexes(): Add indexes to improve search performance. 35537c478bd9Sstevel@tonic-gate# 35547c478bd9Sstevel@tonic-gateadd_sub_indexes() 35557c478bd9Sstevel@tonic-gate{ 35567c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_sub_indexes()" 35577c478bd9Sstevel@tonic-gate 35587c478bd9Sstevel@tonic-gate # Set eq indexes to add. 35597c478bd9Sstevel@tonic-gate _INDEXES="ipHostNumber membernisnetgroup nisnetgrouptriple" 35607c478bd9Sstevel@tonic-gate 35617c478bd9Sstevel@tonic-gate # Set _EXT to use as shortcut. 35627c478bd9Sstevel@tonic-gate _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config" 35637c478bd9Sstevel@tonic-gate 35647c478bd9Sstevel@tonic-gate 35657c478bd9Sstevel@tonic-gate # Display message to id current step. 35667c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Processing eq,pres,sub indexes:" 35677c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 35687c478bd9Sstevel@tonic-gate 35697c478bd9Sstevel@tonic-gate # For loop to create indexes. 35707c478bd9Sstevel@tonic-gate for i in ${_INDEXES}; do 35717c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " Adding index for ${i}" 35727c478bd9Sstevel@tonic-gate 35737c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 35747c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1 35757c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 35767c478bd9Sstevel@tonic-gate # Display index skipped. 35777c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres,sub) skipped already exists" 35787c478bd9Sstevel@tonic-gate continue 35797c478bd9Sstevel@tonic-gate fi 35807c478bd9Sstevel@tonic-gate 35817c478bd9Sstevel@tonic-gate # Here doc to create LDIF. 35827c478bd9Sstevel@tonic-gate ( cat <<EOF 35837c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT} 35847c478bd9Sstevel@tonic-gateobjectClass: top 35857c478bd9Sstevel@tonic-gateobjectClass: nsIndex 35867c478bd9Sstevel@tonic-gatecn: ${i} 35877c478bd9Sstevel@tonic-gatensSystemIndex: false 35887c478bd9Sstevel@tonic-gatensIndexType: pres 35897c478bd9Sstevel@tonic-gatensIndexType: eq 35907c478bd9Sstevel@tonic-gatensIndexType: sub 35917c478bd9Sstevel@tonic-gateEOF 35927c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i} 35937c478bd9Sstevel@tonic-gate 35947c478bd9Sstevel@tonic-gate # Add the index. 35957c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}" 35967c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 35977c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding EQ,PRES,SUB index for ${i} failed!" 35987c478bd9Sstevel@tonic-gate cleanup 35997c478bd9Sstevel@tonic-gate exit 1 36007c478bd9Sstevel@tonic-gate fi 36017c478bd9Sstevel@tonic-gate 36027c478bd9Sstevel@tonic-gate # Build date for task name. 36037c478bd9Sstevel@tonic-gate _YR=`date '+%y'` 36047c478bd9Sstevel@tonic-gate _MN=`date '+%m'` 36057c478bd9Sstevel@tonic-gate _DY=`date '+%d'` 36067c478bd9Sstevel@tonic-gate _H=`date '+%H'` 36077c478bd9Sstevel@tonic-gate _M=`date '+%M'` 36087c478bd9Sstevel@tonic-gate _S=`date '+%S'` 36097c478bd9Sstevel@tonic-gate 36107c478bd9Sstevel@tonic-gate # Build task name 36117c478bd9Sstevel@tonic-gate TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}" 36127c478bd9Sstevel@tonic-gate 36137c478bd9Sstevel@tonic-gate # Build the task entry to add. 36147c478bd9Sstevel@tonic-gate ( cat <<EOF 36157c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config 36167c478bd9Sstevel@tonic-gatechangetype: add 36177c478bd9Sstevel@tonic-gateobjectclass: top 36187c478bd9Sstevel@tonic-gateobjectclass: extensibleObject 36197c478bd9Sstevel@tonic-gatecn: ${TASKNAME} 36207c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE} 36217c478bd9Sstevel@tonic-gatensIndexAttribute: ${i} 36227c478bd9Sstevel@tonic-gateEOF 36237c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i} 36247c478bd9Sstevel@tonic-gate 36257c478bd9Sstevel@tonic-gate # Add the task. 36267c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}" 36277c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 36287c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding task for ${i} failed!" 36297c478bd9Sstevel@tonic-gate cleanup 36307c478bd9Sstevel@tonic-gate exit 1 36317c478bd9Sstevel@tonic-gate fi 36327c478bd9Sstevel@tonic-gate 36337c478bd9Sstevel@tonic-gate # Wait for task to finish, display current status. 36347c478bd9Sstevel@tonic-gate while : 36357c478bd9Sstevel@tonic-gate do 36367c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1" 36377c478bd9Sstevel@tonic-gate ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1 36387c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 36397c478bd9Sstevel@tonic-gate break 36407c478bd9Sstevel@tonic-gate fi 36417c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}" 36427c478bd9Sstevel@tonic-gate TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}` 36437c478bd9Sstevel@tonic-gate ${ECHO} " ${i} (eq,pres,sub) $TASK_STATUS \r\c" 36447c478bd9Sstevel@tonic-gate ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1 36457c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 36467c478bd9Sstevel@tonic-gate break 36477c478bd9Sstevel@tonic-gate fi 36487c478bd9Sstevel@tonic-gate sleep 2 36497c478bd9Sstevel@tonic-gate done 36507c478bd9Sstevel@tonic-gate 36517c478bd9Sstevel@tonic-gate # Print newline because of \c. 36527c478bd9Sstevel@tonic-gate ${ECHO} " " 36537c478bd9Sstevel@tonic-gate done 36547c478bd9Sstevel@tonic-gate} 36557c478bd9Sstevel@tonic-gate 36567c478bd9Sstevel@tonic-gate 36577c478bd9Sstevel@tonic-gate# 36587c478bd9Sstevel@tonic-gate# add_vlv_indexes(): Add VLV indexes to improve search performance. 36597c478bd9Sstevel@tonic-gate# 36607c478bd9Sstevel@tonic-gateadd_vlv_indexes() 36617c478bd9Sstevel@tonic-gate{ 36627c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_indexes()" 36637c478bd9Sstevel@tonic-gate 36647c478bd9Sstevel@tonic-gate # Set eq indexes to add. 36657c478bd9Sstevel@tonic-gate # Note semi colon separators because some filters contain colons 36667c478bd9Sstevel@tonic-gate _INDEX1="${LDAP_DOMAIN}.getgrent;${LDAP_DOMAIN}_group_vlv_index;ou=group;objectClass=posixGroup" 36677c478bd9Sstevel@tonic-gate _INDEX2="${LDAP_DOMAIN}.gethostent;${LDAP_DOMAIN}_hosts_vlv_index;ou=hosts;objectClass=ipHost" 36687c478bd9Sstevel@tonic-gate _INDEX3="${LDAP_DOMAIN}.getnetent;${LDAP_DOMAIN}_networks_vlv_index;ou=networks;objectClass=ipNetwork" 36697c478bd9Sstevel@tonic-gate _INDEX4="${LDAP_DOMAIN}.getpwent;${LDAP_DOMAIN}_passwd_vlv_index;ou=people;objectClass=posixAccount" 36707c478bd9Sstevel@tonic-gate _INDEX5="${LDAP_DOMAIN}.getrpcent;${LDAP_DOMAIN}_rpc_vlv_index;ou=rpc;objectClass=oncRpc" 36717c478bd9Sstevel@tonic-gate _INDEX6="${LDAP_DOMAIN}.getspent;${LDAP_DOMAIN}_shadow_vlv_index;ou=people;objectClass=shadowAccount" 36727c478bd9Sstevel@tonic-gate 36737c478bd9Sstevel@tonic-gate # Indexes added during NIS to LDAP transition 36747c478bd9Sstevel@tonic-gate _INDEX7="${LDAP_DOMAIN}.getauhoent;${LDAP_DOMAIN}_auho_vlv_index;automountmapname=auto_home;objectClass=automount" 36757c478bd9Sstevel@tonic-gate _INDEX8="${LDAP_DOMAIN}.getsoluent;${LDAP_DOMAIN}_solu_vlv_index;ou=people;objectClass=SolarisUserAttr" 36767c478bd9Sstevel@tonic-gate _INDEX9="${LDAP_DOMAIN}.getauduent;${LDAP_DOMAIN}_audu_vlv_index;ou=people;objectClass=SolarisAuditUser" 36777c478bd9Sstevel@tonic-gate _INDEX10="${LDAP_DOMAIN}.getauthent;${LDAP_DOMAIN}_auth_vlv_index;ou=SolarisAuthAttr;objectClass=SolarisAuthAttr" 36787c478bd9Sstevel@tonic-gate _INDEX11="${LDAP_DOMAIN}.getexecent;${LDAP_DOMAIN}_exec_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisExecAttr)(SolarisKernelSecurityPolicy=*)" 36797c478bd9Sstevel@tonic-gate _INDEX12="${LDAP_DOMAIN}.getprofent;${LDAP_DOMAIN}_prof_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisProfAttr)(SolarisAttrLongDesc=*)" 36807c478bd9Sstevel@tonic-gate _INDEX13="${LDAP_DOMAIN}.getmailent;${LDAP_DOMAIN}_mail_vlv_index;ou=aliases;objectClass=mailGroup" 36817c478bd9Sstevel@tonic-gate _INDEX14="${LDAP_DOMAIN}.getbootent;${LDAP_DOMAIN}__boot_vlv_index;ou=ethers;&(objectClass=bootableDevice)(bootParameter=*)" 36827c478bd9Sstevel@tonic-gate _INDEX15="${LDAP_DOMAIN}.getethent;${LDAP_DOMAIN}_ethers_vlv_index;ou=ethers;&(objectClass=ieee802Device)(macAddress=*)" 36837c478bd9Sstevel@tonic-gate _INDEX16="${LDAP_DOMAIN}.getngrpent;${LDAP_DOMAIN}_netgroup_vlv_index;ou=netgroup;objectClass=nisNetgroup" 36847c478bd9Sstevel@tonic-gate _INDEX17="${LDAP_DOMAIN}.getipnent;${LDAP_DOMAIN}_ipn_vlv_index;ou=networks;&(objectClass=ipNetwork)(cn=*)" 36857c478bd9Sstevel@tonic-gate _INDEX18="${LDAP_DOMAIN}.getmaskent;${LDAP_DOMAIN}_mask_vlv_index;ou=networks;&(objectClass=ipNetwork)(ipNetmaskNumber=*)" 36867c478bd9Sstevel@tonic-gate _INDEX19="${LDAP_DOMAIN}.getprent;${LDAP_DOMAIN}_pr_vlv_index;ou=printers;objectClass=printerService" 36877c478bd9Sstevel@tonic-gate _INDEX20="${LDAP_DOMAIN}.getip4ent;${LDAP_DOMAIN}_ip4_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*.*)" 36887c478bd9Sstevel@tonic-gate _INDEX21="${LDAP_DOMAIN}.getip6ent;${LDAP_DOMAIN}_ip6_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*:*)" 36897c478bd9Sstevel@tonic-gate 36907c478bd9Sstevel@tonic-gate _INDEXES="$_INDEX1 $_INDEX2 $_INDEX3 $_INDEX4 $_INDEX5 $_INDEX6 $_INDEX7 $_INDEX8 $_INDEX9 $_INDEX10 $_INDEX11 $_INDEX12 $_INDEX13 $_INDEX14 $_INDEX15 $_INDEX16 $_INDEX17 $_INDEX18 $_INDEX19 $_INDEX20 $_INDEX21 " 36917c478bd9Sstevel@tonic-gate 36927c478bd9Sstevel@tonic-gate 36937c478bd9Sstevel@tonic-gate # Set _EXT to use as shortcut. 36947c478bd9Sstevel@tonic-gate _EXT="cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config" 36957c478bd9Sstevel@tonic-gate 36967c478bd9Sstevel@tonic-gate 36977c478bd9Sstevel@tonic-gate # Display message to id current step. 36987c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Processing VLV indexes:" 36997c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 37007c478bd9Sstevel@tonic-gate 37017c478bd9Sstevel@tonic-gate # Reset temp file for vlvindex commands. 37027c478bd9Sstevel@tonic-gate [ -f ${TMPDIR}/vlvindex_list ] && rm ${TMPDIR}/vlvindex_list 37037c478bd9Sstevel@tonic-gate touch ${TMPDIR}/vlvindex_list 37047c478bd9Sstevel@tonic-gate 37057c478bd9Sstevel@tonic-gate # Get the instance name from iDS server. 37067c478bd9Sstevel@tonic-gate _INSTANCE="<server-instance>" # Default to old output. 37077c478bd9Sstevel@tonic-gate 37087c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} -v ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-instancedir | ${GREP} 'nsslapd-instancedir=' | cut -d'=' -f2- > ${TMPDIR}/instance_name 2>&1" 37097c478bd9Sstevel@tonic-gate 37107c478bd9Sstevel@tonic-gate ${GREP} "slapd-" ${TMPDIR}/instance_name > /dev/null 2>&1 # Check if seems right? 37117c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then # If success, grab name after "slapd-". 37127c478bd9Sstevel@tonic-gate _INST_DIR=`cat ${TMPDIR}/instance_name` 37137c478bd9Sstevel@tonic-gate _INSTANCE=`basename "${_INST_DIR}" | cut -d'-' -f2-` 37147c478bd9Sstevel@tonic-gate fi 37157c478bd9Sstevel@tonic-gate 37167c478bd9Sstevel@tonic-gate # For loop to create indexes. 37177c478bd9Sstevel@tonic-gate for p in ${_INDEXES}; do 37187c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} " Adding index for ${i}" 37197c478bd9Sstevel@tonic-gate 37207c478bd9Sstevel@tonic-gate # Break p (pair) into i and j parts. 37217c478bd9Sstevel@tonic-gate i=`${ECHO} $p | cut -d';' -f1` 37227c478bd9Sstevel@tonic-gate j=`${ECHO} $p | cut -d';' -f2` 37237c478bd9Sstevel@tonic-gate k=`${ECHO} $p | cut -d';' -f3` 37247c478bd9Sstevel@tonic-gate m=`${ECHO} $p | cut -d';' -f4` 37257c478bd9Sstevel@tonic-gate 37267c478bd9Sstevel@tonic-gate # Set _jEXT to use as shortcut. 37277c478bd9Sstevel@tonic-gate _jEXT="cn=${j},${_EXT}" 37287c478bd9Sstevel@tonic-gate 37297c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 37307c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_jEXT}" -s base "objectclass=*" > /dev/null 2>&1 37317c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 37327c478bd9Sstevel@tonic-gate # Display index skipped. 37337c478bd9Sstevel@tonic-gate ${ECHO} " ${i} vlv_index skipped already exists" 37347c478bd9Sstevel@tonic-gate continue 37357c478bd9Sstevel@tonic-gate fi 37367c478bd9Sstevel@tonic-gate 37377c478bd9Sstevel@tonic-gate # Compute the VLV Scope from the LDAP_SEARCH_SCOPE. 37387c478bd9Sstevel@tonic-gate # NOTE: A value of "base (0)" does not make sense. 37397c478bd9Sstevel@tonic-gate case "$LDAP_SEARCH_SCOPE" in 37407c478bd9Sstevel@tonic-gate sub) VLV_SCOPE="2" ;; 37417c478bd9Sstevel@tonic-gate *) VLV_SCOPE="1" ;; 37427c478bd9Sstevel@tonic-gate esac 37437c478bd9Sstevel@tonic-gate 37447c478bd9Sstevel@tonic-gate # Here doc to create LDIF. 37457c478bd9Sstevel@tonic-gate ( cat <<EOF 37467c478bd9Sstevel@tonic-gatedn: ${_jEXT} 37477c478bd9Sstevel@tonic-gateobjectClass: top 37487c478bd9Sstevel@tonic-gateobjectClass: vlvSearch 37497c478bd9Sstevel@tonic-gatecn: ${j} 37507c478bd9Sstevel@tonic-gatevlvbase: ${k},${LDAP_BASEDN} 37517c478bd9Sstevel@tonic-gatevlvscope: ${VLV_SCOPE} 37527c478bd9Sstevel@tonic-gatevlvfilter: (${m}) 37537c478bd9Sstevel@tonic-gateaci: (target="ldap:///${_jEXT}")(targetattr="*")(version 3.0; acl "Config";allow(read,search,compare)userdn="ldap:///anyone";) 37547c478bd9Sstevel@tonic-gate 37557c478bd9Sstevel@tonic-gatedn: cn=${i},${_jEXT} 37567c478bd9Sstevel@tonic-gatecn: ${i} 37577c478bd9Sstevel@tonic-gatevlvSort: cn uid 37587c478bd9Sstevel@tonic-gateobjectclass: top 37597c478bd9Sstevel@tonic-gateobjectclass: vlvIndex 37607c478bd9Sstevel@tonic-gateEOF 37617c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_index_${i} 37627c478bd9Sstevel@tonic-gate 37637c478bd9Sstevel@tonic-gate # Add the index. 37647c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}" 37657c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 37667c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding VLV index for ${i} failed!" 37677c478bd9Sstevel@tonic-gate cleanup 37687c478bd9Sstevel@tonic-gate exit 1 37697c478bd9Sstevel@tonic-gate fi 37707c478bd9Sstevel@tonic-gate 37717c478bd9Sstevel@tonic-gate # Print message that index was created. 37727c478bd9Sstevel@tonic-gate ${ECHO} " ${i} vlv_index Entry created" 37737c478bd9Sstevel@tonic-gate 37747c478bd9Sstevel@tonic-gate # Add command to list of vlvindex commands to run. 37757c478bd9Sstevel@tonic-gate ${ECHO} " directoryserver -s ${_INSTANCE} vlvindex -n ${IDS_DATABASE} -T ${i}" >> ${TMPDIR}/vlvindex_list 37767c478bd9Sstevel@tonic-gate done 37777c478bd9Sstevel@tonic-gate} 37787c478bd9Sstevel@tonic-gate 37797c478bd9Sstevel@tonic-gate 37807c478bd9Sstevel@tonic-gate# 37817c478bd9Sstevel@tonic-gate# display_vlv_cmds(): Display VLV index commands to run on server. 37827c478bd9Sstevel@tonic-gate# 37837c478bd9Sstevel@tonic-gatedisplay_vlv_cmds() 37847c478bd9Sstevel@tonic-gate{ 37857c478bd9Sstevel@tonic-gate if [ -s "${TMPDIR}/vlvindex_list" ]; then 37867c478bd9Sstevel@tonic-gate display_msg display_vlv_list 37877c478bd9Sstevel@tonic-gate cat ${TMPDIR}/vlvindex_list 37887c478bd9Sstevel@tonic-gate fi 37897c478bd9Sstevel@tonic-gate} 37907c478bd9Sstevel@tonic-gate 37917c478bd9Sstevel@tonic-gate 37927c478bd9Sstevel@tonic-gate# 37937c478bd9Sstevel@tonic-gate# update_schema_attr(): Update Schema to support Naming. 37947c478bd9Sstevel@tonic-gate# 37957c478bd9Sstevel@tonic-gateupdate_schema_attr() 37967c478bd9Sstevel@tonic-gate{ 37977c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_attr()" 37987c478bd9Sstevel@tonic-gate 37997c478bd9Sstevel@tonic-gate ( cat <<EOF 38007c478bd9Sstevel@tonic-gatedn: cn=schema 38017c478bd9Sstevel@tonic-gatechangetype: modify 38027c478bd9Sstevel@tonic-gateadd: attributetypes 38037c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'NIS public key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38047c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'NIS secret key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38057c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38067c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38077c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'automount Key Value' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38087c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'automount information' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38097c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38107c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38117c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38127c478bd9Sstevel@tonic-gateattributetypes: ( rfc822mailMember-oid NAME 'rfc822mailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38137c478bd9Sstevel@tonic-gateattributetypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38147c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38157c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 38167c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38177c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 38187c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38197c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 38207c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 38217c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.22 NAME 'SolarisCertificatePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38227c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.23 NAME 'SolarisCertificatePassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38237c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 38247c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38257c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 38267c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferredServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') 38277c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferredServerOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38287c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38297c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.4 NAME 'SolarisAttrKeyValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38307c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.5 NAME 'SolarisAuditAlways' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38317c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.6 NAME 'SolarisAuditNever' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38327c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.7 NAME 'SolarisAttrShortDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38337c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.8 NAME 'SolarisAttrLongDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38347c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.9 NAME 'SolarisKernelSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38357c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.10 NAME 'SolarisProfileType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38367c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.11 NAME 'SolarisProfileId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38377c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.12 NAME 'SolarisUserQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38387c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.13 NAME 'SolarisAttrReserved1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38397c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.14 NAME 'SolarisAttrReserved2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38407c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.1 NAME 'SolarisProjectID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 38417c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.2 NAME 'SolarisProjectName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE ) 38427c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.3 NAME 'SolarisProjectAttr' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38437c478bd9Sstevel@tonic-gateattributetypes: ( memberGid-oid NAME 'memberGid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38447c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38457c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE ) 38467c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38477c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 38487c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 38497c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38507c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38517c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live before a client DUA should re-read this configuration profile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 38527c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' ) 38537c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38547c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38557c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38567c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38577c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Search scope used by a service of the DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 38587c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication Method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 38597c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer. This URI SHOULD be used as a relative distinguished name (RDN). If printer-xri-supported is implemented, then this URI value MUST be listed in a member value of printer-xri-supported.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 38607c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The unordered list of XRI (extended resource identifiers) supported by this printer. Each member of the list consists of a URI (uniform resource identifier) followed by optional authentication and security metaparameters.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 38617c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-specific administrative name of this printer, more end-user friendly than a URI.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38627c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configured' DESC 'The configured language in which error and status messages will be generated (by default) by this printer. Also, a possible language for printer string attributes set by operator, system administrator, or manufacturer. Also, the (declared) language of the "printer-name", "printer-location", "printer-info", and "printer-make-and-model" attributes of this printer. For example: "en-us" (US English) or "fr-fr" (French in France) Legal values of language tags conform to [RFC3066] "Tags for the Identification of Languages".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38637c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'Identifies the location of the printer. This could include things like: "in Room 123A", "second floor of building XYZ".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38647c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Identifies the descriptive information about this printer. This could include things like: "This printer can be used for printing color transparencies for HR presentations", or "Out of courtesy for others, please print only small (1-5 page) jobs at this printer", or even "This printer is going away on July 1, 1997, please find a new printer".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38657c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI used to obtain more information about this specific printer. For example, this could be an HTTP type URI referencing an HTML page accessible to a Web Browser. The information obtained from this URI is intended for end user consumption.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 38667c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Identifies the make and model of the device. The device manufacturer MAY initially populate this attribute.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38677c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DESC 'Identifies the IPP protocol version(s) that this printer supports, including major and minor versions, i.e., the version numbers for which this Printer implementation meets the conformance requirements.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38687c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-supported' DESC 'Indicates whether or not the printer supports more than one document per job, i.e., more than one Send-Document or Send-Data operation with document data.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 38697c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC 'The configured charset in which error and status messages will be generated (by default) by this printer. Also, a possible charset for printer string attributes set by operator, system administrator, or manufacturer. For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1). Legal values are defined by the IANA Registry of Coded Character Sets and the "(preferred MIME name)" SHALL be used as the tag. For coherence with IPP Model, charset tags in this attribute SHALL be lowercase normalized. This attribute SHOULD be static (time of registration) and SHOULD NOT be dynamically refreshed attributetypes: (subsequently).' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} SINGLE-VALUE ) 38707c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'Identifies the set of charsets supported for attribute type values of type Directory String for this directory entry. For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1). Legal values are defined by the IANA Registry of Coded Character Sets and the preferred MIME name.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} ) 38717c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language-supported' DESC 'Identifies the natural language(s) supported for this directory entry. For example: "en-us" (US English) or "fr-fr" (French in France). Legal values conform to [RFC3066], Tags for the Identification of Languages.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{63} ) 38727c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible document formats in which data may be interpreted and printed by this printer. Legal values are MIME types come from the IANA Registry of Internet Media Types.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38737c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Indicates whether this printer is capable of any type of color printing at all, including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 38747c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DESC 'Compression algorithms supported by this printer. For example: "deflate, gzip". Legal values include; "none", "deflate" attributetypes: (public domain ZIP), "gzip" (GNU ZIP), "compress" (UNIX).' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 38757c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'The nominal number of pages per minute which may be output by this printer (e.g., a simplex or black-and-white printer). This attribute is informative, NOT a service guarantee. Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 38767c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DESC 'The nominal number of color pages per minute which may be output by this printer (e.g., a simplex or color printer). This attribute is informative, NOT a service guarantee. Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 38777c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer. Legal values include; "none", "staple", "punch", "cover", "bind", "saddle-stitch", "edge-stitch", "staple-top-left", "staple-bottom-left", "staple-top-right", "staple-bottom-right", "edge-stitch-left", "edge-stitch-top", "edge-stitch-right", "edge-stitch-bottom", "staple-dual-left", "staple-dual-top", "staple-dual-right", "staple-dual-bottom".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 38787c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium. Legal values include; 1, 2, and 4. Implementations may support other values.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 38797c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotations supported by this printer. Legal values include; "one-sided", "two-sided-long-edge", "two-sided-short-edge".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38807c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supported by this printer. For example: "iso-a4", "envelope", or "na-letter-white". Legal values conform to ISO 10175, Document Printing Application (DPA), and any IANA registered extensions.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 38817c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DESC 'Site-specific names of media supported by this printer, in the language in "printer-natural-language-configured". For example: "purchasing-form" (site-specific name) as opposed to (in "printer-media-supported"): "na-letter" (standard keyword from ISO 10175).' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 38827c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer. Each resolution value is a string with 3 fields: 1) Cross feed direction resolution (positive integer), 2) Feed direction resolution (positive integer), 3) Resolution unit. Legal values are "dpi" (dots per inch) and "dpcm" (dots per centimeter). Each resolution field is delimited by ">". For example: "300> 300> dpi>".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} ) 38837c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' DESC 'List of print qualities supported for printing documents on this printer. For example: "draft, normal". Legal values include; "unknown", "draft", "normal", "high".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38847c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DESC 'Indicates the number of job priority levels supported. An IPP conformant printer which supports job priority must always support a full range of priorities from "1" to "100" (to ensure consistent behavior), therefore this attribute describes the "granularity". Legal values of this attribute are from "1" to "100".' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 38857c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'The maximum number of copies of a document that may be printed as a single job. A value of "0" indicates no maximum limit. A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 38867c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DESC 'The maximum size in kilobytes (1,024 octets actually) incoming print job that this printer will accept. A value of "0" indicates no maximum limit. A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 38877c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'The name of the current human operator responsible for operating this printer. It is suggested that this string include information that would enable other humans to reach the operator, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38887c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The name of the current human service person responsible for servicing this printer. It is suggested that this string include information that would enable other humans to reach the service person, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE ) 38897c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-supported' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer. Legal values include; "unknown", "face-up", and "face-down".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38907c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer. Legal values include; "unknown", "first-to-last", "last-to-first".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38917c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer. Legal values include; "unknown", "bursting", "decollating", "page-collating", "offset-stacking".' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38927c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'Site-specific administrative names of this printer in addition the printer name specified for printer-name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} ) 38937c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.63 NAME 'sun-printer-bsdaddr' DESC 'Sets the server, print queue destination name and whether the client generates protocol extensions. "Solaris" specifies a Solaris print server extension. The value is represented by the following value: server "," destination ", Solaris".' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) 38947c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.64 NAME 'sun-printer-kvp' DESC 'This attribute contains a set of key value pairs which may have meaning to the print subsystem or may be user defined. Each value is represented by the following: key "=" value.' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 38957c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.57 NAME 'nisplusTimeZone' DESC 'tzone column from NIS+ timezone table' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 389645916cd2Sjpkattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.67 NAME 'ipTnetTemplateName' DESC 'Trusted Solaris network template template_name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 389745916cd2Sjpkattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.68 NAME 'ipTnetNumber' DESC 'Trusted Solaris network template ip_address' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 38987c478bd9Sstevel@tonic-gateEOF 38997c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_attr 39007c478bd9Sstevel@tonic-gate 39017c478bd9Sstevel@tonic-gate # Add the entry. 39027c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_attr ${VERB}" 39037c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 39047c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of schema attributes failed!" 39057c478bd9Sstevel@tonic-gate cleanup 39067c478bd9Sstevel@tonic-gate exit 1 39077c478bd9Sstevel@tonic-gate fi 39087c478bd9Sstevel@tonic-gate 39097c478bd9Sstevel@tonic-gate # Display message that schema is updated. 39107c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Schema attributes have been updated." 39117c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 39127c478bd9Sstevel@tonic-gate} 39137c478bd9Sstevel@tonic-gate 39147c478bd9Sstevel@tonic-gate 39157c478bd9Sstevel@tonic-gate# 39167c478bd9Sstevel@tonic-gate# update_schema_obj(): Update the schema objectclass definitions. 39177c478bd9Sstevel@tonic-gate# 39187c478bd9Sstevel@tonic-gateupdate_schema_obj() 39197c478bd9Sstevel@tonic-gate{ 39207c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_obj()" 39217c478bd9Sstevel@tonic-gate 39227c478bd9Sstevel@tonic-gate # Add the objectclass definitions. 39237c478bd9Sstevel@tonic-gate ( cat <<EOF 39247c478bd9Sstevel@tonic-gatedn: cn=schema 39257c478bd9Sstevel@tonic-gatechangetype: modify 39267c478bd9Sstevel@tonic-gateadd: objectclasses 39277c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.14 NAME 'NisKeyObject' SUP 'top' MUST (objectclass $ cn $ nisPublickey $ nisSecretkey) MAY (uidNumber $ description)) 39287c478bd9Sstevel@tonic-gate 39297c478bd9Sstevel@tonic-gatedn: cn=schema 39307c478bd9Sstevel@tonic-gatechangetype: modify 39317c478bd9Sstevel@tonic-gateadd: objectclasses 39327c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP 'top' MUST (objectclass $ nisDomain) MAY ()) 39337c478bd9Sstevel@tonic-gate 39347c478bd9Sstevel@tonic-gatedn: cn=schema 39357c478bd9Sstevel@tonic-gatechangetype: modify 39367c478bd9Sstevel@tonic-gateadd: objectclasses 39377c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP 'top' MUST (objectclass $ automountMapName) MAY (description)) 39387c478bd9Sstevel@tonic-gate 39397c478bd9Sstevel@tonic-gatedn: cn=schema 39407c478bd9Sstevel@tonic-gatechangetype: modify 39417c478bd9Sstevel@tonic-gateadd: objectclasses 39427c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP 'top' MUST (objectclass $ automountKey $ automountInformation ) MAY (description)) 39437c478bd9Sstevel@tonic-gate 39447c478bd9Sstevel@tonic-gatedn: cn=schema 39457c478bd9Sstevel@tonic-gatechangetype: modify 39467c478bd9Sstevel@tonic-gateadd: objectclasses 39477c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.7 NAME 'SolarisNamingProfile' SUP 'top' MUST (objectclass $ cn $ SolarisLDAPservers $ SolarisSearchBaseDN) MAY (SolarisBindDN $ SolarisBindPassword $ SolarisAuthMethod $ SolarisTransportSecurity $ SolarisCertificatePath $ SolarisCertificatePassword $ SolarisDataSearchDN $ SolarisSearchScope $ SolarisSearchTimeLimit $ SolarisPreferredServer $ SolarisPreferredServerOnly $ SolarisCacheTTL $ SolarisSearchReferral)) 39487c478bd9Sstevel@tonic-gate 39497c478bd9Sstevel@tonic-gatedn: cn=schema 39507c478bd9Sstevel@tonic-gatechangetype: modify 39517c478bd9Sstevel@tonic-gateadd: objectclasses 39527c478bd9Sstevel@tonic-gateobjectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' SUP 'top' MUST (objectclass $ mail) MAY (cn $ mgrpRFC822MailMember)) 39537c478bd9Sstevel@tonic-gate 39547c478bd9Sstevel@tonic-gatedn: cn=schema 39557c478bd9Sstevel@tonic-gatechangetype: modify 39567c478bd9Sstevel@tonic-gateadd: objectclasses 39577c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP 'top' MUST (objectclass $ cn) MAY (rfc822mailMember)) 39587c478bd9Sstevel@tonic-gate 39597c478bd9Sstevel@tonic-gatedn: cn=schema 39607c478bd9Sstevel@tonic-gatechangetype: modify 39617c478bd9Sstevel@tonic-gateadd: objectclasses 39627c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' SUP 'top' MUST (objectclass $ cn) MAY (nisNetIdUser $ nisNetIdGroup $ nisNetIdHost)) 39637c478bd9Sstevel@tonic-gate 39647c478bd9Sstevel@tonic-gatedn: cn=schema 39657c478bd9Sstevel@tonic-gatechangetype: modify 39667c478bd9Sstevel@tonic-gateadd: objectclasses 39677c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.2 NAME 'SolarisAuditUser' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisAuditAlways $ SolarisAuditNever)) 39687c478bd9Sstevel@tonic-gate 39697c478bd9Sstevel@tonic-gatedn: cn=schema 39707c478bd9Sstevel@tonic-gatechangetype: modify 39717c478bd9Sstevel@tonic-gateadd: objectclasses 39727c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.3 NAME 'SolarisUserAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisUserQualifier $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrKeyValue)) 39737c478bd9Sstevel@tonic-gate 39747c478bd9Sstevel@tonic-gatedn: cn=schema 39757c478bd9Sstevel@tonic-gatechangetype: modify 39767c478bd9Sstevel@tonic-gateadd: objectclasses 39777c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.4 NAME 'SolarisAuthAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrShortDesc $ SolarisAttrLongDesc $ SolarisAttrKeyValue)) 39787c478bd9Sstevel@tonic-gate 39797c478bd9Sstevel@tonic-gatedn: cn=schema 39807c478bd9Sstevel@tonic-gatechangetype: modify 39817c478bd9Sstevel@tonic-gateadd: objectclasses 39827c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.5 NAME 'SolarisProfAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrLongDesc $ SolarisAttrKeyValue)) 39837c478bd9Sstevel@tonic-gate 39847c478bd9Sstevel@tonic-gatedn: cn=schema 39857c478bd9Sstevel@tonic-gatechangetype: modify 39867c478bd9Sstevel@tonic-gateadd: objectclasses 39877c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.6 NAME 'SolarisExecAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisKernelSecurityPolicy $ SolarisProfileType $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisProfileID $ SolarisAttrKeyValue)) 39887c478bd9Sstevel@tonic-gate 39897c478bd9Sstevel@tonic-gatedn: cn=schema 39907c478bd9Sstevel@tonic-gatechangetype: modify 39917c478bd9Sstevel@tonic-gateadd: objectclasses 39927c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.1 NAME 'SolarisProject' SUP 'top' MUST (objectclass $ SolarisProjectID $ SolarisProjectName) MAY (memberUid $ memberGid $ description $ SolarisProjectAttr)) 39937c478bd9Sstevel@tonic-gate 39947c478bd9Sstevel@tonic-gatedn: cn=schema 39957c478bd9Sstevel@tonic-gatechangetype: modify 39967c478bd9Sstevel@tonic-gateadd: objectclasses 39977c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP 'top' DESC 'Abstraction of a base configuration for a DUA' MUST (cn) MAY (defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL)) 39987c478bd9Sstevel@tonic-gate 39997c478bd9Sstevel@tonic-gatedn: cn=schema 40007c478bd9Sstevel@tonic-gatechangetype: modify 40017c478bd9Sstevel@tonic-gateadd: objectclasses 40027c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.2549 NAME 'slpService' DESC 'DUMMY definition' SUP 'top' MUST (objectclass) MAY ()) 40037c478bd9Sstevel@tonic-gate 40047c478bd9Sstevel@tonic-gatedn: cn=schema 40057c478bd9Sstevel@tonic-gatechangetype: modify 40067c478bd9Sstevel@tonic-gateadd: objectclasses 40077c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.254 NAME 'slpServicePrinter' DESC 'Service Location Protocol (SLP) information.' AUXILIARY SUP 'slpService') 40087c478bd9Sstevel@tonic-gate 40097c478bd9Sstevel@tonic-gatedn: cn=schema 40107c478bd9Sstevel@tonic-gatechangetype: modify 40117c478bd9Sstevel@tonic-gateadd: objectclasses 40127c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer related information.' ABSTRACT SUP 'top' MAY ( printer-name $ printer-natural-language-configured $ printer-location $ printer-info $ printer-more-info $ printer-make-and-model $ printer-multiple-document-jobs-supported $ printer-charset-configured $ printer-charset-supported $ printer-generated-natural-language-supported $ printer-document-format-supported $ printer-color-supported $ printer-compression-supported $ printer-pages-per-minute $ printer-pages-per-minute-color $ printer-finishings-supported $ printer-number-up-supported $ printer-sides-supported $ printer-media-supported $ printer-media-local-supported $ printer-resolution-supported $ printer-print-quality-supported $ printer-job-priority-supported $ printer-copies-supported $ printer-job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supported $ printer-output-features-supported )) 40137c478bd9Sstevel@tonic-gate 40147c478bd9Sstevel@tonic-gatedn: cn=schema 40157c478bd9Sstevel@tonic-gatechangetype: modify 40167c478bd9Sstevel@tonic-gateadd: objectclasses 40177c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer information.' STRUCTURAL SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported )) 40187c478bd9Sstevel@tonic-gate 40197c478bd9Sstevel@tonic-gatedn: cn=schema 40207c478bd9Sstevel@tonic-gatechangetype: modify 40217c478bd9Sstevel@tonic-gateadd: objectclasses 40227c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printer information.' AUXILIARY SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported )) 40237c478bd9Sstevel@tonic-gate 40247c478bd9Sstevel@tonic-gatedn: cn=schema 40257c478bd9Sstevel@tonic-gatechangetype: modify 40267c478bd9Sstevel@tonic-gateadd: objectclasses 40277c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' AUXILIARY SUP 'top' MAY ( printer-ipp-versions-supported $ printer-multiple-document-jobs-supported )) 40287c478bd9Sstevel@tonic-gate 40297c478bd9Sstevel@tonic-gatedn: cn=schema 40307c478bd9Sstevel@tonic-gatechangetype: modify 40317c478bd9Sstevel@tonic-gateadd: objectclasses 40327c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' AUXILIARY SUP 'top' MUST ( printer-name ) MAY ( printer-aliases)) 40337c478bd9Sstevel@tonic-gate 40347c478bd9Sstevel@tonic-gatedn: cn=schema 40357c478bd9Sstevel@tonic-gatechangetype: modify 40367c478bd9Sstevel@tonic-gateadd: objectclasses 40377c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.14 NAME 'sunPrinter' DESC 'Sun printer information' SUP 'top' AUXILIARY MUST (objectclass $ printer-name) MAY (sun-printer-bsdaddr $ sun-printer-kvp)) 40387c478bd9Sstevel@tonic-gate 40397c478bd9Sstevel@tonic-gatedn: cn=schema 40407c478bd9Sstevel@tonic-gatechangetype: modify 40417c478bd9Sstevel@tonic-gateadd: objectclasses 40427c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.12 NAME 'nisplusTimeZoneData' DESC 'NIS+ timezone table data' SUP top STRUCTURAL MUST ( cn ) MAY ( nisplusTimeZone $ description ) ) 404345916cd2Sjpk 404445916cd2Sjpkdn: cn=schema 404545916cd2Sjpkchangetype: modify 404645916cd2Sjpkadd: objectclasses 404745916cd2Sjpkobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.8 NAME 'ipTnetTemplate' DESC 'Object class for TSOL network templates' SUP 'top' MUST ( objectclass $ ipTnetTemplateName ) MAY ( SolarisAttrKeyValue ) ) 404845916cd2Sjpk 404945916cd2Sjpkdn: cn=schema 405045916cd2Sjpkchangetype: modify 405145916cd2Sjpkadd: objectclasses 405245916cd2Sjpkobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.9 NAME 'ipTnetHost' DESC 'Associates an IP address or wildcard with a TSOL template_name' SUP 'top' AUXILIARY MUST ( objectclass $ ipTnetNumber ) ) 40537c478bd9Sstevel@tonic-gateEOF 40547c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_obj 40557c478bd9Sstevel@tonic-gate 40567c478bd9Sstevel@tonic-gate # Add the entry. 40577c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_obj ${VERB}" 40587c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 40597c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of schema objectclass definitions failed!" 40607c478bd9Sstevel@tonic-gate cleanup 40617c478bd9Sstevel@tonic-gate exit 1 40627c478bd9Sstevel@tonic-gate fi 40637c478bd9Sstevel@tonic-gate 40647c478bd9Sstevel@tonic-gate # Display message that schema is updated. 40657c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Schema objectclass definitions have been added." 40667c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 40677c478bd9Sstevel@tonic-gate} 40687c478bd9Sstevel@tonic-gate 40697c478bd9Sstevel@tonic-gate 40707c478bd9Sstevel@tonic-gate# 40717c478bd9Sstevel@tonic-gate# modify_top_aci(): Modify the ACI for the top entry to disable self modify 40727c478bd9Sstevel@tonic-gate# of user attributes. 40737c478bd9Sstevel@tonic-gate# 40747c478bd9Sstevel@tonic-gatemodify_top_aci() 40757c478bd9Sstevel@tonic-gate{ 40767c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In modify_top_aci()" 40777c478bd9Sstevel@tonic-gate 40787c478bd9Sstevel@tonic-gate # Set ACI Name 40797c478bd9Sstevel@tonic-gate ACI_NAME="LDAP_Naming_Services_deny_write_access" 40807c478bd9Sstevel@tonic-gate 40817c478bd9Sstevel@tonic-gate # Search for ACI_NAME 40827c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_top_aci 2>&1" 40837c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 40847c478bd9Sstevel@tonic-gate ${ECHO} "Error searching aci for ${LDAP_BASEDN}" 40857c478bd9Sstevel@tonic-gate cat ${TMPDIR}/chk_top_aci 40867c478bd9Sstevel@tonic-gate cleanup 40877c478bd9Sstevel@tonic-gate exit 1 40887c478bd9Sstevel@tonic-gate fi 40897c478bd9Sstevel@tonic-gate ${GREP} "${ACI_NAME}" ${TMPDIR}/chk_top_aci > /dev/null 2>&1 40907c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 40917c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Top level ACI ${ACI_NAME} already exists for ${LDAP_BASEDN}." 40927c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 40937c478bd9Sstevel@tonic-gate return 0 40947c478bd9Sstevel@tonic-gate fi 40957c478bd9Sstevel@tonic-gate 40967c478bd9Sstevel@tonic-gate # Crate LDIF for top level ACI. 40977c478bd9Sstevel@tonic-gate ( cat <<EOF 40987c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN} 40997c478bd9Sstevel@tonic-gatechangetype: modify 41007c478bd9Sstevel@tonic-gateadd: aci 41017c478bd9Sstevel@tonic-gateaci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";) 41027c478bd9Sstevel@tonic-gate- 41037c478bd9Sstevel@tonic-gateEOF 41047c478bd9Sstevel@tonic-gate) > ${TMPDIR}/top_aci 41057c478bd9Sstevel@tonic-gate 41067c478bd9Sstevel@tonic-gate # Add the entry. 41077c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/top_aci ${VERB}" 41087c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 41097c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Modify of top level ACI failed! (restricts self modify)" 41107c478bd9Sstevel@tonic-gate cleanup 41117c478bd9Sstevel@tonic-gate exit 1 41127c478bd9Sstevel@tonic-gate fi 41137c478bd9Sstevel@tonic-gate 41147c478bd9Sstevel@tonic-gate # Display message that schema is updated. 41157c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. ACI for ${LDAP_BASEDN} modified to disable self modify." 41167c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 41177c478bd9Sstevel@tonic-gate} 41187c478bd9Sstevel@tonic-gate 41197c478bd9Sstevel@tonic-gate 41207c478bd9Sstevel@tonic-gate# 41217c478bd9Sstevel@tonic-gate# add_vlv_aci(): Add access control information (aci) for VLV. 41227c478bd9Sstevel@tonic-gate# 41237c478bd9Sstevel@tonic-gateadd_vlv_aci() 41247c478bd9Sstevel@tonic-gate{ 41257c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_aci()" 41267c478bd9Sstevel@tonic-gate 41277c478bd9Sstevel@tonic-gate # Add the VLV ACI. 41287c478bd9Sstevel@tonic-gate ( cat <<EOF 41297c478bd9Sstevel@tonic-gatedn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config 41307c478bd9Sstevel@tonic-gatechangetype: modify 41317c478bd9Sstevel@tonic-gatereplace: aci 41327c478bd9Sstevel@tonic-gateaci: (targetattr != "aci") (version 3.0; acl "VLV Request Control"; allow(read,search,compare) userdn = "ldap:///anyone";) 41337c478bd9Sstevel@tonic-gateEOF 41347c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_aci 41357c478bd9Sstevel@tonic-gate 41367c478bd9Sstevel@tonic-gate # Add the entry. 41377c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/vlv_aci ${VERB}" 41387c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 41397c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Add of VLV ACI failed!" 41407c478bd9Sstevel@tonic-gate cleanup 41417c478bd9Sstevel@tonic-gate exit 1 41427c478bd9Sstevel@tonic-gate fi 41437c478bd9Sstevel@tonic-gate 41447c478bd9Sstevel@tonic-gate # Display message that schema is updated. 41457c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Add of VLV Access Control Information (ACI)." 41467c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 41477c478bd9Sstevel@tonic-gate} 41487c478bd9Sstevel@tonic-gate 41497c478bd9Sstevel@tonic-gate 41507c478bd9Sstevel@tonic-gate# 41517c478bd9Sstevel@tonic-gate# set_nisdomain(): Add the NisDomainObject to the Base DN. 41527c478bd9Sstevel@tonic-gate# 41537c478bd9Sstevel@tonic-gateset_nisdomain() 41547c478bd9Sstevel@tonic-gate{ 41557c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In set_nisdomain()" 41567c478bd9Sstevel@tonic-gate 41577c478bd9Sstevel@tonic-gate # Check if nisDomain is already set. 4158017e8b01Svl ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base \ 4159017e8b01Svl \"objectclass=*\"" > ${TMPDIR}/chk_nisdomain 2>&1 4160017e8b01Svl ${EVAL} "${GREP} -i nisDomain ${TMPDIR}/chk_nisdomain ${VERB}" 41617c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 41627c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. NisDomainObject for ${LDAP_BASEDN} was already set." 41637c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 41647c478bd9Sstevel@tonic-gate return 0 41657c478bd9Sstevel@tonic-gate fi 41667c478bd9Sstevel@tonic-gate 41677c478bd9Sstevel@tonic-gate # Add the new top level containers. 41687c478bd9Sstevel@tonic-gate ( cat <<EOF 41697c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN} 41707c478bd9Sstevel@tonic-gatechangetype: modify 41717c478bd9Sstevel@tonic-gateobjectclass: nisDomainObject 41727c478bd9Sstevel@tonic-gatenisdomain: ${LDAP_DOMAIN} 41737c478bd9Sstevel@tonic-gateEOF 41747c478bd9Sstevel@tonic-gate) > ${TMPDIR}/nis_domain 41757c478bd9Sstevel@tonic-gate 41767c478bd9Sstevel@tonic-gate # Add the entry. 41777c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/nis_domain ${VERB}" 41787c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 41797c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of NisDomainObject in ${LDAP_BASEDN} failed." 41807c478bd9Sstevel@tonic-gate cleanup 41817c478bd9Sstevel@tonic-gate exit 1 41827c478bd9Sstevel@tonic-gate fi 41837c478bd9Sstevel@tonic-gate 41847c478bd9Sstevel@tonic-gate # Display message that schema is updated. 41857c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. NisDomainObject added to ${LDAP_BASEDN}." 41867c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 41877c478bd9Sstevel@tonic-gate} 41887c478bd9Sstevel@tonic-gate 41897c478bd9Sstevel@tonic-gate 41907c478bd9Sstevel@tonic-gate# 41917c478bd9Sstevel@tonic-gate# check_attrName(): Check that the attribute name is valid. 41927c478bd9Sstevel@tonic-gate# $1 Key to check. 41937c478bd9Sstevel@tonic-gate# Returns 0 : valid name 1 : invalid name 41947c478bd9Sstevel@tonic-gate# 41957c478bd9Sstevel@tonic-gatecheck_attrName() 41967c478bd9Sstevel@tonic-gate{ 41977c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In check_attrName()" 41987c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "check_attrName: Input Param = $1" 41997c478bd9Sstevel@tonic-gate 42007c478bd9Sstevel@tonic-gate ${ECHO} $1 | ${EGREP} '^[0-9]+(\.[0-9]+)*$' > /dev/null 2>&1 42017c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 42027c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \ 42037c478bd9Sstevel@tonic-gate attributeTypes | ${EGREP} -i '^attributetypes[ ]*=[ ]*\([ ]*$1 ' ${VERB}" 42047c478bd9Sstevel@tonic-gate else 42057c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \ 42067c478bd9Sstevel@tonic-gate attributeTypes | ${EGREP} -i \"'$1'\" ${VERB}" 42077c478bd9Sstevel@tonic-gate fi 42087c478bd9Sstevel@tonic-gate 42097c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 42107c478bd9Sstevel@tonic-gate return 1 42117c478bd9Sstevel@tonic-gate else 42127c478bd9Sstevel@tonic-gate return 0 42137c478bd9Sstevel@tonic-gate fi 42147c478bd9Sstevel@tonic-gate} 42157c478bd9Sstevel@tonic-gate 42167c478bd9Sstevel@tonic-gate 42177c478bd9Sstevel@tonic-gate# 42187c478bd9Sstevel@tonic-gate# get_objectclass(): Determine the objectclass for the given attribute name 42197c478bd9Sstevel@tonic-gate# $1 Attribute name to check. 42207c478bd9Sstevel@tonic-gate# _ATTR_NAME Return value, Object Name or NULL if unknown to idsconfig. 42217c478bd9Sstevel@tonic-gate# 42227c478bd9Sstevel@tonic-gate# NOTE: An attribute name can be valid but still we might not be able 42237c478bd9Sstevel@tonic-gate# to determine the objectclass from the table. 42247c478bd9Sstevel@tonic-gate# In such cases, the user needs to create the necessary object(s). 42257c478bd9Sstevel@tonic-gate# 42267c478bd9Sstevel@tonic-gateget_objectclass() 42277c478bd9Sstevel@tonic-gate{ 42287c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In get_objectclass()" 42297c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: Input Param = $1" 42307c478bd9Sstevel@tonic-gate 42317c478bd9Sstevel@tonic-gate # Set return value to NULL string. 42327c478bd9Sstevel@tonic-gate _ATTR_NAME="" 42337c478bd9Sstevel@tonic-gate 42347c478bd9Sstevel@tonic-gate # Test key for type: 42357c478bd9Sstevel@tonic-gate case `${ECHO} ${1} | tr '[A-Z]' '[a-z]'` in 42367c478bd9Sstevel@tonic-gate ou | organizationalunitname | 2.5.4.11) _ATTR_NAME="organizationalUnit" ;; 42377c478bd9Sstevel@tonic-gate dc | domaincomponent | 0.9.2342.19200300.100.1.25) _ATTR_NAME="domain" ;; 42387c478bd9Sstevel@tonic-gate o | organizationname | 2.5.4.10) _ATTR_NAME="organization" ;; 42397c478bd9Sstevel@tonic-gate c | countryname | 2.5.4.6) _ATTR_NAME="country" ;; 42407c478bd9Sstevel@tonic-gate *) _ATTR_NAME="" ;; 42417c478bd9Sstevel@tonic-gate esac 42427c478bd9Sstevel@tonic-gate 42437c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: _ATTR_NAME = $_ATTR_NAME" 42447c478bd9Sstevel@tonic-gate} 42457c478bd9Sstevel@tonic-gate 42467c478bd9Sstevel@tonic-gate 42477c478bd9Sstevel@tonic-gate# 42487c478bd9Sstevel@tonic-gate# add_base_objects(): Add any necessary base objects. 42497c478bd9Sstevel@tonic-gate# 42507c478bd9Sstevel@tonic-gateadd_base_objects() 42517c478bd9Sstevel@tonic-gate{ 42527c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_base_objects()" 42537c478bd9Sstevel@tonic-gate 42547c478bd9Sstevel@tonic-gate # Convert to lower case for basename. 42557c478bd9Sstevel@tonic-gate format_string "${LDAP_BASEDN}" 42567c478bd9Sstevel@tonic-gate LOWER_BASEDN="${FMT_STR}" 42577c478bd9Sstevel@tonic-gate format_string "${LDAP_SUFFIX}" 42587c478bd9Sstevel@tonic-gate LOWER_SUFFIX="${FMT_STR}" 42597c478bd9Sstevel@tonic-gate 42607c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}" 42617c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}" 42627c478bd9Sstevel@tonic-gate 42637c478bd9Sstevel@tonic-gate # Create additional components. 42647c478bd9Sstevel@tonic-gate if [ "${LOWER_BASEDN}" = "${LOWER_SUFFIX}" ]; then 42657c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "Base DN and Suffix equivalent" 42667c478bd9Sstevel@tonic-gate else 42677c478bd9Sstevel@tonic-gate # first, test that the suffix is valid 42687c478bd9Sstevel@tonic-gate dcstmp=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"` 42697c478bd9Sstevel@tonic-gate if [ "$dcstmp" = "${LOWER_BASEDN}" ]; then 42707c478bd9Sstevel@tonic-gate # should not happen since check_basedn_suffix() succeeded 42717c478bd9Sstevel@tonic-gate ${ECHO} "Invalid suffix ${LOWER_SUFFIX}" 42727c478bd9Sstevel@tonic-gate ${ECHO} "for Base DN ${LOWER_BASEDN}" 42737c478bd9Sstevel@tonic-gate cleanup 42747c478bd9Sstevel@tonic-gate exit 1 42757c478bd9Sstevel@tonic-gate fi 42767c478bd9Sstevel@tonic-gate # OK, suffix is valid, start working with LDAP_BASEDN 42777c478bd9Sstevel@tonic-gate # field separator is ',' (i.e., space is a valid character) 42787c478bd9Sstevel@tonic-gate dcstmp2="`${ECHO} ${LDAP_BASEDN} | 42797c478bd9Sstevel@tonic-gate sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'`" 42807c478bd9Sstevel@tonic-gate dcs="" 42817c478bd9Sstevel@tonic-gate # use dcstmp to count the loop, and dcstmp2 to get the correct 42827c478bd9Sstevel@tonic-gate # string case 42837c478bd9Sstevel@tonic-gate # dcs should be in reverse order, only for these components 42847c478bd9Sstevel@tonic-gate # that need to be added 42857c478bd9Sstevel@tonic-gate while [ -n "${dcstmp}" ] 42867c478bd9Sstevel@tonic-gate do 42877c478bd9Sstevel@tonic-gate i2=`${ECHO} "$dcstmp2" | cut -f1 -d','` 42887c478bd9Sstevel@tonic-gate dk=`${ECHO} $i2 | awk -F= '{print $1}'` 42897c478bd9Sstevel@tonic-gate dc=`${ECHO} $i2 | awk -F= '{print $2}'` 42907c478bd9Sstevel@tonic-gate dcs="$dk=$dc,$dcs"; 42917c478bd9Sstevel@tonic-gate dcstmp2=`${ECHO} "$dcstmp2" | cut -f2- -d','` 42927c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "$dcstmp" | cut -f2- -d','` 42937c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && \ 42947c478bd9Sstevel@tonic-gate ${ECHO} "dcs: ${dcs}\ndcstmp: ${dcstmp}\ndcstmp2: ${dcstmp2}\n" 42957c478bd9Sstevel@tonic-gate done 42967c478bd9Sstevel@tonic-gate 42977c478bd9Sstevel@tonic-gate 42987c478bd9Sstevel@tonic-gate 42997c478bd9Sstevel@tonic-gate lastdc=${LDAP_SUFFIX} 43007c478bd9Sstevel@tonic-gate dc=`${ECHO} "${dcs}" | cut -f1 -d','` 43017c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "${dcs}" | cut -f2- -d','` 43027c478bd9Sstevel@tonic-gate while [ -n "${dc}" ]; do 43037c478bd9Sstevel@tonic-gate # Get Key and component from $dc. 43047c478bd9Sstevel@tonic-gate dk2=`${ECHO} $dc | awk -F= '{print $1}'` 43057c478bd9Sstevel@tonic-gate dc2=`${ECHO} $dc | awk -F= '{print $2}'` 43067c478bd9Sstevel@tonic-gate 43077c478bd9Sstevel@tonic-gate # At this point, ${dk2} is a valid attribute name 43087c478bd9Sstevel@tonic-gate 43097c478bd9Sstevel@tonic-gate # Check if entry exists first, if so, skip to next. 43107c478bd9Sstevel@tonic-gate ${LDAPSEARCH} ${SERVER_ARGS} -b "${dk2}=${dc2},$lastdc" -s base "objectclass=*" > /dev/null 2>&1 43117c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 43127c478bd9Sstevel@tonic-gate # Set the $lastdc to new dc. 43137c478bd9Sstevel@tonic-gate lastdc="${dk2}=${dc2},$lastdc" 43147c478bd9Sstevel@tonic-gate 43157c478bd9Sstevel@tonic-gate # Process next component. 43167c478bd9Sstevel@tonic-gate dc=`${ECHO} "${dcstmp}" | cut -f1 -d','` 43177c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','` 43187c478bd9Sstevel@tonic-gate continue 43197c478bd9Sstevel@tonic-gate 43207c478bd9Sstevel@tonic-gate fi 43217c478bd9Sstevel@tonic-gate 43227c478bd9Sstevel@tonic-gate # Determine the objectclass for the entry. 43237c478bd9Sstevel@tonic-gate get_objectclass $dk2 43247c478bd9Sstevel@tonic-gate OBJ_Name=${_ATTR_NAME} 43257c478bd9Sstevel@tonic-gate if [ "${OBJ_Name}" = "" ]; then 43267c478bd9Sstevel@tonic-gate ${ECHO} "Cannot determine objectclass for $dk2" 43277c478bd9Sstevel@tonic-gate ${ECHO} "Please create ${dk2}=${dc2},$lastdc entry and rerun idsconfig" 43287c478bd9Sstevel@tonic-gate exit 1 43297c478bd9Sstevel@tonic-gate fi 43307c478bd9Sstevel@tonic-gate 43317c478bd9Sstevel@tonic-gate # Add the new container. 43327c478bd9Sstevel@tonic-gate ( cat <<EOF 43337c478bd9Sstevel@tonic-gatedn: ${dk2}=${dc2},$lastdc 43347c478bd9Sstevel@tonic-gate${dk2}: $dc2 43357c478bd9Sstevel@tonic-gateobjectClass: top 43367c478bd9Sstevel@tonic-gateobjectClass: ${OBJ_Name} 43377c478bd9Sstevel@tonic-gateEOF 43387c478bd9Sstevel@tonic-gate) > ${TMPDIR}/base_objects 43397c478bd9Sstevel@tonic-gate 43407c478bd9Sstevel@tonic-gate 43417c478bd9Sstevel@tonic-gate # Set the $lastdc to new dc. 43427c478bd9Sstevel@tonic-gate lastdc="${dk2}=${dc2},$lastdc" 43437c478bd9Sstevel@tonic-gate 43447c478bd9Sstevel@tonic-gate # Add the entry. 43457c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/base_objects ${VERB}" 43467c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 43477c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: update of base objects ${dc} failed." 43487c478bd9Sstevel@tonic-gate cleanup 43497c478bd9Sstevel@tonic-gate exit 1 43507c478bd9Sstevel@tonic-gate fi 43517c478bd9Sstevel@tonic-gate 43527c478bd9Sstevel@tonic-gate # Display message that schema is updated. 43537c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Created DN component ${dc}." 43547c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 43557c478bd9Sstevel@tonic-gate 43567c478bd9Sstevel@tonic-gate # Process next component. 43577c478bd9Sstevel@tonic-gate dc=`${ECHO} "${dcstmp}" | cut -f1 -d','` 43587c478bd9Sstevel@tonic-gate dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','` 43597c478bd9Sstevel@tonic-gate done 43607c478bd9Sstevel@tonic-gate fi 43617c478bd9Sstevel@tonic-gate} 43627c478bd9Sstevel@tonic-gate 43637c478bd9Sstevel@tonic-gate 43647c478bd9Sstevel@tonic-gate# 43657c478bd9Sstevel@tonic-gate# add_new_containers(): Add the top level classes. 43667c478bd9Sstevel@tonic-gate# 43677c478bd9Sstevel@tonic-gate# $1 = Base DN 43687c478bd9Sstevel@tonic-gate# 43697c478bd9Sstevel@tonic-gateadd_new_containers() 43707c478bd9Sstevel@tonic-gate{ 43717c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_new_containers()" 43727c478bd9Sstevel@tonic-gate 43737c478bd9Sstevel@tonic-gate for ou in people group rpc protocols networks netgroup \ 43747c478bd9Sstevel@tonic-gate aliases hosts services ethers profile printers \ 437545916cd2Sjpk SolarisAuthAttr SolarisProfAttr Timezone ipTnet ; do 43767c478bd9Sstevel@tonic-gate 43777c478bd9Sstevel@tonic-gate # Check if nismaps already exist. 43787c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"ou=${ou},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 43797c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 43807c478bd9Sstevel@tonic-gate continue 43817c478bd9Sstevel@tonic-gate fi 43827c478bd9Sstevel@tonic-gate 43837c478bd9Sstevel@tonic-gate # Create TMP file to add. 43847c478bd9Sstevel@tonic-gate ( cat <<EOF 43857c478bd9Sstevel@tonic-gatedn: ou=${ou},${LDAP_BASEDN} 43867c478bd9Sstevel@tonic-gateou: ${ou} 43877c478bd9Sstevel@tonic-gateobjectClass: top 43887c478bd9Sstevel@tonic-gateobjectClass: organizationalUnit 43897c478bd9Sstevel@tonic-gateEOF 43907c478bd9Sstevel@tonic-gate) > ${TMPDIR}/toplevel.${ou} 43917c478bd9Sstevel@tonic-gate 43927c478bd9Sstevel@tonic-gate # Add the entry. 43937c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/toplevel.${ou} ${VERB}" 43947c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 43957c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Add of ou=${ou} container failed!" 43967c478bd9Sstevel@tonic-gate cleanup 43977c478bd9Sstevel@tonic-gate exit 1 43987c478bd9Sstevel@tonic-gate fi 43997c478bd9Sstevel@tonic-gate done 44007c478bd9Sstevel@tonic-gate 44017c478bd9Sstevel@tonic-gate # Display message that top level OU containers complete. 44027c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Top level \"ou\" containers complete." 44037c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 44047c478bd9Sstevel@tonic-gate} 44057c478bd9Sstevel@tonic-gate 44067c478bd9Sstevel@tonic-gate 44077c478bd9Sstevel@tonic-gate# 44087c478bd9Sstevel@tonic-gate# add_auto_maps(): Add the automount map entries. 44097c478bd9Sstevel@tonic-gate# 44107c478bd9Sstevel@tonic-gate# auto_home, auto_direct, auto_master, auto_shared 44117c478bd9Sstevel@tonic-gate# 44127c478bd9Sstevel@tonic-gateadd_auto_maps() 44137c478bd9Sstevel@tonic-gate{ 44147c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_auto_maps()" 44157c478bd9Sstevel@tonic-gate 44167c478bd9Sstevel@tonic-gate # Set AUTO_MAPS for maps to create. 44177c478bd9Sstevel@tonic-gate AUTO_MAPS="auto_home auto_direct auto_master auto_shared" 44187c478bd9Sstevel@tonic-gate 44197c478bd9Sstevel@tonic-gate for automap in $AUTO_MAPS; do 44207c478bd9Sstevel@tonic-gate # Check if automaps already exist. 44217c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"automountMapName=${automap},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 44227c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 44237c478bd9Sstevel@tonic-gate continue 44247c478bd9Sstevel@tonic-gate fi 44257c478bd9Sstevel@tonic-gate 44267c478bd9Sstevel@tonic-gate # Create the tmp file to add. 44277c478bd9Sstevel@tonic-gate ( cat <<EOF 44287c478bd9Sstevel@tonic-gatedn: automountMapName=${automap},${LDAP_BASEDN} 44297c478bd9Sstevel@tonic-gateautomountMapName: ${automap} 44307c478bd9Sstevel@tonic-gateobjectClass: top 44317c478bd9Sstevel@tonic-gateobjectClass: automountMap 44327c478bd9Sstevel@tonic-gateEOF 44337c478bd9Sstevel@tonic-gate) > ${TMPDIR}/automap.${automap} 44347c478bd9Sstevel@tonic-gate 44357c478bd9Sstevel@tonic-gate # Add the entry. 44367c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/automap.${automap} ${VERB}" 44377c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 44387c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Add of automap ${automap} failed!" 44397c478bd9Sstevel@tonic-gate cleanup 44407c478bd9Sstevel@tonic-gate exit 1 44417c478bd9Sstevel@tonic-gate fi 44427c478bd9Sstevel@tonic-gate done 44437c478bd9Sstevel@tonic-gate 44447c478bd9Sstevel@tonic-gate # Display message that automount entries are updated. 44457c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. automount maps: $AUTO_MAPS processed." 44467c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 44477c478bd9Sstevel@tonic-gate} 44487c478bd9Sstevel@tonic-gate 44497c478bd9Sstevel@tonic-gate 44507c478bd9Sstevel@tonic-gate# 44517c478bd9Sstevel@tonic-gate# add_proxyagent(): Add entry for nameservice to use to access server. 44527c478bd9Sstevel@tonic-gate# 44537c478bd9Sstevel@tonic-gateadd_proxyagent() 44547c478bd9Sstevel@tonic-gate{ 44557c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_proxyagent()" 44567c478bd9Sstevel@tonic-gate 44577c478bd9Sstevel@tonic-gate # Check if nismaps already exist. 44587c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_PROXYAGENT}\" -s base \"objectclass=*\" ${VERB}" 44597c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 44607c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} already exists." 44617c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 44627c478bd9Sstevel@tonic-gate return 0 44637c478bd9Sstevel@tonic-gate fi 44647c478bd9Sstevel@tonic-gate 44657c478bd9Sstevel@tonic-gate # Get cn and sn names from LDAP_PROXYAGENT. 44667c478bd9Sstevel@tonic-gate cn_tmp=`${ECHO} ${LDAP_PROXYAGENT} | cut -f1 -d, | cut -f2 -d=` 44677c478bd9Sstevel@tonic-gate 44687c478bd9Sstevel@tonic-gate # Create the tmp file to add. 44697c478bd9Sstevel@tonic-gate ( cat <<EOF 44707c478bd9Sstevel@tonic-gatedn: ${LDAP_PROXYAGENT} 44717c478bd9Sstevel@tonic-gatecn: ${cn_tmp} 44727c478bd9Sstevel@tonic-gatesn: ${cn_tmp} 44737c478bd9Sstevel@tonic-gateobjectclass: top 44747c478bd9Sstevel@tonic-gateobjectclass: person 44757c478bd9Sstevel@tonic-gateuserpassword: ${LDAP_PROXYAGENT_CRED} 44767c478bd9Sstevel@tonic-gateEOF 44777c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxyagent 44787c478bd9Sstevel@tonic-gate 44797c478bd9Sstevel@tonic-gate # Add the entry. 44807c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/proxyagent ${VERB}" 44817c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 44827c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Adding proxyagent failed!" 44837c478bd9Sstevel@tonic-gate cleanup 44847c478bd9Sstevel@tonic-gate exit 1 44857c478bd9Sstevel@tonic-gate fi 44867c478bd9Sstevel@tonic-gate 44877c478bd9Sstevel@tonic-gate # Display message that schema is updated. 44887c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} added." 44897c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 44907c478bd9Sstevel@tonic-gate} 44917c478bd9Sstevel@tonic-gate 44927c478bd9Sstevel@tonic-gate 44937c478bd9Sstevel@tonic-gate# 44947c478bd9Sstevel@tonic-gate# allow_proxy_read_pw(): Give Proxy Agent read permission for password. 44957c478bd9Sstevel@tonic-gate# 44967c478bd9Sstevel@tonic-gateallow_proxy_read_pw() 44977c478bd9Sstevel@tonic-gate{ 44987c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In allow_proxy_read_pw()" 44997c478bd9Sstevel@tonic-gate 45007c478bd9Sstevel@tonic-gate # Set ACI Name 45017c478bd9Sstevel@tonic-gate PROXY_ACI_NAME="LDAP_Naming_Services_proxy_password_read" 45027c478bd9Sstevel@tonic-gate 45037c478bd9Sstevel@tonic-gate # Search for ACI_NAME 45047c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_proxyread_aci 2>&1" 45057c478bd9Sstevel@tonic-gate ${GREP} "${PROXY_ACI_NAME}" ${TMPDIR}/chk_proxyread_aci > /dev/null 2>&1 45067c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 45077c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Proxy ACI ${PROXY_ACI_NAME=} already exists for ${LDAP_BASEDN}." 45087c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 45097c478bd9Sstevel@tonic-gate return 0 45107c478bd9Sstevel@tonic-gate fi 45117c478bd9Sstevel@tonic-gate 45127c478bd9Sstevel@tonic-gate # Create the tmp file to add. 45137c478bd9Sstevel@tonic-gate ( cat <<EOF 45147c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN} 45157c478bd9Sstevel@tonic-gatechangetype: modify 45167c478bd9Sstevel@tonic-gateadd: aci 45177c478bd9Sstevel@tonic-gateaci: (target="ldap:///${LDAP_BASEDN}")(targetattr="userPassword")(version 3.0; acl ${PROXY_ACI_NAME}; allow (compare,read,search) userdn = "ldap:///${LDAP_PROXYAGENT}";) 45187c478bd9Sstevel@tonic-gateEOF 45197c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxy_read 45207c478bd9Sstevel@tonic-gate 45217c478bd9Sstevel@tonic-gate # Add the entry. 45227c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/proxy_read ${VERB}" 45237c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 45247c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Allow ${LDAP_PROXYAGENT} to read password failed!" 45257c478bd9Sstevel@tonic-gate cleanup 45267c478bd9Sstevel@tonic-gate exit 1 45277c478bd9Sstevel@tonic-gate fi 45287c478bd9Sstevel@tonic-gate 45297c478bd9Sstevel@tonic-gate # Display message that schema is updated. 45307c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Give ${LDAP_PROXYAGENT} read permission for password." 45317c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 45327c478bd9Sstevel@tonic-gate} 45337c478bd9Sstevel@tonic-gate 45347c478bd9Sstevel@tonic-gate 45357c478bd9Sstevel@tonic-gate# 45367c478bd9Sstevel@tonic-gate# add_profile(): Add client profile to server. 45377c478bd9Sstevel@tonic-gate# 45387c478bd9Sstevel@tonic-gateadd_profile() 45397c478bd9Sstevel@tonic-gate{ 45407c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In add_profile()" 45417c478bd9Sstevel@tonic-gate 45427c478bd9Sstevel@tonic-gate # If profile name already exists, DELETE it, and add new one. 45437c478bd9Sstevel@tonic-gate eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}" 45447c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then 45457c478bd9Sstevel@tonic-gate # Create Delete file. 45467c478bd9Sstevel@tonic-gate ( cat <<EOF 45477c478bd9Sstevel@tonic-gatecn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN} 45487c478bd9Sstevel@tonic-gateEOF 45497c478bd9Sstevel@tonic-gate) > ${TMPDIR}/del_profile 45507c478bd9Sstevel@tonic-gate 45517c478bd9Sstevel@tonic-gate # Check if DEL_OLD_PROFILE is set. (If not ERROR) 45527c478bd9Sstevel@tonic-gate if [ $DEL_OLD_PROFILE -eq 0 ]; then 45537c478bd9Sstevel@tonic-gate ${ECHO} "ERROR: Profile name ${LDAP_PROFILE_NAME} exists! Add failed!" 45547c478bd9Sstevel@tonic-gate exit 1 45557c478bd9Sstevel@tonic-gate fi 45567c478bd9Sstevel@tonic-gate 45577c478bd9Sstevel@tonic-gate # Delete the OLD profile. 45587c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPDELETE} ${LDAP_ARGS} -f ${TMPDIR}/del_profile ${VERB}" 45597c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 45607c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Attempt to DELETE profile failed!" 45617c478bd9Sstevel@tonic-gate cleanup 45627c478bd9Sstevel@tonic-gate exit 1 45637c478bd9Sstevel@tonic-gate fi 45647c478bd9Sstevel@tonic-gate fi 45657c478bd9Sstevel@tonic-gate 45667c478bd9Sstevel@tonic-gate # Build the "ldapclient genprofile" command string to execute. 45677c478bd9Sstevel@tonic-gate GEN_CMD="ldapclient genprofile -a \"profileName=${LDAP_PROFILE_NAME}\"" 45687c478bd9Sstevel@tonic-gate 45697c478bd9Sstevel@tonic-gate # Add required argument defaultSearchBase. 45707c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"defaultSearchBase=${LDAP_BASEDN}\"" 45717c478bd9Sstevel@tonic-gate 45727c478bd9Sstevel@tonic-gate # Add optional parameters. 45737c478bd9Sstevel@tonic-gate [ -n "$LDAP_SERVER_LIST" ] && \ 45747c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"defaultServerList=${LDAP_SERVER_LIST}\"" 45757c478bd9Sstevel@tonic-gate [ -n "$LDAP_SEARCH_SCOPE" ] && \ 45767c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"defaultSearchScope=${LDAP_SEARCH_SCOPE}\"" 45777c478bd9Sstevel@tonic-gate [ -n "$LDAP_CRED_LEVEL" ] && \ 45787c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"credentialLevel=${LDAP_CRED_LEVEL}\"" 45797c478bd9Sstevel@tonic-gate [ -n "$LDAP_AUTHMETHOD" ] && \ 45807c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"authenticationMethod=${LDAP_AUTHMETHOD}\"" 45817c478bd9Sstevel@tonic-gate [ -n "$LDAP_FOLLOWREF" ] && \ 45827c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"followReferrals=${LDAP_FOLLOWREF}\"" 45837c478bd9Sstevel@tonic-gate [ -n "$LDAP_SEARCH_TIME_LIMIT" ] && \ 45847c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"searchTimeLimit=${LDAP_SEARCH_TIME_LIMIT}\"" 45857c478bd9Sstevel@tonic-gate [ -n "$LDAP_PROFILE_TTL" ] && \ 45867c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"profileTTL=${LDAP_PROFILE_TTL}\"" 45877c478bd9Sstevel@tonic-gate [ -n "$LDAP_BIND_LIMIT" ] && \ 45887c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"bindTimeLimit=${LDAP_BIND_LIMIT}\"" 45897c478bd9Sstevel@tonic-gate [ -n "$LDAP_PREF_SRVLIST" ] && \ 45907c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"preferredServerList=${LDAP_PREF_SRVLIST}\"" 45917c478bd9Sstevel@tonic-gate [ -n "$LDAP_SRV_AUTHMETHOD_PAM" ] && \ 45927c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_PAM}\"" 45937c478bd9Sstevel@tonic-gate [ -n "$LDAP_SRV_AUTHMETHOD_KEY" ] && \ 45947c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_KEY}\"" 45957c478bd9Sstevel@tonic-gate [ -n "$LDAP_SRV_AUTHMETHOD_CMD" ] && \ 45967c478bd9Sstevel@tonic-gate GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_CMD}\"" 45977c478bd9Sstevel@tonic-gate 45987c478bd9Sstevel@tonic-gate # Check if there are any service search descriptors to ad. 45997c478bd9Sstevel@tonic-gate if [ -s "${SSD_FILE}" ]; then 46007c478bd9Sstevel@tonic-gate ssd_2_profile 46017c478bd9Sstevel@tonic-gate fi 46027c478bd9Sstevel@tonic-gate 46037c478bd9Sstevel@tonic-gate # Execute "ldapclient genprofile" to create profile. 46047c478bd9Sstevel@tonic-gate eval ${GEN_CMD} > ${TMPDIR}/gen_profile 2> ${TMPDIR}/gen_profile_ERR 46057c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 46067c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: ldapclient genprofile failed!" 46077c478bd9Sstevel@tonic-gate cleanup 46087c478bd9Sstevel@tonic-gate exit 1 46097c478bd9Sstevel@tonic-gate fi 46107c478bd9Sstevel@tonic-gate 46117c478bd9Sstevel@tonic-gate # Add the generated profile.. 46127c478bd9Sstevel@tonic-gate ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/gen_profile ${VERB}" 46137c478bd9Sstevel@tonic-gate if [ $? -ne 0 ]; then 46147c478bd9Sstevel@tonic-gate ${ECHO} " ERROR: Attempt to add profile failed!" 46157c478bd9Sstevel@tonic-gate cleanup 46167c478bd9Sstevel@tonic-gate exit 1 46177c478bd9Sstevel@tonic-gate fi 46187c478bd9Sstevel@tonic-gate 46197c478bd9Sstevel@tonic-gate # Display message that schema is updated. 46207c478bd9Sstevel@tonic-gate ${ECHO} " ${STEP}. Generated client profile and loaded on server." 46217c478bd9Sstevel@tonic-gate STEP=`expr $STEP + 1` 46227c478bd9Sstevel@tonic-gate} 46237c478bd9Sstevel@tonic-gate 46247c478bd9Sstevel@tonic-gate 46257c478bd9Sstevel@tonic-gate# 46267c478bd9Sstevel@tonic-gate# cleanup(): Remove the TMPDIR and all files in it. 46277c478bd9Sstevel@tonic-gate# 46287c478bd9Sstevel@tonic-gatecleanup() 46297c478bd9Sstevel@tonic-gate{ 46307c478bd9Sstevel@tonic-gate [ $DEBUG -eq 1 ] && ${ECHO} "In cleanup()" 46317c478bd9Sstevel@tonic-gate 46327c478bd9Sstevel@tonic-gate rm -fr ${TMPDIR} 46337c478bd9Sstevel@tonic-gate} 46347c478bd9Sstevel@tonic-gate 46357c478bd9Sstevel@tonic-gate 46367c478bd9Sstevel@tonic-gate# 46377c478bd9Sstevel@tonic-gate# * * * MAIN * * * 46387c478bd9Sstevel@tonic-gate# 46397c478bd9Sstevel@tonic-gate# Description: 46407c478bd9Sstevel@tonic-gate# This script assumes that the iPlanet Directory Server (iDS) is 46417c478bd9Sstevel@tonic-gate# installed and that setup has been run. This script takes the 46427c478bd9Sstevel@tonic-gate# iDS server from that point and sets up the infrastructure for 46437c478bd9Sstevel@tonic-gate# LDAP Naming Services. After running this script, ldapaddent(1M) 46447c478bd9Sstevel@tonic-gate# or some other tools can be used to populate data. 46457c478bd9Sstevel@tonic-gate 46467c478bd9Sstevel@tonic-gate# Initialize the variables that need to be set to NULL, or some 46477c478bd9Sstevel@tonic-gate# other initial value before the rest of the functions can be called. 46487c478bd9Sstevel@tonic-gateinit 46497c478bd9Sstevel@tonic-gate 46507c478bd9Sstevel@tonic-gate# Parse command line arguments. 46517c478bd9Sstevel@tonic-gateparse_arg $* 46527c478bd9Sstevel@tonic-gateshift $? 46537c478bd9Sstevel@tonic-gate 46547c478bd9Sstevel@tonic-gate# Print extra line to separate from prompt. 46557c478bd9Sstevel@tonic-gate${ECHO} " " 46567c478bd9Sstevel@tonic-gate 46577c478bd9Sstevel@tonic-gate# Either Load the user specified config file 46587c478bd9Sstevel@tonic-gate# or prompt user for config info. 46597c478bd9Sstevel@tonic-gateif [ -n "$INPUT_FILE" ] 46607c478bd9Sstevel@tonic-gatethen 46617c478bd9Sstevel@tonic-gate load_config_file 46627c478bd9Sstevel@tonic-gate INTERACTIVE=0 # Turns off prompts that occur later. 46637c478bd9Sstevel@tonic-gate validate_info # Validate basic info in file. 46647c478bd9Sstevel@tonic-gate chk_ids_version # Check iDS version for compatibility. 4665*cb5caa98Sdjl gssapi_setup_auto 46667c478bd9Sstevel@tonic-gateelse 46677c478bd9Sstevel@tonic-gate # Display BACKUP warning to user. 46687c478bd9Sstevel@tonic-gate display_msg backup_server 46697c478bd9Sstevel@tonic-gate get_confirm "Do you wish to continue with server setup (y/n/h)?" "n" "backup_help" 46707c478bd9Sstevel@tonic-gate if [ $? -eq 0 ]; then # if No, cleanup and exit. 46717c478bd9Sstevel@tonic-gate cleanup ; exit 1 46727c478bd9Sstevel@tonic-gate fi 46737c478bd9Sstevel@tonic-gate 46747c478bd9Sstevel@tonic-gate # Prompt for values. 46757c478bd9Sstevel@tonic-gate prompt_config_info 46767c478bd9Sstevel@tonic-gate display_summary # Allow user to modify results. 46777c478bd9Sstevel@tonic-gate INTERACTIVE=1 # Insures future prompting. 46787c478bd9Sstevel@tonic-gatefi 46797c478bd9Sstevel@tonic-gate 46807c478bd9Sstevel@tonic-gate# Modify slapd.oc.conf to ALLOW cn instead of REQUIRE. 46817c478bd9Sstevel@tonic-gatemodify_cn 46827c478bd9Sstevel@tonic-gate 46837c478bd9Sstevel@tonic-gate# Modify timelimit to user value. 46847c478bd9Sstevel@tonic-gate[ $NEED_TIME -eq 1 ] && modify_timelimit 46857c478bd9Sstevel@tonic-gate 46867c478bd9Sstevel@tonic-gate# Modify sizelimit to user value. 46877c478bd9Sstevel@tonic-gate[ $NEED_SIZE -eq 1 ] && modify_sizelimit 46887c478bd9Sstevel@tonic-gate 46897c478bd9Sstevel@tonic-gate# Modify the password storage scheme to support CRYPT. 46907c478bd9Sstevel@tonic-gateif [ "$NEED_CRYPT" = "TRUE" ]; then 46917c478bd9Sstevel@tonic-gate modify_pwd_crypt 46927c478bd9Sstevel@tonic-gatefi 46937c478bd9Sstevel@tonic-gate 46947c478bd9Sstevel@tonic-gate# Update the schema (Attributes, Objectclass Definitions) 4695*cb5caa98Sdjlif [ ${SCHEMA_UPDATED} -eq 0 ]; then 4696*cb5caa98Sdjl update_schema_attr 4697*cb5caa98Sdjl update_schema_obj 4698*cb5caa98Sdjlfi 46997c478bd9Sstevel@tonic-gate 4700017e8b01Svl# Add suffix together with its root entry (if needed) 4701017e8b01Svladd_suffix || 4702017e8b01Svl{ 4703017e8b01Svl cleanup 4704017e8b01Svl exit 1 4705017e8b01Svl} 4706017e8b01Svl 47077c478bd9Sstevel@tonic-gate# Add base objects (if needed) 47087c478bd9Sstevel@tonic-gateadd_base_objects 47097c478bd9Sstevel@tonic-gate 47107c478bd9Sstevel@tonic-gate# Update the NisDomainObject. 47117c478bd9Sstevel@tonic-gate# The Base DN might of just been created, so this MUST happen after 47127c478bd9Sstevel@tonic-gate# the base objects have been added! 47137c478bd9Sstevel@tonic-gateset_nisdomain 47147c478bd9Sstevel@tonic-gate 47157c478bd9Sstevel@tonic-gate# Add top level classes (new containers) 47167c478bd9Sstevel@tonic-gateadd_new_containers 47177c478bd9Sstevel@tonic-gate 47187c478bd9Sstevel@tonic-gate# Add common nismaps. 47197c478bd9Sstevel@tonic-gateadd_auto_maps 47207c478bd9Sstevel@tonic-gate 47217c478bd9Sstevel@tonic-gate# Modify top ACI. 47227c478bd9Sstevel@tonic-gatemodify_top_aci 47237c478bd9Sstevel@tonic-gate 47247c478bd9Sstevel@tonic-gate# Add Access Control Information for VLV. 47257c478bd9Sstevel@tonic-gateadd_vlv_aci 47267c478bd9Sstevel@tonic-gate 47277c478bd9Sstevel@tonic-gate# if Proxy needed, Add Proxy Agent and give read permission for password. 47287c478bd9Sstevel@tonic-gateif [ $NEED_PROXY -eq 1 ]; then 47297c478bd9Sstevel@tonic-gate add_proxyagent 47307c478bd9Sstevel@tonic-gate allow_proxy_read_pw 47317c478bd9Sstevel@tonic-gatefi 47327c478bd9Sstevel@tonic-gate 47337c478bd9Sstevel@tonic-gate# Generate client profile and add it to the server. 47347c478bd9Sstevel@tonic-gateadd_profile 47357c478bd9Sstevel@tonic-gate 47367c478bd9Sstevel@tonic-gate# Add Indexes to improve Search Performance. 47377c478bd9Sstevel@tonic-gateadd_eq_indexes 47387c478bd9Sstevel@tonic-gateadd_sub_indexes 47397c478bd9Sstevel@tonic-gateadd_vlv_indexes 47407c478bd9Sstevel@tonic-gate 47417c478bd9Sstevel@tonic-gate# Display setup complete message 47427c478bd9Sstevel@tonic-gatedisplay_msg setup_complete 47437c478bd9Sstevel@tonic-gate 47447c478bd9Sstevel@tonic-gate# Display VLV index commands to be executed on server. 47457c478bd9Sstevel@tonic-gatedisplay_vlv_cmds 47467c478bd9Sstevel@tonic-gate 47477c478bd9Sstevel@tonic-gate# Create config file if requested. 47487c478bd9Sstevel@tonic-gate[ -n "$OUTPUT_FILE" ] && create_config_file 47497c478bd9Sstevel@tonic-gate 47507c478bd9Sstevel@tonic-gate# Removed the TMPDIR and all files in it. 47517c478bd9Sstevel@tonic-gatecleanup 47527c478bd9Sstevel@tonic-gate 47537c478bd9Sstevel@tonic-gateexit 0 47547c478bd9Sstevel@tonic-gate# end of MAIN. 4755