17c478bd9Sstevel@tonic-gate#!/bin/sh
27c478bd9Sstevel@tonic-gate#
345916cd2Sjpk# ident	"%Z%%M%	%I%	%E% SMI"
445916cd2Sjpk#
57c478bd9Sstevel@tonic-gate# CDDL HEADER START
67c478bd9Sstevel@tonic-gate#
77c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the
845916cd2Sjpk# Common Development and Distribution License (the "License").
945916cd2Sjpk# You may not use this file except in compliance with the License.
107c478bd9Sstevel@tonic-gate#
117c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
127c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing.
137c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions
147c478bd9Sstevel@tonic-gate# and limitations under the License.
157c478bd9Sstevel@tonic-gate#
167c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each
177c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
187c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the
197c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying
207c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner]
217c478bd9Sstevel@tonic-gate#
227c478bd9Sstevel@tonic-gate# CDDL HEADER END
237c478bd9Sstevel@tonic-gate#
247c478bd9Sstevel@tonic-gate#
25*cb5caa98Sdjl# idsconfig -- script to setup iDS 5.x/6.x for Native LDAP II.
267c478bd9Sstevel@tonic-gate#
2745916cd2Sjpk# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
287c478bd9Sstevel@tonic-gate# Use is subject to license terms.
297c478bd9Sstevel@tonic-gate#
307c478bd9Sstevel@tonic-gate
317c478bd9Sstevel@tonic-gate#
327c478bd9Sstevel@tonic-gate# display_msg(): Displays message corresponding to the tag passed in.
337c478bd9Sstevel@tonic-gate#
347c478bd9Sstevel@tonic-gatedisplay_msg()
357c478bd9Sstevel@tonic-gate{
367c478bd9Sstevel@tonic-gate    case "$1" in
377c478bd9Sstevel@tonic-gate    usage) cat <<EOF
387c478bd9Sstevel@tonic-gate $PROG: [ -v ] [ -i input file ] [ -o output file ]
397c478bd9Sstevel@tonic-gate   i <input file>     Get setup info from input file.
407c478bd9Sstevel@tonic-gate   o <output file>    Generate a server configuration output file.
417c478bd9Sstevel@tonic-gate   v                  Verbose mode
427c478bd9Sstevel@tonic-gateEOF
437c478bd9Sstevel@tonic-gate    ;;
447c478bd9Sstevel@tonic-gate    backup_server) cat <<EOF
457c478bd9Sstevel@tonic-gateIt is strongly recommended that you BACKUP the directory server
467c478bd9Sstevel@tonic-gatebefore running $PROG.
477c478bd9Sstevel@tonic-gate
487c478bd9Sstevel@tonic-gateHit Ctrl-C at any time before the final confirmation to exit.
497c478bd9Sstevel@tonic-gate
507c478bd9Sstevel@tonic-gateEOF
517c478bd9Sstevel@tonic-gate    ;;
527c478bd9Sstevel@tonic-gate    setup_complete) cat <<EOF
537c478bd9Sstevel@tonic-gate
547c478bd9Sstevel@tonic-gate$PROG: Setup of iDS server ${IDS_SERVER} is complete.
557c478bd9Sstevel@tonic-gate
567c478bd9Sstevel@tonic-gateEOF
577c478bd9Sstevel@tonic-gate    ;;
587c478bd9Sstevel@tonic-gate    display_vlv_list) cat <<EOF
597c478bd9Sstevel@tonic-gate
607c478bd9Sstevel@tonic-gateNote: idsconfig has created entries for VLV indexes.  Use the 
617c478bd9Sstevel@tonic-gate      directoryserver(1m) script on ${IDS_SERVER} to stop
627c478bd9Sstevel@tonic-gate      the server and then enter the following vlvindex
637c478bd9Sstevel@tonic-gate      sub-commands to create the actual VLV indexes:
647c478bd9Sstevel@tonic-gate
657c478bd9Sstevel@tonic-gateEOF
667c478bd9Sstevel@tonic-gate    ;;
677c478bd9Sstevel@tonic-gate    cred_level_menu) cat <<EOF
687c478bd9Sstevel@tonic-gateThe following are the supported credential levels:
697c478bd9Sstevel@tonic-gate  1  anonymous
707c478bd9Sstevel@tonic-gate  2  proxy
717c478bd9Sstevel@tonic-gate  3  proxy anonymous
72*cb5caa98Sdjl  4  self
73*cb5caa98Sdjl  5  self proxy
74*cb5caa98Sdjl  6  self proxy anonymous
757c478bd9Sstevel@tonic-gateEOF
767c478bd9Sstevel@tonic-gate    ;;
777c478bd9Sstevel@tonic-gate    auth_method_menu) cat <<EOF
787c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods:
797c478bd9Sstevel@tonic-gate  1  none
807c478bd9Sstevel@tonic-gate  2  simple
817c478bd9Sstevel@tonic-gate  3  sasl/DIGEST-MD5
827c478bd9Sstevel@tonic-gate  4  tls:simple
837c478bd9Sstevel@tonic-gate  5  tls:sasl/DIGEST-MD5
84*cb5caa98Sdjl  6  sasl/GSSAPI
857c478bd9Sstevel@tonic-gateEOF
867c478bd9Sstevel@tonic-gate    ;;
877c478bd9Sstevel@tonic-gate    srvauth_method_menu) cat <<EOF
887c478bd9Sstevel@tonic-gateThe following are the supported Authentication Methods:
897c478bd9Sstevel@tonic-gate  1  simple
907c478bd9Sstevel@tonic-gate  2  sasl/DIGEST-MD5
917c478bd9Sstevel@tonic-gate  3  tls:simple
927c478bd9Sstevel@tonic-gate  4  tls:sasl/DIGEST-MD5
93*cb5caa98Sdjl  5  sasl/GSSAPI
947c478bd9Sstevel@tonic-gateEOF
957c478bd9Sstevel@tonic-gate    ;;
967c478bd9Sstevel@tonic-gate    prompt_ssd_menu) cat <<EOF
977c478bd9Sstevel@tonic-gate  A  Add a Service Search Descriptor
987c478bd9Sstevel@tonic-gate  D  Delete a SSD
997c478bd9Sstevel@tonic-gate  M  Modify a SSD
1007c478bd9Sstevel@tonic-gate  P  Display all SSD's
1017c478bd9Sstevel@tonic-gate  H  Help
1027c478bd9Sstevel@tonic-gate  X  Clear all SSD's
1037c478bd9Sstevel@tonic-gate
1047c478bd9Sstevel@tonic-gate  Q  Exit menu
1057c478bd9Sstevel@tonic-gateEOF
1067c478bd9Sstevel@tonic-gate    ;;
107017e8b01Svl    summary_menu)
108017e8b01Svl
109017e8b01Svl	SUFFIX_INFO=
110017e8b01Svl	DB_INFO=
111017e8b01Svl
112017e8b01Svl	[ -n "${NEED_CREATE_SUFFIX}" ] &&
113017e8b01Svl	{
114017e8b01Svl		SUFFIX_INFO=`cat <<EOF
115017e8b01Svl
116017e8b01Svl         Suffix to create          : $LDAP_SUFFIX
117017e8b01SvlEOF
118017e8b01Svl`
119017e8b01Svl		[ -n "${NEED_CREATE_BACKEND}" ] &&
120017e8b01Svl			DB_INFO=`cat <<EOF
121017e8b01Svl
122017e8b01Svl         Database to create        : $IDS_DATABASE
123017e8b01SvlEOF
124017e8b01Svl`
125017e8b01Svl	}
126017e8b01Svl
127017e8b01Svl	cat <<EOF
1287c478bd9Sstevel@tonic-gate              Summary of Configuration
1297c478bd9Sstevel@tonic-gate
1307c478bd9Sstevel@tonic-gate  1  Domain to serve               : $LDAP_DOMAIN
131017e8b01Svl  2  Base DN to setup              : $LDAP_BASEDN$SUFFIX_INFO$DB_INFO
1327c478bd9Sstevel@tonic-gate  3  Profile name to create        : $LDAP_PROFILE_NAME
1337c478bd9Sstevel@tonic-gate  4  Default Server List           : $LDAP_SERVER_LIST
1347c478bd9Sstevel@tonic-gate  5  Preferred Server List         : $LDAP_PREF_SRVLIST
1357c478bd9Sstevel@tonic-gate  6  Default Search Scope          : $LDAP_SEARCH_SCOPE
1367c478bd9Sstevel@tonic-gate  7  Credential Level              : $LDAP_CRED_LEVEL
1377c478bd9Sstevel@tonic-gate  8  Authentication Method         : $LDAP_AUTHMETHOD
1387c478bd9Sstevel@tonic-gate  9  Enable Follow Referrals       : $LDAP_FOLLOWREF
1397c478bd9Sstevel@tonic-gate 10  iDS Time Limit                : $IDS_TIMELIMIT
1407c478bd9Sstevel@tonic-gate 11  iDS Size Limit                : $IDS_SIZELIMIT
1417c478bd9Sstevel@tonic-gate 12  Enable crypt password storage : $NEED_CRYPT
1427c478bd9Sstevel@tonic-gate 13  Service Auth Method pam_ldap  : $LDAP_SRV_AUTHMETHOD_PAM
1437c478bd9Sstevel@tonic-gate 14  Service Auth Method keyserv   : $LDAP_SRV_AUTHMETHOD_KEY
1447c478bd9Sstevel@tonic-gate 15  Service Auth Method passwd-cmd: $LDAP_SRV_AUTHMETHOD_CMD
1457c478bd9Sstevel@tonic-gate 16  Search Time Limit             : $LDAP_SEARCH_TIME_LIMIT
1467c478bd9Sstevel@tonic-gate 17  Profile Time to Live          : $LDAP_PROFILE_TTL
1477c478bd9Sstevel@tonic-gate 18  Bind Limit                    : $LDAP_BIND_LIMIT
1487c478bd9Sstevel@tonic-gate 19  Service Search Descriptors Menu
1497c478bd9Sstevel@tonic-gate
150017e8b01SvlEOF
151017e8b01Svl    ;;
152017e8b01Svl    sfx_not_suitable) cat <<EOF
153017e8b01Svl
154017e8b01SvlSorry, suffix ${LDAP_SUFFIX} is not suitable for Base DN ${LDAP_BASEDN}
155017e8b01Svl
156017e8b01SvlEOF
157017e8b01Svl    ;;
158017e8b01Svl    obj_not_found) cat <<EOF
159017e8b01Svl
160017e8b01SvlSorry, ${PROG} can't find an objectclass for "$_ATT" attribute
161017e8b01Svl
162017e8b01SvlEOF
163017e8b01Svl    ;;
164017e8b01Svl    sfx_config_incons) cat <<EOF
165017e8b01Svl
166017e8b01SvlSorry, there is no suffix mapping for ${LDAP_SUFFIX},
167017e8b01Svlwhile ldbm database exists, server configuration needs to be fixed manually,
168017e8b01Svllook at cn=mapping tree,cn=config and cn=ldbm database,cn=plugins,cn=config
169017e8b01Svl
170017e8b01SvlEOF
171017e8b01Svl    ;;
172017e8b01Svl    ldbm_db_exist) cat <<EOF
173017e8b01Svl
174017e8b01SvlDatabase "${IDS_DATABASE}" already exists,
175017e8b01Svlhowever "${IDS_DATABASE_AVAIL}" name is available
176017e8b01Svl
177017e8b01SvlEOF
178017e8b01Svl    ;;
179017e8b01Svl    unable_find_db_name) cat <<EOF
180017e8b01Svl    
181017e8b01SvlUnable to find any available database name close to "${IDS_DATABASE}"
182017e8b01Svl
183017e8b01SvlEOF
184017e8b01Svl    ;;
185017e8b01Svl    create_ldbm_db_error) cat <<EOF
186017e8b01Svl
187017e8b01SvlERROR: unable to create suffix ${LDAP_SUFFIX}
188017e8b01Svl       due to server error that occurred during creation of ldbm database
189017e8b01Svl
190017e8b01SvlEOF
191017e8b01Svl    ;;
192017e8b01Svl    create_suffix_entry_error) cat <<EOF
193017e8b01Svl
194017e8b01SvlERROR: unable to create entry ${LDAP_SUFFIX} of ${LDAP_SUFFIX_OBJ} class
195017e8b01Svl
1967c478bd9Sstevel@tonic-gateEOF
1977c478bd9Sstevel@tonic-gate    ;;
1987c478bd9Sstevel@tonic-gate    ldap_suffix_list) cat <<EOF
1997c478bd9Sstevel@tonic-gate
2007c478bd9Sstevel@tonic-gateNo valid suffixes (naming contexts) were found for LDAP base DN:
2017c478bd9Sstevel@tonic-gate${LDAP_BASEDN}
2027c478bd9Sstevel@tonic-gate
2037c478bd9Sstevel@tonic-gateAvailable suffixes are:
2047c478bd9Sstevel@tonic-gate${LDAP_SUFFIX_LIST}
2057c478bd9Sstevel@tonic-gate
2067c478bd9Sstevel@tonic-gateEOF
2077c478bd9Sstevel@tonic-gate    ;;
2087c478bd9Sstevel@tonic-gate    sorry) cat <<EOF
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gateHELP - No help is available for this topic.
2117c478bd9Sstevel@tonic-gate
212017e8b01SvlEOF
213017e8b01Svl    ;;
214017e8b01Svl    create_suffix_help) cat <<EOF
215017e8b01Svl
216017e8b01SvlHELP - Our Base DN is ${LDAP_BASEDN}
217017e8b01Svl       and we need to create a Directory Suffix,
218017e8b01Svl       which can be equal to Base DN itself or be any of Base DN parents.
219017e8b01Svl       All intermediate entries up to suffix will be created on demand.
220017e8b01Svl
221017e8b01SvlEOF
222017e8b01Svl    ;;
223017e8b01Svl    enter_ldbm_db_help) cat <<EOF
224017e8b01Svl
225017e8b01SvlHELP - ldbm database is an internal database for storage of our suffix data.
226017e8b01Svl       Database name must be alphanumeric due to Directory Server restriction.
227017e8b01Svl
2287c478bd9Sstevel@tonic-gateEOF
2297c478bd9Sstevel@tonic-gate    ;;
2307c478bd9Sstevel@tonic-gate    backup_help) cat <<EOF
2317c478bd9Sstevel@tonic-gate
2327c478bd9Sstevel@tonic-gateHELP - Since idsconfig modifies the directory server configuration,
2337c478bd9Sstevel@tonic-gate       it is strongly recommended that you backup the server prior
2347c478bd9Sstevel@tonic-gate       to running this utility.  This is especially true if the server
2357c478bd9Sstevel@tonic-gate       being configured is a production server.
2367c478bd9Sstevel@tonic-gate
2377c478bd9Sstevel@tonic-gateEOF
2387c478bd9Sstevel@tonic-gate    ;;
2397c478bd9Sstevel@tonic-gate    port_help) cat <<EOF
2407c478bd9Sstevel@tonic-gate
2417c478bd9Sstevel@tonic-gateHELP - Enter the port number the directory server is configured to
2427c478bd9Sstevel@tonic-gate       use for LDAP.
2437c478bd9Sstevel@tonic-gate
2447c478bd9Sstevel@tonic-gateEOF
2457c478bd9Sstevel@tonic-gate    ;;
2467c478bd9Sstevel@tonic-gate    domain_help) cat <<EOF
2477c478bd9Sstevel@tonic-gate
2487c478bd9Sstevel@tonic-gateHELP - This is the DNS domain name this server will be serving.  You
2497c478bd9Sstevel@tonic-gate       must provide this name even if the server is not going to be populated
2507c478bd9Sstevel@tonic-gate       with hostnames.  Any unqualified hostname stored in the directory
2517c478bd9Sstevel@tonic-gate       will be fully qualified using this DNS domain name.
2527c478bd9Sstevel@tonic-gate
2537c478bd9Sstevel@tonic-gateEOF
2547c478bd9Sstevel@tonic-gate    ;;
2557c478bd9Sstevel@tonic-gate    basedn_help) cat <<EOF
2567c478bd9Sstevel@tonic-gate
2577c478bd9Sstevel@tonic-gateHELP - This parameter defines the default location in the directory tree for
2587c478bd9Sstevel@tonic-gate       the naming services entries.  You can override this default by using 
2597c478bd9Sstevel@tonic-gate       serviceSearchDescriptors (SSD). You will be given the option to set up 
2607c478bd9Sstevel@tonic-gate       an SSD later on in the setup.
2617c478bd9Sstevel@tonic-gate
2627c478bd9Sstevel@tonic-gateEOF
2637c478bd9Sstevel@tonic-gate    ;;
2647c478bd9Sstevel@tonic-gate    profile_help) cat <<EOF
2657c478bd9Sstevel@tonic-gate
2667c478bd9Sstevel@tonic-gateHELP - Name of the configuration profile with which the clients will be
2677c478bd9Sstevel@tonic-gate       configured. A directory server can store various profiles for multiple 
2687c478bd9Sstevel@tonic-gate       groups of clients.  The initialization tool, (ldapclient(1M)), assumes 
2697c478bd9Sstevel@tonic-gate       "default" unless another is specified.
2707c478bd9Sstevel@tonic-gate
2717c478bd9Sstevel@tonic-gateEOF
2727c478bd9Sstevel@tonic-gate    ;;
2737c478bd9Sstevel@tonic-gate    def_srvlist_help) cat <<EOF
2747c478bd9Sstevel@tonic-gate
2757c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve clients using this profile.
2767c478bd9Sstevel@tonic-gate       All these servers should contain consistent data and provide similar 
2777c478bd9Sstevel@tonic-gate       functionality.  This list is not ordered, and clients might change the 
2787c478bd9Sstevel@tonic-gate       order given in this list. Note that this is a space separated list of 
2797c478bd9Sstevel@tonic-gate       *IP addresses* (not host names).  Providing port numbers is optional.
2807c478bd9Sstevel@tonic-gate
2817c478bd9Sstevel@tonic-gateEOF
2827c478bd9Sstevel@tonic-gate    ;;
2837c478bd9Sstevel@tonic-gate    pref_srvlist_help) cat <<EOF
2847c478bd9Sstevel@tonic-gate
2857c478bd9Sstevel@tonic-gateHELP - Provide a list of directory servers to serve this client profile. 
2867c478bd9Sstevel@tonic-gate       Unlike the default server list, which is not ordered, the preferred 
2877c478bd9Sstevel@tonic-gate       servers must be entered IN THE ORDER you wish to have them contacted. 
2887c478bd9Sstevel@tonic-gate       If you do specify a preferred server list, clients will always contact 
2897c478bd9Sstevel@tonic-gate       them before attempting to contact any of the servers on the default 
2907c478bd9Sstevel@tonic-gate       server list. Note that you must enter the preferred server list as a 
2917c478bd9Sstevel@tonic-gate       space-separated list of *IP addresses* (not host names).  Providing port 
2927c478bd9Sstevel@tonic-gate       numbers is optional.
2937c478bd9Sstevel@tonic-gate
2947c478bd9Sstevel@tonic-gateEOF
2957c478bd9Sstevel@tonic-gate    ;;
2967c478bd9Sstevel@tonic-gate    srch_scope_help) cat <<EOF
2977c478bd9Sstevel@tonic-gate
2987c478bd9Sstevel@tonic-gateHELP - Default search scope to be used for all searches unless they are
2997c478bd9Sstevel@tonic-gate       overwritten using serviceSearchDescriptors.  The valid options
3007c478bd9Sstevel@tonic-gate       are "one", which would specify the search will only be performed 
3017c478bd9Sstevel@tonic-gate       at the base DN for the given service, or "sub", which would specify 
3027c478bd9Sstevel@tonic-gate       the search will be performed through *all* levels below the base DN 
3037c478bd9Sstevel@tonic-gate       for the given service.
3047c478bd9Sstevel@tonic-gate
3057c478bd9Sstevel@tonic-gateEOF
3067c478bd9Sstevel@tonic-gate    ;;
3077c478bd9Sstevel@tonic-gate    cred_lvl_help) cat <<EOF
3087c478bd9Sstevel@tonic-gate
3097c478bd9Sstevel@tonic-gateHELP - This parameter defines what credentials the clients use to
3107c478bd9Sstevel@tonic-gate       authenticate to the directory server.  This list might contain
3117c478bd9Sstevel@tonic-gate       multiple credential levels and is ordered.  If a proxy level
3127c478bd9Sstevel@tonic-gate       is configured, you will also be prompted to enter a bind DN
3137c478bd9Sstevel@tonic-gate       for the proxy agent along with a password.  This proxy agent
3147c478bd9Sstevel@tonic-gate       will be created if it does not exist.
3157c478bd9Sstevel@tonic-gate
3167c478bd9Sstevel@tonic-gateEOF
3177c478bd9Sstevel@tonic-gate    ;;
3187c478bd9Sstevel@tonic-gate    auth_help) cat <<EOF
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gateHELP - The default authentication method(s) to be used by all services
3217c478bd9Sstevel@tonic-gate       in the client using this profile.  This is a ordered list of
3227c478bd9Sstevel@tonic-gate       authentication methods separated by a ';'.  The supported methods
3237c478bd9Sstevel@tonic-gate       are provided in a menu.  Note that sasl/DIGEST-MD5 binds require
3247c478bd9Sstevel@tonic-gate       passwords to be stored un-encrypted on the server.
3257c478bd9Sstevel@tonic-gate
3267c478bd9Sstevel@tonic-gateEOF
3277c478bd9Sstevel@tonic-gate    ;;
3287c478bd9Sstevel@tonic-gate    srvauth_help) cat <<EOF
3297c478bd9Sstevel@tonic-gate
3307c478bd9Sstevel@tonic-gateHELP - The authentication methods to be used by a given service.  Currently
3317c478bd9Sstevel@tonic-gate       3 services support this feature: pam_ldap, keyserv, and passwd-cmd.
3327c478bd9Sstevel@tonic-gate       The authentication method specified in this attribute overrides
3337c478bd9Sstevel@tonic-gate       the default authentication method defined in the profile.  This
3347c478bd9Sstevel@tonic-gate       feature can be used to select stronger authentication methods for
3357c478bd9Sstevel@tonic-gate       services which require increased security.
3367c478bd9Sstevel@tonic-gate
3377c478bd9Sstevel@tonic-gateEOF
3387c478bd9Sstevel@tonic-gate    ;;
3397c478bd9Sstevel@tonic-gate    pam_ldap_help) cat <<EOF
3407c478bd9Sstevel@tonic-gate
3417c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by pam_ldap when contacting
3427c478bd9Sstevel@tonic-gate       the directory server.  This is a ordered list, and, if provided, will
3437c478bd9Sstevel@tonic-gate       override the default authentication method parameter.
3447c478bd9Sstevel@tonic-gate
3457c478bd9Sstevel@tonic-gateEOF
3467c478bd9Sstevel@tonic-gate    ;;
3477c478bd9Sstevel@tonic-gate    keyserv_help) cat <<EOF
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by newkey(1M) and chkey(1)
3507c478bd9Sstevel@tonic-gate       when contacting the directory server.  This is a ordered list and
3517c478bd9Sstevel@tonic-gate       if provided will override the default authentication method
3527c478bd9Sstevel@tonic-gate       parameter.
3537c478bd9Sstevel@tonic-gate
3547c478bd9Sstevel@tonic-gateEOF
3557c478bd9Sstevel@tonic-gate    ;;
3567c478bd9Sstevel@tonic-gate    passwd-cmd_help) cat <<EOF
3577c478bd9Sstevel@tonic-gate
3587c478bd9Sstevel@tonic-gateHELP - The authentication method(s) to be used by passwd(1) command when
3597c478bd9Sstevel@tonic-gate       contacting the directory server.  This is a ordered list and if
3607c478bd9Sstevel@tonic-gate       provided will override the default authentication method parameter.
3617c478bd9Sstevel@tonic-gate
3627c478bd9Sstevel@tonic-gateEOF
3637c478bd9Sstevel@tonic-gate    ;;
3647c478bd9Sstevel@tonic-gate    referrals_help) cat <<EOF
3657c478bd9Sstevel@tonic-gate
3667c478bd9Sstevel@tonic-gateHELP - This parameter indicates whether the client should follow
3677c478bd9Sstevel@tonic-gate       ldap referrals if it encounters one during naming lookups.
3687c478bd9Sstevel@tonic-gate
3697c478bd9Sstevel@tonic-gateEOF
3707c478bd9Sstevel@tonic-gate    ;;
3717c478bd9Sstevel@tonic-gate    tlim_help) cat <<EOF
3727c478bd9Sstevel@tonic-gate
3737c478bd9Sstevel@tonic-gateHELP - The server time limit value indicates the maximum amount of time the
3747c478bd9Sstevel@tonic-gate       server would spend on a query from the client before abandoning it.
3757c478bd9Sstevel@tonic-gate       A value of '-1' indicates no limit.
3767c478bd9Sstevel@tonic-gate
3777c478bd9Sstevel@tonic-gateEOF
3787c478bd9Sstevel@tonic-gate    ;;
3797c478bd9Sstevel@tonic-gate    slim_help) cat <<EOF
3807c478bd9Sstevel@tonic-gate
3817c478bd9Sstevel@tonic-gateHELP - The server sizelimit value indicates the maximum number of entries
3827c478bd9Sstevel@tonic-gate       the server would return in respond to a query from the client.  A
3837c478bd9Sstevel@tonic-gate       value of '-1' indicates no limit.
3847c478bd9Sstevel@tonic-gate
3857c478bd9Sstevel@tonic-gateEOF
3867c478bd9Sstevel@tonic-gate    ;;
3877c478bd9Sstevel@tonic-gate    crypt_help) cat <<EOF
3887c478bd9Sstevel@tonic-gate
3897c478bd9Sstevel@tonic-gateHELP - By default iDS does not store userPassword attribute values using
3907c478bd9Sstevel@tonic-gate       unix "crypt" format.  If you need to keep your passwords in the crypt
3917c478bd9Sstevel@tonic-gate       format for NIS/NIS+ and pam_unix compatibility, choose 'yes'.  If
3927c478bd9Sstevel@tonic-gate       passwords are stored using any other format than crypt, pam_ldap
3937c478bd9Sstevel@tonic-gate       MUST be used by clients to authenticate users to the system. Note 
3947c478bd9Sstevel@tonic-gate       that if you wish to use sasl/DIGEST-MD5 in conjunction with pam_ldap,
3957c478bd9Sstevel@tonic-gate       user passwords must be stored in the clear format.
3967c478bd9Sstevel@tonic-gate
3977c478bd9Sstevel@tonic-gateEOF
3987c478bd9Sstevel@tonic-gate    ;;
3997c478bd9Sstevel@tonic-gate    srchtime_help) cat <<EOF
4007c478bd9Sstevel@tonic-gate
4017c478bd9Sstevel@tonic-gateHELP - The search time limit the client will enforce for directory
4027c478bd9Sstevel@tonic-gate       lookups.
4037c478bd9Sstevel@tonic-gate
4047c478bd9Sstevel@tonic-gateEOF
4057c478bd9Sstevel@tonic-gate    ;;
4067c478bd9Sstevel@tonic-gate    profttl_help) cat <<EOF
4077c478bd9Sstevel@tonic-gate
4087c478bd9Sstevel@tonic-gateHELP - The time to live value for profile.  The client will refresh its
4097c478bd9Sstevel@tonic-gate       cached version of the configuration profile at this TTL interval.
4107c478bd9Sstevel@tonic-gate
4117c478bd9Sstevel@tonic-gateEOF
4127c478bd9Sstevel@tonic-gate    ;;
4137c478bd9Sstevel@tonic-gate    bindlim_help) cat <<EOF
4147c478bd9Sstevel@tonic-gate
4157c478bd9Sstevel@tonic-gateHELP - The time limit for the bind operation to the directory.  This
4167c478bd9Sstevel@tonic-gate       value controls the responsiveness of the client in case a server
4177c478bd9Sstevel@tonic-gate       becomes unavailable.  The smallest timeout value for a given
4187c478bd9Sstevel@tonic-gate       network architecture/conditions would work best.  This is very
4197c478bd9Sstevel@tonic-gate       similar to setting TCP timeout, but only for LDAP bind operation.
4207c478bd9Sstevel@tonic-gate
4217c478bd9Sstevel@tonic-gateEOF
4227c478bd9Sstevel@tonic-gate    ;;
4237c478bd9Sstevel@tonic-gate    ssd_help) cat <<EOF
4247c478bd9Sstevel@tonic-gate
4257c478bd9Sstevel@tonic-gateHELP - Using Service Search Descriptors (SSD), you can override the
4267c478bd9Sstevel@tonic-gate       default configuration for a given service.  The SSD can be
4277c478bd9Sstevel@tonic-gate       used to override the default search base DN, the default search
4287c478bd9Sstevel@tonic-gate       scope, and the default search filter to be used for directory
4297c478bd9Sstevel@tonic-gate       lookups.  SSD are supported for all services (databases)
4307c478bd9Sstevel@tonic-gate       defined in nsswitch.conf(4).  The default base DN is defined
4317c478bd9Sstevel@tonic-gate       in ldap(1).
4327c478bd9Sstevel@tonic-gate
4337c478bd9Sstevel@tonic-gate       Note: SSD are powerful tools in defining configuration profiles
4347c478bd9Sstevel@tonic-gate             and provide a great deal of flexibility.  However, care
4357c478bd9Sstevel@tonic-gate             must be taken in creating them.  If you decide to make use
4367c478bd9Sstevel@tonic-gate             of SSDs, consult the documentation first.
4377c478bd9Sstevel@tonic-gate
4387c478bd9Sstevel@tonic-gateEOF
4397c478bd9Sstevel@tonic-gate    ;;
4407c478bd9Sstevel@tonic-gate    ssd_menu_help) cat <<EOF
4417c478bd9Sstevel@tonic-gate
4427c478bd9Sstevel@tonic-gateHELP - Using this menu SSD can be added, updated, or deleted from
4437c478bd9Sstevel@tonic-gate       the profile.
4447c478bd9Sstevel@tonic-gate
4457c478bd9Sstevel@tonic-gate       A - This option creates a new SSD by prompting for the
4467c478bd9Sstevel@tonic-gate           service name, base DN, and scope.  Service name is
4477c478bd9Sstevel@tonic-gate           any valid service as defined in ldap(1).  base is
4487c478bd9Sstevel@tonic-gate           either the distinguished name to the container where
4497c478bd9Sstevel@tonic-gate           this service will use, or a relative DN followed
4507c478bd9Sstevel@tonic-gate           by a ','.
4517c478bd9Sstevel@tonic-gate       D - Delete a previously created SSD.
4527c478bd9Sstevel@tonic-gate       M - Modify a previously created SSD.
4537c478bd9Sstevel@tonic-gate       P - Display a list of all the previously created SSD.
4547c478bd9Sstevel@tonic-gate       X - Delete all of the previously created SSD.
4557c478bd9Sstevel@tonic-gate
4567c478bd9Sstevel@tonic-gate       Q - Exit the menu and continue with the server configuration.
4577c478bd9Sstevel@tonic-gate
4587c478bd9Sstevel@tonic-gateEOF
4597c478bd9Sstevel@tonic-gate    ;;
4607c478bd9Sstevel@tonic-gate    ldap_suffix_list_help) cat <<EOF
4617c478bd9Sstevel@tonic-gate
4627c478bd9Sstevel@tonic-gateHELP - No valid suffixes (naming contexts) are available on server 
4637c478bd9Sstevel@tonic-gate       ${IDS_SERVER}:${IDS_PORT}.
4647c478bd9Sstevel@tonic-gate       You must set an LDAP Base DN that can be contained in 
4657c478bd9Sstevel@tonic-gate       an existing suffix.
4667c478bd9Sstevel@tonic-gate
4677c478bd9Sstevel@tonic-gateEOF
4687c478bd9Sstevel@tonic-gate    ;;
4697c478bd9Sstevel@tonic-gate    esac
4707c478bd9Sstevel@tonic-gate}
4717c478bd9Sstevel@tonic-gate
4727c478bd9Sstevel@tonic-gate
4737c478bd9Sstevel@tonic-gate#
4747c478bd9Sstevel@tonic-gate# get_ans(): gets an answer from the user.
4757c478bd9Sstevel@tonic-gate#		$1  instruction/comment/description/question
4767c478bd9Sstevel@tonic-gate#		$2  default value
4777c478bd9Sstevel@tonic-gate#
4787c478bd9Sstevel@tonic-gateget_ans()
4797c478bd9Sstevel@tonic-gate{
4807c478bd9Sstevel@tonic-gate    if [ -z "$2" ]
4817c478bd9Sstevel@tonic-gate    then
4827c478bd9Sstevel@tonic-gate	${ECHO} "$1 \c"
4837c478bd9Sstevel@tonic-gate    else
4847c478bd9Sstevel@tonic-gate	${ECHO} "$1 [$2] \c"
4857c478bd9Sstevel@tonic-gate    fi
4867c478bd9Sstevel@tonic-gate
4877c478bd9Sstevel@tonic-gate    read ANS
4887c478bd9Sstevel@tonic-gate    if [ -z "$ANS" ]
4897c478bd9Sstevel@tonic-gate    then
4907c478bd9Sstevel@tonic-gate	ANS=$2
4917c478bd9Sstevel@tonic-gate    fi
4927c478bd9Sstevel@tonic-gate}
4937c478bd9Sstevel@tonic-gate
4947c478bd9Sstevel@tonic-gate
4957c478bd9Sstevel@tonic-gate#
4967c478bd9Sstevel@tonic-gate# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
4977c478bd9Sstevel@tonic-gate#		$@  instruction/comment/description/question
4987c478bd9Sstevel@tonic-gate#
4997c478bd9Sstevel@tonic-gateget_ans_req()
5007c478bd9Sstevel@tonic-gate{
5017c478bd9Sstevel@tonic-gate    ANS=""                  # Set ANS to NULL.
5027c478bd9Sstevel@tonic-gate    while [ "$ANS" = "" ]
5037c478bd9Sstevel@tonic-gate    do
5047c478bd9Sstevel@tonic-gate	get_ans "$@"
5057c478bd9Sstevel@tonic-gate	[ "$ANS" = "" ] && ${ECHO} "NULL value not allowed!"
5067c478bd9Sstevel@tonic-gate    done
5077c478bd9Sstevel@tonic-gate}
5087c478bd9Sstevel@tonic-gate
5097c478bd9Sstevel@tonic-gate
5107c478bd9Sstevel@tonic-gate#
5117c478bd9Sstevel@tonic-gate# get_number(): Querys and verifies that number entered is numeric.
5127c478bd9Sstevel@tonic-gate#               Function will repeat prompt user for number value.
5137c478bd9Sstevel@tonic-gate#               $1  Message text.
5147c478bd9Sstevel@tonic-gate#		$2  default value.
5157c478bd9Sstevel@tonic-gate#               $3  Help argument.
5167c478bd9Sstevel@tonic-gate#
5177c478bd9Sstevel@tonic-gateget_number()
5187c478bd9Sstevel@tonic-gate{
5197c478bd9Sstevel@tonic-gate    ANS=""                  # Set ANS to NULL.
5207c478bd9Sstevel@tonic-gate    NUM=""
5217c478bd9Sstevel@tonic-gate
5227c478bd9Sstevel@tonic-gate    get_ans "$1" "$2"
5237c478bd9Sstevel@tonic-gate
5247c478bd9Sstevel@tonic-gate    # Verify that value is numeric.
5257c478bd9Sstevel@tonic-gate    while not_numeric $ANS
5267c478bd9Sstevel@tonic-gate    do
5277c478bd9Sstevel@tonic-gate	case "$ANS" in
5287c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
5297c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Invalid value: \"${ANS}\". \c"
5307c478bd9Sstevel@tonic-gate	     ;;
5317c478bd9Sstevel@tonic-gate	esac
5327c478bd9Sstevel@tonic-gate	# Get a new value.
5337c478bd9Sstevel@tonic-gate	get_ans "Enter a numeric value:" "$2"
5347c478bd9Sstevel@tonic-gate    done
5357c478bd9Sstevel@tonic-gate    NUM=$ANS
5367c478bd9Sstevel@tonic-gate}
5377c478bd9Sstevel@tonic-gate
5387c478bd9Sstevel@tonic-gate
5397c478bd9Sstevel@tonic-gate#
5407c478bd9Sstevel@tonic-gate# get_negone_num(): Only allows a -1 or positive integer.
5417c478bd9Sstevel@tonic-gate#                   Used for values where -1 has special meaning.
5427c478bd9Sstevel@tonic-gate#
5437c478bd9Sstevel@tonic-gate#                   $1 - Prompt message.
5447c478bd9Sstevel@tonic-gate#                   $2 - Default value (require).
5457c478bd9Sstevel@tonic-gate#                   $3 - Optional help argument.
5467c478bd9Sstevel@tonic-gateget_negone_num()
5477c478bd9Sstevel@tonic-gate{
5487c478bd9Sstevel@tonic-gate    while :
5497c478bd9Sstevel@tonic-gate    do
5507c478bd9Sstevel@tonic-gate	get_number "$1" "$2" "$3"
5517c478bd9Sstevel@tonic-gate	if is_negative $ANS
5527c478bd9Sstevel@tonic-gate	then
5537c478bd9Sstevel@tonic-gate	    if [ "$ANS" = "-1" ]; then
5547c478bd9Sstevel@tonic-gate		break  # -1 is OK, so break.
5557c478bd9Sstevel@tonic-gate	    else       # Need to re-enter number.
5567c478bd9Sstevel@tonic-gate		${ECHO} "Invalid number: please enter -1 or positive number."
5577c478bd9Sstevel@tonic-gate	    fi
5587c478bd9Sstevel@tonic-gate	else
5597c478bd9Sstevel@tonic-gate	    break      # Positive number
5607c478bd9Sstevel@tonic-gate	fi
5617c478bd9Sstevel@tonic-gate    done
5627c478bd9Sstevel@tonic-gate}
5637c478bd9Sstevel@tonic-gate
5647c478bd9Sstevel@tonic-gate
5657c478bd9Sstevel@tonic-gate#
5667c478bd9Sstevel@tonic-gate# get_passwd(): Reads a password from the user and verify with second.
5677c478bd9Sstevel@tonic-gate#		$@  instruction/comment/description/question
5687c478bd9Sstevel@tonic-gate#
5697c478bd9Sstevel@tonic-gateget_passwd()
5707c478bd9Sstevel@tonic-gate{
5717c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd()"
5727c478bd9Sstevel@tonic-gate
5737c478bd9Sstevel@tonic-gate    # Temporary PASSWD variables
5747c478bd9Sstevel@tonic-gate    _PASS1=""
5757c478bd9Sstevel@tonic-gate    _PASS2=""
5767c478bd9Sstevel@tonic-gate
5777c478bd9Sstevel@tonic-gate    /usr/bin/stty -echo     # Turn echo OFF
5787c478bd9Sstevel@tonic-gate
5797c478bd9Sstevel@tonic-gate    # Endless loop that continues until passwd and re-entered passwd
5807c478bd9Sstevel@tonic-gate    # match.
5817c478bd9Sstevel@tonic-gate    while :
5827c478bd9Sstevel@tonic-gate    do
5837c478bd9Sstevel@tonic-gate	ANS=""                  # Set ANS to NULL.
5847c478bd9Sstevel@tonic-gate
5857c478bd9Sstevel@tonic-gate	# Don't allow NULL for first try.
5867c478bd9Sstevel@tonic-gate	while [ "$ANS" = "" ]
5877c478bd9Sstevel@tonic-gate	do
5887c478bd9Sstevel@tonic-gate	    get_ans "$@"
5897c478bd9Sstevel@tonic-gate	    [ "$ANS" = "" ] && ${ECHO} "" && ${ECHO} "NULL passwd not allowed!"
5907c478bd9Sstevel@tonic-gate	done
5917c478bd9Sstevel@tonic-gate	_PASS1=$ANS         # Store first try.
5927c478bd9Sstevel@tonic-gate
5937c478bd9Sstevel@tonic-gate	# Get second try.
5947c478bd9Sstevel@tonic-gate	${ECHO} ""
5957c478bd9Sstevel@tonic-gate	get_ans "Re-enter passwd:"
5967c478bd9Sstevel@tonic-gate	_PASS2=$ANS
5977c478bd9Sstevel@tonic-gate
5987c478bd9Sstevel@tonic-gate	# Test if passwords are identical.
5997c478bd9Sstevel@tonic-gate	if [ "$_PASS1" = "$_PASS2" ]; then
6007c478bd9Sstevel@tonic-gate	    break
6017c478bd9Sstevel@tonic-gate	fi
6027c478bd9Sstevel@tonic-gate
6037c478bd9Sstevel@tonic-gate	# Move cursor down to next line and print ERROR message.
6047c478bd9Sstevel@tonic-gate	${ECHO} ""
6057c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: passwords don't match; try again."
6067c478bd9Sstevel@tonic-gate    done
6077c478bd9Sstevel@tonic-gate
6087c478bd9Sstevel@tonic-gate    /usr/bin/stty echo      # Turn echo ON
6097c478bd9Sstevel@tonic-gate
6107c478bd9Sstevel@tonic-gate    ${ECHO} ""
6117c478bd9Sstevel@tonic-gate}
6127c478bd9Sstevel@tonic-gate
6137c478bd9Sstevel@tonic-gate
6147c478bd9Sstevel@tonic-gate#
6157c478bd9Sstevel@tonic-gate# get_passwd_nochk(): Reads a password from the user w/o check.
6167c478bd9Sstevel@tonic-gate#		$@  instruction/comment/description/question
6177c478bd9Sstevel@tonic-gate#
6187c478bd9Sstevel@tonic-gateget_passwd_nochk()
6197c478bd9Sstevel@tonic-gate{
6207c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_passwd_nochk()"
6217c478bd9Sstevel@tonic-gate
6227c478bd9Sstevel@tonic-gate    /usr/bin/stty -echo     # Turn echo OFF
6237c478bd9Sstevel@tonic-gate
6247c478bd9Sstevel@tonic-gate    get_ans "$@"
6257c478bd9Sstevel@tonic-gate
6267c478bd9Sstevel@tonic-gate    /usr/bin/stty echo      # Turn echo ON
6277c478bd9Sstevel@tonic-gate
6287c478bd9Sstevel@tonic-gate    ${ECHO} ""
6297c478bd9Sstevel@tonic-gate}
6307c478bd9Sstevel@tonic-gate
6317c478bd9Sstevel@tonic-gate
6327c478bd9Sstevel@tonic-gate#
6337c478bd9Sstevel@tonic-gate# get_menu_choice(): Get a menu choice from user.  Continue prompting
6347c478bd9Sstevel@tonic-gate#                    till the choice is in required range.
6357c478bd9Sstevel@tonic-gate#   $1 .. Message text.
6367c478bd9Sstevel@tonic-gate#   $2 .. min value
6377c478bd9Sstevel@tonic-gate#   $3 .. max value
6387c478bd9Sstevel@tonic-gate#   $4 .. OPTIONAL: default value
6397c478bd9Sstevel@tonic-gate#
6407c478bd9Sstevel@tonic-gate#   Return value:
6417c478bd9Sstevel@tonic-gate#     MN_CH will contain the value selected.
6427c478bd9Sstevel@tonic-gate#
6437c478bd9Sstevel@tonic-gateget_menu_choice()
6447c478bd9Sstevel@tonic-gate{
6457c478bd9Sstevel@tonic-gate    # Check for req parameter.
6467c478bd9Sstevel@tonic-gate    if [ $# -lt 3 ]; then
6477c478bd9Sstevel@tonic-gate	${ECHO} "get_menu_choice(): Did not get required parameters."
6487c478bd9Sstevel@tonic-gate	return 1
6497c478bd9Sstevel@tonic-gate    fi
6507c478bd9Sstevel@tonic-gate
6517c478bd9Sstevel@tonic-gate    while :
6527c478bd9Sstevel@tonic-gate    do
6537c478bd9Sstevel@tonic-gate	get_ans "$1" "$4"
6547c478bd9Sstevel@tonic-gate	MN_CH=$ANS
6557c478bd9Sstevel@tonic-gate	is_negative $MN_CH
6567c478bd9Sstevel@tonic-gate	if [ $? -eq 1 ]; then
6577c478bd9Sstevel@tonic-gate	    if [ $MN_CH -ge $2 ]; then
6587c478bd9Sstevel@tonic-gate		if [ $MN_CH -le $3 ]; then
6597c478bd9Sstevel@tonic-gate		    return
6607c478bd9Sstevel@tonic-gate		fi
6617c478bd9Sstevel@tonic-gate	    fi
6627c478bd9Sstevel@tonic-gate	fi
6637c478bd9Sstevel@tonic-gate	${ECHO} "Invalid choice: $MN_CH"
6647c478bd9Sstevel@tonic-gate    done
6657c478bd9Sstevel@tonic-gate}
6667c478bd9Sstevel@tonic-gate
6677c478bd9Sstevel@tonic-gate
6687c478bd9Sstevel@tonic-gate#
6697c478bd9Sstevel@tonic-gate# get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
6707c478bd9Sstevel@tonic-gate#                $1 - Message
6717c478bd9Sstevel@tonic-gate#                $2 - default value.
6727c478bd9Sstevel@tonic-gate#
6737c478bd9Sstevel@tonic-gateget_confirm()
6747c478bd9Sstevel@tonic-gate{
6757c478bd9Sstevel@tonic-gate    _ANSWER=
6767c478bd9Sstevel@tonic-gate
6777c478bd9Sstevel@tonic-gate    while :
6787c478bd9Sstevel@tonic-gate    do
6797c478bd9Sstevel@tonic-gate	# Display Internal ERROR if $2 not set.
6807c478bd9Sstevel@tonic-gate	if [ -z "$2" ]
6817c478bd9Sstevel@tonic-gate	then
6827c478bd9Sstevel@tonic-gate	    ${ECHO} "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
6837c478bd9Sstevel@tonic-gate	    exit 2
6847c478bd9Sstevel@tonic-gate	fi
6857c478bd9Sstevel@tonic-gate
6867c478bd9Sstevel@tonic-gate	# Display prompt.
6877c478bd9Sstevel@tonic-gate	${ECHO} "$1 [$2] \c"
6887c478bd9Sstevel@tonic-gate
6897c478bd9Sstevel@tonic-gate	# Get the ANSWER.
6907c478bd9Sstevel@tonic-gate	read _ANSWER
6917c478bd9Sstevel@tonic-gate	if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
6927c478bd9Sstevel@tonic-gate	    _ANSWER=$2
6937c478bd9Sstevel@tonic-gate	fi
6947c478bd9Sstevel@tonic-gate	case "$_ANSWER" in
6957c478bd9Sstevel@tonic-gate	    [Yy] | yes | Yes | YES) return 1 ;;
6967c478bd9Sstevel@tonic-gate	    [Nn] | no  | No  | NO)  return 0 ;;
6977c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg ${3:-sorry};;
6987c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Please enter y or n."  ;;
6997c478bd9Sstevel@tonic-gate	esac
7007c478bd9Sstevel@tonic-gate    done
7017c478bd9Sstevel@tonic-gate}
7027c478bd9Sstevel@tonic-gate
7037c478bd9Sstevel@tonic-gate
7047c478bd9Sstevel@tonic-gate#
7057c478bd9Sstevel@tonic-gate# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
7067c478bd9Sstevel@tonic-gate#                      No default value supported.
7077c478bd9Sstevel@tonic-gate#
7087c478bd9Sstevel@tonic-gateget_confirm_nodef()
7097c478bd9Sstevel@tonic-gate{
7107c478bd9Sstevel@tonic-gate    _ANSWER=
7117c478bd9Sstevel@tonic-gate
7127c478bd9Sstevel@tonic-gate    while :
7137c478bd9Sstevel@tonic-gate    do
7147c478bd9Sstevel@tonic-gate	${ECHO} "$@ \c"
7157c478bd9Sstevel@tonic-gate	read _ANSWER
7167c478bd9Sstevel@tonic-gate	case "$_ANSWER" in
7177c478bd9Sstevel@tonic-gate	    [Yy] | yes | Yes | YES) return 1 ;;
7187c478bd9Sstevel@tonic-gate	    [Nn] | no  | No  | NO)  return 0 ;;
7197c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Please enter y or n."  ;;
7207c478bd9Sstevel@tonic-gate	esac
7217c478bd9Sstevel@tonic-gate    done
7227c478bd9Sstevel@tonic-gate}
7237c478bd9Sstevel@tonic-gate
7247c478bd9Sstevel@tonic-gate
7257c478bd9Sstevel@tonic-gate#
7267c478bd9Sstevel@tonic-gate# is_numeric(): Tells is a string is numeric.
7277c478bd9Sstevel@tonic-gate#    0 = Numeric
7287c478bd9Sstevel@tonic-gate#    1 = NOT Numeric
7297c478bd9Sstevel@tonic-gate#
7307c478bd9Sstevel@tonic-gateis_numeric()
7317c478bd9Sstevel@tonic-gate{
7327c478bd9Sstevel@tonic-gate    # Check for parameter.
7337c478bd9Sstevel@tonic-gate    if [ $# -ne 1 ]; then
7347c478bd9Sstevel@tonic-gate	return 1
7357c478bd9Sstevel@tonic-gate    fi
7367c478bd9Sstevel@tonic-gate
7377c478bd9Sstevel@tonic-gate    # Determine if numeric.
7387c478bd9Sstevel@tonic-gate    expr "$1" + 1 > /dev/null 2>&1
7397c478bd9Sstevel@tonic-gate    if [ $? -ge 2 ]; then
7407c478bd9Sstevel@tonic-gate	return 1
7417c478bd9Sstevel@tonic-gate    fi
7427c478bd9Sstevel@tonic-gate
7437c478bd9Sstevel@tonic-gate    # Made it here, it's Numeric.
7447c478bd9Sstevel@tonic-gate    return 0
7457c478bd9Sstevel@tonic-gate}
7467c478bd9Sstevel@tonic-gate
7477c478bd9Sstevel@tonic-gate
7487c478bd9Sstevel@tonic-gate#
7497c478bd9Sstevel@tonic-gate# not_numeric(): Reverses the return values of is_numeric.  Useful
7507c478bd9Sstevel@tonic-gate#                 for if and while statements that want to test for
7517c478bd9Sstevel@tonic-gate#                 non-numeric data.
7527c478bd9Sstevel@tonic-gate#    0 = NOT Numeric
7537c478bd9Sstevel@tonic-gate#    1 = Numeric
7547c478bd9Sstevel@tonic-gate#
7557c478bd9Sstevel@tonic-gatenot_numeric()
7567c478bd9Sstevel@tonic-gate{
7577c478bd9Sstevel@tonic-gate    is_numeric $1
7587c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
7597c478bd9Sstevel@tonic-gate       return 1
7607c478bd9Sstevel@tonic-gate    else
7617c478bd9Sstevel@tonic-gate       return 0
7627c478bd9Sstevel@tonic-gate    fi
7637c478bd9Sstevel@tonic-gate}
7647c478bd9Sstevel@tonic-gate
7657c478bd9Sstevel@tonic-gate
7667c478bd9Sstevel@tonic-gate#
7677c478bd9Sstevel@tonic-gate# is_negative(): Tells is a Numeric value is less than zero.
7687c478bd9Sstevel@tonic-gate#    0 = Negative Numeric
7697c478bd9Sstevel@tonic-gate#    1 = Positive Numeric
7707c478bd9Sstevel@tonic-gate#    2 = NOT Numeric
7717c478bd9Sstevel@tonic-gate#
7727c478bd9Sstevel@tonic-gateis_negative()
7737c478bd9Sstevel@tonic-gate{
7747c478bd9Sstevel@tonic-gate    # Check for parameter.
7757c478bd9Sstevel@tonic-gate    if [ $# -ne 1 ]; then
7767c478bd9Sstevel@tonic-gate	return 1
7777c478bd9Sstevel@tonic-gate    fi
7787c478bd9Sstevel@tonic-gate
7797c478bd9Sstevel@tonic-gate    # Determine if numeric.  Can't use expr because -0 is
7807c478bd9Sstevel@tonic-gate    # considered positive??
7817c478bd9Sstevel@tonic-gate    if is_numeric $1; then
7827c478bd9Sstevel@tonic-gate	case "$1" in
7837c478bd9Sstevel@tonic-gate	    -*)  return 0 ;;   # Negative Numeric
7847c478bd9Sstevel@tonic-gate	    *)   return 1 ;;   # Positive Numeric
7857c478bd9Sstevel@tonic-gate	esac
7867c478bd9Sstevel@tonic-gate    else
7877c478bd9Sstevel@tonic-gate	return 2
7887c478bd9Sstevel@tonic-gate    fi
7897c478bd9Sstevel@tonic-gate}
7907c478bd9Sstevel@tonic-gate
7917c478bd9Sstevel@tonic-gate
7927c478bd9Sstevel@tonic-gate#
7937c478bd9Sstevel@tonic-gate# check_domainname(): check validity of a domain name.  Currently we check
7947c478bd9Sstevel@tonic-gate#                     that it has at least two components.
7957c478bd9Sstevel@tonic-gate#		$1  the domain name to be checked
7967c478bd9Sstevel@tonic-gate#
7977c478bd9Sstevel@tonic-gatecheck_domainname()
7987c478bd9Sstevel@tonic-gate{
7997c478bd9Sstevel@tonic-gate    if [ ! -z "$1" ]
8007c478bd9Sstevel@tonic-gate    then
8017c478bd9Sstevel@tonic-gate	t=`expr "$1" : '[^.]\{1,\}[.][^.]\{1,\}'`
8027c478bd9Sstevel@tonic-gate	if [ "$t" = 0 ]
8037c478bd9Sstevel@tonic-gate	then
8047c478bd9Sstevel@tonic-gate	    return 1
8057c478bd9Sstevel@tonic-gate	fi
8067c478bd9Sstevel@tonic-gate    fi
8077c478bd9Sstevel@tonic-gate    return 0
8087c478bd9Sstevel@tonic-gate}
8097c478bd9Sstevel@tonic-gate
8107c478bd9Sstevel@tonic-gate
8117c478bd9Sstevel@tonic-gate#
8127c478bd9Sstevel@tonic-gate# check_baseDN(): check validity of the baseDN name.
8137c478bd9Sstevel@tonic-gate#		$1  the baseDN name to be checked
8147c478bd9Sstevel@tonic-gate#
8157c478bd9Sstevel@tonic-gate#     NOTE: The check_baseDN function does not catch all invalid DN's.
8167c478bd9Sstevel@tonic-gate#           Its purpose is to reduce the number of invalid DN's to
8177c478bd9Sstevel@tonic-gate#           get past the input routine.  The invalid DN's will be
8187c478bd9Sstevel@tonic-gate#           caught by the LDAP server when they are attempted to be
8197c478bd9Sstevel@tonic-gate#           created.
8207c478bd9Sstevel@tonic-gate#
8217c478bd9Sstevel@tonic-gatecheck_baseDN()
8227c478bd9Sstevel@tonic-gate{
8237c478bd9Sstevel@tonic-gate    ck_DN=$1
8247c478bd9Sstevel@tonic-gate    ${ECHO} "  Checking LDAP Base DN ..."
8257c478bd9Sstevel@tonic-gate    if [ ! -z "$ck_DN" ]; then
8267c478bd9Sstevel@tonic-gate        [ $DEBUG -eq 1 ] && ${ECHO} "Checking baseDN: $ck_DN"
8277c478bd9Sstevel@tonic-gate        # Check for = (assignment operator)
8287c478bd9Sstevel@tonic-gate        ${ECHO} "$ck_DN" | ${GREP} "=" > /dev/null 2>&1
8297c478bd9Sstevel@tonic-gate        if [ $? -ne 0 ]; then
8307c478bd9Sstevel@tonic-gate            [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: No '=' in baseDN."
8317c478bd9Sstevel@tonic-gate            return 1
8327c478bd9Sstevel@tonic-gate        fi
8337c478bd9Sstevel@tonic-gate
8347c478bd9Sstevel@tonic-gate        # Check all keys.
8357c478bd9Sstevel@tonic-gate        while :
8367c478bd9Sstevel@tonic-gate        do
8377c478bd9Sstevel@tonic-gate            # Get first key.
8387c478bd9Sstevel@tonic-gate            dkey=`${ECHO} $ck_DN | cut -d'=' -f1`
8397c478bd9Sstevel@tonic-gate
8407c478bd9Sstevel@tonic-gate            # Check that the key string is valid
8417c478bd9Sstevel@tonic-gate	    check_attrName $dkey
8427c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
8437c478bd9Sstevel@tonic-gate                [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: invalid key=${dkey}"
8447c478bd9Sstevel@tonic-gate                return 1
8457c478bd9Sstevel@tonic-gate            fi
8467c478bd9Sstevel@tonic-gate
8477c478bd9Sstevel@tonic-gate            [ $DEBUG -eq 1 ] && ${ECHO} "check_baseDN: valid key=${dkey}"
8487c478bd9Sstevel@tonic-gate
8497c478bd9Sstevel@tonic-gate            # Remove first key from DN
8507c478bd9Sstevel@tonic-gate            ck_DN=`${ECHO} $ck_DN | cut -s -d',' -f2-`
8517c478bd9Sstevel@tonic-gate
8527c478bd9Sstevel@tonic-gate            # Break loop if nothing left.
8537c478bd9Sstevel@tonic-gate            if [ "$ck_DN" = "" ]; then
8547c478bd9Sstevel@tonic-gate                break
8557c478bd9Sstevel@tonic-gate            fi
8567c478bd9Sstevel@tonic-gate        done
8577c478bd9Sstevel@tonic-gate    fi
8587c478bd9Sstevel@tonic-gate    return 0
8597c478bd9Sstevel@tonic-gate}
8607c478bd9Sstevel@tonic-gate
8617c478bd9Sstevel@tonic-gate
8627c478bd9Sstevel@tonic-gate#
8637c478bd9Sstevel@tonic-gate# domain_2_dc(): Convert a domain name into dc string.
8647c478bd9Sstevel@tonic-gate#    $1  .. Domain name.
8657c478bd9Sstevel@tonic-gate#
8667c478bd9Sstevel@tonic-gatedomain_2_dc()
8677c478bd9Sstevel@tonic-gate{
8687c478bd9Sstevel@tonic-gate    _DOM=$1           # Domain parameter.
8697c478bd9Sstevel@tonic-gate    _DOM_2_DC=""      # Return value from function.
8707c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
8717c478bd9Sstevel@tonic-gate
8727c478bd9Sstevel@tonic-gate    export _DOM_2_DC  # Make visible for others.
8737c478bd9Sstevel@tonic-gate
8747c478bd9Sstevel@tonic-gate    # Convert "."'s to spaces for "for" loop.
8757c478bd9Sstevel@tonic-gate    domtmp="`${ECHO} ${_DOM} | tr '.' ' '`"
8767c478bd9Sstevel@tonic-gate    for i in $domtmp; do
8777c478bd9Sstevel@tonic-gate	if [ $_FIRST -eq 1 ]; then
8787c478bd9Sstevel@tonic-gate	    _DOM_2_DC="dc=${i}"
8797c478bd9Sstevel@tonic-gate	    _FIRST=0
8807c478bd9Sstevel@tonic-gate	else
8817c478bd9Sstevel@tonic-gate	    _DOM_2_DC="${_DOM_2_DC},dc=${i}"
8827c478bd9Sstevel@tonic-gate	fi
8837c478bd9Sstevel@tonic-gate    done
8847c478bd9Sstevel@tonic-gate}
8857c478bd9Sstevel@tonic-gate
8867c478bd9Sstevel@tonic-gate
8877c478bd9Sstevel@tonic-gate#
8887c478bd9Sstevel@tonic-gate# is_root_user(): Check to see if logged in as root user.
8897c478bd9Sstevel@tonic-gate#
8907c478bd9Sstevel@tonic-gateis_root_user()
8917c478bd9Sstevel@tonic-gate{
8927c478bd9Sstevel@tonic-gate    case `id` in
8937c478bd9Sstevel@tonic-gate	uid=0\(root\)*) return 0 ;;
8947c478bd9Sstevel@tonic-gate	* )             return 1 ;;
8957c478bd9Sstevel@tonic-gate    esac
8967c478bd9Sstevel@tonic-gate}
8977c478bd9Sstevel@tonic-gate
8987c478bd9Sstevel@tonic-gate
8997c478bd9Sstevel@tonic-gate#
9007c478bd9Sstevel@tonic-gate# parse_arg(): Parses the command line arguments and sets the
9017c478bd9Sstevel@tonic-gate#              appropriate variables.
9027c478bd9Sstevel@tonic-gate#
9037c478bd9Sstevel@tonic-gateparse_arg()
9047c478bd9Sstevel@tonic-gate{
9057c478bd9Sstevel@tonic-gate    while getopts "dvhi:o:" ARG
9067c478bd9Sstevel@tonic-gate    do
9077c478bd9Sstevel@tonic-gate	case $ARG in
9087c478bd9Sstevel@tonic-gate	    d)      DEBUG=1;;
9097c478bd9Sstevel@tonic-gate	    v)      VERB="";;
9107c478bd9Sstevel@tonic-gate	    i)      INPUT_FILE=$OPTARG;;
9117c478bd9Sstevel@tonic-gate	    o)      OUTPUT_FILE=$OPTARG;;
9127c478bd9Sstevel@tonic-gate	    \?)	display_msg usage
9137c478bd9Sstevel@tonic-gate		    exit 1;;
9147c478bd9Sstevel@tonic-gate	    *)	${ECHO} "**ERROR: Supported option missing handler!"
9157c478bd9Sstevel@tonic-gate		    display_msg usage
9167c478bd9Sstevel@tonic-gate		    exit 1;;
9177c478bd9Sstevel@tonic-gate	esac
9187c478bd9Sstevel@tonic-gate    done
9197c478bd9Sstevel@tonic-gate    return `expr $OPTIND - 1`
9207c478bd9Sstevel@tonic-gate}
9217c478bd9Sstevel@tonic-gate
9227c478bd9Sstevel@tonic-gate
9237c478bd9Sstevel@tonic-gate#
9247c478bd9Sstevel@tonic-gate# init(): initializes variables and options
9257c478bd9Sstevel@tonic-gate#
9267c478bd9Sstevel@tonic-gateinit()
9277c478bd9Sstevel@tonic-gate{
9287c478bd9Sstevel@tonic-gate    # General variables.
9297c478bd9Sstevel@tonic-gate    PROG=`basename $0`	# Program name
9307c478bd9Sstevel@tonic-gate    PID=$$              # Program ID
9317c478bd9Sstevel@tonic-gate    VERB='> /dev/null 2>&1'	# NULL or "> /dev/null"
9327c478bd9Sstevel@tonic-gate    ECHO="/bin/echo"	# print message on screen
9337c478bd9Sstevel@tonic-gate    EVAL="eval"		# eval or echo
9347c478bd9Sstevel@tonic-gate    EGREP="/usr/bin/egrep"
9357c478bd9Sstevel@tonic-gate    GREP="/usr/bin/grep"
9367c478bd9Sstevel@tonic-gate    DEBUG=0             # Set Debug OFF
9377c478bd9Sstevel@tonic-gate    BACKUP=no_ldap	# backup suffix
9387c478bd9Sstevel@tonic-gate    HOST=""		# NULL or <hostname>
939*cb5caa98Sdjl    NAWK="/usr/bin/nawk"
9407c478bd9Sstevel@tonic-gate
9417c478bd9Sstevel@tonic-gate    DOM=""              # Set to NULL
9427c478bd9Sstevel@tonic-gate    # If DNS domain (resolv.conf) exists use that, otherwise use domainname.
9437c478bd9Sstevel@tonic-gate    if [ -f /etc/resolv.conf ]; then
9447c478bd9Sstevel@tonic-gate        DOM=`/usr/xpg4/bin/grep -i -E '^domain|^search' /etc/resolv.conf \
9457c478bd9Sstevel@tonic-gate	    | awk '{ print $2 }' | tail -1`
9467c478bd9Sstevel@tonic-gate    fi
9477c478bd9Sstevel@tonic-gate
9487c478bd9Sstevel@tonic-gate    # If for any reason the DOM did not get set (error'd resolv.conf) set
9497c478bd9Sstevel@tonic-gate    # DOM to the domainname command's output.
9507c478bd9Sstevel@tonic-gate    if [ "$DOM" = "" ]; then
9517c478bd9Sstevel@tonic-gate        DOM=`domainname`	# domain from domainname command.
9527c478bd9Sstevel@tonic-gate    fi
9537c478bd9Sstevel@tonic-gate
9547c478bd9Sstevel@tonic-gate    STEP=1
9557c478bd9Sstevel@tonic-gate    INTERACTIVE=1       # 0 = on, 1 = off (For input file mode)
9567c478bd9Sstevel@tonic-gate    DEL_OLD_PROFILE=0   # 0 (default), 1 = delete old profile.
9577c478bd9Sstevel@tonic-gate
9587c478bd9Sstevel@tonic-gate    # idsconfig specific variables.
9597c478bd9Sstevel@tonic-gate    INPUT_FILE=""
9607c478bd9Sstevel@tonic-gate    OUTPUT_FILE=""
9617c478bd9Sstevel@tonic-gate    NEED_PROXY=0        # 0 = No Proxy, 1 = Create Proxy.
9627c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT=""
9637c478bd9Sstevel@tonic-gate    LDAP_SUFFIX=""
9647c478bd9Sstevel@tonic-gate    LDAP_DOMAIN=$DOM	# domainname on Server (default value)
9657c478bd9Sstevel@tonic-gate    GEN_CMD=""
9667c478bd9Sstevel@tonic-gate
9677c478bd9Sstevel@tonic-gate    # LDAP COMMANDS
9687c478bd9Sstevel@tonic-gate    LDAPSEARCH="/bin/ldapsearch -r"
9697c478bd9Sstevel@tonic-gate    LDAPMODIFY=/bin/ldapmodify
9707c478bd9Sstevel@tonic-gate    LDAPADD=/bin/ldapadd
9717c478bd9Sstevel@tonic-gate    LDAPDELETE=/bin/ldapdelete
9727c478bd9Sstevel@tonic-gate    LDAP_GEN_PROFILE=/usr/sbin/ldap_gen_profile
9737c478bd9Sstevel@tonic-gate
9747c478bd9Sstevel@tonic-gate    # iDS specific information
9757c478bd9Sstevel@tonic-gate    IDS_SERVER=""
9767c478bd9Sstevel@tonic-gate    IDS_PORT=389
9777c478bd9Sstevel@tonic-gate    NEED_TIME=0
9787c478bd9Sstevel@tonic-gate    NEED_SIZE=0
9797c478bd9Sstevel@tonic-gate    NEED_SRVAUTH_PAM=0
9807c478bd9Sstevel@tonic-gate    NEED_SRVAUTH_KEY=0
9817c478bd9Sstevel@tonic-gate    NEED_SRVAUTH_CMD=0
9827c478bd9Sstevel@tonic-gate    IDS_TIMELIMIT=""
9837c478bd9Sstevel@tonic-gate    IDS_SIZELIMIT=""
9847c478bd9Sstevel@tonic-gate
9857c478bd9Sstevel@tonic-gate    # LDAP PROFILE related defaults
9867c478bd9Sstevel@tonic-gate    LDAP_ROOTDN="cn=Directory Manager"   # Provide common default.
9877c478bd9Sstevel@tonic-gate    LDAP_ROOTPWD=""                      # NULL passwd as default (i.e. invalid)
9887c478bd9Sstevel@tonic-gate    LDAP_PROFILE_NAME="default"
9897c478bd9Sstevel@tonic-gate    LDAP_BASEDN=""
9907c478bd9Sstevel@tonic-gate    LDAP_SERVER_LIST=""
9917c478bd9Sstevel@tonic-gate    LDAP_AUTHMETHOD=""
9927c478bd9Sstevel@tonic-gate    LDAP_FOLLOWREF="FALSE"
9937c478bd9Sstevel@tonic-gate    NEED_CRYPT=""
9947c478bd9Sstevel@tonic-gate    LDAP_SEARCH_SCOPE="one"
9957c478bd9Sstevel@tonic-gate    LDAP_SRV_AUTHMETHOD_PAM=""
9967c478bd9Sstevel@tonic-gate    LDAP_SRV_AUTHMETHOD_KEY=""
9977c478bd9Sstevel@tonic-gate    LDAP_SRV_AUTHMETHOD_CMD=""
9987c478bd9Sstevel@tonic-gate    LDAP_SEARCH_TIME_LIMIT=30
9997c478bd9Sstevel@tonic-gate    LDAP_PREF_SRVLIST=""
10007c478bd9Sstevel@tonic-gate    LDAP_PROFILE_TTL=43200
10017c478bd9Sstevel@tonic-gate    LDAP_CRED_LEVEL="proxy"
10027c478bd9Sstevel@tonic-gate    LDAP_BIND_LIMIT=10
10037c478bd9Sstevel@tonic-gate
10047c478bd9Sstevel@tonic-gate    # Prevent new files from being read by group or others.
10057c478bd9Sstevel@tonic-gate    umask 077
10067c478bd9Sstevel@tonic-gate
10077c478bd9Sstevel@tonic-gate    # Service Search Descriptors
10087c478bd9Sstevel@tonic-gate    LDAP_SERV_SRCH_DES=""
10097c478bd9Sstevel@tonic-gate
10107c478bd9Sstevel@tonic-gate    # Set and create TMPDIR.
10117c478bd9Sstevel@tonic-gate    TMPDIR="/tmp/idsconfig.${PID}"
10127c478bd9Sstevel@tonic-gate    if mkdir -m 700 ${TMPDIR}
10137c478bd9Sstevel@tonic-gate    then
10147c478bd9Sstevel@tonic-gate	# Cleanup on exit.
10157c478bd9Sstevel@tonic-gate	trap 'rm -rf ${TMPDIR}; /usr/bin/stty echo; exit' 1 2 3 6 15
10167c478bd9Sstevel@tonic-gate    else
10177c478bd9Sstevel@tonic-gate	echo "ERROR: unable to create a safe temporary directory."
10187c478bd9Sstevel@tonic-gate	exit 1
10197c478bd9Sstevel@tonic-gate    fi
10207c478bd9Sstevel@tonic-gate    LDAP_ROOTPWF=${TMPDIR}/rootPWD
10217c478bd9Sstevel@tonic-gate
10227c478bd9Sstevel@tonic-gate    # Set the SSD file name after setting TMPDIR.
10237c478bd9Sstevel@tonic-gate    SSD_FILE=${TMPDIR}/ssd_list
1024*cb5caa98Sdjl
1025*cb5caa98Sdjl    # GSSAPI setup
1026*cb5caa98Sdjl    LDAP_KRB_REALM=""
1027*cb5caa98Sdjl    LDAP_GSSAPI_PROFILE=""
1028*cb5caa98Sdjl    SCHEMA_UPDATED=0
10297c478bd9Sstevel@tonic-gate
10307c478bd9Sstevel@tonic-gate    export DEBUG VERB ECHO EVAL EGREP GREP STEP TMPDIR
10317c478bd9Sstevel@tonic-gate    export IDS_SERVER IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST
10327c478bd9Sstevel@tonic-gate    export LDAP_BASEDN LDAP_ROOTPWF
10337c478bd9Sstevel@tonic-gate    export LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED
10347c478bd9Sstevel@tonic-gate    export NEED_PROXY
10357c478bd9Sstevel@tonic-gate    export LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST
10367c478bd9Sstevel@tonic-gate    export LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT
10377c478bd9Sstevel@tonic-gate    export LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT
10387c478bd9Sstevel@tonic-gate    export NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD
10397c478bd9Sstevel@tonic-gate    export LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD
10407c478bd9Sstevel@tonic-gate    export LDAP_SERV_SRCH_DES SSD_FILE
1041*cb5caa98Sdjl    export GEN_CMD LDAP_KRB_REALM LDAP_GSSAPI_PROFILE SCHEMA_UPDATED
10427c478bd9Sstevel@tonic-gate}
10437c478bd9Sstevel@tonic-gate
10447c478bd9Sstevel@tonic-gate
10457c478bd9Sstevel@tonic-gate#
10467c478bd9Sstevel@tonic-gate# disp_full_debug(): List of all debug variables usually interested in.
10477c478bd9Sstevel@tonic-gate#                    Grouped to avoid MASSIVE code duplication.
10487c478bd9Sstevel@tonic-gate#
10497c478bd9Sstevel@tonic-gatedisp_full_debug()
10507c478bd9Sstevel@tonic-gate{
10517c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_SERVER = $IDS_SERVER"
10527c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_PORT = $IDS_PORT"
10537c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_ROOTDN = $LDAP_ROOTDN"
10547c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_ROOTPWD = $LDAP_ROOTPWD"
10557c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_DOMAIN = $LDAP_DOMAIN"
10567c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SUFFIX = $LDAP_SUFFIX"
10577c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_BASEDN = $LDAP_BASEDN"
10587c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROFILE_NAME = $LDAP_PROFILE_NAME"
10597c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SERVER_LIST = $LDAP_SERVER_LIST"
10607c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PREF_SRVLIST = $LDAP_PREF_SRVLIST"
10617c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SEARCH_SCOPE = $LDAP_SEARCH_SCOPE"
10627c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_CRED_LEVEL = $LDAP_CRED_LEVEL"
10637c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_AUTHMETHOD = $LDAP_AUTHMETHOD"
10647c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_FOLLOWREF = $LDAP_FOLLOWREF"
10657c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_TIMELIMIT = $IDS_TIMELIMIT"
10667c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  IDS_SIZELIMIT = $IDS_SIZELIMIT"
10677c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_CRYPT = $NEED_CRYPT"
10687c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_SRVAUTH_PAM = $NEED_SRVAUTH_PAM"
10697c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_SRVAUTH_KEY = $NEED_SRVAUTH_KEY"
10707c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  NEED_SRVAUTH_CMD = $NEED_SRVAUTH_CMD"
10717c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SRV_AUTHMETHOD_PAM = $LDAP_SRV_AUTHMETHOD_PAM"
10727c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SRV_AUTHMETHOD_KEY = $LDAP_SRV_AUTHMETHOD_KEY"
10737c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SRV_AUTHMETHOD_CMD = $LDAP_SRV_AUTHMETHOD_CMD"
10747c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SEARCH_TIME_LIMIT = $LDAP_SEARCH_TIME_LIMIT"
10757c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROFILE_TTL = $LDAP_PROFILE_TTL"
10767c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_BIND_LIMIT = $LDAP_BIND_LIMIT"
10777c478bd9Sstevel@tonic-gate
10787c478bd9Sstevel@tonic-gate    # Only display proxy stuff if needed.
10797c478bd9Sstevel@tonic-gate    if [ $NEED_PROXY -eq  1 ]; then
10807c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROXYAGENT = $LDAP_PROXYAGENT"
10817c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_PROXYAGENT_CRED = $LDAP_PROXYAGENT_CRED"
10827c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  NEED_PROXY = $NEED_PROXY"
10837c478bd9Sstevel@tonic-gate    fi
10847c478bd9Sstevel@tonic-gate
10857c478bd9Sstevel@tonic-gate    # Service Search Descriptors are a special case.
10867c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SERV_SRCH_DES = $LDAP_SERV_SRCH_DES"
10877c478bd9Sstevel@tonic-gate}
10887c478bd9Sstevel@tonic-gate
10897c478bd9Sstevel@tonic-gate
10907c478bd9Sstevel@tonic-gate#
10917c478bd9Sstevel@tonic-gate# load_config_file(): Loads the config file.
10927c478bd9Sstevel@tonic-gate#
10937c478bd9Sstevel@tonic-gateload_config_file()
10947c478bd9Sstevel@tonic-gate{
10957c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In load_config_file()"
10967c478bd9Sstevel@tonic-gate
10977c478bd9Sstevel@tonic-gate    # Remove SSD lines from input file before sourcing.
10987c478bd9Sstevel@tonic-gate    # The SSD lines must be removed because some forms of the
10997c478bd9Sstevel@tonic-gate    # data could cause SHELL errors.
11007c478bd9Sstevel@tonic-gate    ${GREP} -v "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} > ${TMPDIR}/inputfile.noSSD
11017c478bd9Sstevel@tonic-gate
11027c478bd9Sstevel@tonic-gate    # Source the input file.
11037c478bd9Sstevel@tonic-gate    . ${TMPDIR}/inputfile.noSSD
11047c478bd9Sstevel@tonic-gate
11057c478bd9Sstevel@tonic-gate    # If LDAP_SUFFIX is no set, try to utilize LDAP_TREETOP since older
11067c478bd9Sstevel@tonic-gate    # config files use LDAP_TREETOP
11077c478bd9Sstevel@tonic-gate    LDAP_SUFFIX="${LDAP_SUFFIX:-$LDAP_TREETOP}"
11087c478bd9Sstevel@tonic-gate
11097c478bd9Sstevel@tonic-gate    # Save password to temporary file.
11107c478bd9Sstevel@tonic-gate    save_password
11117c478bd9Sstevel@tonic-gate
11127c478bd9Sstevel@tonic-gate    # Create the SSD file.
11137c478bd9Sstevel@tonic-gate    create_ssd_file
11147c478bd9Sstevel@tonic-gate
11157c478bd9Sstevel@tonic-gate    # Display FULL debugging info.
11167c478bd9Sstevel@tonic-gate    disp_full_debug
11177c478bd9Sstevel@tonic-gate}
11187c478bd9Sstevel@tonic-gate
11197c478bd9Sstevel@tonic-gate#
11207c478bd9Sstevel@tonic-gate# save_password(): Save password to temporary file.
11217c478bd9Sstevel@tonic-gate#
11227c478bd9Sstevel@tonic-gatesave_password()
11237c478bd9Sstevel@tonic-gate{
11247c478bd9Sstevel@tonic-gate    cat > ${LDAP_ROOTPWF} <<EOF
11257c478bd9Sstevel@tonic-gate${LDAP_ROOTPWD}
11267c478bd9Sstevel@tonic-gateEOF
11277c478bd9Sstevel@tonic-gate}
11287c478bd9Sstevel@tonic-gate
11297c478bd9Sstevel@tonic-gate######################################################################
11307c478bd9Sstevel@tonic-gate# FUNCTIONS  FOR prompt_config_info() START HERE.
11317c478bd9Sstevel@tonic-gate######################################################################
11327c478bd9Sstevel@tonic-gate
11337c478bd9Sstevel@tonic-gate#
11347c478bd9Sstevel@tonic-gate# get_ids_server(): Prompt for iDS server name.
11357c478bd9Sstevel@tonic-gate#
11367c478bd9Sstevel@tonic-gateget_ids_server()
11377c478bd9Sstevel@tonic-gate{
11387c478bd9Sstevel@tonic-gate    while :
11397c478bd9Sstevel@tonic-gate    do
11407c478bd9Sstevel@tonic-gate	# Prompt for server name.
1141*cb5caa98Sdjl	get_ans "Enter the JES Directory Server's  hostname to setup:" "$IDS_SERVER"
1142*cb5caa98Sdjl	IDS_SERVER="$ANS"
11437c478bd9Sstevel@tonic-gate
11447c478bd9Sstevel@tonic-gate	# Ping server to see if live.  If valid break out of loop.
11457c478bd9Sstevel@tonic-gate	ping $IDS_SERVER > /dev/null 2>&1
11467c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
11477c478bd9Sstevel@tonic-gate	    break
11487c478bd9Sstevel@tonic-gate	fi
11497c478bd9Sstevel@tonic-gate
11507c478bd9Sstevel@tonic-gate	# Invalid server, enter a new name.
11517c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Server '${IDS_SERVER}' is invalid or unreachable."
11527c478bd9Sstevel@tonic-gate	IDS_SERVER=""
11537c478bd9Sstevel@tonic-gate    done
11547c478bd9Sstevel@tonic-gate
11557c478bd9Sstevel@tonic-gate    # Set SERVER_ARGS and LDAP_ARGS since values might of changed.
11567c478bd9Sstevel@tonic-gate    SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}"
11577c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
11587c478bd9Sstevel@tonic-gate    export SERVER_ARGS
11597c478bd9Sstevel@tonic-gate
11607c478bd9Sstevel@tonic-gate}
11617c478bd9Sstevel@tonic-gate
11627c478bd9Sstevel@tonic-gate#
11637c478bd9Sstevel@tonic-gate# get_ids_port(): Prompt for iDS port number.
11647c478bd9Sstevel@tonic-gate#
11657c478bd9Sstevel@tonic-gateget_ids_port()
11667c478bd9Sstevel@tonic-gate{
11677c478bd9Sstevel@tonic-gate    # Get a valid iDS port number.
11687c478bd9Sstevel@tonic-gate    while :
11697c478bd9Sstevel@tonic-gate    do
11707c478bd9Sstevel@tonic-gate	# Enter port number.
11717c478bd9Sstevel@tonic-gate	get_number "Enter the port number for iDS (h=help):" "$IDS_PORT" "port_help"
11727c478bd9Sstevel@tonic-gate	IDS_PORT=$ANS
11737c478bd9Sstevel@tonic-gate	# Do a simple search to check hostname and port number.
11747c478bd9Sstevel@tonic-gate	# If search returns SUCCESS, break out, host and port must
11757c478bd9Sstevel@tonic-gate	# be valid.
11767c478bd9Sstevel@tonic-gate	${LDAPSEARCH} -h ${IDS_SERVER} -p ${IDS_PORT} -b "" -s base "objectclass=*" > /dev/null 2>&1
11777c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
11787c478bd9Sstevel@tonic-gate	    break
11797c478bd9Sstevel@tonic-gate	fi
11807c478bd9Sstevel@tonic-gate
11817c478bd9Sstevel@tonic-gate	# Invalid host/port pair, Re-enter.
11827c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Invalid host or port: ${IDS_SERVER}:${IDS_PORT}, Please re-enter!"
11837c478bd9Sstevel@tonic-gate	get_ids_server
11847c478bd9Sstevel@tonic-gate    done
11857c478bd9Sstevel@tonic-gate
11867c478bd9Sstevel@tonic-gate    # Set SERVER_ARGS and LDAP_ARGS since values might of changed.
11877c478bd9Sstevel@tonic-gate    SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}"
11887c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
11897c478bd9Sstevel@tonic-gate    export SERVER_ARGS
11907c478bd9Sstevel@tonic-gate}
11917c478bd9Sstevel@tonic-gate
11927c478bd9Sstevel@tonic-gate
11937c478bd9Sstevel@tonic-gate#
11947c478bd9Sstevel@tonic-gate# chk_ids_version(): Read the slapd config file and set variables
11957c478bd9Sstevel@tonic-gate#
11967c478bd9Sstevel@tonic-gatechk_ids_version()
11977c478bd9Sstevel@tonic-gate{
11987c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()"
11997c478bd9Sstevel@tonic-gate
12007c478bd9Sstevel@tonic-gate    # check iDS version number.
12017c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base \"objectclass=*\" version | ${GREP} \"^version=\" | cut -f2 -d'/' | cut -f1 -d' ' > ${TMPDIR}/checkDSver 2>&1"
12027c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
12037c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Can not determine the version number of iDS!"
12047c478bd9Sstevel@tonic-gate	exit 1
12057c478bd9Sstevel@tonic-gate    fi
12067c478bd9Sstevel@tonic-gate    IDS_VER=`cat ${TMPDIR}/checkDSver`
12077c478bd9Sstevel@tonic-gate    IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.`
12087c478bd9Sstevel@tonic-gate    IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.`
1209*cb5caa98Sdjl    if [ "${IDS_MAJVER}" != "5" ] && [ "${IDS_MAJVER}" != "6" ]; then
1210*cb5caa98Sdjl	${ECHO} "ERROR: $PROG only works with JES DS version 5.x and 6.x, not ${IDS_VER}."
12117c478bd9Sstevel@tonic-gate    	exit 1
12127c478bd9Sstevel@tonic-gate    fi
12137c478bd9Sstevel@tonic-gate    if [ $DEBUG -eq 1 ]; then
12147c478bd9Sstevel@tonic-gate	${ECHO} "  IDS_MAJVER = $IDS_MAJVER"
12157c478bd9Sstevel@tonic-gate	${ECHO} "  IDS_MINVER = $IDS_MINVER"
12167c478bd9Sstevel@tonic-gate    fi
12177c478bd9Sstevel@tonic-gate}
12187c478bd9Sstevel@tonic-gate
12197c478bd9Sstevel@tonic-gate
12207c478bd9Sstevel@tonic-gate#
12217c478bd9Sstevel@tonic-gate# get_dirmgr_dn(): Get the directory manger DN.
12227c478bd9Sstevel@tonic-gate#
12237c478bd9Sstevel@tonic-gateget_dirmgr_dn()
12247c478bd9Sstevel@tonic-gate{
12257c478bd9Sstevel@tonic-gate    get_ans "Enter the directory manager DN:" "$LDAP_ROOTDN"
12267c478bd9Sstevel@tonic-gate    LDAP_ROOTDN=$ANS
12277c478bd9Sstevel@tonic-gate
12287c478bd9Sstevel@tonic-gate    # Update ENV variables using DN.
12297c478bd9Sstevel@tonic-gate    AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}"
12307c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
12317c478bd9Sstevel@tonic-gate    export AUTH_ARGS LDAP_ARGS
12327c478bd9Sstevel@tonic-gate}
12337c478bd9Sstevel@tonic-gate
12347c478bd9Sstevel@tonic-gate
12357c478bd9Sstevel@tonic-gate#
12367c478bd9Sstevel@tonic-gate# get_dirmgr_pw(): Get the Root DN passwd. (Root DN found in slapd.conf)
12377c478bd9Sstevel@tonic-gate#
12387c478bd9Sstevel@tonic-gateget_dirmgr_pw()
12397c478bd9Sstevel@tonic-gate{
12407c478bd9Sstevel@tonic-gate    while :
12417c478bd9Sstevel@tonic-gate    do
12427c478bd9Sstevel@tonic-gate	# Get passwd.
12437c478bd9Sstevel@tonic-gate	get_passwd_nochk "Enter passwd for ${LDAP_ROOTDN} :"
12447c478bd9Sstevel@tonic-gate	LDAP_ROOTPWD=$ANS
12457c478bd9Sstevel@tonic-gate
12467c478bd9Sstevel@tonic-gate	# Store password in file.
12477c478bd9Sstevel@tonic-gate	save_password
12487c478bd9Sstevel@tonic-gate
12497c478bd9Sstevel@tonic-gate	# Update ENV variables using DN's PW.
12507c478bd9Sstevel@tonic-gate	AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}"
12517c478bd9Sstevel@tonic-gate	LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
12527c478bd9Sstevel@tonic-gate	export AUTH_ARGS LDAP_ARGS
12537c478bd9Sstevel@tonic-gate
12547c478bd9Sstevel@tonic-gate	# Verify that ROOTDN and ROOTPWD are valid.
12557c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1"
12567c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
12577c478bd9Sstevel@tonic-gate	    eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}"
12587c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
12597c478bd9Sstevel@tonic-gate		${ECHO} "ERROR: Root DN passwd is invalid."
12607c478bd9Sstevel@tonic-gate	    else
12617c478bd9Sstevel@tonic-gate		${ECHO} "ERROR: Invalid Root DN <${LDAP_ROOTDN}>."
12627c478bd9Sstevel@tonic-gate		get_dirmgr_dn
12637c478bd9Sstevel@tonic-gate	    fi
12647c478bd9Sstevel@tonic-gate	else
12657c478bd9Sstevel@tonic-gate	    break         # Both are valid.
12667c478bd9Sstevel@tonic-gate	fi
12677c478bd9Sstevel@tonic-gate    done
12687c478bd9Sstevel@tonic-gate
12697c478bd9Sstevel@tonic-gate
12707c478bd9Sstevel@tonic-gate}
12717c478bd9Sstevel@tonic-gate
12727c478bd9Sstevel@tonic-gate
12737c478bd9Sstevel@tonic-gate#
12747c478bd9Sstevel@tonic-gate# get_domain(): Get the Domain that will be served by the LDAP server.
12757c478bd9Sstevel@tonic-gate#               $1 - Help argument.
12767c478bd9Sstevel@tonic-gate#
12777c478bd9Sstevel@tonic-gateget_domain()
12787c478bd9Sstevel@tonic-gate{
12797c478bd9Sstevel@tonic-gate    # Use LDAP_DOMAIN as default.
12807c478bd9Sstevel@tonic-gate    get_ans "Enter the domainname to be served (h=help):" $LDAP_DOMAIN
12817c478bd9Sstevel@tonic-gate
12827c478bd9Sstevel@tonic-gate    # Check domainname, and have user re-enter if not valid.
12837c478bd9Sstevel@tonic-gate    check_domainname $ANS
12847c478bd9Sstevel@tonic-gate    while [ $? -ne 0 ]
12857c478bd9Sstevel@tonic-gate    do
12867c478bd9Sstevel@tonic-gate	case "$ANS" in
12877c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg ${1:-sorry} ;;
12887c478bd9Sstevel@tonic-gate	    * ) ${ECHO} "Invalid domainname: \"${ANS}\"."
12897c478bd9Sstevel@tonic-gate	     ;;
12907c478bd9Sstevel@tonic-gate	esac
12917c478bd9Sstevel@tonic-gate	get_ans "Enter domainname to be served (h=help):" $DOM
12927c478bd9Sstevel@tonic-gate
12937c478bd9Sstevel@tonic-gate	check_domainname $ANS
12947c478bd9Sstevel@tonic-gate    done
12957c478bd9Sstevel@tonic-gate
12967c478bd9Sstevel@tonic-gate    # Set the domainname to valid name.
12977c478bd9Sstevel@tonic-gate    LDAP_DOMAIN=$ANS
12987c478bd9Sstevel@tonic-gate}
12997c478bd9Sstevel@tonic-gate
13007c478bd9Sstevel@tonic-gate
13017c478bd9Sstevel@tonic-gate#
13027c478bd9Sstevel@tonic-gate# get_basedn(): Query for the Base DN.
13037c478bd9Sstevel@tonic-gate#
13047c478bd9Sstevel@tonic-gateget_basedn()
13057c478bd9Sstevel@tonic-gate{
13067c478bd9Sstevel@tonic-gate    # Set the $_DOM_2_DC and assign to LDAP_BASEDN as default.
13077c478bd9Sstevel@tonic-gate    # Then call get_basedn().  This method remakes the default
13087c478bd9Sstevel@tonic-gate    # each time just in case the domain changed.
13097c478bd9Sstevel@tonic-gate    domain_2_dc $LDAP_DOMAIN
13107c478bd9Sstevel@tonic-gate    LDAP_BASEDN=$_DOM_2_DC
13117c478bd9Sstevel@tonic-gate
13127c478bd9Sstevel@tonic-gate    # Get Base DN.
13137c478bd9Sstevel@tonic-gate    while :
13147c478bd9Sstevel@tonic-gate    do
1315017e8b01Svl	get_ans_req "Enter LDAP Base DN (h=help):" "${_DOM_2_DC}"
13167c478bd9Sstevel@tonic-gate	check_baseDN "$ANS"
13177c478bd9Sstevel@tonic-gate	while [ $? -ne 0 ]
13187c478bd9Sstevel@tonic-gate	do
13197c478bd9Sstevel@tonic-gate	    case "$ANS" in
13207c478bd9Sstevel@tonic-gate		[Hh] | help | Help | \?) display_msg basedn_help ;;
13217c478bd9Sstevel@tonic-gate		* ) ${ECHO} "Invalid base DN: \"${ANS}\"."
13227c478bd9Sstevel@tonic-gate		;;
13237c478bd9Sstevel@tonic-gate	    esac
13247c478bd9Sstevel@tonic-gate
13257c478bd9Sstevel@tonic-gate	    # Re-Enter the BaseDN
1326017e8b01Svl	    get_ans_req "Enter LDAP Base DN (h=help):" "${_DOM_2_DC}"
13277c478bd9Sstevel@tonic-gate	    check_baseDN "$ANS"
13287c478bd9Sstevel@tonic-gate	done
13297c478bd9Sstevel@tonic-gate
1330017e8b01Svl	# Set base DN and check its suffix
13317c478bd9Sstevel@tonic-gate	LDAP_BASEDN=${ANS}
1332017e8b01Svl	check_basedn_suffix ||
1333017e8b01Svl	{
1334017e8b01Svl		cleanup
1335017e8b01Svl		exit 1
1336017e8b01Svl	}
13377c478bd9Sstevel@tonic-gate
1338017e8b01Svl	# suffix may need to be created, in that case get suffix from user
1339017e8b01Svl	[ -n "${NEED_CREATE_SUFFIX}" ] &&
1340017e8b01Svl	{
1341017e8b01Svl		get_suffix || continue
1342017e8b01Svl	}
1343017e8b01Svl
1344017e8b01Svl	# suffix is ok, break out of the base dn inquire loop
1345017e8b01Svl	break
13467c478bd9Sstevel@tonic-gate    done
13477c478bd9Sstevel@tonic-gate}
13487c478bd9Sstevel@tonic-gate
1349*cb5caa98Sdjlget_krb_realm() {
1350*cb5caa98Sdjl
1351*cb5caa98Sdjl    # To upper cases
1352*cb5caa98Sdjl    LDAP_KRB_REALM=`${ECHO} ${LDAP_DOMAIN} | ${NAWK} '{ print toupper($0) }'`
1353*cb5caa98Sdjl    get_ans_req "Enter Kerberos Realm:" "$LDAP_KRB_REALM"
1354*cb5caa98Sdjl    # To upper cases
1355*cb5caa98Sdjl    LDAP_KRB_REALM=`${ECHO} ${ANS} | ${NAWK} '{ print toupper($0) }'`
1356*cb5caa98Sdjl}
1357*cb5caa98Sdjl
1358*cb5caa98Sdjl# $1: DN
1359*cb5caa98Sdjl# $2: ldif file
1360*cb5caa98Sdjladd_entry_by_DN() {
1361*cb5caa98Sdjl
1362*cb5caa98Sdjl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${1}\" -s base \"objectclass=*\" ${VERB}"
1363*cb5caa98Sdjl    if [ $? -eq 0 ]; then
1364*cb5caa98Sdjl	    ${ECHO} "  ${1} already exists"
1365*cb5caa98Sdjl	    return 0
1366*cb5caa98Sdjl    else
1367*cb5caa98Sdjl	${EVAL} "${LDAPADD} ${LDAP_ARGS} -f ${2} ${VERB}"
1368*cb5caa98Sdjl	if [ $? -eq 0 ]; then
1369*cb5caa98Sdjl		${ECHO} "  ${1} is added"
1370*cb5caa98Sdjl	    	return 0
1371*cb5caa98Sdjl	else
1372*cb5caa98Sdjl		${ECHO} "  ERROR: failed to add ${1}"
1373*cb5caa98Sdjl		return 1
1374*cb5caa98Sdjl	fi
1375*cb5caa98Sdjl    fi
1376*cb5caa98Sdjl
1377*cb5caa98Sdjl}
1378*cb5caa98Sdjl#
1379*cb5caa98Sdjl# Kerberos princiapl to DN mapping rules
1380*cb5caa98Sdjl#
1381*cb5caa98Sdjl# Add rules for host credentails and user credentials
1382*cb5caa98Sdjl#
1383*cb5caa98Sdjladd_id_mapping_rules() {
1384*cb5caa98Sdjl
1385*cb5caa98Sdjl    ${ECHO} "  Adding Kerberos principal to DN mapping rules..."
1386*cb5caa98Sdjl
1387*cb5caa98Sdjl    _C_DN="cn=GSSAPI,cn=identity mapping,cn=config"
1388*cb5caa98Sdjl    ( cat << EOF
1389*cb5caa98Sdjldn: cn=GSSAPI,cn=identity mapping,cn=config
1390*cb5caa98SdjlobjectClass: top
1391*cb5caa98SdjlobjectClass: nsContainer
1392*cb5caa98Sdjlcn: GSSAPI
1393*cb5caa98SdjlEOF
1394*cb5caa98Sdjl) > ${TMPDIR}/GSSAPI_container.ldif
1395*cb5caa98Sdjl
1396*cb5caa98Sdjl    add_entry_by_DN "${_C_DN}" "${TMPDIR}/GSSAPI_container.ldif"
1397*cb5caa98Sdjl    if [ $? -ne 0 ];
1398*cb5caa98Sdjl    then
1399*cb5caa98Sdjl    	${RM} ${TMPDIR}/GSSAPI_container.ldif
1400*cb5caa98Sdjl	return
1401*cb5caa98Sdjl    fi
1402*cb5caa98Sdjl
1403*cb5caa98Sdjl    _H_CN="host_auth_${LDAP_KRB_REALM}"
1404*cb5caa98Sdjl    _H_DN="cn=${_H_CN}, ${_C_DN}"
1405*cb5caa98Sdjl    ( cat << EOF
1406*cb5caa98Sdjldn: ${_H_DN}
1407*cb5caa98SdjlobjectClass: top
1408*cb5caa98SdjlobjectClass: nsContainer
1409*cb5caa98SdjlobjectClass: dsIdentityMapping
1410*cb5caa98SdjlobjectClass: dsPatternMatching
1411*cb5caa98Sdjlcn: ${_H_CN}
1412*cb5caa98SdjldsMatching-pattern: \${Principal}
1413*cb5caa98SdjldsMatching-regexp: host\/(.*).${LDAP_DOMAIN}@${LDAP_KRB_REALM}
1414*cb5caa98SdjldsSearchBaseDN: ou=hosts,${LDAP_BASEDN}
1415*cb5caa98SdjldsSearchFilter: (&(objectClass=ipHost)(cn=\$1))
1416*cb5caa98SdjldsSearchScope: one
1417*cb5caa98Sdjl
1418*cb5caa98SdjlEOF
1419*cb5caa98Sdjl) > ${TMPDIR}/${_H_CN}.ldif
1420*cb5caa98Sdjl
1421*cb5caa98Sdjl    add_entry_by_DN "${_H_DN}" "${TMPDIR}/${_H_CN}.ldif"
1422*cb5caa98Sdjl
1423*cb5caa98Sdjl    _U_CN="user_auth_${LDAP_KRB_REALM}"
1424*cb5caa98Sdjl    _U_DN="cn=${_U_CN}, ${_C_DN}"
1425*cb5caa98Sdjl    ( cat << EOF
1426*cb5caa98Sdjldn: ${_U_DN}
1427*cb5caa98SdjlobjectClass: top
1428*cb5caa98SdjlobjectClass: nsContainer
1429*cb5caa98SdjlobjectClass: dsIdentityMapping
1430*cb5caa98SdjlobjectClass: dsPatternMatching
1431*cb5caa98Sdjlcn: ${_U_CN}
1432*cb5caa98SdjldsMatching-pattern: \${Principal}
1433*cb5caa98SdjldsMatching-regexp: (.*)@${LDAP_KRB_REALM}
1434*cb5caa98SdjldsMappedDN: uid=\$1,ou=People,${LDAP_BASEDN}
1435*cb5caa98Sdjl
1436*cb5caa98SdjlEOF
1437*cb5caa98Sdjl) > ${TMPDIR}/${_U_CN}.ldif
1438*cb5caa98Sdjl
1439*cb5caa98Sdjl    add_entry_by_DN "${_U_DN}" "${TMPDIR}/${_U_CN}.ldif"
1440*cb5caa98Sdjl
1441*cb5caa98Sdjl}
1442*cb5caa98Sdjl
1443*cb5caa98Sdjl
1444*cb5caa98Sdjl#
1445*cb5caa98Sdjl# Modify ACL to allow root to read all the password and only self can read
1446*cb5caa98Sdjl# its own password when sasl/GSSAPI bind is used
14477c478bd9Sstevel@tonic-gate#
1448*cb5caa98Sdjlmodify_userpassword_acl_for_gssapi() {
1449*cb5caa98Sdjl
1450*cb5caa98Sdjl    _P_DN="ou=People,${LDAP_BASEDN}"
1451*cb5caa98Sdjl    _H_DN="ou=Hosts,${LDAP_BASEDN}"
1452*cb5caa98Sdjl    _P_ACI="self-read-pwd"
1453*cb5caa98Sdjl
1454*cb5caa98Sdjl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${_P_DN}\" -s base \"objectclass=*\" > /dev/null 2>&1"
1455*cb5caa98Sdjl    if [ $? -ne 0 ]; then
1456*cb5caa98Sdjl	    ${ECHO} "  ${_P_DN} does not exist"
1457*cb5caa98Sdjl	# Not Found. Create a new entry
1458*cb5caa98Sdjl	( cat << EOF
1459*cb5caa98Sdjldn: ${_P_DN}
1460*cb5caa98Sdjlou: People
1461*cb5caa98SdjlobjectClass: top
1462*cb5caa98SdjlobjectClass: organizationalUnit
1463*cb5caa98SdjlEOF
1464*cb5caa98Sdjl) > ${TMPDIR}/gssapi_people.ldif
1465*cb5caa98Sdjl
1466*cb5caa98Sdjl	add_entry_by_DN "${_P_DN}" "${TMPDIR}/gssapi_people.ldif"
1467*cb5caa98Sdjl    else
1468*cb5caa98Sdjl	${ECHO} "  ${_P_DN} already exists"
1469*cb5caa98Sdjl    fi
1470*cb5caa98Sdjl
1471*cb5caa98Sdjl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${_P_DN}\" -s base \"objectclass=*\" aci > ${TMPDIR}/chk_gssapi_aci 2>&1"
1472*cb5caa98Sdjl
1473*cb5caa98Sdjl    if [ $? -eq 0 ]; then
1474*cb5caa98Sdjl	    ${EVAL} "${GREP} ${_P_ACI} ${TMPDIR}/chk_gssapi_aci > /dev/null 2>&1"
1475*cb5caa98Sdjl	    if [ $? -eq 0 ]; then
1476*cb5caa98Sdjl		${ECHO} "  userpassword ACL ${_P_ACI} already exists."
1477*cb5caa98Sdjl		return
1478*cb5caa98Sdjl	    else
1479*cb5caa98Sdjl		${ECHO} "  userpassword ACL ${_P_ACI} not found. Create a new one."
1480*cb5caa98Sdjl	    fi
1481*cb5caa98Sdjl    else
1482*cb5caa98Sdjl	${ECHO} "  Error searching aci for ${_P_DN}"
1483*cb5caa98Sdjl	cat ${TMPDIR}/chk_gssapi_aci
1484*cb5caa98Sdjl	cleanup
1485*cb5caa98Sdjl	exit 1
1486*cb5caa98Sdjl    fi
1487*cb5caa98Sdjl    ( cat << EOF
1488*cb5caa98Sdjldn: ${_P_DN}
1489*cb5caa98Sdjlchangetype: modify
1490*cb5caa98Sdjladd: aci
1491*cb5caa98Sdjlaci: (targetattr="userPassword")(version 3.0; acl self-read-pwd; allow (read,search) userdn="ldap:///self" and authmethod="sasl GSSAPI";)
1492*cb5caa98Sdjl-
1493*cb5caa98Sdjladd: aci
1494*cb5caa98Sdjlaci: (targetattr="userPassword")(version 3.0; acl host-read-pwd; allow (read,search) userdn="ldap:///cn=*+ipHostNumber=*,ou=Hosts,${LDAP_BASEDN}" and authmethod="sasl GSSAPI";)
1495*cb5caa98SdjlEOF
1496*cb5caa98Sdjl) > ${TMPDIR}/user_gssapi.ldif
1497*cb5caa98Sdjl    LDAP_TYPE_OR_VALUE_EXISTS=20
1498*cb5caa98Sdjl    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/user_gssapi.ldif ${VERB}"
1499*cb5caa98Sdjl
1500*cb5caa98Sdjl    case $? in
1501*cb5caa98Sdjl    0)
1502*cb5caa98Sdjl	${ECHO} "  ${_P_DN} uaserpassword ACL is updated."
1503*cb5caa98Sdjl	;;
1504*cb5caa98Sdjl    20)
1505*cb5caa98Sdjl	${ECHO} "  ${_P_DN} uaserpassword ACL already exists."
1506*cb5caa98Sdjl	;;
1507*cb5caa98Sdjl    *)
1508*cb5caa98Sdjl	${ECHO} "  ERROR: update of userpassword ACL for ${_P_DN} failed!"
1509*cb5caa98Sdjl	cleanup
1510*cb5caa98Sdjl	exit 1
1511*cb5caa98Sdjl	;;
1512*cb5caa98Sdjl    esac
1513*cb5caa98Sdjl}
1514*cb5caa98Sdjl#
1515*cb5caa98Sdjl# $1: objectclass or attributetyp
1516*cb5caa98Sdjl# $2: name
1517*cb5caa98Sdjlsearch_update_schema() {
1518*cb5caa98Sdjl
1519*cb5caa98Sdjl    ATTR="${1}es"
1520*cb5caa98Sdjl
1521*cb5caa98Sdjl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b cn=schema -s base \"objectclass=*\" ${ATTR} | ${GREP} -i \"${2}\" ${VERB}"
1522*cb5caa98Sdjl    if [ $? -ne 0 ]; then
1523*cb5caa98Sdjl	${ECHO} "${1} ${2} does not exist."
1524*cb5caa98Sdjl        update_schema_attr
1525*cb5caa98Sdjl        update_schema_obj
1526*cb5caa98Sdjl	SCHEMA_UPDATED=1
1527*cb5caa98Sdjl    else
1528*cb5caa98Sdjl	${ECHO} "${1} ${2} already exists. Schema has been updated"
1529*cb5caa98Sdjl    fi
1530*cb5caa98Sdjl}
1531*cb5caa98Sdjl
1532*cb5caa98Sdjl#
1533*cb5caa98Sdjl# $1: 1 - interactive, 0 - no
1534*cb5caa98Sdjl#
1535*cb5caa98Sdjlcreate_gssapi_profile() {
1536*cb5caa98Sdjl
1537*cb5caa98Sdjl
1538*cb5caa98Sdjl    if [ ${1} -eq 1 ]; then
1539*cb5caa98Sdjl        echo
1540*cb5caa98Sdjl        echo "You can create a sasl/GSSAPI enabled profile with default values now."
1541*cb5caa98Sdjl        get_confirm "Do you want to create a sasl/GSSAPI default profile ?" "n"
1542*cb5caa98Sdjl
1543*cb5caa98Sdjl        if [ $? -eq 0 ]; then
1544*cb5caa98Sdjl	    return
1545*cb5caa98Sdjl        fi
1546*cb5caa98Sdjl    fi
1547*cb5caa98Sdjl
1548*cb5caa98Sdjl    # Add profile container if it does not exist
1549*cb5caa98Sdjl    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" > /dev/null 2>&1"
1550*cb5caa98Sdjl    if [ $? -ne 0 ]; then
1551*cb5caa98Sdjl	( cat << EOF
1552*cb5caa98Sdjldn: ou=profile,${LDAP_BASEDN}
1553*cb5caa98Sdjlou: profile
1554*cb5caa98SdjlobjectClass: top
1555*cb5caa98SdjlobjectClass: organizationalUnit
1556*cb5caa98SdjlEOF
1557*cb5caa98Sdjl) > ${TMPDIR}/profile_people.ldif
1558*cb5caa98Sdjl
1559*cb5caa98Sdjl        add_entry_by_DN "ou=profile,${LDAP_BASEDN}" "${TMPDIR}/profile_people.ldif"
1560*cb5caa98Sdjl
1561*cb5caa98Sdjl    fi
1562*cb5caa98Sdjl
1563*cb5caa98Sdjl    search_update_schema "objectclass" "DUAConfigProfile"
1564*cb5caa98Sdjl
1565*cb5caa98Sdjl    _P_NAME="gssapi_${LDAP_KRB_REALM}"
1566*cb5caa98Sdjl    if [ ${1} -eq 1 ]; then
1567*cb5caa98Sdjl    	_P_TMP=${LDAP_PROFILE_NAME}
1568*cb5caa98Sdjl    	LDAP_PROFILE_NAME=${_P_NAME}
1569*cb5caa98Sdjl   	get_profile_name
1570*cb5caa98Sdjl        LDAP_GSSAPI_PROFILE=${LDAP_PROFILE_NAME}
1571*cb5caa98Sdjl    	LDAP_PROFILE_NAME=${_P_TMP}
1572*cb5caa98Sdjl    fi
1573*cb5caa98Sdjl
1574*cb5caa98Sdjl    _P_DN="cn=${LDAP_GSSAPI_PROFILE},ou=profile,${LDAP_BASEDN}"
1575*cb5caa98Sdjl    if [ ${DEL_OLD_PROFILE} -eq 1 ]; then
1576*cb5caa98Sdjl	    DEL_OLD_PROFILE=0
1577*cb5caa98Sdjl	    ${EVAL} "${LDAPDELETE} ${LDAP_ARGS} ${_P_DN} ${VERB}"
1578*cb5caa98Sdjl    fi
1579*cb5caa98Sdjl
1580*cb5caa98Sdjl    _SVR=`getent hosts ${IDS_SERVER} | ${NAWK} '{ print $1 }'`
1581*cb5caa98Sdjl    if [ ${IDS_PORT} -ne 389 ]; then
1582*cb5caa98Sdjl	    _SVR="${_SVR}:${IDS_PORT}"
1583*cb5caa98Sdjl    fi
1584*cb5caa98Sdjl
1585*cb5caa98Sdjl    (cat << EOF
1586*cb5caa98Sdjldn: ${_P_DN}
1587*cb5caa98SdjlobjectClass: top
1588*cb5caa98SdjlobjectClass: DUAConfigProfile
1589*cb5caa98SdjldefaultServerList: ${_SVR}
1590*cb5caa98SdjldefaultSearchBase: ${LDAP_BASEDN}
1591*cb5caa98SdjlauthenticationMethod: sasl/GSSAPI
1592*cb5caa98SdjlfollowReferrals: ${LDAP_FOLLOWREF}
1593*cb5caa98SdjldefaultSearchScope: ${LDAP_SEARCH_SCOPE}
1594*cb5caa98SdjlsearchTimeLimit: ${LDAP_SEARCH_TIME_LIMIT}
1595*cb5caa98SdjlprofileTTL: ${LDAP_PROFILE_TTL}
1596*cb5caa98Sdjlcn: ${LDAP_GSSAPI_PROFILE}
1597*cb5caa98SdjlcredentialLevel: self
1598*cb5caa98SdjlbindTimeLimit: ${LDAP_BIND_LIMIT}
1599*cb5caa98SdjlEOF
1600*cb5caa98Sdjl) > ${TMPDIR}/gssapi_profile.ldif
1601*cb5caa98Sdjl
1602*cb5caa98Sdjl    add_entry_by_DN "${_P_DN}" "${TMPDIR}/gssapi_profile.ldif"
1603*cb5caa98Sdjl
1604*cb5caa98Sdjl}
1605*cb5caa98Sdjl#
1606*cb5caa98Sdjl# Set up GSSAPI if necessary
1607*cb5caa98Sdjl#
1608*cb5caa98Sdjlgssapi_setup() {
1609*cb5caa98Sdjl
1610*cb5caa98Sdjl	${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" supportedSASLMechanisms | ${GREP} GSSAPI ${VERB}"
1611*cb5caa98Sdjl	if [ $? -ne 0 ]; then
1612*cb5caa98Sdjl		${ECHO} "  sasl/GSSAPI is not supported by this LDAP server"
1613*cb5caa98Sdjl		return
1614*cb5caa98Sdjl	fi
1615*cb5caa98Sdjl
1616*cb5caa98Sdjl	get_confirm "GSSAPI is supported. Do you want to set up gssapi:(y/n)" "n"
1617*cb5caa98Sdjl	if [ $? -eq 0 ]; then
1618*cb5caa98Sdjl		${ECHO}
1619*cb5caa98Sdjl		${ECHO} "GSSAPI is not set up."
1620*cb5caa98Sdjl		${ECHO} "sasl/GSSAPI bind may not workif it's not set up before."
1621*cb5caa98Sdjl	else
1622*cb5caa98Sdjl		get_krb_realm
1623*cb5caa98Sdjl		add_id_mapping_rules
1624*cb5caa98Sdjl		modify_userpassword_acl_for_gssapi
1625*cb5caa98Sdjl		create_gssapi_profile 1
1626*cb5caa98Sdjl		${ECHO}
1627*cb5caa98Sdjl		${ECHO} "GSSAPI setup is done."
1628*cb5caa98Sdjl	fi
1629*cb5caa98Sdjl
1630*cb5caa98Sdjl	cat << EOF
1631*cb5caa98Sdjl
1632*cb5caa98SdjlYou can continue to create a profile and
1633*cb5caa98Sdjlconfigure the LDAP server.
1634*cb5caa98SdjlOr you can stop now.
1635*cb5caa98Sdjl
1636*cb5caa98SdjlEOF
1637*cb5caa98Sdjl	get_confirm "Do you want to stop:(y/n)" "n"
1638*cb5caa98Sdjl	if [ $? -eq 1 ]; then
1639*cb5caa98Sdjl		cleanup
1640*cb5caa98Sdjl		exit
1641*cb5caa98Sdjl	fi
1642*cb5caa98Sdjl
1643*cb5caa98Sdjl}
1644*cb5caa98Sdjlgssapi_setup_auto() {
1645*cb5caa98Sdjl	${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" supportedSASLMechanisms | ${GREP} GSSAPI ${VERB}"
1646*cb5caa98Sdjl	if [ $? -ne 0 ]; then
1647*cb5caa98Sdjl		${ECHO}
1648*cb5caa98Sdjl		${ECHO} "sasl/GSSAPI is not supported by this LDAP server"
1649*cb5caa98Sdjl		${ECHO}
1650*cb5caa98Sdjl		return
1651*cb5caa98Sdjl	fi
1652*cb5caa98Sdjl	if [ -z "${LDAP_KRB_REALM}" ]; then
1653*cb5caa98Sdjl		${ECHO}
1654*cb5caa98Sdjl		${ECHO} "LDAP_KRB_REALM is not set. Skip gssapi setup."
1655*cb5caa98Sdjl		${ECHO} "sasl/GSSAPI bind won't work properly."
1656*cb5caa98Sdjl		${ECHO}
1657*cb5caa98Sdjl		return
1658*cb5caa98Sdjl	fi
1659*cb5caa98Sdjl	if [ -z "${LDAP_GSSAPI_PROFILE}" ]; then
1660*cb5caa98Sdjl		${ECHO}
1661*cb5caa98Sdjl		${ECHO} "LDAP_GSSAPI_PROFILE is not set. Default is gssapi_${LDAP_KRB_REALM}"
1662*cb5caa98Sdjl		${ECHO}
1663*cb5caa98Sdjl		LDAP_GSSAPI_PROFILE="gssapi_${LDAP_KRB_REALM}"
1664*cb5caa98Sdjl	fi
1665*cb5caa98Sdjl	add_id_mapping_rules
1666*cb5caa98Sdjl	modify_userpassword_acl_for_gssapi
1667*cb5caa98Sdjl	create_gssapi_profile 0
1668*cb5caa98Sdjl}
16697c478bd9Sstevel@tonic-gate# get_profile_name(): Enter the profile name.
16707c478bd9Sstevel@tonic-gate#
16717c478bd9Sstevel@tonic-gateget_profile_name()
16727c478bd9Sstevel@tonic-gate{
16737c478bd9Sstevel@tonic-gate    # Reset Delete Old Profile since getting new profile name.
16747c478bd9Sstevel@tonic-gate    DEL_OLD_PROFILE=0
16757c478bd9Sstevel@tonic-gate
16767c478bd9Sstevel@tonic-gate    # Loop until valid profile name, or replace.
16777c478bd9Sstevel@tonic-gate    while :
16787c478bd9Sstevel@tonic-gate    do
16797c478bd9Sstevel@tonic-gate	# Prompt for profile name.
16807c478bd9Sstevel@tonic-gate	get_ans "Enter the profile name (h=help):" "$LDAP_PROFILE_NAME"
16817c478bd9Sstevel@tonic-gate
16827c478bd9Sstevel@tonic-gate	# Check for Help.
16837c478bd9Sstevel@tonic-gate	case "$ANS" in
16847c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg profile_help
16857c478bd9Sstevel@tonic-gate				     continue ;;
16867c478bd9Sstevel@tonic-gate	    * )  ;;
16877c478bd9Sstevel@tonic-gate	esac
16887c478bd9Sstevel@tonic-gate
16897c478bd9Sstevel@tonic-gate	# Search to see if profile name already exists.
16907c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${ANS},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
16917c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
16927c478bd9Sstevel@tonic-gate	    get_confirm_nodef "Are you sure you want to overwire profile cn=${ANS}?"
16937c478bd9Sstevel@tonic-gate	    if [ $? -eq 1 ]; then
16947c478bd9Sstevel@tonic-gate		DEL_OLD_PROFILE=1
16957c478bd9Sstevel@tonic-gate		return 0  # Replace old profile name.
16967c478bd9Sstevel@tonic-gate	    else
16977c478bd9Sstevel@tonic-gate		${ECHO} "Please re-enter a new profile name."
16987c478bd9Sstevel@tonic-gate	    fi
16997c478bd9Sstevel@tonic-gate	else
17007c478bd9Sstevel@tonic-gate	    break  # Unique profile name.
17017c478bd9Sstevel@tonic-gate	fi
17027c478bd9Sstevel@tonic-gate    done
17037c478bd9Sstevel@tonic-gate
17047c478bd9Sstevel@tonic-gate    # Set Profile Name.
17057c478bd9Sstevel@tonic-gate    LDAP_PROFILE_NAME=$ANS
17067c478bd9Sstevel@tonic-gate}
17077c478bd9Sstevel@tonic-gate
17087c478bd9Sstevel@tonic-gate
17097c478bd9Sstevel@tonic-gate#
17107c478bd9Sstevel@tonic-gate# get_srv_list(): Get the default server list.
17117c478bd9Sstevel@tonic-gate#
17127c478bd9Sstevel@tonic-gateget_srv_list()
17137c478bd9Sstevel@tonic-gate{
17147c478bd9Sstevel@tonic-gate    # If LDAP_SERVER_LIST is NULL, then set, otherwise leave alone.
17157c478bd9Sstevel@tonic-gate    if [ -z "${LDAP_SERVER_LIST}" ]; then
17167c478bd9Sstevel@tonic-gate	LDAP_SERVER_LIST=`getent hosts ${IDS_SERVER} | awk '{print $1}'`
17177c478bd9Sstevel@tonic-gate        if [ ${IDS_PORT} -ne 389 ]; then
17187c478bd9Sstevel@tonic-gate	    LDAP_SERVER_LIST="${LDAP_SERVER_LIST}:${IDS_PORT}"
17197c478bd9Sstevel@tonic-gate	fi
17207c478bd9Sstevel@tonic-gate    fi
17217c478bd9Sstevel@tonic-gate
17227c478bd9Sstevel@tonic-gate    # Prompt for new LDAP_SERVER_LIST.
17237c478bd9Sstevel@tonic-gate    while :
17247c478bd9Sstevel@tonic-gate    do
17257c478bd9Sstevel@tonic-gate	get_ans "Default server list (h=help):" $LDAP_SERVER_LIST
17267c478bd9Sstevel@tonic-gate
17277c478bd9Sstevel@tonic-gate	# If help continue, otherwise break.
17287c478bd9Sstevel@tonic-gate	case "$ANS" in
17297c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg def_srvlist_help ;;
17307c478bd9Sstevel@tonic-gate	    * ) break ;;
17317c478bd9Sstevel@tonic-gate	esac
17327c478bd9Sstevel@tonic-gate    done
17337c478bd9Sstevel@tonic-gate    LDAP_SERVER_LIST=$ANS
17347c478bd9Sstevel@tonic-gate}
17357c478bd9Sstevel@tonic-gate
17367c478bd9Sstevel@tonic-gate
17377c478bd9Sstevel@tonic-gate#
17387c478bd9Sstevel@tonic-gate# get_pref_srv(): The preferred server list (Overrides the server list)
17397c478bd9Sstevel@tonic-gate#
17407c478bd9Sstevel@tonic-gateget_pref_srv()
17417c478bd9Sstevel@tonic-gate{
17427c478bd9Sstevel@tonic-gate    while :
17437c478bd9Sstevel@tonic-gate    do
17447c478bd9Sstevel@tonic-gate	get_ans "Preferred server list (h=help):" $LDAP_PREF_SRVLIST
17457c478bd9Sstevel@tonic-gate
17467c478bd9Sstevel@tonic-gate	# If help continue, otherwise break.
17477c478bd9Sstevel@tonic-gate	case "$ANS" in
17487c478bd9Sstevel@tonic-gate	    [Hh] | help | Help | \?) display_msg pref_srvlist_help ;;
17497c478bd9Sstevel@tonic-gate	    * ) break ;;
17507c478bd9Sstevel@tonic-gate	esac
17517c478bd9Sstevel@tonic-gate    done
17527c478bd9Sstevel@tonic-gate    LDAP_PREF_SRVLIST=$ANS
17537c478bd9Sstevel@tonic-gate}
17547c478bd9Sstevel@tonic-gate
17557c478bd9Sstevel@tonic-gate
17567c478bd9Sstevel@tonic-gate#
17577c478bd9Sstevel@tonic-gate# get_search_scope(): Get the search scope from the user.
17587c478bd9Sstevel@tonic-gate#
17597c478bd9Sstevel@tonic-gateget_search_scope()
17607c478bd9Sstevel@tonic-gate{
17617c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_search_scope()"
17627c478bd9Sstevel@tonic-gate
17637c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
17647c478bd9Sstevel@tonic-gate    while :
17657c478bd9Sstevel@tonic-gate    do
17667c478bd9Sstevel@tonic-gate	get_ans "Choose desired search scope (one, sub, h=help): " "one"
17677c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
17687c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
17697c478bd9Sstevel@tonic-gate	    one) LDAP_SEARCH_SCOPE="one"
17707c478bd9Sstevel@tonic-gate	       return 1 ;;
17717c478bd9Sstevel@tonic-gate	    sub) LDAP_SEARCH_SCOPE="sub"
17727c478bd9Sstevel@tonic-gate	       return 2 ;;
17737c478bd9Sstevel@tonic-gate	    h) display_msg srch_scope_help ;;
17747c478bd9Sstevel@tonic-gate	    *) ${ECHO} "Please enter \"one\", \"sub\", or \"h\"." ;;
17757c478bd9Sstevel@tonic-gate	esac
17767c478bd9Sstevel@tonic-gate    done
17777c478bd9Sstevel@tonic-gate
17787c478bd9Sstevel@tonic-gate}
17797c478bd9Sstevel@tonic-gate
17807c478bd9Sstevel@tonic-gate
17817c478bd9Sstevel@tonic-gate#
17827c478bd9Sstevel@tonic-gate# get_cred_level(): Function to display menu to user and get the
17837c478bd9Sstevel@tonic-gate#                  credential level.
17847c478bd9Sstevel@tonic-gate#
17857c478bd9Sstevel@tonic-gateget_cred_level()
17867c478bd9Sstevel@tonic-gate{
17877c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_cred_level()"
17887c478bd9Sstevel@tonic-gate
17897c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
17907c478bd9Sstevel@tonic-gate    display_msg cred_level_menu
17917c478bd9Sstevel@tonic-gate    while :
17927c478bd9Sstevel@tonic-gate    do
17937c478bd9Sstevel@tonic-gate	get_ans "Choose Credential level [h=help]:" "1"
17947c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
17957c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
17967c478bd9Sstevel@tonic-gate	    1) LDAP_CRED_LEVEL="anonymous"
17977c478bd9Sstevel@tonic-gate	       return 1 ;;
17987c478bd9Sstevel@tonic-gate	    2) LDAP_CRED_LEVEL="proxy"
17997c478bd9Sstevel@tonic-gate	       return 2 ;;
18007c478bd9Sstevel@tonic-gate	    3) LDAP_CRED_LEVEL="proxy anonymous"
18017c478bd9Sstevel@tonic-gate	       return 3 ;;
1802*cb5caa98Sdjl	    4) LDAP_CRED_LEVEL="self"
1803*cb5caa98Sdjl	       SELF_GSSAPI=1
1804*cb5caa98Sdjl	       return 4 ;;
1805*cb5caa98Sdjl	    5) LDAP_CRED_LEVEL="self proxy"
1806*cb5caa98Sdjl	       SELF_GSSAPI=1
1807*cb5caa98Sdjl	       return 5 ;;
1808*cb5caa98Sdjl	    6) LDAP_CRED_LEVEL="self proxy anonymous"
1809*cb5caa98Sdjl	       SELF_GSSAPI=1
1810*cb5caa98Sdjl	       return 6 ;;
18117c478bd9Sstevel@tonic-gate	    h) display_msg cred_lvl_help ;;
1812*cb5caa98Sdjl	    *) ${ECHO} "Please enter 1, 2, 3, 4, 5 or 6." ;;
18137c478bd9Sstevel@tonic-gate	esac
18147c478bd9Sstevel@tonic-gate    done
18157c478bd9Sstevel@tonic-gate}
18167c478bd9Sstevel@tonic-gate
18177c478bd9Sstevel@tonic-gate
18187c478bd9Sstevel@tonic-gate#
18197c478bd9Sstevel@tonic-gate# srvauth_menu_handler(): Enter the Service Authentication method.
18207c478bd9Sstevel@tonic-gate#
18217c478bd9Sstevel@tonic-gatesrvauth_menu_handler()
18227c478bd9Sstevel@tonic-gate{
18237c478bd9Sstevel@tonic-gate    # Display Auth menu
18247c478bd9Sstevel@tonic-gate    display_msg srvauth_method_menu
18257c478bd9Sstevel@tonic-gate
18267c478bd9Sstevel@tonic-gate    # Get a Valid choice.
18277c478bd9Sstevel@tonic-gate    while :
18287c478bd9Sstevel@tonic-gate    do
18297c478bd9Sstevel@tonic-gate	# Display appropriate prompt and get answer.
18307c478bd9Sstevel@tonic-gate	if [ $_FIRST -eq 1 ]; then
18317c478bd9Sstevel@tonic-gate	    get_ans "Choose Service Authentication Method:" "1"
18327c478bd9Sstevel@tonic-gate	else
18337c478bd9Sstevel@tonic-gate	    get_ans "Choose Service Authentication Method (0=reset):"
18347c478bd9Sstevel@tonic-gate	fi
18357c478bd9Sstevel@tonic-gate
18367c478bd9Sstevel@tonic-gate	# Determine choice.
18377c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
18387c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
18397c478bd9Sstevel@tonic-gate	    1) _AUTHMETHOD="simple"
18407c478bd9Sstevel@tonic-gate		break ;;
18417c478bd9Sstevel@tonic-gate	    2) _AUTHMETHOD="sasl/DIGEST-MD5"
18427c478bd9Sstevel@tonic-gate		break ;;
18437c478bd9Sstevel@tonic-gate	    3) _AUTHMETHOD="tls:simple"
18447c478bd9Sstevel@tonic-gate		break ;;
18457c478bd9Sstevel@tonic-gate	    4) _AUTHMETHOD="tls:sasl/DIGEST-MD5"
18467c478bd9Sstevel@tonic-gate		break ;;
1847*cb5caa98Sdjl	    5) _AUTHMETHOD="sasl/GSSAPI"
1848*cb5caa98Sdjl		break ;;
18497c478bd9Sstevel@tonic-gate	    0) _AUTHMETHOD=""
18507c478bd9Sstevel@tonic-gate		_FIRST=1
18517c478bd9Sstevel@tonic-gate		break ;;
1852*cb5caa98Sdjl	    *) ${ECHO} "Please enter 1-5 or 0 to reset." ;;
18537c478bd9Sstevel@tonic-gate	esac
18547c478bd9Sstevel@tonic-gate    done
18557c478bd9Sstevel@tonic-gate}
18567c478bd9Sstevel@tonic-gate
18577c478bd9Sstevel@tonic-gate
18587c478bd9Sstevel@tonic-gate#
18597c478bd9Sstevel@tonic-gate# auth_menu_handler(): Enter the Authentication method.
18607c478bd9Sstevel@tonic-gate#
18617c478bd9Sstevel@tonic-gateauth_menu_handler()
18627c478bd9Sstevel@tonic-gate{
18637c478bd9Sstevel@tonic-gate    # Display Auth menu
18647c478bd9Sstevel@tonic-gate    display_msg auth_method_menu
18657c478bd9Sstevel@tonic-gate
18667c478bd9Sstevel@tonic-gate    # Get a Valid choice.
18677c478bd9Sstevel@tonic-gate    while :
18687c478bd9Sstevel@tonic-gate    do
18697c478bd9Sstevel@tonic-gate	# Display appropriate prompt and get answer.
18707c478bd9Sstevel@tonic-gate	if [ $_FIRST -eq 1 ]; then
18717c478bd9Sstevel@tonic-gate	    get_ans "Choose Authentication Method (h=help):" "1"
18727c478bd9Sstevel@tonic-gate	else
18737c478bd9Sstevel@tonic-gate	    get_ans "Choose Authentication Method (0=reset, h=help):"
18747c478bd9Sstevel@tonic-gate	fi
18757c478bd9Sstevel@tonic-gate
18767c478bd9Sstevel@tonic-gate	# Determine choice.
18777c478bd9Sstevel@tonic-gate	_MENU_CHOICE=$ANS
18787c478bd9Sstevel@tonic-gate	case "$_MENU_CHOICE" in
18797c478bd9Sstevel@tonic-gate	    1) _AUTHMETHOD="none"
18807c478bd9Sstevel@tonic-gate		break ;;
18817c478bd9Sstevel@tonic-gate	    2) _AUTHMETHOD="simple"
18827c478bd9Sstevel@tonic-gate		break ;;
18837c478bd9Sstevel@tonic-gate	    3) _AUTHMETHOD="sasl/DIGEST-MD5"
18847c478bd9Sstevel@tonic-gate		break ;;
18857c478bd9Sstevel@tonic-gate	    4) _AUTHMETHOD="tls:simple"
18867c478bd9Sstevel@tonic-gate		break ;;
18877c478bd9Sstevel@tonic-gate	    5) _AUTHMETHOD="tls:sasl/DIGEST-MD5"
18887c478bd9Sstevel@tonic-gate		break ;;
1889*cb5caa98Sdjl	    6) _AUTHMETHOD="sasl/GSSAPI"
1890*cb5caa98Sdjl		break ;;
18917c478bd9Sstevel@tonic-gate	    0) _AUTHMETHOD=""
18927c478bd9Sstevel@tonic-gate		_FIRST=1
18937c478bd9Sstevel@tonic-gate		break ;;
18947c478bd9Sstevel@tonic-gate	    h) display_msg auth_help ;;
1895*cb5caa98Sdjl	    *) ${ECHO} "Please enter 1-6, 0=reset, or h=help." ;;
18967c478bd9Sstevel@tonic-gate	esac
18977c478bd9Sstevel@tonic-gate    done
18987c478bd9Sstevel@tonic-gate}
18997c478bd9Sstevel@tonic-gate
19007c478bd9Sstevel@tonic-gate
19017c478bd9Sstevel@tonic-gate#
19027c478bd9Sstevel@tonic-gate# get_auth(): Enter the Authentication method.
19037c478bd9Sstevel@tonic-gate#
19047c478bd9Sstevel@tonic-gateget_auth()
19057c478bd9Sstevel@tonic-gate{
19067c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_auth()"
19077c478bd9Sstevel@tonic-gate
19087c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
19097c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
19107c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
19117c478bd9Sstevel@tonic-gate
19127c478bd9Sstevel@tonic-gate    while :
19137c478bd9Sstevel@tonic-gate    do
19147c478bd9Sstevel@tonic-gate	# Call Menu handler
19157c478bd9Sstevel@tonic-gate	auth_menu_handler
19167c478bd9Sstevel@tonic-gate
19177c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
19187c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
19197c478bd9Sstevel@tonic-gate	    LDAP_AUTHMETHOD="${_AUTHMETHOD}"
19207c478bd9Sstevel@tonic-gate	    _FIRST=0
19217c478bd9Sstevel@tonic-gate	else
19227c478bd9Sstevel@tonic-gate	    LDAP_AUTHMETHOD="${LDAP_AUTHMETHOD};${_AUTHMETHOD}"
19237c478bd9Sstevel@tonic-gate	fi
19247c478bd9Sstevel@tonic-gate
19257c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
19267c478bd9Sstevel@tonic-gate	${ECHO} ""
19277c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_AUTHMETHOD}"
19287c478bd9Sstevel@tonic-gate	${ECHO} ""
19297c478bd9Sstevel@tonic-gate
19307c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
19317c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
19327c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
19337c478bd9Sstevel@tonic-gate	    break;
19347c478bd9Sstevel@tonic-gate	fi
19357c478bd9Sstevel@tonic-gate    done
19367c478bd9Sstevel@tonic-gate}
19377c478bd9Sstevel@tonic-gate
19387c478bd9Sstevel@tonic-gate
19397c478bd9Sstevel@tonic-gate#
19407c478bd9Sstevel@tonic-gate# get_followref(): Whether or not to follow referrals.
19417c478bd9Sstevel@tonic-gate#
19427c478bd9Sstevel@tonic-gateget_followref()
19437c478bd9Sstevel@tonic-gate{
19447c478bd9Sstevel@tonic-gate    get_confirm "Do you want the clients to follow referrals (y/n/h)?" "n" "referrals_help"
19457c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
19467c478bd9Sstevel@tonic-gate	LDAP_FOLLOWREF="TRUE"
19477c478bd9Sstevel@tonic-gate    else
19487c478bd9Sstevel@tonic-gate	LDAP_FOLLOWREF="FALSE"
19497c478bd9Sstevel@tonic-gate    fi
19507c478bd9Sstevel@tonic-gate}
19517c478bd9Sstevel@tonic-gate
19527c478bd9Sstevel@tonic-gate
19537c478bd9Sstevel@tonic-gate#
19547c478bd9Sstevel@tonic-gate# get_timelimit(): Set the time limit. -1 is max time.
19557c478bd9Sstevel@tonic-gate#
19567c478bd9Sstevel@tonic-gateget_timelimit()
19577c478bd9Sstevel@tonic-gate{
19587c478bd9Sstevel@tonic-gate    # Get current timeout value from cn=config.
19597c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-timelimit > ${TMPDIR}/chk_timeout 2>&1"
19607c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
19617c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Could not reach LDAP server to check current timeout!"
19627c478bd9Sstevel@tonic-gate	cleanup
19637c478bd9Sstevel@tonic-gate	exit 1
19647c478bd9Sstevel@tonic-gate    fi
19657c478bd9Sstevel@tonic-gate    CURR_TIMELIMIT=`${GREP} timelimit ${TMPDIR}/chk_timeout | cut -f2 -d=`
19667c478bd9Sstevel@tonic-gate
19677c478bd9Sstevel@tonic-gate    get_negone_num "Enter the time limit for iDS (current=${CURR_TIMELIMIT}):" "-1"
19687c478bd9Sstevel@tonic-gate    IDS_TIMELIMIT=$NUM
19697c478bd9Sstevel@tonic-gate}
19707c478bd9Sstevel@tonic-gate
19717c478bd9Sstevel@tonic-gate
19727c478bd9Sstevel@tonic-gate#
19737c478bd9Sstevel@tonic-gate# get_sizelimit(): Set the size limit. -1 is max size.
19747c478bd9Sstevel@tonic-gate#
19757c478bd9Sstevel@tonic-gateget_sizelimit()
19767c478bd9Sstevel@tonic-gate{
19777c478bd9Sstevel@tonic-gate    # Get current sizelimit value from cn=config.
19787c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-sizelimit > ${TMPDIR}/chk_sizelimit 2>&1"
19797c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
19807c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Could not reach LDAP server to check current sizelimit!"
19817c478bd9Sstevel@tonic-gate	cleanup
19827c478bd9Sstevel@tonic-gate	exit 1
19837c478bd9Sstevel@tonic-gate    fi
19847c478bd9Sstevel@tonic-gate    CURR_SIZELIMIT=`${GREP} sizelimit ${TMPDIR}/chk_sizelimit | cut -f2 -d=`
19857c478bd9Sstevel@tonic-gate
19867c478bd9Sstevel@tonic-gate    get_negone_num "Enter the size limit for iDS (current=${CURR_SIZELIMIT}):" "-1"
19877c478bd9Sstevel@tonic-gate    IDS_SIZELIMIT=$NUM
19887c478bd9Sstevel@tonic-gate}
19897c478bd9Sstevel@tonic-gate
19907c478bd9Sstevel@tonic-gate
19917c478bd9Sstevel@tonic-gate#
19927c478bd9Sstevel@tonic-gate# get_want_crypt(): Ask user if want to store passwords in crypt?
19937c478bd9Sstevel@tonic-gate#
19947c478bd9Sstevel@tonic-gateget_want_crypt()
19957c478bd9Sstevel@tonic-gate{
19967c478bd9Sstevel@tonic-gate    get_confirm "Do you want to store passwords in \"crypt\" format (y/n/h)?" "n" "crypt_help"
19977c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
19987c478bd9Sstevel@tonic-gate	NEED_CRYPT="TRUE"
19997c478bd9Sstevel@tonic-gate    else
20007c478bd9Sstevel@tonic-gate	NEED_CRYPT="FALSE"
20017c478bd9Sstevel@tonic-gate    fi
20027c478bd9Sstevel@tonic-gate}
20037c478bd9Sstevel@tonic-gate
20047c478bd9Sstevel@tonic-gate
20057c478bd9Sstevel@tonic-gate#
20067c478bd9Sstevel@tonic-gate# get_srv_authMethod_pam(): Get the Service Auth Method for pam_ldap from user.
20077c478bd9Sstevel@tonic-gate#
20087c478bd9Sstevel@tonic-gate#  NOTE: This function is base on get_auth().
20097c478bd9Sstevel@tonic-gate#
20107c478bd9Sstevel@tonic-gateget_srv_authMethod_pam()
20117c478bd9Sstevel@tonic-gate{
20127c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_pam()"
20137c478bd9Sstevel@tonic-gate
20147c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
20157c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
20167c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
20177c478bd9Sstevel@tonic-gate
20187c478bd9Sstevel@tonic-gate    while :
20197c478bd9Sstevel@tonic-gate    do
20207c478bd9Sstevel@tonic-gate	# Call Menu handler
20217c478bd9Sstevel@tonic-gate	srvauth_menu_handler
20227c478bd9Sstevel@tonic-gate
20237c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
20247c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
20257c478bd9Sstevel@tonic-gate	    if [ "$_AUTHMETHOD" = "" ]; then
20267c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_PAM=""
20277c478bd9Sstevel@tonic-gate	    else
20287c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_PAM="pam_ldap:${_AUTHMETHOD}"
20297c478bd9Sstevel@tonic-gate	    fi
20307c478bd9Sstevel@tonic-gate	    _FIRST=0
20317c478bd9Sstevel@tonic-gate	else
20327c478bd9Sstevel@tonic-gate	    LDAP_SRV_AUTHMETHOD_PAM="${LDAP_SRV_AUTHMETHOD_PAM};${_AUTHMETHOD}"
20337c478bd9Sstevel@tonic-gate	fi
20347c478bd9Sstevel@tonic-gate
20357c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
20367c478bd9Sstevel@tonic-gate	${ECHO} ""
20377c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_PAM}"
20387c478bd9Sstevel@tonic-gate	${ECHO} ""
20397c478bd9Sstevel@tonic-gate
20407c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
20417c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
20427c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
20437c478bd9Sstevel@tonic-gate	    break;
20447c478bd9Sstevel@tonic-gate	fi
20457c478bd9Sstevel@tonic-gate    done
20467c478bd9Sstevel@tonic-gate
20477c478bd9Sstevel@tonic-gate    # Check in case user reset string and exited loop.
20487c478bd9Sstevel@tonic-gate    if [ "$LDAP_SRV_AUTHMETHOD_PAM" = "" ]; then
20497c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_PAM=0
20507c478bd9Sstevel@tonic-gate    fi
20517c478bd9Sstevel@tonic-gate}
20527c478bd9Sstevel@tonic-gate
20537c478bd9Sstevel@tonic-gate
20547c478bd9Sstevel@tonic-gate#
20557c478bd9Sstevel@tonic-gate# get_srv_authMethod_key(): Get the Service Auth Method for keyserv from user.
20567c478bd9Sstevel@tonic-gate#
20577c478bd9Sstevel@tonic-gate#  NOTE: This function is base on get_auth().
20587c478bd9Sstevel@tonic-gate#
20597c478bd9Sstevel@tonic-gateget_srv_authMethod_key()
20607c478bd9Sstevel@tonic-gate{
20617c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_key()"
20627c478bd9Sstevel@tonic-gate
20637c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
20647c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
20657c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
20667c478bd9Sstevel@tonic-gate
20677c478bd9Sstevel@tonic-gate    while :
20687c478bd9Sstevel@tonic-gate    do
20697c478bd9Sstevel@tonic-gate	# Call Menu handler
20707c478bd9Sstevel@tonic-gate	srvauth_menu_handler
20717c478bd9Sstevel@tonic-gate
20727c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
20737c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
20747c478bd9Sstevel@tonic-gate	    if [ "$_AUTHMETHOD" = "" ]; then
20757c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_KEY=""
20767c478bd9Sstevel@tonic-gate	    else
20777c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_KEY="keyserv:${_AUTHMETHOD}"
20787c478bd9Sstevel@tonic-gate	    fi
20797c478bd9Sstevel@tonic-gate	    _FIRST=0
20807c478bd9Sstevel@tonic-gate	else
20817c478bd9Sstevel@tonic-gate	    LDAP_SRV_AUTHMETHOD_KEY="${LDAP_SRV_AUTHMETHOD_KEY};${_AUTHMETHOD}"
20827c478bd9Sstevel@tonic-gate	fi
20837c478bd9Sstevel@tonic-gate
20847c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
20857c478bd9Sstevel@tonic-gate	${ECHO} ""
20867c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_KEY}"
20877c478bd9Sstevel@tonic-gate	${ECHO} ""
20887c478bd9Sstevel@tonic-gate
20897c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
20907c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
20917c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
20927c478bd9Sstevel@tonic-gate	    break;
20937c478bd9Sstevel@tonic-gate	fi
20947c478bd9Sstevel@tonic-gate    done
20957c478bd9Sstevel@tonic-gate
20967c478bd9Sstevel@tonic-gate    # Check in case user reset string and exited loop.
20977c478bd9Sstevel@tonic-gate    if [ "$LDAP_SRV_AUTHMETHOD_KEY" = "" ]; then
20987c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_KEY=0
20997c478bd9Sstevel@tonic-gate    fi
21007c478bd9Sstevel@tonic-gate}
21017c478bd9Sstevel@tonic-gate
21027c478bd9Sstevel@tonic-gate
21037c478bd9Sstevel@tonic-gate#
21047c478bd9Sstevel@tonic-gate# get_srv_authMethod_cmd(): Get the Service Auth Method for passwd-cmd from user.
21057c478bd9Sstevel@tonic-gate#
21067c478bd9Sstevel@tonic-gate#  NOTE: This function is base on get_auth().
21077c478bd9Sstevel@tonic-gate#
21087c478bd9Sstevel@tonic-gateget_srv_authMethod_cmd()
21097c478bd9Sstevel@tonic-gate{
21107c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_srv_authMethod_cmd()"
21117c478bd9Sstevel@tonic-gate
21127c478bd9Sstevel@tonic-gate    _FIRST=1          # Flag for first time.
21137c478bd9Sstevel@tonic-gate    _MENU_CHOICE=0
21147c478bd9Sstevel@tonic-gate    _AUTHMETHOD=""    # Tmp method.
21157c478bd9Sstevel@tonic-gate
21167c478bd9Sstevel@tonic-gate    while :
21177c478bd9Sstevel@tonic-gate    do
21187c478bd9Sstevel@tonic-gate	# Call Menu handler
21197c478bd9Sstevel@tonic-gate	srvauth_menu_handler
21207c478bd9Sstevel@tonic-gate
21217c478bd9Sstevel@tonic-gate	# Add Auth Method to list.
21227c478bd9Sstevel@tonic-gate        if [ $_FIRST -eq 1 ]; then
21237c478bd9Sstevel@tonic-gate	    if [ "$_AUTHMETHOD" = "" ]; then
21247c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_CMD=""
21257c478bd9Sstevel@tonic-gate	    else
21267c478bd9Sstevel@tonic-gate		LDAP_SRV_AUTHMETHOD_CMD="passwd-cmd:${_AUTHMETHOD}"
21277c478bd9Sstevel@tonic-gate	    fi
21287c478bd9Sstevel@tonic-gate	    _FIRST=0
21297c478bd9Sstevel@tonic-gate	else
21307c478bd9Sstevel@tonic-gate	    LDAP_SRV_AUTHMETHOD_CMD="${LDAP_SRV_AUTHMETHOD_CMD};${_AUTHMETHOD}"
21317c478bd9Sstevel@tonic-gate	fi
21327c478bd9Sstevel@tonic-gate
21337c478bd9Sstevel@tonic-gate	# Display current Authentication Method.
21347c478bd9Sstevel@tonic-gate	${ECHO} ""
21357c478bd9Sstevel@tonic-gate	${ECHO} "Current authenticationMethod: ${LDAP_SRV_AUTHMETHOD_CMD}"
21367c478bd9Sstevel@tonic-gate	${ECHO} ""
21377c478bd9Sstevel@tonic-gate
21387c478bd9Sstevel@tonic-gate	# Prompt for another Auth Method, or break out.
21397c478bd9Sstevel@tonic-gate	get_confirm_nodef "Do you want to add another Authentication Method?"
21407c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
21417c478bd9Sstevel@tonic-gate	    break;
21427c478bd9Sstevel@tonic-gate	fi
21437c478bd9Sstevel@tonic-gate    done
21447c478bd9Sstevel@tonic-gate
21457c478bd9Sstevel@tonic-gate    # Check in case user reset string and exited loop.
21467c478bd9Sstevel@tonic-gate    if [ "$LDAP_SRV_AUTHMETHOD_CMD" = "" ]; then
21477c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_CMD=0
21487c478bd9Sstevel@tonic-gate    fi
21497c478bd9Sstevel@tonic-gate}
21507c478bd9Sstevel@tonic-gate
21517c478bd9Sstevel@tonic-gate
21527c478bd9Sstevel@tonic-gate#
21537c478bd9Sstevel@tonic-gate# get_srch_time(): Amount of time to search.
21547c478bd9Sstevel@tonic-gate#
21557c478bd9Sstevel@tonic-gateget_srch_time()
21567c478bd9Sstevel@tonic-gate{
21577c478bd9Sstevel@tonic-gate    get_negone_num "Client search time limit in seconds (h=help):" "$LDAP_SEARCH_TIME_LIMIT" "srchtime_help"
21587c478bd9Sstevel@tonic-gate    LDAP_SEARCH_TIME_LIMIT=$NUM
21597c478bd9Sstevel@tonic-gate}
21607c478bd9Sstevel@tonic-gate
21617c478bd9Sstevel@tonic-gate
21627c478bd9Sstevel@tonic-gate#
21637c478bd9Sstevel@tonic-gate# get_prof_ttl(): The profile time to live (TTL)
21647c478bd9Sstevel@tonic-gate#
21657c478bd9Sstevel@tonic-gateget_prof_ttl()
21667c478bd9Sstevel@tonic-gate{
21677c478bd9Sstevel@tonic-gate    get_negone_num "Profile Time To Live in seconds (h=help):" "$LDAP_PROFILE_TTL" "profttl_help"
21687c478bd9Sstevel@tonic-gate    LDAP_PROFILE_TTL=$NUM
21697c478bd9Sstevel@tonic-gate}
21707c478bd9Sstevel@tonic-gate
21717c478bd9Sstevel@tonic-gate
21727c478bd9Sstevel@tonic-gate#
21737c478bd9Sstevel@tonic-gate# get_bind_limit(): Bind time limit
21747c478bd9Sstevel@tonic-gate#
21757c478bd9Sstevel@tonic-gateget_bind_limit()
21767c478bd9Sstevel@tonic-gate{
21777c478bd9Sstevel@tonic-gate    get_negone_num "Bind time limit in seconds (h=help):" "$LDAP_BIND_LIMIT" "bindlim_help"
21787c478bd9Sstevel@tonic-gate    LDAP_BIND_LIMIT=$NUM
21797c478bd9Sstevel@tonic-gate}
21807c478bd9Sstevel@tonic-gate
21817c478bd9Sstevel@tonic-gate
21827c478bd9Sstevel@tonic-gate######################################################################
21837c478bd9Sstevel@tonic-gate# FUNCTIONS  FOR Service Search Descriptor's START HERE.
21847c478bd9Sstevel@tonic-gate######################################################################
21857c478bd9Sstevel@tonic-gate
21867c478bd9Sstevel@tonic-gate
21877c478bd9Sstevel@tonic-gate#
21887c478bd9Sstevel@tonic-gate# add_ssd(): Get SSD's from user and add to file.
21897c478bd9Sstevel@tonic-gate#
21907c478bd9Sstevel@tonic-gateadd_ssd()
21917c478bd9Sstevel@tonic-gate{
21927c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_ssd()"
21937c478bd9Sstevel@tonic-gate
21947c478bd9Sstevel@tonic-gate    # Enter the service id.  Loop til unique.
21957c478bd9Sstevel@tonic-gate    while :
21967c478bd9Sstevel@tonic-gate    do
21977c478bd9Sstevel@tonic-gate	get_ans "Enter the service id:"
21987c478bd9Sstevel@tonic-gate	_SERV_ID=$ANS
21997c478bd9Sstevel@tonic-gate
22007c478bd9Sstevel@tonic-gate	# Grep for name existing.
22017c478bd9Sstevel@tonic-gate	${GREP} -i "^$ANS:" ${SSD_FILE} > /dev/null 2>&1
22027c478bd9Sstevel@tonic-gate	if [ $? -eq 1 ]; then
22037c478bd9Sstevel@tonic-gate	    break
22047c478bd9Sstevel@tonic-gate	fi
22057c478bd9Sstevel@tonic-gate
22067c478bd9Sstevel@tonic-gate	# Name exists, print message, let user decide.
22077c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: Service id ${ANS} already exists."
22087c478bd9Sstevel@tonic-gate    done
22097c478bd9Sstevel@tonic-gate
22107c478bd9Sstevel@tonic-gate    get_ans "Enter the base:"
22117c478bd9Sstevel@tonic-gate    _BASE=$ANS
22127c478bd9Sstevel@tonic-gate
22137c478bd9Sstevel@tonic-gate    # Get the scope and verify that its one or sub.
22147c478bd9Sstevel@tonic-gate    while :
22157c478bd9Sstevel@tonic-gate    do
22167c478bd9Sstevel@tonic-gate	get_ans "Enter the scope:"
22177c478bd9Sstevel@tonic-gate	_SCOPE=$ANS
22187c478bd9Sstevel@tonic-gate	case `${ECHO} ${_SCOPE} | tr '[A-Z]' '[a-z]'` in
22197c478bd9Sstevel@tonic-gate	    one) break ;;
22207c478bd9Sstevel@tonic-gate	    sub) break ;;
22217c478bd9Sstevel@tonic-gate	    *)   ${ECHO} "${_SCOPE} is Not valid - Enter 'one' or 'sub'" ;;
22227c478bd9Sstevel@tonic-gate	esac
22237c478bd9Sstevel@tonic-gate    done
22247c478bd9Sstevel@tonic-gate
22257c478bd9Sstevel@tonic-gate    # Build SSD to add to file.
22267c478bd9Sstevel@tonic-gate    _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}"
22277c478bd9Sstevel@tonic-gate
22287c478bd9Sstevel@tonic-gate    # Add the SSD to the file.
22297c478bd9Sstevel@tonic-gate    ${ECHO} "${_SSD}" >> ${SSD_FILE}
22307c478bd9Sstevel@tonic-gate}
22317c478bd9Sstevel@tonic-gate
22327c478bd9Sstevel@tonic-gate
22337c478bd9Sstevel@tonic-gate#
22347c478bd9Sstevel@tonic-gate# delete_ssd(): Delete a SSD from the list.
22357c478bd9Sstevel@tonic-gate#
22367c478bd9Sstevel@tonic-gatedelete_ssd()
22377c478bd9Sstevel@tonic-gate{
22387c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In delete_ssd()"
22397c478bd9Sstevel@tonic-gate
22407c478bd9Sstevel@tonic-gate    # Get service id name from user for SSD to delete.
22417c478bd9Sstevel@tonic-gate    get_ans_req "Enter service id to delete:"
22427c478bd9Sstevel@tonic-gate
22437c478bd9Sstevel@tonic-gate    # Make sure service id exists.
22447c478bd9Sstevel@tonic-gate    ${GREP} "$ANS" ${SSD_FILE} > /dev/null 2>&1
22457c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
22467c478bd9Sstevel@tonic-gate	${ECHO} "Invalid service id: $ANS not present in list."
22477c478bd9Sstevel@tonic-gate	return
22487c478bd9Sstevel@tonic-gate    fi
22497c478bd9Sstevel@tonic-gate
22507c478bd9Sstevel@tonic-gate    # Create temporary back SSD file.
22517c478bd9Sstevel@tonic-gate    cp ${SSD_FILE} ${SSD_FILE}.bak
22527c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
22537c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak"
22547c478bd9Sstevel@tonic-gate	exit 1
22557c478bd9Sstevel@tonic-gate    fi
22567c478bd9Sstevel@tonic-gate
22577c478bd9Sstevel@tonic-gate    # Use ${GREP} to remove the SSD.  Read from temp file
22587c478bd9Sstevel@tonic-gate    # and write to the orig file.
22597c478bd9Sstevel@tonic-gate    ${GREP} -v "$ANS" ${SSD_FILE}.bak > ${SSD_FILE}
22607c478bd9Sstevel@tonic-gate}
22617c478bd9Sstevel@tonic-gate
22627c478bd9Sstevel@tonic-gate
22637c478bd9Sstevel@tonic-gate#
22647c478bd9Sstevel@tonic-gate# modify_ssd(): Allow user to modify a SSD.
22657c478bd9Sstevel@tonic-gate#
22667c478bd9Sstevel@tonic-gatemodify_ssd()
22677c478bd9Sstevel@tonic-gate{
22687c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_ssd()"
22697c478bd9Sstevel@tonic-gate
22707c478bd9Sstevel@tonic-gate    # Prompt user for service id.
22717c478bd9Sstevel@tonic-gate    get_ans_req "Enter service id to modify:"
22727c478bd9Sstevel@tonic-gate
22737c478bd9Sstevel@tonic-gate    # Put into temp _LINE.
22747c478bd9Sstevel@tonic-gate    _LINE=`${GREP} "^$ANS:" ${SSD_FILE}`
22757c478bd9Sstevel@tonic-gate    if [ "$_LINE" = "" ]; then
22767c478bd9Sstevel@tonic-gate	${ECHO} "Invalid service id: $ANS"
22777c478bd9Sstevel@tonic-gate	return
22787c478bd9Sstevel@tonic-gate    fi
22797c478bd9Sstevel@tonic-gate
22807c478bd9Sstevel@tonic-gate    # Display current filter for user to see.
22817c478bd9Sstevel@tonic-gate    ${ECHO} ""
22827c478bd9Sstevel@tonic-gate    ${ECHO} "Current SSD: $_LINE"
22837c478bd9Sstevel@tonic-gate    ${ECHO} ""
22847c478bd9Sstevel@tonic-gate
22857c478bd9Sstevel@tonic-gate    # Get the defaults.
22867c478bd9Sstevel@tonic-gate    _CURR_BASE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 1`
22877c478bd9Sstevel@tonic-gate    _CURR_SCOPE=`${ECHO} $_LINE | cut -d: -f2 | cut -d'?' -f 2`
22887c478bd9Sstevel@tonic-gate
22897c478bd9Sstevel@tonic-gate    # Create temporary back SSD file.
22907c478bd9Sstevel@tonic-gate    cp ${SSD_FILE} ${SSD_FILE}.bak
22917c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
22927c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: could not create file: ${SSD_FILE}.bak"
22937c478bd9Sstevel@tonic-gate	cleanup
22947c478bd9Sstevel@tonic-gate	exit 1
22957c478bd9Sstevel@tonic-gate    fi
22967c478bd9Sstevel@tonic-gate
22977c478bd9Sstevel@tonic-gate    # Removed the old line.
22987c478bd9Sstevel@tonic-gate    ${GREP} -v "^$ANS:" ${SSD_FILE}.bak > ${SSD_FILE} 2>&1
22997c478bd9Sstevel@tonic-gate
23007c478bd9Sstevel@tonic-gate    # New Entry
23017c478bd9Sstevel@tonic-gate    _SERV_ID=$ANS
23027c478bd9Sstevel@tonic-gate    get_ans_req "Enter the base:" "$_CURR_BASE"
23037c478bd9Sstevel@tonic-gate    _BASE=$ANS
23047c478bd9Sstevel@tonic-gate    get_ans_req "Enter the scope:" "$_CURR_SCOPE"
23057c478bd9Sstevel@tonic-gate    _SCOPE=$ANS
23067c478bd9Sstevel@tonic-gate
23077c478bd9Sstevel@tonic-gate    # Build the new SSD.
23087c478bd9Sstevel@tonic-gate    _SSD="${_SERV_ID}:${_BASE}?${_SCOPE}"
23097c478bd9Sstevel@tonic-gate
23107c478bd9Sstevel@tonic-gate    # Add the SSD to the file.
23117c478bd9Sstevel@tonic-gate    ${ECHO} "${_SSD}" >> ${SSD_FILE}
23127c478bd9Sstevel@tonic-gate}
23137c478bd9Sstevel@tonic-gate
23147c478bd9Sstevel@tonic-gate
23157c478bd9Sstevel@tonic-gate#
23167c478bd9Sstevel@tonic-gate# display_ssd(): Display the current SSD list.
23177c478bd9Sstevel@tonic-gate#
23187c478bd9Sstevel@tonic-gatedisplay_ssd()
23197c478bd9Sstevel@tonic-gate{
23207c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In display_ssd()"
23217c478bd9Sstevel@tonic-gate
23227c478bd9Sstevel@tonic-gate    ${ECHO} ""
23237c478bd9Sstevel@tonic-gate    ${ECHO} "Current Service Search Descriptors:"
23247c478bd9Sstevel@tonic-gate    ${ECHO} "=================================="
23257c478bd9Sstevel@tonic-gate    cat ${SSD_FILE}
23267c478bd9Sstevel@tonic-gate    ${ECHO} ""
23277c478bd9Sstevel@tonic-gate    ${ECHO} "Hit return to continue."
23287c478bd9Sstevel@tonic-gate    read __A
23297c478bd9Sstevel@tonic-gate}
23307c478bd9Sstevel@tonic-gate
23317c478bd9Sstevel@tonic-gate
23327c478bd9Sstevel@tonic-gate#
23337c478bd9Sstevel@tonic-gate# prompt_ssd(): Get SSD's from user.
23347c478bd9Sstevel@tonic-gate#
23357c478bd9Sstevel@tonic-gateprompt_ssd()
23367c478bd9Sstevel@tonic-gate{
23377c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_ssd()"
23387c478bd9Sstevel@tonic-gate    # See if user wants SSD's?
23397c478bd9Sstevel@tonic-gate    get_confirm "Do you wish to setup Service Search Descriptors (y/n/h)?" "n" "ssd_help"
23407c478bd9Sstevel@tonic-gate    [ "$?" -eq 0 ] && return
23417c478bd9Sstevel@tonic-gate
23427c478bd9Sstevel@tonic-gate    # Display menu for SSD choices.
23437c478bd9Sstevel@tonic-gate    while :
23447c478bd9Sstevel@tonic-gate    do
23457c478bd9Sstevel@tonic-gate	display_msg prompt_ssd_menu
23467c478bd9Sstevel@tonic-gate	get_ans "Enter menu choice:" "Quit"
23477c478bd9Sstevel@tonic-gate	case "$ANS" in
23487c478bd9Sstevel@tonic-gate	    [Aa] | add) add_ssd ;;
23497c478bd9Sstevel@tonic-gate	    [Dd] | delete) delete_ssd ;;
23507c478bd9Sstevel@tonic-gate	    [Mm] | modify) modify_ssd ;;
23517c478bd9Sstevel@tonic-gate	    [Pp] | print | display) display_ssd ;;
23527c478bd9Sstevel@tonic-gate	    [Xx] | reset | clear) reset_ssd_file ;;
23537c478bd9Sstevel@tonic-gate	    [Hh] | Help | help)	display_msg ssd_menu_help
23547c478bd9Sstevel@tonic-gate				${ECHO} " Press return to continue."
23557c478bd9Sstevel@tonic-gate				read __A ;;
23567c478bd9Sstevel@tonic-gate	    [Qq] | Quit | quit)	return ;;
23577c478bd9Sstevel@tonic-gate	    *)    ${ECHO} "Invalid choice: $ANS please re-enter from menu." ;;
23587c478bd9Sstevel@tonic-gate	esac
23597c478bd9Sstevel@tonic-gate    done
23607c478bd9Sstevel@tonic-gate}
23617c478bd9Sstevel@tonic-gate
23627c478bd9Sstevel@tonic-gate
23637c478bd9Sstevel@tonic-gate#
23647c478bd9Sstevel@tonic-gate# reset_ssd_file(): Blank out current SSD file.
23657c478bd9Sstevel@tonic-gate#
23667c478bd9Sstevel@tonic-gatereset_ssd_file()
23677c478bd9Sstevel@tonic-gate{
23687c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In reset_ssd_file()"
23697c478bd9Sstevel@tonic-gate
23707c478bd9Sstevel@tonic-gate    rm -f ${SSD_FILE}
23717c478bd9Sstevel@tonic-gate    touch ${SSD_FILE}
23727c478bd9Sstevel@tonic-gate}
23737c478bd9Sstevel@tonic-gate
23747c478bd9Sstevel@tonic-gate
23757c478bd9Sstevel@tonic-gate#
23767c478bd9Sstevel@tonic-gate# create_ssd_file(): Create a temporary file for SSD's.
23777c478bd9Sstevel@tonic-gate#
23787c478bd9Sstevel@tonic-gatecreate_ssd_file()
23797c478bd9Sstevel@tonic-gate{
23807c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In create_ssd_file()"
23817c478bd9Sstevel@tonic-gate
23827c478bd9Sstevel@tonic-gate    # Build a list of SSD's and store in temp file.
23837c478bd9Sstevel@tonic-gate    ${GREP} "LDAP_SERV_SRCH_DES=" ${INPUT_FILE} | \
23847c478bd9Sstevel@tonic-gate	sed 's/LDAP_SERV_SRCH_DES=//' \
23857c478bd9Sstevel@tonic-gate	> ${SSD_FILE}
23867c478bd9Sstevel@tonic-gate}
23877c478bd9Sstevel@tonic-gate
23887c478bd9Sstevel@tonic-gate
23897c478bd9Sstevel@tonic-gate#
23907c478bd9Sstevel@tonic-gate# ssd_2_config(): Append the SSD file to the output file.
23917c478bd9Sstevel@tonic-gate#
23927c478bd9Sstevel@tonic-gatessd_2_config()
23937c478bd9Sstevel@tonic-gate{
23947c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_config()"
23957c478bd9Sstevel@tonic-gate
23967c478bd9Sstevel@tonic-gate    # Convert to config file format using sed.
23977c478bd9Sstevel@tonic-gate    sed -e "s/^/LDAP_SERV_SRCH_DES=/" ${SSD_FILE} >> ${OUTPUT_FILE}
23987c478bd9Sstevel@tonic-gate}
23997c478bd9Sstevel@tonic-gate
24007c478bd9Sstevel@tonic-gate
24017c478bd9Sstevel@tonic-gate#
24027c478bd9Sstevel@tonic-gate# ssd_2_profile(): Add SSD's to the GEN_CMD string.
24037c478bd9Sstevel@tonic-gate#
24047c478bd9Sstevel@tonic-gatessd_2_profile()
24057c478bd9Sstevel@tonic-gate{
24067c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In ssd_2_profile()"
24077c478bd9Sstevel@tonic-gate
24087c478bd9Sstevel@tonic-gate    GEN_TMPFILE=${TMPDIR}/ssd_tmpfile
24097c478bd9Sstevel@tonic-gate    touch ${GEN_TMPFILE}
24107c478bd9Sstevel@tonic-gate
24117c478bd9Sstevel@tonic-gate    # Add and convert each SSD to string.
24127c478bd9Sstevel@tonic-gate    while read SSD_LINE
24137c478bd9Sstevel@tonic-gate    do
24147c478bd9Sstevel@tonic-gate	${ECHO} " -a \"serviceSearchDescriptor=${SSD_LINE}\"\c" >> ${GEN_TMPFILE}
24157c478bd9Sstevel@tonic-gate    done <${SSD_FILE}
24167c478bd9Sstevel@tonic-gate
24177c478bd9Sstevel@tonic-gate    # Add SSD's to GEN_CMD.
24187c478bd9Sstevel@tonic-gate    GEN_CMD="${GEN_CMD} `cat ${GEN_TMPFILE}`"
24197c478bd9Sstevel@tonic-gate}
24207c478bd9Sstevel@tonic-gate
24217c478bd9Sstevel@tonic-gate
24227c478bd9Sstevel@tonic-gate#
24237c478bd9Sstevel@tonic-gate# prompt_config_info(): This function prompts the user for the config
24247c478bd9Sstevel@tonic-gate# info that is not specified in the input file.
24257c478bd9Sstevel@tonic-gate#
24267c478bd9Sstevel@tonic-gateprompt_config_info()
24277c478bd9Sstevel@tonic-gate{
24287c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In prompt_config_info()"
24297c478bd9Sstevel@tonic-gate
24307c478bd9Sstevel@tonic-gate    # Prompt for iDS server name.
24317c478bd9Sstevel@tonic-gate    get_ids_server
24327c478bd9Sstevel@tonic-gate
24337c478bd9Sstevel@tonic-gate    # Prompt for iDS port number.
24347c478bd9Sstevel@tonic-gate    get_ids_port
24357c478bd9Sstevel@tonic-gate
24367c478bd9Sstevel@tonic-gate    # Check iDS version for compatibility.
24377c478bd9Sstevel@tonic-gate    chk_ids_version
24387c478bd9Sstevel@tonic-gate
24397c478bd9Sstevel@tonic-gate    # Check if the server supports the VLV.
24407c478bd9Sstevel@tonic-gate    chk_vlv_indexes
24417c478bd9Sstevel@tonic-gate
24427c478bd9Sstevel@tonic-gate    # Get the Directory manager DN and passwd.
24437c478bd9Sstevel@tonic-gate    get_dirmgr_dn
24447c478bd9Sstevel@tonic-gate    get_dirmgr_pw
24457c478bd9Sstevel@tonic-gate
24467c478bd9Sstevel@tonic-gate    #
24477c478bd9Sstevel@tonic-gate    # LDAP CLIENT PROFILE SPECIFIC INFORMATION.
24487c478bd9Sstevel@tonic-gate    #   (i.e. The fields that show up in the profile.)
24497c478bd9Sstevel@tonic-gate    #
24507c478bd9Sstevel@tonic-gate    get_domain "domain_help"
24517c478bd9Sstevel@tonic-gate
24527c478bd9Sstevel@tonic-gate    get_basedn
24537c478bd9Sstevel@tonic-gate
2454*cb5caa98Sdjl    gssapi_setup
2455*cb5caa98Sdjl
24567c478bd9Sstevel@tonic-gate    get_profile_name
24577c478bd9Sstevel@tonic-gate    get_srv_list
24587c478bd9Sstevel@tonic-gate    get_pref_srv
24597c478bd9Sstevel@tonic-gate    get_search_scope
24607c478bd9Sstevel@tonic-gate
24617c478bd9Sstevel@tonic-gate    # If cred is "anonymous", make auth == "none"
24627c478bd9Sstevel@tonic-gate    get_cred_level
24637c478bd9Sstevel@tonic-gate    if [ "$LDAP_CRED_LEVEL" != "anonymous" ]; then
24647c478bd9Sstevel@tonic-gate	get_auth
24657c478bd9Sstevel@tonic-gate    fi
24667c478bd9Sstevel@tonic-gate
24677c478bd9Sstevel@tonic-gate    get_followref
24687c478bd9Sstevel@tonic-gate
24697c478bd9Sstevel@tonic-gate    # Query user about timelimt.
24707c478bd9Sstevel@tonic-gate    get_confirm "Do you want to modify the server timelimit value (y/n/h)?" "n" "tlim_help"
24717c478bd9Sstevel@tonic-gate    NEED_TIME=$?
24727c478bd9Sstevel@tonic-gate    [ $NEED_TIME -eq 1 ] && get_timelimit
24737c478bd9Sstevel@tonic-gate
24747c478bd9Sstevel@tonic-gate    # Query user about sizelimit.
24757c478bd9Sstevel@tonic-gate    get_confirm "Do you want to modify the server sizelimit value (y/n/h)?" "n" "slim_help"
24767c478bd9Sstevel@tonic-gate    NEED_SIZE=$?
24777c478bd9Sstevel@tonic-gate    [ $NEED_SIZE -eq 1 ] && get_sizelimit
24787c478bd9Sstevel@tonic-gate
24797c478bd9Sstevel@tonic-gate    # Does the user want to store passwords in crypt format?
24807c478bd9Sstevel@tonic-gate    get_want_crypt
24817c478bd9Sstevel@tonic-gate
24827c478bd9Sstevel@tonic-gate    # Prompt for any Service Authentication Methods?
24837c478bd9Sstevel@tonic-gate    get_confirm "Do you want to setup a Service Authentication Methods (y/n/h)?" "n" "srvauth_help"
24847c478bd9Sstevel@tonic-gate    if [ $? -eq 1 ]; then
24857c478bd9Sstevel@tonic-gate	# Does the user want to set Service Authentication Method for pam_ldap?
24867c478bd9Sstevel@tonic-gate	get_confirm "Do you want to setup a Service Auth. Method for \"pam_ldap\" (y/n/h)?" "n" "pam_ldap_help"
24877c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_PAM=$?
24887c478bd9Sstevel@tonic-gate	[ $NEED_SRVAUTH_PAM -eq 1 ] && get_srv_authMethod_pam
24897c478bd9Sstevel@tonic-gate
24907c478bd9Sstevel@tonic-gate	# Does the user want to set Service Authentication Method for keyserv?
24917c478bd9Sstevel@tonic-gate	get_confirm "Do you want to setup a Service Auth. Method for \"keyserv\" (y/n/h)?" "n" "keyserv_help"
24927c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_KEY=$?
24937c478bd9Sstevel@tonic-gate	[ $NEED_SRVAUTH_KEY -eq 1 ] && get_srv_authMethod_key
24947c478bd9Sstevel@tonic-gate
24957c478bd9Sstevel@tonic-gate	# Does the user want to set Service Authentication Method for passwd-cmd?
24967c478bd9Sstevel@tonic-gate	get_confirm "Do you want to setup a Service Auth. Method for \"passwd-cmd\" (y/n/h)?" "n" "passwd-cmd_help"
24977c478bd9Sstevel@tonic-gate	NEED_SRVAUTH_CMD=$?
24987c478bd9Sstevel@tonic-gate	[ $NEED_SRVAUTH_CMD -eq 1 ] && get_srv_authMethod_cmd
24997c478bd9Sstevel@tonic-gate    fi
2500*cb5caa98Sdjl
25017c478bd9Sstevel@tonic-gate
25027c478bd9Sstevel@tonic-gate    # Get Timeouts
25037c478bd9Sstevel@tonic-gate    get_srch_time
25047c478bd9Sstevel@tonic-gate    get_prof_ttl
25057c478bd9Sstevel@tonic-gate    get_bind_limit
25067c478bd9Sstevel@tonic-gate
25077c478bd9Sstevel@tonic-gate    # Reset the sdd_file and prompt user for SSD.  Will use menus
25087c478bd9Sstevel@tonic-gate    # to build an SSD File.
25097c478bd9Sstevel@tonic-gate    reset_ssd_file
25107c478bd9Sstevel@tonic-gate    prompt_ssd
25117c478bd9Sstevel@tonic-gate
25127c478bd9Sstevel@tonic-gate    # Display FULL debugging info.
25137c478bd9Sstevel@tonic-gate    disp_full_debug
25147c478bd9Sstevel@tonic-gate
25157c478bd9Sstevel@tonic-gate    # Extra blank line to separate prompt lines from steps.
25167c478bd9Sstevel@tonic-gate    ${ECHO} " "
25177c478bd9Sstevel@tonic-gate}
25187c478bd9Sstevel@tonic-gate
25197c478bd9Sstevel@tonic-gate
25207c478bd9Sstevel@tonic-gate######################################################################
25217c478bd9Sstevel@tonic-gate# FUNCTIONS  FOR display_summary() START HERE.
25227c478bd9Sstevel@tonic-gate######################################################################
25237c478bd9Sstevel@tonic-gate
25247c478bd9Sstevel@tonic-gate
25257c478bd9Sstevel@tonic-gate#
25267c478bd9Sstevel@tonic-gate# get_proxyagent(): Get the proxyagent DN.
25277c478bd9Sstevel@tonic-gate#
25287c478bd9Sstevel@tonic-gateget_proxyagent()
25297c478bd9Sstevel@tonic-gate{
25307c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT="cn=proxyagent,ou=profile,${LDAP_BASEDN}"  # default
25317c478bd9Sstevel@tonic-gate    get_ans "Enter DN for proxy agent:" "$LDAP_PROXYAGENT"
25327c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT=$ANS
25337c478bd9Sstevel@tonic-gate}
25347c478bd9Sstevel@tonic-gate
25357c478bd9Sstevel@tonic-gate
25367c478bd9Sstevel@tonic-gate#
25377c478bd9Sstevel@tonic-gate# get_proxy_pw(): Get the proxyagent passwd.
25387c478bd9Sstevel@tonic-gate#
25397c478bd9Sstevel@tonic-gateget_proxy_pw()
25407c478bd9Sstevel@tonic-gate{
25417c478bd9Sstevel@tonic-gate    get_passwd "Enter passwd for proxyagent:"
25427c478bd9Sstevel@tonic-gate    LDAP_PROXYAGENT_CRED=$ANS
25437c478bd9Sstevel@tonic-gate}
25447c478bd9Sstevel@tonic-gate
25457c478bd9Sstevel@tonic-gate
25467c478bd9Sstevel@tonic-gate#
25477c478bd9Sstevel@tonic-gate# display_summary(): Display a summary of values entered and let the
25487c478bd9Sstevel@tonic-gate#                    user modify values at will.
25497c478bd9Sstevel@tonic-gate#
25507c478bd9Sstevel@tonic-gatedisplay_summary()
25517c478bd9Sstevel@tonic-gate{
25527c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In display_summary()"
25537c478bd9Sstevel@tonic-gate
25547c478bd9Sstevel@tonic-gate    # Create lookup table for function names.  First entry is dummy for
25557c478bd9Sstevel@tonic-gate    # shift.
25567c478bd9Sstevel@tonic-gate    TBL1="dummy"
25577c478bd9Sstevel@tonic-gate    TBL2="get_domain get_basedn get_profile_name"
25587c478bd9Sstevel@tonic-gate    TBL3="get_srv_list get_pref_srv get_search_scope get_cred_level"
25597c478bd9Sstevel@tonic-gate    TBL4="get_auth get_followref"
25607c478bd9Sstevel@tonic-gate    TBL5="get_timelimit get_sizelimit get_want_crypt"
25617c478bd9Sstevel@tonic-gate    TBL6="get_srv_authMethod_pam get_srv_authMethod_key get_srv_authMethod_cmd"
25627c478bd9Sstevel@tonic-gate    TBL7="get_srch_time get_prof_ttl get_bind_limit"
25637c478bd9Sstevel@tonic-gate    TBL8="prompt_ssd"
25647c478bd9Sstevel@tonic-gate    FUNC_TBL="$TBL1 $TBL2 $TBL3 $TBL4 $TBL5 $TBL6 $TBL7 $TBL8"
25657c478bd9Sstevel@tonic-gate
25667c478bd9Sstevel@tonic-gate    # Since menu prompt string is long, set here.
25677c478bd9Sstevel@tonic-gate    _MENU_PROMPT="Enter config value to change: (1-19 0=commit changes)"
25687c478bd9Sstevel@tonic-gate
25697c478bd9Sstevel@tonic-gate    # Infinite loop.  Test for 0, and break in loop.
25707c478bd9Sstevel@tonic-gate    while :
25717c478bd9Sstevel@tonic-gate    do
25727c478bd9Sstevel@tonic-gate	# Display menu and get value in range.
25737c478bd9Sstevel@tonic-gate	display_msg summary_menu
25747c478bd9Sstevel@tonic-gate	get_menu_choice "${_MENU_PROMPT}" "0" "19" "0"
25757c478bd9Sstevel@tonic-gate	_CH=$MN_CH
25767c478bd9Sstevel@tonic-gate
25777c478bd9Sstevel@tonic-gate	# Make sure where not exiting.
25787c478bd9Sstevel@tonic-gate	if [ $_CH -eq 0 ]; then
25797c478bd9Sstevel@tonic-gate	    break       # Break out of loop if 0 selected.
25807c478bd9Sstevel@tonic-gate	fi
25817c478bd9Sstevel@tonic-gate
25827c478bd9Sstevel@tonic-gate	# Call appropriate function from function table.
25837c478bd9Sstevel@tonic-gate	set $FUNC_TBL
25847c478bd9Sstevel@tonic-gate	shift $_CH
25857c478bd9Sstevel@tonic-gate	$1          # Call the appropriate function.
25867c478bd9Sstevel@tonic-gate    done
25877c478bd9Sstevel@tonic-gate
25887c478bd9Sstevel@tonic-gate    # If cred level is still see if user wants a change?
25897c478bd9Sstevel@tonic-gate    if ${ECHO} "$LDAP_CRED_LEVEL" | ${GREP} "proxy" > /dev/null 2>&1
25907c478bd9Sstevel@tonic-gate    then
25917c478bd9Sstevel@tonic-gate	if [ "$LDAP_AUTHMETHOD" != "none" ]; then
25927c478bd9Sstevel@tonic-gate	    NEED_PROXY=1    # I assume integer test is faster?
25937c478bd9Sstevel@tonic-gate	    get_proxyagent
25947c478bd9Sstevel@tonic-gate	    get_proxy_pw
25957c478bd9Sstevel@tonic-gate	else
25967c478bd9Sstevel@tonic-gate	    ${ECHO} "WARNING: Since Authentication method is 'none'."
25977c478bd9Sstevel@tonic-gate	    ${ECHO} "         Credential level will be set to 'anonymous'."
25987c478bd9Sstevel@tonic-gate	    LDAP_CRED_LEVEL="anonymous"
25997c478bd9Sstevel@tonic-gate	fi
26007c478bd9Sstevel@tonic-gate    fi
26017c478bd9Sstevel@tonic-gate
26027c478bd9Sstevel@tonic-gate    # Display FULL debugging info.
26037c478bd9Sstevel@tonic-gate    disp_full_debug
26047c478bd9Sstevel@tonic-gate
26057c478bd9Sstevel@tonic-gate    # Final confirmation message. (ARE YOU SURE!)
26067c478bd9Sstevel@tonic-gate    ${ECHO} " "
26077c478bd9Sstevel@tonic-gate    get_confirm_nodef "WARNING: About to start committing changes. (y=continue, n=EXIT)"
26087c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
26097c478bd9Sstevel@tonic-gate	${ECHO} "Terminating setup without making changes at users request."
2610017e8b01Svl	cleanup
26117c478bd9Sstevel@tonic-gate	exit 1
26127c478bd9Sstevel@tonic-gate    fi
26137c478bd9Sstevel@tonic-gate
26147c478bd9Sstevel@tonic-gate    # Print newline
26157c478bd9Sstevel@tonic-gate    ${ECHO} " "
26167c478bd9Sstevel@tonic-gate}
26177c478bd9Sstevel@tonic-gate
26187c478bd9Sstevel@tonic-gate
26197c478bd9Sstevel@tonic-gate#
26207c478bd9Sstevel@tonic-gate# create_config_file(): Write config data to config file specified.
26217c478bd9Sstevel@tonic-gate#
26227c478bd9Sstevel@tonic-gatecreate_config_file()
26237c478bd9Sstevel@tonic-gate{
26247c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In create_config_file()"
26257c478bd9Sstevel@tonic-gate
26267c478bd9Sstevel@tonic-gate    # If output file exists, delete it.
26277c478bd9Sstevel@tonic-gate    [ -f $OUTPUT_FILE ] && rm $OUTPUT_FILE
26287c478bd9Sstevel@tonic-gate
26297c478bd9Sstevel@tonic-gate    # Create output file.
26307c478bd9Sstevel@tonic-gate    cat > $OUTPUT_FILE <<EOF
26317c478bd9Sstevel@tonic-gate#!/bin/sh
26327c478bd9Sstevel@tonic-gate# $OUTPUT_FILE - This file contains configuration information for
26337c478bd9Sstevel@tonic-gate#                Native LDAP.  Use the idsconfig tool to load it.
26347c478bd9Sstevel@tonic-gate#
26357c478bd9Sstevel@tonic-gate# WARNING: This file was generated by idsconfig, and is intended to
26367c478bd9Sstevel@tonic-gate#          be loaded by idsconfig as is.  DO NOT EDIT THIS FILE!
26377c478bd9Sstevel@tonic-gate#
26387c478bd9Sstevel@tonic-gateIDS_SERVER="$IDS_SERVER"
26397c478bd9Sstevel@tonic-gateIDS_PORT=$IDS_PORT
26407c478bd9Sstevel@tonic-gateIDS_TIMELIMIT=$IDS_TIMELIMIT
26417c478bd9Sstevel@tonic-gateIDS_SIZELIMIT=$IDS_SIZELIMIT
26427c478bd9Sstevel@tonic-gateLDAP_ROOTDN="$LDAP_ROOTDN"
26437c478bd9Sstevel@tonic-gateLDAP_ROOTPWD=$LDAP_ROOTPWD
26447c478bd9Sstevel@tonic-gateLDAP_DOMAIN="$LDAP_DOMAIN"
26457c478bd9Sstevel@tonic-gateLDAP_SUFFIX="$LDAP_SUFFIX"
2646*cb5caa98SdjlLDAP_KRB_REALM="$LDAP_KRB_REALM"
2647*cb5caa98SdjlLDAP_GSSAPI_PROFILE="$LDAP_GSSAPI_PROFILE"
26487c478bd9Sstevel@tonic-gate
26497c478bd9Sstevel@tonic-gate# Internal program variables that need to be set.
26507c478bd9Sstevel@tonic-gateNEED_PROXY=$NEED_PROXY
26517c478bd9Sstevel@tonic-gateNEED_TIME=$NEED_TIME
26527c478bd9Sstevel@tonic-gateNEED_SIZE=$NEED_SIZE
26537c478bd9Sstevel@tonic-gateNEED_CRYPT=$NEED_CRYPT
26547c478bd9Sstevel@tonic-gate
26557c478bd9Sstevel@tonic-gate# LDAP PROFILE related defaults
26567c478bd9Sstevel@tonic-gateLDAP_PROFILE_NAME="$LDAP_PROFILE_NAME"
26577c478bd9Sstevel@tonic-gateDEL_OLD_PROFILE=1
26587c478bd9Sstevel@tonic-gateLDAP_BASEDN="$LDAP_BASEDN"
26597c478bd9Sstevel@tonic-gateLDAP_SERVER_LIST="$LDAP_SERVER_LIST"
26607c478bd9Sstevel@tonic-gateLDAP_AUTHMETHOD="$LDAP_AUTHMETHOD"
26617c478bd9Sstevel@tonic-gateLDAP_FOLLOWREF=$LDAP_FOLLOWREF
26627c478bd9Sstevel@tonic-gateLDAP_SEARCH_SCOPE="$LDAP_SEARCH_SCOPE"
26637c478bd9Sstevel@tonic-gateNEED_SRVAUTH_PAM=$NEED_SRVAUTH_PAM
26647c478bd9Sstevel@tonic-gateNEED_SRVAUTH_KEY=$NEED_SRVAUTH_KEY
26657c478bd9Sstevel@tonic-gateNEED_SRVAUTH_CMD=$NEED_SRVAUTH_CMD
26667c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_PAM="$LDAP_SRV_AUTHMETHOD_PAM"
26677c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_KEY="$LDAP_SRV_AUTHMETHOD_KEY"
26687c478bd9Sstevel@tonic-gateLDAP_SRV_AUTHMETHOD_CMD="$LDAP_SRV_AUTHMETHOD_CMD"
26697c478bd9Sstevel@tonic-gateLDAP_SEARCH_TIME_LIMIT=$LDAP_SEARCH_TIME_LIMIT
26707c478bd9Sstevel@tonic-gateLDAP_PREF_SRVLIST="$LDAP_PREF_SRVLIST"
26717c478bd9Sstevel@tonic-gateLDAP_PROFILE_TTL=$LDAP_PROFILE_TTL
26727c478bd9Sstevel@tonic-gateLDAP_CRED_LEVEL="$LDAP_CRED_LEVEL"
26737c478bd9Sstevel@tonic-gateLDAP_BIND_LIMIT=$LDAP_BIND_LIMIT
26747c478bd9Sstevel@tonic-gate
26757c478bd9Sstevel@tonic-gate# Proxy Agent
26767c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT="$LDAP_PROXYAGENT"
26777c478bd9Sstevel@tonic-gateLDAP_PROXYAGENT_CRED=$LDAP_PROXYAGENT_CRED
26787c478bd9Sstevel@tonic-gate
26797c478bd9Sstevel@tonic-gate# Export all the variables (just in case)
26807c478bd9Sstevel@tonic-gateexport IDS_HOME IDS_PORT LDAP_ROOTDN LDAP_ROOTPWD LDAP_SERVER_LIST LDAP_BASEDN
26817c478bd9Sstevel@tonic-gateexport LDAP_DOMAIN LDAP_SUFFIX LDAP_PROXYAGENT LDAP_PROXYAGENT_CRED
26827c478bd9Sstevel@tonic-gateexport NEED_PROXY
26837c478bd9Sstevel@tonic-gateexport LDAP_PROFILE_NAME LDAP_BASEDN LDAP_SERVER_LIST 
26847c478bd9Sstevel@tonic-gateexport LDAP_AUTHMETHOD LDAP_FOLLOWREF LDAP_SEARCH_SCOPE LDAP_SEARCH_TIME_LIMIT
26857c478bd9Sstevel@tonic-gateexport LDAP_PREF_SRVLIST LDAP_PROFILE_TTL LDAP_CRED_LEVEL LDAP_BIND_LIMIT
26867c478bd9Sstevel@tonic-gateexport NEED_SRVAUTH_PAM NEED_SRVAUTH_KEY NEED_SRVAUTH_CMD
26877c478bd9Sstevel@tonic-gateexport LDAP_SRV_AUTHMETHOD_PAM LDAP_SRV_AUTHMETHOD_KEY LDAP_SRV_AUTHMETHOD_CMD
2688*cb5caa98Sdjlexport LDAP_SERV_SRCH_DES SSD_FILE LDAP_KRB_REALM LDAP_GSSAPI_PROFILE
26897c478bd9Sstevel@tonic-gate
26907c478bd9Sstevel@tonic-gate# Service Search Descriptors start here if present:
26917c478bd9Sstevel@tonic-gateEOF
26927c478bd9Sstevel@tonic-gate    # Add service search descriptors.
26937c478bd9Sstevel@tonic-gate    ssd_2_config "${OUTPUT_FILE}"
26947c478bd9Sstevel@tonic-gate
2695017e8b01Svl    # Add LDAP suffix preferences
2696017e8b01Svl    print_suffix_config >> "${OUTPUT_FILE}"
2697017e8b01Svl
26987c478bd9Sstevel@tonic-gate    # Add the end of FILE tag.
26997c478bd9Sstevel@tonic-gate    ${ECHO} "" >> ${OUTPUT_FILE}
27007c478bd9Sstevel@tonic-gate    ${ECHO} "# End of $OUTPUT_FILE" >> ${OUTPUT_FILE}
27017c478bd9Sstevel@tonic-gate}
27027c478bd9Sstevel@tonic-gate
27037c478bd9Sstevel@tonic-gate
27047c478bd9Sstevel@tonic-gate#
27057c478bd9Sstevel@tonic-gate# chk_vlv_indexes(): Do ldapsearch to see if server supports VLV.
27067c478bd9Sstevel@tonic-gate#
27077c478bd9Sstevel@tonic-gatechk_vlv_indexes()
27087c478bd9Sstevel@tonic-gate{
27097c478bd9Sstevel@tonic-gate    # Do ldapsearch to see if server supports VLV.
27107c478bd9Sstevel@tonic-gate    ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkVLV 2>&1
27117c478bd9Sstevel@tonic-gate    eval "${GREP} 2.16.840.1.113730.3.4.9 ${TMPDIR}/checkVLV ${VERB}"
27127c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
27137c478bd9Sstevel@tonic-gate	${ECHO} "ERROR: VLV is not supported on LDAP server!"
27147c478bd9Sstevel@tonic-gate	cleanup
27157c478bd9Sstevel@tonic-gate	exit 1
27167c478bd9Sstevel@tonic-gate    fi
27177c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  VLV controls found on LDAP server."
27187c478bd9Sstevel@tonic-gate}
27197c478bd9Sstevel@tonic-gate
27207c478bd9Sstevel@tonic-gate#
27217c478bd9Sstevel@tonic-gate# get_backend(): this function gets the relevant backend
27227c478bd9Sstevel@tonic-gate#                (database) for LDAP_BASED.
27237c478bd9Sstevel@tonic-gate#                Description: set IDS_DATABASE; exit on failure.
27247c478bd9Sstevel@tonic-gate#                Prerequisite: LDAP_BASEDN and LDAP_SUFFIX are
27257c478bd9Sstevel@tonic-gate#                valid.
27267c478bd9Sstevel@tonic-gate#
27277c478bd9Sstevel@tonic-gate#                backend is retrieved from suffixes and subsuffixes
27287c478bd9Sstevel@tonic-gate#                defined under "cn=mapping tree,cn=config". The
27297c478bd9Sstevel@tonic-gate#                nsslapd-state attribute of these suffixes entries
27307c478bd9Sstevel@tonic-gate#                is filled with either Backend, Disabled or referrals
27317c478bd9Sstevel@tonic-gate#                related values. We only want those that have a true
27327c478bd9Sstevel@tonic-gate#                backend database to select the relevant backend.
27337c478bd9Sstevel@tonic-gate#
27347c478bd9Sstevel@tonic-gateget_backend()
27357c478bd9Sstevel@tonic-gate{
27367c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_backend()"
27377c478bd9Sstevel@tonic-gate
27387c478bd9Sstevel@tonic-gate    cur_suffix=${LDAP_BASEDN}
27397c478bd9Sstevel@tonic-gate    prev_suffix=
27407c478bd9Sstevel@tonic-gate    IDS_DATABASE=
27417c478bd9Sstevel@tonic-gate    while [ "${cur_suffix}" != "${prev_suffix}" ]
27427c478bd9Sstevel@tonic-gate    do
27437c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP suffix: ${cur_suffix}"
27447c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} " \
27457c478bd9Sstevel@tonic-gate		"-b \"cn=\\\"${cur_suffix}\\\",cn=mapping tree,cn=config\" " \
27467c478bd9Sstevel@tonic-gate		"-s base nsslapd-state=Backend nsslapd-backend 2>&1 " \
27477c478bd9Sstevel@tonic-gate		"| ${GREP} 'nsslapd-backend=' " \
27487c478bd9Sstevel@tonic-gate		"> ${TMPDIR}/ids_database_name 2>&1"
27497c478bd9Sstevel@tonic-gate	NUM_DBS=`wc -l ${TMPDIR}/ids_database_name | awk '{print $1}'`
27507c478bd9Sstevel@tonic-gate	case ${NUM_DBS} in
27517c478bd9Sstevel@tonic-gate	0) # not a suffix, or suffix not activated; try next
27527c478bd9Sstevel@tonic-gate	    prev_suffix=${cur_suffix}
27537c478bd9Sstevel@tonic-gate	    cur_suffix=`${ECHO} ${cur_suffix} | cut -f2- -d','`
27547c478bd9Sstevel@tonic-gate	    ;;
27557c478bd9Sstevel@tonic-gate	1) # suffix found; get database name
27567c478bd9Sstevel@tonic-gate	    IDS_DATABASE=`cat ${TMPDIR}/ids_database_name | cut -d= -f2`
27577c478bd9Sstevel@tonic-gate	    ;;
27587c478bd9Sstevel@tonic-gate	*) # can not handle more than one database per suffix
27597c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: More than one database is configured "
27607c478bd9Sstevel@tonic-gate	    ${ECHO} "       for $LDAP_SUFFIX!"
27617c478bd9Sstevel@tonic-gate	    ${ECHO} "       $PROG can not configure suffixes where "
27627c478bd9Sstevel@tonic-gate	    ${ECHO} "       more than one database is used for one suffix."
27637c478bd9Sstevel@tonic-gate	    cleanup
27647c478bd9Sstevel@tonic-gate	    exit 1
27657c478bd9Sstevel@tonic-gate	    ;;
27667c478bd9Sstevel@tonic-gate	esac
27677c478bd9Sstevel@tonic-gate	if [ -n "${IDS_DATABASE}" ]; then
27687c478bd9Sstevel@tonic-gate	    break
27697c478bd9Sstevel@tonic-gate	fi
27707c478bd9Sstevel@tonic-gate    done
27717c478bd9Sstevel@tonic-gate
27727c478bd9Sstevel@tonic-gate    if [ -z "${IDS_DATABASE}" ]; then
27737c478bd9Sstevel@tonic-gate	# should not happen, since LDAP_BASEDN is supposed to be valid
27747c478bd9Sstevel@tonic-gate	${ECHO} "Could not find a valid backend for ${LDAP_BASEDN}."
27757c478bd9Sstevel@tonic-gate	${ECHO} "Exiting."
27767c478bd9Sstevel@tonic-gate	cleanup
27777c478bd9Sstevel@tonic-gate	exit 1
27787c478bd9Sstevel@tonic-gate    fi
27797c478bd9Sstevel@tonic-gate
27807c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "IDS_DATABASE: ${IDS_DATABASE}"
27817c478bd9Sstevel@tonic-gate}
27827c478bd9Sstevel@tonic-gate
27837c478bd9Sstevel@tonic-gate#
27847c478bd9Sstevel@tonic-gate# validate_suffix(): This function validates ${LDAP_SUFFIX}
27857c478bd9Sstevel@tonic-gate#                  THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION.
27867c478bd9Sstevel@tonic-gate#
27877c478bd9Sstevel@tonic-gatevalidate_suffix()
27887c478bd9Sstevel@tonic-gate{
27897c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In validate_suffix()"
27907c478bd9Sstevel@tonic-gate
27917c478bd9Sstevel@tonic-gate    # Check LDAP_SUFFIX is not null
27927c478bd9Sstevel@tonic-gate    if [ -z "${LDAP_SUFFIX}" ]; then
27937c478bd9Sstevel@tonic-gate	${ECHO} "Invalid suffix (null suffix)"
27947c478bd9Sstevel@tonic-gate	cleanup
27957c478bd9Sstevel@tonic-gate	exit 1
27967c478bd9Sstevel@tonic-gate    fi
27977c478bd9Sstevel@tonic-gate
27987c478bd9Sstevel@tonic-gate    # Check LDAP_SUFFIX and LDAP_BASEDN are consistent
27997c478bd9Sstevel@tonic-gate    # Convert to lower case for basename.
28007c478bd9Sstevel@tonic-gate    format_string "${LDAP_BASEDN}"
28017c478bd9Sstevel@tonic-gate    LOWER_BASEDN="${FMT_STR}"
28027c478bd9Sstevel@tonic-gate    format_string "${LDAP_SUFFIX}"
28037c478bd9Sstevel@tonic-gate    LOWER_SUFFIX="${FMT_STR}"
28047c478bd9Sstevel@tonic-gate
28057c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}"
28067c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}"
28077c478bd9Sstevel@tonic-gate
28087c478bd9Sstevel@tonic-gate    if [ "${LOWER_BASEDN}" != "${LOWER_SUFFIX}" ]; then
28097c478bd9Sstevel@tonic-gate    	sub_basedn=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"`
28107c478bd9Sstevel@tonic-gate    	if [ "$sub_basedn" = "${LOWER_BASEDN}" ]; then
28117c478bd9Sstevel@tonic-gate	    ${ECHO} "Invalid suffix ${LOWER_SUFFIX}"
28127c478bd9Sstevel@tonic-gate	    ${ECHO} "for Base DN ${LOWER_BASEDN}"
28137c478bd9Sstevel@tonic-gate	    cleanup
28147c478bd9Sstevel@tonic-gate	    exit 1
28157c478bd9Sstevel@tonic-gate	fi
28167c478bd9Sstevel@tonic-gate    fi
2817017e8b01Svl
2818017e8b01Svl    # Check LDAP_SUFFIX does exist
2819017e8b01Svl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_SUFFIX}\" -s base \"objectclass=*\" > ${TMPDIR}/checkSuffix 2>&1" && return 0
2820017e8b01Svl
2821017e8b01Svl    # Well, suffix does not exist, try to prepare create it ...
2822017e8b01Svl    NEED_CREATE_SUFFIX=1
2823017e8b01Svl    prep_create_sfx_entry ||
2824017e8b01Svl    {
2825017e8b01Svl	cleanup
2826017e8b01Svl	exit 1
2827017e8b01Svl    }
2828017e8b01Svl    [ -n "${NEED_CREATE_BACKEND}" ] &&
2829017e8b01Svl    {
2830017e8b01Svl	# try to use id attr value of the suffix as a database name
2831017e8b01Svl	IDS_DATABASE=${_VAL}
2832017e8b01Svl	prep_create_sfx_backend
2833017e8b01Svl	case $? in
2834017e8b01Svl	1)	# cann't use the name we want, so we can either exit or use
2835017e8b01Svl		# some another available name - doing the last ...
2836017e8b01Svl		IDS_DATABASE=${IDS_DATABASE_AVAIL}
2837017e8b01Svl		;;
2838017e8b01Svl	2)	# unable to determine database name
2839017e8b01Svl		cleanup
2840017e8b01Svl		exit 1
2841017e8b01Svl		;;
2842017e8b01Svl	esac
2843017e8b01Svl    }
2844017e8b01Svl
2845017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "Suffix $LDAP_SUFFIX, Database $IDS_DATABASE"
28467c478bd9Sstevel@tonic-gate}
28477c478bd9Sstevel@tonic-gate
28487c478bd9Sstevel@tonic-gate#
28497c478bd9Sstevel@tonic-gate# validate_info(): This function validates the basic info collected
28507c478bd9Sstevel@tonic-gate#                  So that some problems are caught right away.
28517c478bd9Sstevel@tonic-gate#                  THIS FUNCTION IS FOR THE LOAD CONFIG FILE OPTION.
28527c478bd9Sstevel@tonic-gate#
28537c478bd9Sstevel@tonic-gatevalidate_info()
28547c478bd9Sstevel@tonic-gate{
28557c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In validate_info()"
28567c478bd9Sstevel@tonic-gate
28577c478bd9Sstevel@tonic-gate    # Set SERVER_ARGS, AUTH_ARGS, and LDAP_ARGS for the config file.
28587c478bd9Sstevel@tonic-gate    SERVER_ARGS="-h ${IDS_SERVER} -p ${IDS_PORT}"
28597c478bd9Sstevel@tonic-gate    AUTH_ARGS="-D \"${LDAP_ROOTDN}\" -j ${LDAP_ROOTPWF}"
28607c478bd9Sstevel@tonic-gate    LDAP_ARGS="${SERVER_ARGS} ${AUTH_ARGS}"
28617c478bd9Sstevel@tonic-gate    export SERVER_ARGS
28627c478bd9Sstevel@tonic-gate
28637c478bd9Sstevel@tonic-gate    # Check the Root DN and Root DN passwd.
28647c478bd9Sstevel@tonic-gate    # Use eval instead of $EVAL because not part of setup. (validate)
28657c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"\" -s base \"objectclass=*\" > ${TMPDIR}/checkDN 2>&1"
28667c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
28677c478bd9Sstevel@tonic-gate	eval "${GREP} credential ${TMPDIR}/checkDN ${VERB}"
28687c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
28697c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: Root DN passwd is invalid."
28707c478bd9Sstevel@tonic-gate	else
28717c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR2: Invalid Root DN <${LDAP_ROOTDN}>."
28727c478bd9Sstevel@tonic-gate	fi
28737c478bd9Sstevel@tonic-gate	cleanup
28747c478bd9Sstevel@tonic-gate	exit 1
28757c478bd9Sstevel@tonic-gate    fi
28767c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  RootDN ... OK"
28777c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  RootDN passwd ... OK"
28787c478bd9Sstevel@tonic-gate
28797c478bd9Sstevel@tonic-gate    # Check if the server supports the VLV.
28807c478bd9Sstevel@tonic-gate    chk_vlv_indexes
28817c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  VLV indexes ... OK"
28827c478bd9Sstevel@tonic-gate
28837c478bd9Sstevel@tonic-gate    # Check LDAP suffix
28847c478bd9Sstevel@tonic-gate    validate_suffix
28857c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP suffix ... OK"
28867c478bd9Sstevel@tonic-gate}
28877c478bd9Sstevel@tonic-gate
28887c478bd9Sstevel@tonic-gate#
28897c478bd9Sstevel@tonic-gate# format_string(): take a string as argument and set FMT_STR
28907c478bd9Sstevel@tonic-gate# to be the same string formatted as follow:
28917c478bd9Sstevel@tonic-gate# - only lower case characters
28927c478bd9Sstevel@tonic-gate# - no unnecessary spaces around , and =
28937c478bd9Sstevel@tonic-gate#
28947c478bd9Sstevel@tonic-gateformat_string()
28957c478bd9Sstevel@tonic-gate{
28967c478bd9Sstevel@tonic-gate    FMT_STR=`${ECHO} "$1" | tr '[A-Z]' '[a-z]' |
28977c478bd9Sstevel@tonic-gate	sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'`
28987c478bd9Sstevel@tonic-gate}
28997c478bd9Sstevel@tonic-gate
2900017e8b01Svl#
2901017e8b01Svl# prepare for the suffix entry creation
2902017e8b01Svl#
2903017e8b01Svl# input  : LDAP_BASEDN, LDAP_SUFFIX - base dn and suffix;
2904017e8b01Svl# in/out : LDAP_SUFFIX_OBJ, LDAP_SUFFIX_ACI - initially may come from config.
2905017e8b01Svl# output : NEED_CREATE_BACKEND - backend for this suffix needs to be created;
2906017e8b01Svl#          _RDN, _ATT, _VAL - suffix's RDN, id attribute name and its value.
2907017e8b01Svl# return : 0 - success, otherwise error.
2908017e8b01Svl#
2909017e8b01Svlprep_create_sfx_entry()
2910017e8b01Svl{
2911017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "In prep_create_sfx_entry()"
2912017e8b01Svl
2913017e8b01Svl    # check whether suffix corresponds to base dn
2914017e8b01Svl    format_string "${LDAP_BASEDN}"
2915017e8b01Svl    ${ECHO} ",${FMT_STR}" | ${GREP} ",${LDAP_SUFFIX}$" >/dev/null 2>&1 ||
2916017e8b01Svl    {
2917017e8b01Svl	display_msg sfx_not_suitable
2918017e8b01Svl	return 1
2919017e8b01Svl    }
2920017e8b01Svl
2921017e8b01Svl    # parse LDAP_SUFFIX
2922017e8b01Svl    _RDN=`${ECHO} "${LDAP_SUFFIX}" | cut -d, -f1`
2923017e8b01Svl    _ATT=`${ECHO} "${_RDN}" | cut -d= -f1`
2924017e8b01Svl    _VAL=`${ECHO} "${_RDN}" | cut -d= -f2-`
2925017e8b01Svl
2926017e8b01Svl    # find out an objectclass for suffix entry if it is not defined yet
2927017e8b01Svl    [ -z "${LDAP_SUFFIX_OBJ}" ] &&
2928017e8b01Svl    {
2929017e8b01Svl	get_objectclass ${_ATT}
2930017e8b01Svl	[ -z "${_ATTR_NAME}" ] &&
2931017e8b01Svl	{
2932017e8b01Svl		display_msg obj_not_found
2933017e8b01Svl		return 1
2934017e8b01Svl	}
2935017e8b01Svl	LDAP_SUFFIX_OBJ=${_ATTR_NAME}
2936017e8b01Svl    }
2937017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "Suffix entry object is ${LDAP_SUFFIX_OBJ}"
2938017e8b01Svl
2939017e8b01Svl    # find out an aci for suffix entry if it is not defined yet
2940017e8b01Svl    [ -z "${LDAP_SUFFIX_ACI}" ] &&
2941017e8b01Svl    {
2942017e8b01Svl	# set Directory Server default aci
2943017e8b01Svl	LDAP_SUFFIX_ACI=`cat <<EOF
2944017e8b01Svlaci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime
2945017e8b01Svl || passwordExpWarned || passwordRetryCount || retryCountResetTime ||
2946017e8b01Svl accountUnlockTime || passwordAllowChangeTime")
2947017e8b01Svl (
2948017e8b01Svl   version 3.0;
2949017e8b01Svl   acl "Anonymous access";
2950017e8b01Svl   allow (read, search, compare) userdn = "ldap:///anyone";
2951017e8b01Svl )
2952017e8b01Svlaci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit ||
2953017e8b01Svl nsTimeLimit || nsIdleTimeout || passwordPolicySubentry ||
2954017e8b01Svl passwordExpirationTime || passwordExpWarned || passwordRetryCount ||
2955017e8b01Svl retryCountResetTime || accountUnlockTime || passwordHistory ||
2956017e8b01Svl passwordAllowChangeTime")
2957017e8b01Svl (
2958017e8b01Svl   version 3.0;
2959017e8b01Svl   acl "Allow self entry modification except for some attributes";
2960017e8b01Svl   allow (write) userdn = "ldap:///self";
2961017e8b01Svl )
2962017e8b01Svlaci: (targetattr = "*")
2963017e8b01Svl (
2964017e8b01Svl   version 3.0;
2965017e8b01Svl   acl "Configuration Administrator";
2966017e8b01Svl   allow (all) userdn = "ldap:///uid=admin,ou=Administrators,
2967017e8b01Svl                         ou=TopologyManagement,o=NetscapeRoot";
2968017e8b01Svl )
2969017e8b01Svlaci: (targetattr ="*")
2970017e8b01Svl (
2971017e8b01Svl   version 3.0;
2972017e8b01Svl   acl "Configuration Administrators Group";
2973017e8b01Svl   allow (all) groupdn = "ldap:///cn=Configuration Administrators,
2974017e8b01Svl                          ou=Groups,ou=TopologyManagement,o=NetscapeRoot";
2975017e8b01Svl )
2976017e8b01SvlEOF
2977017e8b01Svl`
2978017e8b01Svl    }
2979017e8b01Svl    [ $DEBUG -eq 1 ] && cat <<EOF
2980017e8b01SvlDEBUG: ACI for ${LDAP_SUFFIX} is
2981017e8b01Svl${LDAP_SUFFIX_ACI}
2982017e8b01SvlEOF
2983017e8b01Svl
2984017e8b01Svl    NEED_CREATE_BACKEND=
2985017e8b01Svl
2986017e8b01Svl    # check the suffix mapping tree ...
2987017e8b01Svl    # if mapping exists, suffix should work, otherwise DS inconsistent
2988017e8b01Svl    # NOTE: -b 'cn=mapping tree,cn=config' -s one 'cn=\"$1\"' won't work
2989017e8b01Svl    #       in case of 'cn' value in LDAP is not quoted by '"',
2990017e8b01Svl    #       -b 'cn=\"$1\",cn=mapping tree,cn=config' works in all cases
2991017e8b01Svl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} \
2992017e8b01Svl	-b 'cn=\"${LDAP_SUFFIX}\",cn=mapping tree,cn=config' \
2993017e8b01Svl	-s base 'objectclass=*' dn ${VERB}" &&
2994017e8b01Svl    {
2995017e8b01Svl	[ $DEBUG -eq 1 ] && ${ECHO} "Suffix mapping already exists"
2996017e8b01Svl	# get_backend() either gets IDS_DATABASE or exits
2997017e8b01Svl	get_backend
2998017e8b01Svl	return 0
2999017e8b01Svl    }
3000017e8b01Svl
3001017e8b01Svl    # no suffix mapping, just in case check ldbm backends consistency -
3002017e8b01Svl    # there are must be NO any databases pointing to LDAP_SUFFIX
3003017e8b01Svl    [ -n "`${EVAL} \"${LDAPSEARCH} ${LDAP_ARGS} \
3004017e8b01Svl	-b 'cn=ldbm database,cn=plugins,cn=config' \
3005017e8b01Svl	-s one 'nsslapd-suffix=${LDAP_SUFFIX}' dn\" 2>/dev/null`" ] &&
3006017e8b01Svl    {
3007017e8b01Svl	display_msg sfx_config_incons
3008017e8b01Svl	return 1
3009017e8b01Svl    }
3010017e8b01Svl
3011017e8b01Svl    # ok, no suffix mapping, no ldbm database
3012017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "DEBUG: backend needs to be created ..."
3013017e8b01Svl    NEED_CREATE_BACKEND=1
3014017e8b01Svl    return 0
3015017e8b01Svl}
3016017e8b01Svl
3017017e8b01Svl#
3018017e8b01Svl# prepare for the suffix backend creation
3019017e8b01Svl#
3020017e8b01Svl# input  : IDS_DATABASE - requested ldbm db name (must be not null)
3021017e8b01Svl# in/out : IDS_DATABASE_AVAIL - available ldbm db name
3022017e8b01Svl# return : 0 - ldbm db name ok
3023017e8b01Svl#          1 - IDS_DATABASE exists,
3024017e8b01Svl#              so IDS_DATABASE_AVAIL contains available name
3025017e8b01Svl#          2 - unable to find any available name
3026017e8b01Svl#
3027017e8b01Svlprep_create_sfx_backend()
3028017e8b01Svl{
3029017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "In prep_create_sfx_backend()"
3030017e8b01Svl
3031017e8b01Svl    # check if requested name available
3032017e8b01Svl    [ "${IDS_DATABASE}" = "${IDS_DATABASE_AVAIL}" ] && return 0
3033017e8b01Svl
3034017e8b01Svl    # get the list of database names start with a requested name
3035017e8b01Svl    _LDBM_DBS=`${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} \
3036017e8b01Svl	-b 'cn=ldbm database,cn=plugins,cn=config' \
3037017e8b01Svl	-s one 'cn=${IDS_DATABASE}*' cn"` 2>/dev/null
3038017e8b01Svl
3039017e8b01Svl    # find available db name based on a requested name
3040017e8b01Svl    _i=""; _i_MAX=10
3041017e8b01Svl    while [ ${_i:-0} -lt ${_i_MAX} ]
3042017e8b01Svl    do
3043017e8b01Svl	_name="${IDS_DATABASE}${_i}"
3044017e8b01Svl	${ECHO} "${_LDBM_DBS}" | ${GREP} -i "^cn=${_name}$" >/dev/null 2>&1 ||
3045017e8b01Svl	{
3046017e8b01Svl		IDS_DATABASE_AVAIL="${_name}"
3047017e8b01Svl		break
3048017e8b01Svl	}
3049017e8b01Svl	_i=`expr ${_i:-0} + 1`
3050017e8b01Svl    done
3051017e8b01Svl
3052017e8b01Svl    [ "${IDS_DATABASE}" = "${IDS_DATABASE_AVAIL}" ] && return 0
3053017e8b01Svl
3054017e8b01Svl    [ -n "${IDS_DATABASE_AVAIL}" ] &&
3055017e8b01Svl    {
3056017e8b01Svl	display_msg ldbm_db_exist
3057017e8b01Svl	return 1
3058017e8b01Svl    }
3059017e8b01Svl
3060017e8b01Svl    display_msg unable_find_db_name
3061017e8b01Svl    return 2
3062017e8b01Svl}
3063017e8b01Svl
3064017e8b01Svl#
3065017e8b01Svl# add suffix if needed,
3066017e8b01Svl#     suffix entry and backend MUST be prepared by
3067017e8b01Svl#     prep_create_sfx_entry and prep_create_sfx_backend correspondingly
3068017e8b01Svl#
3069017e8b01Svl# input  : NEED_CREATE_SUFFIX, LDAP_SUFFIX, LDAP_SUFFIX_OBJ, _ATT, _VAL
3070017e8b01Svl#          LDAP_SUFFIX_ACI, NEED_CREATE_BACKEND, IDS_DATABASE
3071017e8b01Svl# return : 0 - suffix successfully created, otherwise error occured
3072017e8b01Svl#
3073017e8b01Svladd_suffix()
3074017e8b01Svl{
3075017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "In add_suffix()"
3076017e8b01Svl
3077017e8b01Svl    [ -n "${NEED_CREATE_SUFFIX}" ] || return 0
3078017e8b01Svl
3079017e8b01Svl    [ -n "${NEED_CREATE_BACKEND}" ] &&
3080017e8b01Svl    {
3081017e8b01Svl	${EVAL} "${LDAPADD} ${LDAP_ARGS} ${VERB}" <<EOF
3082017e8b01Svldn: cn="${LDAP_SUFFIX}",cn=mapping tree,cn=config
3083017e8b01Svlobjectclass: top
3084017e8b01Svlobjectclass: extensibleObject
3085017e8b01Svlobjectclass: nsMappingTree
3086017e8b01Svlcn: ${LDAP_SUFFIX}
3087017e8b01Svlnsslapd-state: backend
3088017e8b01Svlnsslapd-backend: ${IDS_DATABASE}
3089017e8b01Svl
3090017e8b01Svldn: cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config
3091017e8b01Svlobjectclass: top
3092017e8b01Svlobjectclass: extensibleObject
3093017e8b01Svlobjectclass: nsBackendInstance
3094017e8b01Svlcn: ${IDS_DATABASE}
3095017e8b01Svlnsslapd-suffix: ${LDAP_SUFFIX}
3096017e8b01SvlEOF
3097017e8b01Svl	[ $? -ne 0 ] &&
3098017e8b01Svl	{
3099017e8b01Svl		display_msg create_ldbm_db_error
3100017e8b01Svl		return 1
3101017e8b01Svl	}
3102017e8b01Svl
3103017e8b01Svl	${ECHO} "  ${STEP}. Database ${IDS_DATABASE} successfully created"
3104017e8b01Svl	STEP=`expr $STEP + 1`
3105017e8b01Svl    }
3106017e8b01Svl
3107017e8b01Svl    ${EVAL} "${LDAPADD} ${LDAP_ARGS} ${VERB}" <<EOF
3108017e8b01Svldn: ${LDAP_SUFFIX}
3109017e8b01Svlobjectclass: ${LDAP_SUFFIX_OBJ}
3110017e8b01Svl${_ATT}: ${_VAL}
3111017e8b01Svl${LDAP_SUFFIX_ACI}
3112017e8b01SvlEOF
3113017e8b01Svl    [ $? -ne 0 ] &&
3114017e8b01Svl    {
3115017e8b01Svl	display_msg create_suffix_entry_error
3116017e8b01Svl	return 1
3117017e8b01Svl    }
3118017e8b01Svl
3119017e8b01Svl    ${ECHO} "  ${STEP}. Suffix ${LDAP_SUFFIX} successfully created"
3120017e8b01Svl    STEP=`expr $STEP + 1`
3121017e8b01Svl    return 0
3122017e8b01Svl}
3123017e8b01Svl
3124017e8b01Svl#
3125017e8b01Svl# interactively get suffix and related info from a user
3126017e8b01Svl#
3127017e8b01Svl# input  : LDAP_BASEDN - Base DN
3128017e8b01Svl# output : LDAP_SUFFIX - Suffix, _ATT, _VAL - id attribute and its value;
3129017e8b01Svl#          LDAP_SUFFIX_OBJ, LDAP_SUFFIX_ACI - objectclass and aci;
3130017e8b01Svl#          NEED_CREATE_BACKEND - tells whether backend needs to be created;
3131017e8b01Svl#          IDS_DATABASE - prepared ldbm db name
3132017e8b01Svl# return : 0 - user gave a correct suffix
3133017e8b01Svl#          1 - suffix given by user cann't be created
3134017e8b01Svl#
3135017e8b01Svlget_suffix()
3136017e8b01Svl{
3137017e8b01Svl    [ $DEBUG -eq 1 ] && ${ECHO} "In get_suffix()"
3138017e8b01Svl
3139017e8b01Svl    while :
3140017e8b01Svl    do
3141017e8b01Svl	get_ans "Enter suffix to be created (b=back/h=help):" ${LDAP_BASEDN}
3142017e8b01Svl	case "${ANS}" in
3143017e8b01Svl	[Hh] | Help | help | \? ) display_msg create_suffix_help ;;
3144017e8b01Svl	[Bb] | Back | back | \< ) return 1 ;;
3145017e8b01Svl	* )
3146017e8b01Svl		format_string "${ANS}"
3147017e8b01Svl		LDAP_SUFFIX=${FMT_STR}
3148017e8b01Svl		prep_create_sfx_entry || continue
3149017e8b01Svl
3150017e8b01Svl		[ -n "${NEED_CREATE_BACKEND}" ] &&
3151017e8b01Svl		{
3152017e8b01Svl		    IDS_DATABASE_AVAIL= # reset the available db name
3153017e8b01Svl
3154017e8b01Svl		    reenter_suffix=
3155017e8b01Svl		    while :
3156017e8b01Svl		    do
3157017e8b01Svl			get_ans "Enter ldbm database name (b=back/h=help):" \
3158017e8b01Svl				${IDS_DATABASE_AVAIL:-${_VAL}}
3159017e8b01Svl			case "${ANS}" in
3160017e8b01Svl			[Hh] | \? ) display_msg enter_ldbm_db_help ;;
3161017e8b01Svl			[Bb] | \< ) reenter_suffix=1; break ;;
3162017e8b01Svl			* )
3163017e8b01Svl				IDS_DATABASE="${ANS}"
3164017e8b01Svl				prep_create_sfx_backend && break
3165017e8b01Svl			esac
3166017e8b01Svl		    done
3167017e8b01Svl		    [ -n "${reenter_suffix}" ] && continue
3168017e8b01Svl
3169017e8b01Svl		    [ $DEBUG -eq 1 ] && cat <<EOF
3170017e8b01SvlDEBUG: backend name for suffix ${LDAP_SUFFIX} will be ${IDS_DATABASE}
3171017e8b01SvlEOF
3172017e8b01Svl		}
3173017e8b01Svl
3174017e8b01Svl		# eventually everything is prepared
3175017e8b01Svl		return 0
3176017e8b01Svl		;;
3177017e8b01Svl	esac
3178017e8b01Svl    done
3179017e8b01Svl}
3180017e8b01Svl
3181017e8b01Svl#
3182017e8b01Svl# print out a script which sets LDAP suffix related preferences
3183017e8b01Svl#
3184017e8b01Svlprint_suffix_config()
3185017e8b01Svl{
3186017e8b01Svl    cat <<EOF2
3187017e8b01Svl# LDAP suffix related preferences used only if needed
3188017e8b01SvlIDS_DATABASE="${IDS_DATABASE}" 
3189017e8b01SvlLDAP_SUFFIX_OBJ="$LDAP_SUFFIX_OBJ"
3190017e8b01SvlLDAP_SUFFIX_ACI=\`cat <<EOF
3191017e8b01Svl${LDAP_SUFFIX_ACI}
3192017e8b01SvlEOF
3193017e8b01Svl\`
3194017e8b01Svlexport IDS_DATABASE LDAP_SUFFIX_OBJ LDAP_SUFFIX_ACI
3195017e8b01SvlEOF2
3196017e8b01Svl}
3197017e8b01Svl
31987c478bd9Sstevel@tonic-gate#
31997c478bd9Sstevel@tonic-gate# check_basedn_suffix(): check that there is an existing
32007c478bd9Sstevel@tonic-gate# valid suffix to hold current base DN
32017c478bd9Sstevel@tonic-gate# return:
3202017e8b01Svl#   0: valid suffix found or new one should be created,
3203017e8b01Svl#      NEED_CREATE_SUFFIX flag actually indicates that
3204017e8b01Svl#   1: some error occures
32057c478bd9Sstevel@tonic-gate#
32067c478bd9Sstevel@tonic-gatecheck_basedn_suffix()
32077c478bd9Sstevel@tonic-gate{
32087c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In check_basedn_suffix()"
32097c478bd9Sstevel@tonic-gate
3210017e8b01Svl    NEED_CREATE_SUFFIX=
3211017e8b01Svl
32127c478bd9Sstevel@tonic-gate    # find out existing suffixes
32137c478bd9Sstevel@tonic-gate    discover_serv_suffix
32147c478bd9Sstevel@tonic-gate
32157c478bd9Sstevel@tonic-gate    ${ECHO} "  Validating LDAP Base DN and Suffix ..."
32167c478bd9Sstevel@tonic-gate
32177c478bd9Sstevel@tonic-gate    # check that LDAP Base DN might be added
32187c478bd9Sstevel@tonic-gate    cur_ldap_entry=${LDAP_BASEDN}
32197c478bd9Sstevel@tonic-gate    prev_ldap_entry=
32207c478bd9Sstevel@tonic-gate    while [ "${cur_ldap_entry}" != "${prev_ldap_entry}" ]
32217c478bd9Sstevel@tonic-gate    do
32227c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "testing LDAP entry: ${cur_ldap_entry}"
32237c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "${cur_ldap_entry}" \
32247c478bd9Sstevel@tonic-gate		-s one "objectclass=*" > /dev/null 2>&1
32257c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
32267c478bd9Sstevel@tonic-gate	    break
32277c478bd9Sstevel@tonic-gate	else
32287c478bd9Sstevel@tonic-gate	    prev_ldap_entry=${cur_ldap_entry}
32297c478bd9Sstevel@tonic-gate	    cur_ldap_entry=`${ECHO} ${cur_ldap_entry} | cut -f2- -d','`
32307c478bd9Sstevel@tonic-gate	fi
32317c478bd9Sstevel@tonic-gate    done
32327c478bd9Sstevel@tonic-gate
32337c478bd9Sstevel@tonic-gate    if [ "${cur_ldap_entry}" = "${prev_ldap_entry}" ]; then
3234017e8b01Svl	${ECHO} "  No valid suffixes were found for Base DN ${LDAP_BASEDN}"
3235017e8b01Svl
3236017e8b01Svl	NEED_CREATE_SUFFIX=1
3237017e8b01Svl	return 0
3238017e8b01Svl
32397c478bd9Sstevel@tonic-gate    else
32407c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "found valid LDAP entry: ${cur_ldap_entry}"
32417c478bd9Sstevel@tonic-gate
32427c478bd9Sstevel@tonic-gate	# Now looking for relevant suffix for this entry.
32437c478bd9Sstevel@tonic-gate	# LDAP_SUFFIX will then be used to add necessary
32447c478bd9Sstevel@tonic-gate	# base objects. See add_base_objects().
32457c478bd9Sstevel@tonic-gate	format_string "${cur_ldap_entry}"
32467c478bd9Sstevel@tonic-gate	lower_entry="${FMT_STR}"
32477c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "final suffix list: ${LDAP_SUFFIX_LIST}"
32487c478bd9Sstevel@tonic-gate	oIFS=$IFS
32497c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to new line"
32507c478bd9Sstevel@tonic-gate	IFS='
32517c478bd9Sstevel@tonic-gate'
32527c478bd9Sstevel@tonic-gate	for suff in ${LDAP_SUFFIX_LIST}
32537c478bd9Sstevel@tonic-gate	do
32547c478bd9Sstevel@tonic-gate	    [ $DEBUG -eq 1 ] && ${ECHO} "testing suffix: ${suff}"
32557c478bd9Sstevel@tonic-gate	    format_string "${suff}"
32567c478bd9Sstevel@tonic-gate	    lower_suff="${FMT_STR}"
32577c478bd9Sstevel@tonic-gate	    if [ "${lower_entry}" = "${lower_suff}" ]; then
32587c478bd9Sstevel@tonic-gate		LDAP_SUFFIX="${suff}"
32597c478bd9Sstevel@tonic-gate		break
32607c478bd9Sstevel@tonic-gate	    else
32617c478bd9Sstevel@tonic-gate		dcstmp=`basename "${lower_entry}" "${lower_suff}"`
32627c478bd9Sstevel@tonic-gate		if [ "${dcstmp}" = "${lower_entry}" ]; then
32637c478bd9Sstevel@tonic-gate		    # invalid suffix, try next one
32647c478bd9Sstevel@tonic-gate		    continue
32657c478bd9Sstevel@tonic-gate		else
32667c478bd9Sstevel@tonic-gate		    # valid suffix found
32677c478bd9Sstevel@tonic-gate		    LDAP_SUFFIX="${suff}"
32687c478bd9Sstevel@tonic-gate		    break
32697c478bd9Sstevel@tonic-gate		fi
32707c478bd9Sstevel@tonic-gate	    fi
32717c478bd9Sstevel@tonic-gate	done
32727c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "setting IFS to original value"
32737c478bd9Sstevel@tonic-gate	IFS=$oIFS
32747c478bd9Sstevel@tonic-gate
32757c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "LDAP_SUFFIX: ${LDAP_SUFFIX}"
32767c478bd9Sstevel@tonic-gate
32777c478bd9Sstevel@tonic-gate	if [ -z "${LDAP_SUFFIX}" ]; then
32787c478bd9Sstevel@tonic-gate	    # should not happen, since we found the entry
32797c478bd9Sstevel@tonic-gate	    ${ECHO} "Could not find a valid suffix for ${LDAP_BASEDN}."
32807c478bd9Sstevel@tonic-gate	    ${ECHO} "Exiting."
32817c478bd9Sstevel@tonic-gate	    return 1
32827c478bd9Sstevel@tonic-gate	fi
32837c478bd9Sstevel@tonic-gate
32847c478bd9Sstevel@tonic-gate	# Getting relevant database (backend)
32857c478bd9Sstevel@tonic-gate	# IDS_DATABASE will then be used to create indexes.
32867c478bd9Sstevel@tonic-gate	get_backend
32877c478bd9Sstevel@tonic-gate
32887c478bd9Sstevel@tonic-gate	return 0
32897c478bd9Sstevel@tonic-gate    fi
32907c478bd9Sstevel@tonic-gate}
32917c478bd9Sstevel@tonic-gate
32927c478bd9Sstevel@tonic-gate#
32937c478bd9Sstevel@tonic-gate# discover_serv_suffix(): This function queries the server to find
32947c478bd9Sstevel@tonic-gate#    suffixes available
32957c478bd9Sstevel@tonic-gate#  return: 0: OK, suffix found
32967c478bd9Sstevel@tonic-gate#          1: suffix not determined
32977c478bd9Sstevel@tonic-gatediscover_serv_suffix()
32987c478bd9Sstevel@tonic-gate{
32997c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In discover_serv_suffix()"
33007c478bd9Sstevel@tonic-gate
33017c478bd9Sstevel@tonic-gate    # Search the server for the TOP of the TREE.
33027c478bd9Sstevel@tonic-gate    ${LDAPSEARCH} ${SERVER_ARGS} -b "" -s base "objectclass=*" > ${TMPDIR}/checkTOP 2>&1
33037c478bd9Sstevel@tonic-gate    ${GREP} -i namingcontexts ${TMPDIR}/checkTOP | \
33047c478bd9Sstevel@tonic-gate	${GREP} -i -v NetscapeRoot > ${TMPDIR}/treeTOP
33057c478bd9Sstevel@tonic-gate    NUM_TOP=`wc -l ${TMPDIR}/treeTOP | awk '{print $1}'`
33067c478bd9Sstevel@tonic-gate    case $NUM_TOP in
33077c478bd9Sstevel@tonic-gate	0)
3308017e8b01Svl	    [ $DEBUG -eq 1 ] && ${ECHO} "DEBUG: No suffix found in LDAP tree"
33097c478bd9Sstevel@tonic-gate	    return 1
33107c478bd9Sstevel@tonic-gate	    ;;
33117c478bd9Sstevel@tonic-gate	*)  # build the list of suffixes; take out 'namingContexts=' in
33127c478bd9Sstevel@tonic-gate	    # each line of ${TMPDIR}/treeTOP
33137c478bd9Sstevel@tonic-gate	    LDAP_SUFFIX_LIST=`cat ${TMPDIR}/treeTOP |
33147c478bd9Sstevel@tonic-gate		awk '{ printf("%s\n",substr($0,16,length-15)) }'`
33157c478bd9Sstevel@tonic-gate	    ;;
33167c478bd9Sstevel@tonic-gate    esac
33177c478bd9Sstevel@tonic-gate
33187c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "  LDAP_SUFFIX_LIST = $LDAP_SUFFIX_LIST"
33197c478bd9Sstevel@tonic-gate    return 0
33207c478bd9Sstevel@tonic-gate}
33217c478bd9Sstevel@tonic-gate
33227c478bd9Sstevel@tonic-gate
33237c478bd9Sstevel@tonic-gate#
33247c478bd9Sstevel@tonic-gate# modify_cn(): Change the cn from MUST to MAY in ipNetwork.
33257c478bd9Sstevel@tonic-gate#
33267c478bd9Sstevel@tonic-gatemodify_cn()
33277c478bd9Sstevel@tonic-gate{
33287c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_cn()"
33297c478bd9Sstevel@tonic-gate
33307c478bd9Sstevel@tonic-gate    ( cat <<EOF
33317c478bd9Sstevel@tonic-gatedn: cn=schema
33327c478bd9Sstevel@tonic-gatechangetype: modify
33337c478bd9Sstevel@tonic-gateadd: objectclasses
33347c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( ipNetworkNumber ) MAY ( ipNetmaskNumber $ manager $ cn $ l $ description ) X-ORIGIN 'RFC 2307' ))
33357c478bd9Sstevel@tonic-gateEOF
33367c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ipNetwork_cn
33377c478bd9Sstevel@tonic-gate
33387c478bd9Sstevel@tonic-gate    # Modify the cn for ipNetwork.
33397c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ipNetwork_cn ${VERB}"
33407c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
33417c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of cn for ipNetwork failed!"
33427c478bd9Sstevel@tonic-gate	cleanup
33437c478bd9Sstevel@tonic-gate	exit 1
33447c478bd9Sstevel@tonic-gate    fi
33457c478bd9Sstevel@tonic-gate}
33467c478bd9Sstevel@tonic-gate
33477c478bd9Sstevel@tonic-gate
33487c478bd9Sstevel@tonic-gate# modify_timelimit(): Modify timelimit to user value.
33497c478bd9Sstevel@tonic-gatemodify_timelimit()
33507c478bd9Sstevel@tonic-gate{
33517c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_timelimit()"
33527c478bd9Sstevel@tonic-gate
33537c478bd9Sstevel@tonic-gate    # Here doc to modify timelimit.
33547c478bd9Sstevel@tonic-gate    ( cat <<EOF
33557c478bd9Sstevel@tonic-gatedn: cn=config
33567c478bd9Sstevel@tonic-gatechangetype: modify
33577c478bd9Sstevel@tonic-gatereplace: nsslapd-timelimit
33587c478bd9Sstevel@tonic-gatensslapd-timelimit: ${IDS_TIMELIMIT}
33597c478bd9Sstevel@tonic-gateEOF
33607c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_timelimit
33617c478bd9Sstevel@tonic-gate
33627c478bd9Sstevel@tonic-gate    # Add the entry.
33637c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_timelimit ${VERB}"
33647c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
33657c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of nsslapd-timelimit failed!"
33667c478bd9Sstevel@tonic-gate	cleanup
33677c478bd9Sstevel@tonic-gate	exit 1
33687c478bd9Sstevel@tonic-gate    fi
33697c478bd9Sstevel@tonic-gate
33707c478bd9Sstevel@tonic-gate    # Display messages for modifications made in patch.
33717c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Changed timelimit to ${IDS_TIMELIMIT} in cn=config."
33727c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
33737c478bd9Sstevel@tonic-gate}
33747c478bd9Sstevel@tonic-gate
33757c478bd9Sstevel@tonic-gate
33767c478bd9Sstevel@tonic-gate# modify_sizelimit(): Modify sizelimit to user value.
33777c478bd9Sstevel@tonic-gatemodify_sizelimit()
33787c478bd9Sstevel@tonic-gate{
33797c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_sizelimit()"
33807c478bd9Sstevel@tonic-gate
33817c478bd9Sstevel@tonic-gate    # Here doc to modify sizelimit.
33827c478bd9Sstevel@tonic-gate    ( cat <<EOF
33837c478bd9Sstevel@tonic-gatedn: cn=config
33847c478bd9Sstevel@tonic-gatechangetype: modify
33857c478bd9Sstevel@tonic-gatereplace: nsslapd-sizelimit
33867c478bd9Sstevel@tonic-gatensslapd-sizelimit: ${IDS_SIZELIMIT}
33877c478bd9Sstevel@tonic-gateEOF
33887c478bd9Sstevel@tonic-gate) > ${TMPDIR}/ids_sizelimit
33897c478bd9Sstevel@tonic-gate
33907c478bd9Sstevel@tonic-gate    # Add the entry.
33917c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_sizelimit ${VERB}"
33927c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
33937c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of nsslapd-sizelimit failed!"
33947c478bd9Sstevel@tonic-gate	cleanup
33957c478bd9Sstevel@tonic-gate	exit 1
33967c478bd9Sstevel@tonic-gate    fi
33977c478bd9Sstevel@tonic-gate
33987c478bd9Sstevel@tonic-gate    # Display messages for modifications made in patch.
33997c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Changed sizelimit to ${IDS_SIZELIMIT} in cn=config."
34007c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
34017c478bd9Sstevel@tonic-gate}
34027c478bd9Sstevel@tonic-gate
34037c478bd9Sstevel@tonic-gate
34047c478bd9Sstevel@tonic-gate# modify_pwd_crypt(): Modify the passwd storage scheme to support CRYPT.
34057c478bd9Sstevel@tonic-gatemodify_pwd_crypt()
34067c478bd9Sstevel@tonic-gate{
34077c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_pwd_crypt()"
34087c478bd9Sstevel@tonic-gate
34097c478bd9Sstevel@tonic-gate    # Here doc to modify passwordstoragescheme.
34107c478bd9Sstevel@tonic-gate    # IDS 5.2 moved passwordchangesceme off to a new data structure.
34117c478bd9Sstevel@tonic-gate    if [ $IDS_MAJVER -le 5 ] && [ $IDS_MINVER -le 1 ]; then
34127c478bd9Sstevel@tonic-gate	( cat <<EOF
34137c478bd9Sstevel@tonic-gatedn: cn=config
34147c478bd9Sstevel@tonic-gatechangetype: modify
34157c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme
34167c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt
34177c478bd9Sstevel@tonic-gateEOF
34187c478bd9Sstevel@tonic-gate	) > ${TMPDIR}/ids_crypt
34197c478bd9Sstevel@tonic-gate    else
34207c478bd9Sstevel@tonic-gate	( cat <<EOF
34217c478bd9Sstevel@tonic-gatedn: cn=Password Policy,cn=config
34227c478bd9Sstevel@tonic-gatechangetype: modify
34237c478bd9Sstevel@tonic-gatereplace: passwordstoragescheme
34247c478bd9Sstevel@tonic-gatepasswordstoragescheme: crypt
34257c478bd9Sstevel@tonic-gateEOF
34267c478bd9Sstevel@tonic-gate	) > ${TMPDIR}/ids_crypt
34277c478bd9Sstevel@tonic-gate    fi
34287c478bd9Sstevel@tonic-gate
34297c478bd9Sstevel@tonic-gate    # Add the entry.
34307c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/ids_crypt ${VERB}"
34317c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
34327c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of passwordstoragescheme failed!"
34337c478bd9Sstevel@tonic-gate	cleanup
34347c478bd9Sstevel@tonic-gate	exit 1
34357c478bd9Sstevel@tonic-gate    fi
34367c478bd9Sstevel@tonic-gate
34377c478bd9Sstevel@tonic-gate    # Display messages for modifications made in patch.
34387c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Changed passwordstoragescheme to \"crypt\" in cn=config."
34397c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
34407c478bd9Sstevel@tonic-gate}
34417c478bd9Sstevel@tonic-gate
34427c478bd9Sstevel@tonic-gate
34437c478bd9Sstevel@tonic-gate#
34447c478bd9Sstevel@tonic-gate# add_eq_indexes(): Add indexes to improve search performance.
34457c478bd9Sstevel@tonic-gate#
34467c478bd9Sstevel@tonic-gateadd_eq_indexes()
34477c478bd9Sstevel@tonic-gate{
34487c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_eq_indexes()"
34497c478bd9Sstevel@tonic-gate
34507c478bd9Sstevel@tonic-gate    # Set eq indexes to add.
34517c478bd9Sstevel@tonic-gate    _INDEXES="uidNumber ipNetworkNumber gidnumber oncrpcnumber automountKey"
34527c478bd9Sstevel@tonic-gate
3453*cb5caa98Sdjl    if [ -z "${IDS_DATABASE}" ]; then
3454*cb5caa98Sdjl	get_backend
3455*cb5caa98Sdjl    fi
34567c478bd9Sstevel@tonic-gate    # Set _EXT to use as shortcut.
34577c478bd9Sstevel@tonic-gate    _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config"
34587c478bd9Sstevel@tonic-gate
34597c478bd9Sstevel@tonic-gate
34607c478bd9Sstevel@tonic-gate    # Display message to id current step.
34617c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Processing eq,pres indexes:"
34627c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
34637c478bd9Sstevel@tonic-gate
34647c478bd9Sstevel@tonic-gate    # For loop to create indexes.
34657c478bd9Sstevel@tonic-gate    for i in ${_INDEXES}; do
34667c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  Adding index for ${i}"
34677c478bd9Sstevel@tonic-gate
34687c478bd9Sstevel@tonic-gate	# Check if entry exists first, if so, skip to next.
34697c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1
34707c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
34717c478bd9Sstevel@tonic-gate	    # Display index skipped.
34727c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres) skipped already exists"
34737c478bd9Sstevel@tonic-gate	    continue
34747c478bd9Sstevel@tonic-gate	fi
34757c478bd9Sstevel@tonic-gate
34767c478bd9Sstevel@tonic-gate	# Here doc to create LDIF.
34777c478bd9Sstevel@tonic-gate	( cat <<EOF
34787c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT}
34797c478bd9Sstevel@tonic-gateobjectClass: top
34807c478bd9Sstevel@tonic-gateobjectClass: nsIndex
34817c478bd9Sstevel@tonic-gatecn: ${i}
34827c478bd9Sstevel@tonic-gatensSystemIndex: false
34837c478bd9Sstevel@tonic-gatensIndexType: pres
34847c478bd9Sstevel@tonic-gatensIndexType: eq
34857c478bd9Sstevel@tonic-gateEOF
34867c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i}
34877c478bd9Sstevel@tonic-gate
34887c478bd9Sstevel@tonic-gate	# Add the index.
34897c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}"
34907c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
34917c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding EQ,PRES index for ${i} failed!"
34927c478bd9Sstevel@tonic-gate	    cleanup
34937c478bd9Sstevel@tonic-gate	    exit 1
34947c478bd9Sstevel@tonic-gate	fi
34957c478bd9Sstevel@tonic-gate
34967c478bd9Sstevel@tonic-gate	# Build date for task name.
34977c478bd9Sstevel@tonic-gate	_YR=`date '+%y'`
34987c478bd9Sstevel@tonic-gate	_MN=`date '+%m'`
34997c478bd9Sstevel@tonic-gate	_DY=`date '+%d'`
35007c478bd9Sstevel@tonic-gate	_H=`date '+%H'`
35017c478bd9Sstevel@tonic-gate	_M=`date '+%M'`
35027c478bd9Sstevel@tonic-gate	_S=`date '+%S'`
35037c478bd9Sstevel@tonic-gate
35047c478bd9Sstevel@tonic-gate	# Build task name
35057c478bd9Sstevel@tonic-gate	TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}"
35067c478bd9Sstevel@tonic-gate
35077c478bd9Sstevel@tonic-gate	# Build the task entry to add.
35087c478bd9Sstevel@tonic-gate	( cat <<EOF
35097c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config
35107c478bd9Sstevel@tonic-gatechangetype: add
35117c478bd9Sstevel@tonic-gateobjectclass: top
35127c478bd9Sstevel@tonic-gateobjectclass: extensibleObject
35137c478bd9Sstevel@tonic-gatecn: ${TASKNAME}
35147c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE}
35157c478bd9Sstevel@tonic-gatensIndexAttribute: ${i}
35167c478bd9Sstevel@tonic-gateEOF
35177c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i}
35187c478bd9Sstevel@tonic-gate
35197c478bd9Sstevel@tonic-gate	# Add the task.
35207c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}"
35217c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
35227c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding task for ${i} failed!"
35237c478bd9Sstevel@tonic-gate	    cleanup
35247c478bd9Sstevel@tonic-gate	    exit 1
35257c478bd9Sstevel@tonic-gate	fi
35267c478bd9Sstevel@tonic-gate
35277c478bd9Sstevel@tonic-gate	# Wait for task to finish, display current status.
35287c478bd9Sstevel@tonic-gate	while :
35297c478bd9Sstevel@tonic-gate	do
35307c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1"
35317c478bd9Sstevel@tonic-gate	    ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1
35327c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
35337c478bd9Sstevel@tonic-gate		break
35347c478bd9Sstevel@tonic-gate	    fi
35357c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}"
35367c478bd9Sstevel@tonic-gate	    TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}`
35377c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres)  $TASK_STATUS                  \r\c"
35387c478bd9Sstevel@tonic-gate	    ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1
35397c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
35407c478bd9Sstevel@tonic-gate		break
35417c478bd9Sstevel@tonic-gate	    fi
35427c478bd9Sstevel@tonic-gate	    sleep 2
35437c478bd9Sstevel@tonic-gate	done
35447c478bd9Sstevel@tonic-gate
35457c478bd9Sstevel@tonic-gate	# Print newline because of \c.
35467c478bd9Sstevel@tonic-gate	${ECHO} " "
35477c478bd9Sstevel@tonic-gate    done
35487c478bd9Sstevel@tonic-gate}
35497c478bd9Sstevel@tonic-gate
35507c478bd9Sstevel@tonic-gate
35517c478bd9Sstevel@tonic-gate#
35527c478bd9Sstevel@tonic-gate# add_sub_indexes(): Add indexes to improve search performance.
35537c478bd9Sstevel@tonic-gate#
35547c478bd9Sstevel@tonic-gateadd_sub_indexes()
35557c478bd9Sstevel@tonic-gate{
35567c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_sub_indexes()"
35577c478bd9Sstevel@tonic-gate
35587c478bd9Sstevel@tonic-gate    # Set eq indexes to add.
35597c478bd9Sstevel@tonic-gate    _INDEXES="ipHostNumber membernisnetgroup nisnetgrouptriple"
35607c478bd9Sstevel@tonic-gate
35617c478bd9Sstevel@tonic-gate    # Set _EXT to use as shortcut.
35627c478bd9Sstevel@tonic-gate    _EXT="cn=index,cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config"
35637c478bd9Sstevel@tonic-gate
35647c478bd9Sstevel@tonic-gate
35657c478bd9Sstevel@tonic-gate    # Display message to id current step.
35667c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Processing eq,pres,sub indexes:"
35677c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
35687c478bd9Sstevel@tonic-gate
35697c478bd9Sstevel@tonic-gate    # For loop to create indexes.
35707c478bd9Sstevel@tonic-gate    for i in ${_INDEXES}; do
35717c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  Adding index for ${i}"
35727c478bd9Sstevel@tonic-gate
35737c478bd9Sstevel@tonic-gate	# Check if entry exists first, if so, skip to next.
35747c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_EXT}" -s base "objectclass=*" > /dev/null 2>&1
35757c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
35767c478bd9Sstevel@tonic-gate	    # Display index skipped.
35777c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres,sub) skipped already exists"
35787c478bd9Sstevel@tonic-gate	    continue
35797c478bd9Sstevel@tonic-gate	fi
35807c478bd9Sstevel@tonic-gate
35817c478bd9Sstevel@tonic-gate	# Here doc to create LDIF.
35827c478bd9Sstevel@tonic-gate	( cat <<EOF
35837c478bd9Sstevel@tonic-gatedn: cn=${i},${_EXT}
35847c478bd9Sstevel@tonic-gateobjectClass: top
35857c478bd9Sstevel@tonic-gateobjectClass: nsIndex
35867c478bd9Sstevel@tonic-gatecn: ${i}
35877c478bd9Sstevel@tonic-gatensSystemIndex: false
35887c478bd9Sstevel@tonic-gatensIndexType: pres
35897c478bd9Sstevel@tonic-gatensIndexType: eq
35907c478bd9Sstevel@tonic-gatensIndexType: sub
35917c478bd9Sstevel@tonic-gateEOF
35927c478bd9Sstevel@tonic-gate) > ${TMPDIR}/index_${i}
35937c478bd9Sstevel@tonic-gate
35947c478bd9Sstevel@tonic-gate	# Add the index.
35957c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/index_${i} ${VERB}"
35967c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
35977c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding EQ,PRES,SUB index for ${i} failed!"
35987c478bd9Sstevel@tonic-gate	    cleanup
35997c478bd9Sstevel@tonic-gate	    exit 1
36007c478bd9Sstevel@tonic-gate	fi
36017c478bd9Sstevel@tonic-gate
36027c478bd9Sstevel@tonic-gate	# Build date for task name.
36037c478bd9Sstevel@tonic-gate	_YR=`date '+%y'`
36047c478bd9Sstevel@tonic-gate	_MN=`date '+%m'`
36057c478bd9Sstevel@tonic-gate	_DY=`date '+%d'`
36067c478bd9Sstevel@tonic-gate	_H=`date '+%H'`
36077c478bd9Sstevel@tonic-gate	_M=`date '+%M'`
36087c478bd9Sstevel@tonic-gate	_S=`date '+%S'`
36097c478bd9Sstevel@tonic-gate
36107c478bd9Sstevel@tonic-gate	# Build task name
36117c478bd9Sstevel@tonic-gate	TASKNAME="${i}_${_YR}_${_MN}_${_DY}_${_H}_${_M}_${_S}"
36127c478bd9Sstevel@tonic-gate
36137c478bd9Sstevel@tonic-gate	# Build the task entry to add.
36147c478bd9Sstevel@tonic-gate	( cat <<EOF
36157c478bd9Sstevel@tonic-gatedn: cn=${TASKNAME}, cn=index, cn=tasks, cn=config
36167c478bd9Sstevel@tonic-gatechangetype: add
36177c478bd9Sstevel@tonic-gateobjectclass: top
36187c478bd9Sstevel@tonic-gateobjectclass: extensibleObject
36197c478bd9Sstevel@tonic-gatecn: ${TASKNAME}
36207c478bd9Sstevel@tonic-gatensInstance: ${IDS_DATABASE}
36217c478bd9Sstevel@tonic-gatensIndexAttribute: ${i}
36227c478bd9Sstevel@tonic-gateEOF
36237c478bd9Sstevel@tonic-gate) > ${TMPDIR}/task_${i}
36247c478bd9Sstevel@tonic-gate
36257c478bd9Sstevel@tonic-gate	# Add the task.
36267c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/task_${i} ${VERB}"
36277c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
36287c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding task for ${i} failed!"
36297c478bd9Sstevel@tonic-gate	    cleanup
36307c478bd9Sstevel@tonic-gate	    exit 1
36317c478bd9Sstevel@tonic-gate	fi
36327c478bd9Sstevel@tonic-gate
36337c478bd9Sstevel@tonic-gate	# Wait for task to finish, display current status.
36347c478bd9Sstevel@tonic-gate	while :
36357c478bd9Sstevel@tonic-gate	do
36367c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index, cn=tasks, cn=config\" -s sub \"objectclass=*\" > ${TMPDIR}/istask_${i} 2>&1"
36377c478bd9Sstevel@tonic-gate	    ${GREP} ${TASKNAME} ${TMPDIR}/istask_${i} > /dev/null 2>&1
36387c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
36397c478bd9Sstevel@tonic-gate		break
36407c478bd9Sstevel@tonic-gate	    fi
36417c478bd9Sstevel@tonic-gate	    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=index,cn=tasks,cn=config\" -s one \"objectclass=*\" nstaskstatus | ${GREP} -i nstaskstatus | cut -d\":\" -f2 > ${TMPDIR}/wait_task_${i}"
36427c478bd9Sstevel@tonic-gate	    TASK_STATUS=`head -1 ${TMPDIR}/wait_task_${i}`
36437c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} (eq,pres,sub)  $TASK_STATUS                  \r\c"
36447c478bd9Sstevel@tonic-gate	    ${ECHO} "$TASK_STATUS" | ${GREP} "Finished" > /dev/null 2>&1
36457c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
36467c478bd9Sstevel@tonic-gate		break
36477c478bd9Sstevel@tonic-gate	    fi
36487c478bd9Sstevel@tonic-gate	    sleep 2
36497c478bd9Sstevel@tonic-gate	done
36507c478bd9Sstevel@tonic-gate
36517c478bd9Sstevel@tonic-gate	# Print newline because of \c.
36527c478bd9Sstevel@tonic-gate	${ECHO} " "
36537c478bd9Sstevel@tonic-gate    done
36547c478bd9Sstevel@tonic-gate}
36557c478bd9Sstevel@tonic-gate
36567c478bd9Sstevel@tonic-gate
36577c478bd9Sstevel@tonic-gate#
36587c478bd9Sstevel@tonic-gate# add_vlv_indexes(): Add VLV indexes to improve search performance.
36597c478bd9Sstevel@tonic-gate#
36607c478bd9Sstevel@tonic-gateadd_vlv_indexes()
36617c478bd9Sstevel@tonic-gate{
36627c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_indexes()"
36637c478bd9Sstevel@tonic-gate
36647c478bd9Sstevel@tonic-gate    # Set eq indexes to add.
36657c478bd9Sstevel@tonic-gate    # Note semi colon separators because some filters contain colons
36667c478bd9Sstevel@tonic-gate    _INDEX1="${LDAP_DOMAIN}.getgrent;${LDAP_DOMAIN}_group_vlv_index;ou=group;objectClass=posixGroup"
36677c478bd9Sstevel@tonic-gate    _INDEX2="${LDAP_DOMAIN}.gethostent;${LDAP_DOMAIN}_hosts_vlv_index;ou=hosts;objectClass=ipHost"
36687c478bd9Sstevel@tonic-gate    _INDEX3="${LDAP_DOMAIN}.getnetent;${LDAP_DOMAIN}_networks_vlv_index;ou=networks;objectClass=ipNetwork"
36697c478bd9Sstevel@tonic-gate    _INDEX4="${LDAP_DOMAIN}.getpwent;${LDAP_DOMAIN}_passwd_vlv_index;ou=people;objectClass=posixAccount"
36707c478bd9Sstevel@tonic-gate    _INDEX5="${LDAP_DOMAIN}.getrpcent;${LDAP_DOMAIN}_rpc_vlv_index;ou=rpc;objectClass=oncRpc"
36717c478bd9Sstevel@tonic-gate    _INDEX6="${LDAP_DOMAIN}.getspent;${LDAP_DOMAIN}_shadow_vlv_index;ou=people;objectClass=shadowAccount"
36727c478bd9Sstevel@tonic-gate
36737c478bd9Sstevel@tonic-gate    # Indexes added during NIS to LDAP transition
36747c478bd9Sstevel@tonic-gate    _INDEX7="${LDAP_DOMAIN}.getauhoent;${LDAP_DOMAIN}_auho_vlv_index;automountmapname=auto_home;objectClass=automount"
36757c478bd9Sstevel@tonic-gate    _INDEX8="${LDAP_DOMAIN}.getsoluent;${LDAP_DOMAIN}_solu_vlv_index;ou=people;objectClass=SolarisUserAttr"
36767c478bd9Sstevel@tonic-gate    _INDEX9="${LDAP_DOMAIN}.getauduent;${LDAP_DOMAIN}_audu_vlv_index;ou=people;objectClass=SolarisAuditUser"
36777c478bd9Sstevel@tonic-gate    _INDEX10="${LDAP_DOMAIN}.getauthent;${LDAP_DOMAIN}_auth_vlv_index;ou=SolarisAuthAttr;objectClass=SolarisAuthAttr"
36787c478bd9Sstevel@tonic-gate    _INDEX11="${LDAP_DOMAIN}.getexecent;${LDAP_DOMAIN}_exec_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisExecAttr)(SolarisKernelSecurityPolicy=*)"
36797c478bd9Sstevel@tonic-gate    _INDEX12="${LDAP_DOMAIN}.getprofent;${LDAP_DOMAIN}_prof_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisProfAttr)(SolarisAttrLongDesc=*)"
36807c478bd9Sstevel@tonic-gate    _INDEX13="${LDAP_DOMAIN}.getmailent;${LDAP_DOMAIN}_mail_vlv_index;ou=aliases;objectClass=mailGroup"
36817c478bd9Sstevel@tonic-gate    _INDEX14="${LDAP_DOMAIN}.getbootent;${LDAP_DOMAIN}__boot_vlv_index;ou=ethers;&(objectClass=bootableDevice)(bootParameter=*)"
36827c478bd9Sstevel@tonic-gate    _INDEX15="${LDAP_DOMAIN}.getethent;${LDAP_DOMAIN}_ethers_vlv_index;ou=ethers;&(objectClass=ieee802Device)(macAddress=*)"
36837c478bd9Sstevel@tonic-gate    _INDEX16="${LDAP_DOMAIN}.getngrpent;${LDAP_DOMAIN}_netgroup_vlv_index;ou=netgroup;objectClass=nisNetgroup"
36847c478bd9Sstevel@tonic-gate    _INDEX17="${LDAP_DOMAIN}.getipnent;${LDAP_DOMAIN}_ipn_vlv_index;ou=networks;&(objectClass=ipNetwork)(cn=*)"
36857c478bd9Sstevel@tonic-gate    _INDEX18="${LDAP_DOMAIN}.getmaskent;${LDAP_DOMAIN}_mask_vlv_index;ou=networks;&(objectClass=ipNetwork)(ipNetmaskNumber=*)"
36867c478bd9Sstevel@tonic-gate    _INDEX19="${LDAP_DOMAIN}.getprent;${LDAP_DOMAIN}_pr_vlv_index;ou=printers;objectClass=printerService"
36877c478bd9Sstevel@tonic-gate    _INDEX20="${LDAP_DOMAIN}.getip4ent;${LDAP_DOMAIN}_ip4_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*.*)"
36887c478bd9Sstevel@tonic-gate    _INDEX21="${LDAP_DOMAIN}.getip6ent;${LDAP_DOMAIN}_ip6_vlv_index;ou=hosts;&(objectClass=ipHost)(ipHostNumber=*:*)"
36897c478bd9Sstevel@tonic-gate
36907c478bd9Sstevel@tonic-gate    _INDEXES="$_INDEX1 $_INDEX2 $_INDEX3 $_INDEX4 $_INDEX5 $_INDEX6 $_INDEX7 $_INDEX8 $_INDEX9 $_INDEX10 $_INDEX11 $_INDEX12 $_INDEX13 $_INDEX14 $_INDEX15 $_INDEX16 $_INDEX17 $_INDEX18 $_INDEX19 $_INDEX20 $_INDEX21 "
36917c478bd9Sstevel@tonic-gate
36927c478bd9Sstevel@tonic-gate
36937c478bd9Sstevel@tonic-gate    # Set _EXT to use as shortcut.
36947c478bd9Sstevel@tonic-gate    _EXT="cn=${IDS_DATABASE},cn=ldbm database,cn=plugins,cn=config"
36957c478bd9Sstevel@tonic-gate
36967c478bd9Sstevel@tonic-gate
36977c478bd9Sstevel@tonic-gate    # Display message to id current step.
36987c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Processing VLV indexes:"
36997c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
37007c478bd9Sstevel@tonic-gate
37017c478bd9Sstevel@tonic-gate    # Reset temp file for vlvindex commands.
37027c478bd9Sstevel@tonic-gate    [ -f ${TMPDIR}/vlvindex_list ] &&  rm ${TMPDIR}/vlvindex_list
37037c478bd9Sstevel@tonic-gate    touch ${TMPDIR}/vlvindex_list
37047c478bd9Sstevel@tonic-gate
37057c478bd9Sstevel@tonic-gate    # Get the instance name from iDS server.
37067c478bd9Sstevel@tonic-gate    _INSTANCE="<server-instance>"    # Default to old output.
37077c478bd9Sstevel@tonic-gate
37087c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} -v ${LDAP_ARGS} -b \"cn=config\" -s base \"objectclass=*\" nsslapd-instancedir | ${GREP} 'nsslapd-instancedir=' | cut -d'=' -f2- > ${TMPDIR}/instance_name 2>&1"
37097c478bd9Sstevel@tonic-gate
37107c478bd9Sstevel@tonic-gate    ${GREP} "slapd-" ${TMPDIR}/instance_name > /dev/null 2>&1 # Check if seems right?
37117c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then # If success, grab name after "slapd-".
37127c478bd9Sstevel@tonic-gate	_INST_DIR=`cat ${TMPDIR}/instance_name`
37137c478bd9Sstevel@tonic-gate	_INSTANCE=`basename "${_INST_DIR}" | cut -d'-' -f2-`
37147c478bd9Sstevel@tonic-gate    fi
37157c478bd9Sstevel@tonic-gate
37167c478bd9Sstevel@tonic-gate    # For loop to create indexes.
37177c478bd9Sstevel@tonic-gate    for p in ${_INDEXES}; do
37187c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "  Adding index for ${i}"
37197c478bd9Sstevel@tonic-gate
37207c478bd9Sstevel@tonic-gate	# Break p (pair) into i and j parts.
37217c478bd9Sstevel@tonic-gate        i=`${ECHO} $p | cut -d';' -f1`
37227c478bd9Sstevel@tonic-gate        j=`${ECHO} $p | cut -d';' -f2`
37237c478bd9Sstevel@tonic-gate        k=`${ECHO} $p | cut -d';' -f3`
37247c478bd9Sstevel@tonic-gate        m=`${ECHO} $p | cut -d';' -f4`
37257c478bd9Sstevel@tonic-gate
37267c478bd9Sstevel@tonic-gate	# Set _jEXT to use as shortcut.
37277c478bd9Sstevel@tonic-gate	_jEXT="cn=${j},${_EXT}"
37287c478bd9Sstevel@tonic-gate
37297c478bd9Sstevel@tonic-gate	# Check if entry exists first, if so, skip to next.
37307c478bd9Sstevel@tonic-gate	${LDAPSEARCH} ${SERVER_ARGS} -b "cn=${i},${_jEXT}" -s base "objectclass=*" > /dev/null 2>&1
37317c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
37327c478bd9Sstevel@tonic-gate	    # Display index skipped.
37337c478bd9Sstevel@tonic-gate	    ${ECHO} "      ${i} vlv_index skipped already exists"
37347c478bd9Sstevel@tonic-gate	    continue
37357c478bd9Sstevel@tonic-gate	fi
37367c478bd9Sstevel@tonic-gate
37377c478bd9Sstevel@tonic-gate	# Compute the VLV Scope from the LDAP_SEARCH_SCOPE.
37387c478bd9Sstevel@tonic-gate	# NOTE: A value of "base (0)" does not make sense.
37397c478bd9Sstevel@tonic-gate        case "$LDAP_SEARCH_SCOPE" in
37407c478bd9Sstevel@tonic-gate            sub) VLV_SCOPE="2" ;;
37417c478bd9Sstevel@tonic-gate            *)   VLV_SCOPE="1" ;;
37427c478bd9Sstevel@tonic-gate        esac
37437c478bd9Sstevel@tonic-gate
37447c478bd9Sstevel@tonic-gate	# Here doc to create LDIF.
37457c478bd9Sstevel@tonic-gate	( cat <<EOF
37467c478bd9Sstevel@tonic-gatedn: ${_jEXT}
37477c478bd9Sstevel@tonic-gateobjectClass: top
37487c478bd9Sstevel@tonic-gateobjectClass: vlvSearch
37497c478bd9Sstevel@tonic-gatecn: ${j}
37507c478bd9Sstevel@tonic-gatevlvbase: ${k},${LDAP_BASEDN}
37517c478bd9Sstevel@tonic-gatevlvscope: ${VLV_SCOPE}
37527c478bd9Sstevel@tonic-gatevlvfilter: (${m})
37537c478bd9Sstevel@tonic-gateaci: (target="ldap:///${_jEXT}")(targetattr="*")(version 3.0; acl "Config";allow(read,search,compare)userdn="ldap:///anyone";)
37547c478bd9Sstevel@tonic-gate
37557c478bd9Sstevel@tonic-gatedn: cn=${i},${_jEXT}
37567c478bd9Sstevel@tonic-gatecn: ${i}
37577c478bd9Sstevel@tonic-gatevlvSort: cn uid
37587c478bd9Sstevel@tonic-gateobjectclass: top
37597c478bd9Sstevel@tonic-gateobjectclass: vlvIndex
37607c478bd9Sstevel@tonic-gateEOF
37617c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_index_${i}
37627c478bd9Sstevel@tonic-gate
37637c478bd9Sstevel@tonic-gate	# Add the index.
37647c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/vlv_index_${i} ${VERB}"
37657c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
37667c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Adding VLV index for ${i} failed!"
37677c478bd9Sstevel@tonic-gate	    cleanup
37687c478bd9Sstevel@tonic-gate	    exit 1
37697c478bd9Sstevel@tonic-gate	fi
37707c478bd9Sstevel@tonic-gate
37717c478bd9Sstevel@tonic-gate	# Print message that index was created.
37727c478bd9Sstevel@tonic-gate	${ECHO} "      ${i} vlv_index   Entry created"
37737c478bd9Sstevel@tonic-gate
37747c478bd9Sstevel@tonic-gate	# Add command to list of vlvindex commands to run.
37757c478bd9Sstevel@tonic-gate	${ECHO} "  directoryserver -s ${_INSTANCE} vlvindex -n ${IDS_DATABASE} -T ${i}" >> ${TMPDIR}/vlvindex_list
37767c478bd9Sstevel@tonic-gate    done
37777c478bd9Sstevel@tonic-gate}
37787c478bd9Sstevel@tonic-gate
37797c478bd9Sstevel@tonic-gate
37807c478bd9Sstevel@tonic-gate#
37817c478bd9Sstevel@tonic-gate# display_vlv_cmds(): Display VLV index commands to run on server.
37827c478bd9Sstevel@tonic-gate#
37837c478bd9Sstevel@tonic-gatedisplay_vlv_cmds()
37847c478bd9Sstevel@tonic-gate{
37857c478bd9Sstevel@tonic-gate    if [ -s "${TMPDIR}/vlvindex_list" ]; then
37867c478bd9Sstevel@tonic-gate	display_msg display_vlv_list
37877c478bd9Sstevel@tonic-gate	cat ${TMPDIR}/vlvindex_list
37887c478bd9Sstevel@tonic-gate    fi
37897c478bd9Sstevel@tonic-gate}
37907c478bd9Sstevel@tonic-gate
37917c478bd9Sstevel@tonic-gate
37927c478bd9Sstevel@tonic-gate#
37937c478bd9Sstevel@tonic-gate# update_schema_attr(): Update Schema to support Naming.
37947c478bd9Sstevel@tonic-gate#
37957c478bd9Sstevel@tonic-gateupdate_schema_attr()
37967c478bd9Sstevel@tonic-gate{
37977c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_attr()"
37987c478bd9Sstevel@tonic-gate
37997c478bd9Sstevel@tonic-gate    ( cat <<EOF
38007c478bd9Sstevel@tonic-gatedn: cn=schema
38017c478bd9Sstevel@tonic-gatechangetype: modify
38027c478bd9Sstevel@tonic-gateadd: attributetypes
38037c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.28 NAME 'nisPublickey' DESC 'NIS public key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38047c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.29 NAME 'nisSecretkey' DESC 'NIS secret key' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38057c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38067c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38077c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'automount Key Value' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38087c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'automount information' EQUALITY caseExactIA5Match SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38097c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.12 NAME 'nisNetIdUser' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38107c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.13 NAME 'nisNetIdGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38117c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.1.1.14 NAME 'nisNetIdHost' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38127c478bd9Sstevel@tonic-gateattributetypes: ( rfc822mailMember-oid NAME 'rfc822mailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38137c478bd9Sstevel@tonic-gateattributetypes: ( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38147c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.15 NAME 'SolarisLDAPServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38157c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.16 NAME 'SolarisSearchBaseDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
38167c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.17 NAME 'SolarisCacheTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38177c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.18 NAME 'SolarisBindDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
38187c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.19 NAME 'SolarisBindPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38197c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.20 NAME 'SolarisAuthMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
38207c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.21 NAME 'SolarisTransportSecurity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
38217c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.22 NAME 'SolarisCertificatePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38227c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.23 NAME 'SolarisCertificatePassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38237c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.24 NAME 'SolarisDataSearchDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
38247c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.25 NAME 'SolarisSearchScope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38257c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.26 NAME 'SolarisSearchTimeLimit' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
38267c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.27 NAME 'SolarisPreferredServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
38277c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.28 NAME 'SolarisPreferredServerOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38287c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.29 NAME 'SolarisSearchReferral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38297c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.4 NAME 'SolarisAttrKeyValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38307c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.5 NAME 'SolarisAuditAlways' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38317c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.6 NAME 'SolarisAuditNever' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38327c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.7 NAME 'SolarisAttrShortDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38337c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.8 NAME 'SolarisAttrLongDesc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38347c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.9 NAME 'SolarisKernelSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38357c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.10 NAME 'SolarisProfileType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38367c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.11 NAME 'SolarisProfileId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38377c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.12 NAME 'SolarisUserQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38387c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.13 NAME 'SolarisAttrReserved1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38397c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.14 NAME 'SolarisAttrReserved2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38407c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.1 NAME 'SolarisProjectID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
38417c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.2 NAME 'SolarisProjectName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )
38427c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.3 NAME 'SolarisProjectAttr' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38437c478bd9Sstevel@tonic-gateattributetypes: ( memberGid-oid NAME 'memberGid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38447c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38457c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )
38467c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38477c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
38487c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
38497c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38507c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38517c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live before a client DUA should re-read this configuration profile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
38527c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )
38537c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38547c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38557c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a Naming-DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38567c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38577c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Search scope used by a service of the DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
38587c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication Method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
38597c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer.  This URI SHOULD be used as a relative distinguished name (RDN).  If printer-xri-supported is implemented, then this URI value MUST be listed in a member value of printer-xri-supported.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
38607c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The unordered list of XRI (extended resource identifiers) supported by this printer.  Each member of the list consists of a URI (uniform resource identifier) followed by optional authentication and security metaparameters.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
38617c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-specific administrative name of this printer, more end-user friendly than a URI.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
38627c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configured' DESC 'The configured language in which error and status messages will be generated (by default) by this printer.  Also, a possible language for printer string attributes set by operator, system administrator, or manufacturer.  Also, the (declared) language of the "printer-name", "printer-location", "printer-info", and "printer-make-and-model" attributes of this printer. For example: "en-us" (US English) or "fr-fr" (French in France) Legal values of language tags conform to [RFC3066] "Tags for the Identification of Languages".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
38637c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'Identifies the location of the printer. This could include things like: "in Room 123A", "second floor of building XYZ".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE )
38647c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Identifies the descriptive information about this printer.  This could include things like: "This printer can be used for printing color transparencies for HR presentations", or "Out of courtesy for others, please print only small (1-5 page) jobs at this printer", or even "This printer is going away on July 1, 1997, please find a new printer".' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE )
38657c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI used to obtain more information about this specific printer.  For example, this could be an HTTP type URI referencing an HTML page accessible to a Web Browser.  The information obtained from this URI is intended for end user consumption.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
38667c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Identifies the make and model of the device.  The device manufacturer MAY initially populate this attribute.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
38677c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DESC 'Identifies the IPP protocol version(s) that this printer supports, including major and minor versions, i.e., the version numbers for which this Printer implementation meets the conformance requirements.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38687c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-supported' DESC 'Indicates whether or not the printer supports more than one document per job, i.e., more than one Send-Document or Send-Data operation with document data.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
38697c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC 'The configured charset in which error and status messages will be generated (by default) by this printer.  Also, a possible charset for printer string attributes set by operator, system administrator, or manufacturer.  For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1).  Legal values are defined by the IANA Registry of Coded Character Sets and the "(preferred MIME name)" SHALL be used as the tag.  For coherence with IPP Model, charset tags in this attribute SHALL be lowercase normalized.  This attribute SHOULD be static (time of registration) and SHOULD NOT be dynamically refreshed attributetypes: (subsequently).' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{63} SINGLE-VALUE )
38707c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'Identifies the set of charsets supported for attribute type values of type Directory String for this directory entry.  For example: "utf-8" (ISO 10646/Unicode) or "iso-8859-1" (Latin1).  Legal values are defined by the IANA Registry of Coded Character Sets and the preferred MIME name.' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{63} )
38717c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language-supported' DESC 'Identifies the natural language(s) supported for this directory entry.  For example: "en-us" (US English) or "fr-fr" (French in France).  Legal values conform to [RFC3066], Tags for the Identification of Languages.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{63} )
38727c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible document formats in which data may be interpreted and printed by this printer.  Legal values are MIME types come from the IANA Registry of Internet Media Types.' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38737c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Indicates whether this printer is capable of any type of color printing at all, including highlight color.' EQUALITY booleanMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.7  SINGLE-VALUE )
38747c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DESC 'Compression algorithms supported by this printer.  For example: "deflate, gzip".  Legal values include; "none", "deflate" attributetypes: (public domain ZIP), "gzip" (GNU ZIP), "compress" (UNIX).' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
38757c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'The nominal number of pages per minute which may be output by this printer (e.g., a simplex or black-and-white printer).  This attribute is informative, NOT a service guarantee.  Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
38767c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DESC 'The nominal number of color pages per minute which may be output by this printer (e.g., a simplex or color printer).  This attribute is informative, NOT a service guarantee.  Typically, it is the value used in marketing literature to describe this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
38777c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer. Legal values include; "none", "staple", "punch", "cover", "bind", "saddle-stitch", "edge-stitch", "staple-top-left", "staple-bottom-left", "staple-top-right", "staple-bottom-right", "edge-stitch-left", "edge-stitch-top", "edge-stitch-right", "edge-stitch-bottom", "staple-dual-left", "staple-dual-top", "staple-dual-right", "staple-dual-bottom".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
38787c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium. Legal values include; 1, 2, and 4.  Implementations may support other values.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27 )
38797c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotations supported by this printer.  Legal values include; "one-sided", "two-sided-long-edge", "two-sided-short-edge".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38807c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supported by this printer.  For example: "iso-a4",  "envelope", or "na-letter-white".  Legal values  conform to ISO 10175, Document Printing Application (DPA), and any IANA registered extensions.' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
38817c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DESC 'Site-specific names of media supported by this printer, in the language in "printer-natural-language-configured".  For example: "purchasing-form" (site-specific name) as opposed to (in "printer-media-supported"): "na-letter" (standard keyword from ISO 10175).' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
38827c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer.  Each resolution value is a string with 3 fields:  1) Cross feed direction resolution (positive integer), 2) Feed direction resolution (positive integer), 3) Resolution unit.  Legal values are "dpi" (dots per inch) and "dpcm" (dots per centimeter).  Each resolution field is delimited by ">".  For example:  "300> 300> dpi>".' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{255} )
38837c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' DESC 'List of print qualities supported for printing documents on this printer.  For example: "draft, normal".  Legal values include; "unknown", "draft", "normal", "high".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38847c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DESC 'Indicates the number of job priority levels supported.  An IPP conformant printer which supports job priority must always support a full range of priorities from "1" to "100" (to ensure consistent behavior), therefore this attribute describes the "granularity".  Legal values of this attribute are from "1" to "100".' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
38857c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'The maximum number of copies of a document that may be printed as a single job.  A value of "0" indicates no maximum limit.  A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
38867c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DESC 'The maximum size in kilobytes (1,024 octets actually) incoming print job that this printer will accept.  A value of "0" indicates no maximum limit.  A value of "-1" indicates unknown.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.27  SINGLE-VALUE )
38877c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'The name of the current human operator responsible for operating this printer.  It is suggested that this string include information that would enable other humans to reach the operator, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} SINGLE-VALUE )
38887c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The name of the current human service person responsible for servicing this printer.  It is suggested that this string include information that would enable other humans to reach the service person, such as a phone number.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127}  SINGLE-VALUE )
38897c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-supported' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer.  Legal values include; "unknown", "face-up", and "face-down".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38907c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer. Legal values include; "unknown", "first-to-last", "last-to-first".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38917c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer. Legal values include; "unknown", "bursting", "decollating", "page-collating", "offset-stacking".' EQUALITY caseIgnoreMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38927c478bd9Sstevel@tonic-gateattributetypes:( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'Site-specific administrative names of this printer in addition the printer name specified for printer-name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{127} )
38937c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.63 NAME 'sun-printer-bsdaddr' DESC 'Sets the server, print queue destination name and whether the client generates protocol extensions. "Solaris" specifies a Solaris print server extension. The value is represented by the following value: server "," destination ", Solaris".' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )
38947c478bd9Sstevel@tonic-gateattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.64 NAME 'sun-printer-kvp' DESC 'This attribute contains a set of key value pairs which may have meaning to the print subsystem or may be user defined. Each value is represented by the following: key "=" value.' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
38957c478bd9Sstevel@tonic-gateattributetypes: ( 1.3.6.1.4.1.42.2.27.5.1.57 NAME 'nisplusTimeZone' DESC 'tzone column from NIS+ timezone table' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
389645916cd2Sjpkattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.67 NAME 'ipTnetTemplateName' DESC 'Trusted Solaris network template template_name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
389745916cd2Sjpkattributetypes:( 1.3.6.1.4.1.42.2.27.5.1.68 NAME 'ipTnetNumber' DESC 'Trusted Solaris network template ip_address' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
38987c478bd9Sstevel@tonic-gateEOF
38997c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_attr
39007c478bd9Sstevel@tonic-gate
39017c478bd9Sstevel@tonic-gate    # Add the entry.
39027c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_attr ${VERB}"
39037c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
39047c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of schema attributes failed!"
39057c478bd9Sstevel@tonic-gate	cleanup
39067c478bd9Sstevel@tonic-gate	exit 1
39077c478bd9Sstevel@tonic-gate    fi
39087c478bd9Sstevel@tonic-gate
39097c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
39107c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Schema attributes have been updated."
39117c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
39127c478bd9Sstevel@tonic-gate}
39137c478bd9Sstevel@tonic-gate
39147c478bd9Sstevel@tonic-gate
39157c478bd9Sstevel@tonic-gate#
39167c478bd9Sstevel@tonic-gate# update_schema_obj(): Update the schema objectclass definitions.
39177c478bd9Sstevel@tonic-gate#
39187c478bd9Sstevel@tonic-gateupdate_schema_obj()
39197c478bd9Sstevel@tonic-gate{
39207c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In update_schema_obj()"
39217c478bd9Sstevel@tonic-gate
39227c478bd9Sstevel@tonic-gate    # Add the objectclass definitions.
39237c478bd9Sstevel@tonic-gate    ( cat <<EOF
39247c478bd9Sstevel@tonic-gatedn: cn=schema
39257c478bd9Sstevel@tonic-gatechangetype: modify
39267c478bd9Sstevel@tonic-gateadd: objectclasses
39277c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.14 NAME 'NisKeyObject' SUP 'top' MUST (objectclass $ cn $ nisPublickey $ nisSecretkey) MAY (uidNumber $ description))
39287c478bd9Sstevel@tonic-gate
39297c478bd9Sstevel@tonic-gatedn: cn=schema
39307c478bd9Sstevel@tonic-gatechangetype: modify
39317c478bd9Sstevel@tonic-gateadd: objectclasses
39327c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP 'top' MUST (objectclass $ nisDomain) MAY ())
39337c478bd9Sstevel@tonic-gate
39347c478bd9Sstevel@tonic-gatedn: cn=schema
39357c478bd9Sstevel@tonic-gatechangetype: modify
39367c478bd9Sstevel@tonic-gateadd: objectclasses
39377c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP 'top' MUST (objectclass $ automountMapName) MAY (description))
39387c478bd9Sstevel@tonic-gate
39397c478bd9Sstevel@tonic-gatedn: cn=schema
39407c478bd9Sstevel@tonic-gatechangetype: modify
39417c478bd9Sstevel@tonic-gateadd: objectclasses
39427c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP 'top' MUST (objectclass $ automountKey $ automountInformation ) MAY (description))
39437c478bd9Sstevel@tonic-gate
39447c478bd9Sstevel@tonic-gatedn: cn=schema
39457c478bd9Sstevel@tonic-gatechangetype: modify
39467c478bd9Sstevel@tonic-gateadd: objectclasses
39477c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.7 NAME 'SolarisNamingProfile' SUP 'top' MUST (objectclass $ cn $ SolarisLDAPservers $ SolarisSearchBaseDN) MAY (SolarisBindDN $ SolarisBindPassword $ SolarisAuthMethod $ SolarisTransportSecurity $ SolarisCertificatePath $ SolarisCertificatePassword $ SolarisDataSearchDN $ SolarisSearchScope $ SolarisSearchTimeLimit $ SolarisPreferredServer $ SolarisPreferredServerOnly $ SolarisCacheTTL $ SolarisSearchReferral))
39487c478bd9Sstevel@tonic-gate
39497c478bd9Sstevel@tonic-gatedn: cn=schema
39507c478bd9Sstevel@tonic-gatechangetype: modify
39517c478bd9Sstevel@tonic-gateadd: objectclasses
39527c478bd9Sstevel@tonic-gateobjectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' SUP 'top' MUST (objectclass $ mail) MAY (cn $ mgrpRFC822MailMember))
39537c478bd9Sstevel@tonic-gate
39547c478bd9Sstevel@tonic-gatedn: cn=schema
39557c478bd9Sstevel@tonic-gatechangetype: modify
39567c478bd9Sstevel@tonic-gateadd: objectclasses
39577c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP 'top' MUST (objectclass $ cn) MAY (rfc822mailMember))
39587c478bd9Sstevel@tonic-gate
39597c478bd9Sstevel@tonic-gatedn: cn=schema
39607c478bd9Sstevel@tonic-gatechangetype: modify
39617c478bd9Sstevel@tonic-gateadd: objectclasses
39627c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.1.2.6 NAME 'nisNetId' SUP 'top' MUST (objectclass $ cn) MAY (nisNetIdUser $ nisNetIdGroup $ nisNetIdHost))
39637c478bd9Sstevel@tonic-gate
39647c478bd9Sstevel@tonic-gatedn: cn=schema
39657c478bd9Sstevel@tonic-gatechangetype: modify
39667c478bd9Sstevel@tonic-gateadd: objectclasses
39677c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.2 NAME 'SolarisAuditUser' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisAuditAlways $ SolarisAuditNever))
39687c478bd9Sstevel@tonic-gate
39697c478bd9Sstevel@tonic-gatedn: cn=schema
39707c478bd9Sstevel@tonic-gatechangetype: modify
39717c478bd9Sstevel@tonic-gateadd: objectclasses
39727c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.3 NAME 'SolarisUserAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisUserQualifier $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrKeyValue))
39737c478bd9Sstevel@tonic-gate
39747c478bd9Sstevel@tonic-gatedn: cn=schema
39757c478bd9Sstevel@tonic-gatechangetype: modify
39767c478bd9Sstevel@tonic-gateadd: objectclasses
39777c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.4 NAME 'SolarisAuthAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrShortDesc $ SolarisAttrLongDesc $ SolarisAttrKeyValue))
39787c478bd9Sstevel@tonic-gate
39797c478bd9Sstevel@tonic-gatedn: cn=schema
39807c478bd9Sstevel@tonic-gatechangetype: modify
39817c478bd9Sstevel@tonic-gateadd: objectclasses
39827c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.5 NAME 'SolarisProfAttr' SUP 'top' MUST (objectclass $ cn) MAY (SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisAttrLongDesc $ SolarisAttrKeyValue))
39837c478bd9Sstevel@tonic-gate
39847c478bd9Sstevel@tonic-gatedn: cn=schema
39857c478bd9Sstevel@tonic-gatechangetype: modify
39867c478bd9Sstevel@tonic-gateadd: objectclasses
39877c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.6 NAME 'SolarisExecAttr' SUP 'top' AUXILIARY MUST (objectclass) MAY (SolarisKernelSecurityPolicy $ SolarisProfileType $ SolarisAttrReserved1 $ SolarisAttrReserved2 $ SolarisProfileID $ SolarisAttrKeyValue))
39887c478bd9Sstevel@tonic-gate
39897c478bd9Sstevel@tonic-gatedn: cn=schema
39907c478bd9Sstevel@tonic-gatechangetype: modify
39917c478bd9Sstevel@tonic-gateadd: objectclasses
39927c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.1 NAME 'SolarisProject' SUP 'top' MUST (objectclass $ SolarisProjectID $ SolarisProjectName) MAY (memberUid $ memberGid $ description $ SolarisProjectAttr))
39937c478bd9Sstevel@tonic-gate
39947c478bd9Sstevel@tonic-gatedn: cn=schema
39957c478bd9Sstevel@tonic-gatechangetype: modify
39967c478bd9Sstevel@tonic-gateadd: objectclasses
39977c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP 'top' DESC 'Abstraction of a base configuration for a DUA' MUST (cn) MAY (defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL))
39987c478bd9Sstevel@tonic-gate
39997c478bd9Sstevel@tonic-gatedn: cn=schema
40007c478bd9Sstevel@tonic-gatechangetype: modify
40017c478bd9Sstevel@tonic-gateadd: objectclasses
40027c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.2549 NAME 'slpService' DESC 'DUMMY definition' SUP 'top' MUST (objectclass) MAY ())
40037c478bd9Sstevel@tonic-gate
40047c478bd9Sstevel@tonic-gatedn: cn=schema
40057c478bd9Sstevel@tonic-gatechangetype: modify
40067c478bd9Sstevel@tonic-gateadd: objectclasses
40077c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.254 NAME 'slpServicePrinter' DESC 'Service Location Protocol (SLP) information.' AUXILIARY SUP 'slpService')
40087c478bd9Sstevel@tonic-gate
40097c478bd9Sstevel@tonic-gatedn: cn=schema
40107c478bd9Sstevel@tonic-gatechangetype: modify
40117c478bd9Sstevel@tonic-gateadd: objectclasses
40127c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer related information.' ABSTRACT SUP 'top' MAY ( printer-name $ printer-natural-language-configured $ printer-location $ printer-info $ printer-more-info $ printer-make-and-model $ printer-multiple-document-jobs-supported $ printer-charset-configured $ printer-charset-supported $ printer-generated-natural-language-supported $ printer-document-format-supported $ printer-color-supported $ printer-compression-supported $ printer-pages-per-minute $ printer-pages-per-minute-color $ printer-finishings-supported $ printer-number-up-supported $ printer-sides-supported $ printer-media-supported $ printer-media-local-supported $ printer-resolution-supported $ printer-print-quality-supported $ printer-job-priority-supported $ printer-copies-supported $ printer-job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supported $ printer-output-features-supported ))
40137c478bd9Sstevel@tonic-gate
40147c478bd9Sstevel@tonic-gatedn: cn=schema
40157c478bd9Sstevel@tonic-gatechangetype: modify
40167c478bd9Sstevel@tonic-gateadd: objectclasses
40177c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer information.' STRUCTURAL SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported ))
40187c478bd9Sstevel@tonic-gate
40197c478bd9Sstevel@tonic-gatedn: cn=schema
40207c478bd9Sstevel@tonic-gatechangetype: modify
40217c478bd9Sstevel@tonic-gateadd: objectclasses
40227c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printer information.' AUXILIARY SUP 'printerAbstract' MAY ( printer-uri $ printer-xri-supported ))
40237c478bd9Sstevel@tonic-gate
40247c478bd9Sstevel@tonic-gatedn: cn=schema
40257c478bd9Sstevel@tonic-gatechangetype: modify
40267c478bd9Sstevel@tonic-gateadd: objectclasses
40277c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' AUXILIARY SUP 'top' MAY   ( printer-ipp-versions-supported $ printer-multiple-document-jobs-supported ))
40287c478bd9Sstevel@tonic-gate
40297c478bd9Sstevel@tonic-gatedn: cn=schema
40307c478bd9Sstevel@tonic-gatechangetype: modify
40317c478bd9Sstevel@tonic-gateadd: objectclasses
40327c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' AUXILIARY SUP 'top' MUST ( printer-name ) MAY ( printer-aliases))
40337c478bd9Sstevel@tonic-gate
40347c478bd9Sstevel@tonic-gatedn: cn=schema
40357c478bd9Sstevel@tonic-gatechangetype: modify
40367c478bd9Sstevel@tonic-gateadd: objectclasses
40377c478bd9Sstevel@tonic-gateobjectclasses: ( 1.3.6.1.4.1.42.2.27.5.2.14 NAME 'sunPrinter' DESC 'Sun printer information' SUP 'top' AUXILIARY MUST (objectclass $ printer-name)  MAY (sun-printer-bsdaddr $ sun-printer-kvp))
40387c478bd9Sstevel@tonic-gate
40397c478bd9Sstevel@tonic-gatedn: cn=schema
40407c478bd9Sstevel@tonic-gatechangetype: modify
40417c478bd9Sstevel@tonic-gateadd: objectclasses
40427c478bd9Sstevel@tonic-gateobjectclasses:	( 1.3.6.1.4.1.42.2.27.5.2.12 NAME 'nisplusTimeZoneData' DESC 'NIS+ timezone table data' SUP top STRUCTURAL MUST ( cn ) MAY ( nisplusTimeZone $ description ) )
404345916cd2Sjpk
404445916cd2Sjpkdn: cn=schema
404545916cd2Sjpkchangetype: modify
404645916cd2Sjpkadd: objectclasses
404745916cd2Sjpkobjectclasses:  ( 1.3.6.1.4.1.42.2.27.5.2.8 NAME 'ipTnetTemplate' DESC 'Object class for TSOL network templates' SUP 'top' MUST ( objectclass $ ipTnetTemplateName ) MAY ( SolarisAttrKeyValue ) )
404845916cd2Sjpk
404945916cd2Sjpkdn: cn=schema
405045916cd2Sjpkchangetype: modify
405145916cd2Sjpkadd: objectclasses
405245916cd2Sjpkobjectclasses:	( 1.3.6.1.4.1.42.2.27.5.2.9 NAME 'ipTnetHost' DESC 'Associates an IP address or wildcard with a TSOL template_name' SUP 'top' AUXILIARY MUST ( objectclass $ ipTnetNumber ) )
40537c478bd9Sstevel@tonic-gateEOF
40547c478bd9Sstevel@tonic-gate) > ${TMPDIR}/schema_obj
40557c478bd9Sstevel@tonic-gate
40567c478bd9Sstevel@tonic-gate    # Add the entry.
40577c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/schema_obj ${VERB}"
40587c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
40597c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of schema objectclass definitions failed!"
40607c478bd9Sstevel@tonic-gate	cleanup
40617c478bd9Sstevel@tonic-gate	exit 1
40627c478bd9Sstevel@tonic-gate    fi
40637c478bd9Sstevel@tonic-gate
40647c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
40657c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Schema objectclass definitions have been added."
40667c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
40677c478bd9Sstevel@tonic-gate}
40687c478bd9Sstevel@tonic-gate
40697c478bd9Sstevel@tonic-gate
40707c478bd9Sstevel@tonic-gate#
40717c478bd9Sstevel@tonic-gate# modify_top_aci(): Modify the ACI for the top entry to disable self modify
40727c478bd9Sstevel@tonic-gate#                   of user attributes.
40737c478bd9Sstevel@tonic-gate#
40747c478bd9Sstevel@tonic-gatemodify_top_aci()
40757c478bd9Sstevel@tonic-gate{
40767c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In modify_top_aci()"
40777c478bd9Sstevel@tonic-gate
40787c478bd9Sstevel@tonic-gate    # Set ACI Name
40797c478bd9Sstevel@tonic-gate    ACI_NAME="LDAP_Naming_Services_deny_write_access"
40807c478bd9Sstevel@tonic-gate
40817c478bd9Sstevel@tonic-gate    # Search for ACI_NAME
40827c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_top_aci 2>&1"
40837c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
40847c478bd9Sstevel@tonic-gate	${ECHO} "Error searching aci for ${LDAP_BASEDN}"
40857c478bd9Sstevel@tonic-gate	cat ${TMPDIR}/chk_top_aci
40867c478bd9Sstevel@tonic-gate	cleanup
40877c478bd9Sstevel@tonic-gate	exit 1
40887c478bd9Sstevel@tonic-gate    fi
40897c478bd9Sstevel@tonic-gate    ${GREP} "${ACI_NAME}" ${TMPDIR}/chk_top_aci > /dev/null 2>&1
40907c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
40917c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. Top level ACI ${ACI_NAME} already exists for ${LDAP_BASEDN}."
40927c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
40937c478bd9Sstevel@tonic-gate	return 0
40947c478bd9Sstevel@tonic-gate    fi
40957c478bd9Sstevel@tonic-gate
40967c478bd9Sstevel@tonic-gate    # Crate LDIF for top level ACI.
40977c478bd9Sstevel@tonic-gate    ( cat <<EOF
40987c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN}
40997c478bd9Sstevel@tonic-gatechangetype: modify
41007c478bd9Sstevel@tonic-gateadd: aci
41017c478bd9Sstevel@tonic-gateaci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";)
41027c478bd9Sstevel@tonic-gate-
41037c478bd9Sstevel@tonic-gateEOF
41047c478bd9Sstevel@tonic-gate) > ${TMPDIR}/top_aci
41057c478bd9Sstevel@tonic-gate
41067c478bd9Sstevel@tonic-gate    # Add the entry.
41077c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/top_aci ${VERB}"
41087c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
41097c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Modify of top level ACI failed! (restricts self modify)"
41107c478bd9Sstevel@tonic-gate	cleanup
41117c478bd9Sstevel@tonic-gate	exit 1
41127c478bd9Sstevel@tonic-gate    fi
41137c478bd9Sstevel@tonic-gate
41147c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
41157c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. ACI for ${LDAP_BASEDN} modified to disable self modify."
41167c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
41177c478bd9Sstevel@tonic-gate}
41187c478bd9Sstevel@tonic-gate
41197c478bd9Sstevel@tonic-gate
41207c478bd9Sstevel@tonic-gate#
41217c478bd9Sstevel@tonic-gate# add_vlv_aci(): Add access control information (aci) for VLV.
41227c478bd9Sstevel@tonic-gate#
41237c478bd9Sstevel@tonic-gateadd_vlv_aci()
41247c478bd9Sstevel@tonic-gate{
41257c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_vlv_aci()"
41267c478bd9Sstevel@tonic-gate
41277c478bd9Sstevel@tonic-gate    # Add the VLV ACI.
41287c478bd9Sstevel@tonic-gate    ( cat <<EOF
41297c478bd9Sstevel@tonic-gatedn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
41307c478bd9Sstevel@tonic-gatechangetype: modify
41317c478bd9Sstevel@tonic-gatereplace: aci
41327c478bd9Sstevel@tonic-gateaci: (targetattr != "aci") (version 3.0; acl "VLV Request Control"; allow(read,search,compare) userdn = "ldap:///anyone";)
41337c478bd9Sstevel@tonic-gateEOF
41347c478bd9Sstevel@tonic-gate) > ${TMPDIR}/vlv_aci
41357c478bd9Sstevel@tonic-gate
41367c478bd9Sstevel@tonic-gate    # Add the entry.
41377c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/vlv_aci ${VERB}"
41387c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
41397c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Add of VLV ACI failed!"
41407c478bd9Sstevel@tonic-gate	cleanup
41417c478bd9Sstevel@tonic-gate	exit 1
41427c478bd9Sstevel@tonic-gate    fi
41437c478bd9Sstevel@tonic-gate
41447c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
41457c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Add of VLV Access Control Information (ACI)."
41467c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
41477c478bd9Sstevel@tonic-gate}
41487c478bd9Sstevel@tonic-gate
41497c478bd9Sstevel@tonic-gate
41507c478bd9Sstevel@tonic-gate#
41517c478bd9Sstevel@tonic-gate# set_nisdomain(): Add the NisDomainObject to the Base DN.
41527c478bd9Sstevel@tonic-gate#
41537c478bd9Sstevel@tonic-gateset_nisdomain()
41547c478bd9Sstevel@tonic-gate{
41557c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In set_nisdomain()"
41567c478bd9Sstevel@tonic-gate
41577c478bd9Sstevel@tonic-gate    # Check if nisDomain is already set.
4158017e8b01Svl    ${EVAL} "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base \
4159017e8b01Svl	\"objectclass=*\"" > ${TMPDIR}/chk_nisdomain 2>&1
4160017e8b01Svl    ${EVAL} "${GREP} -i nisDomain ${TMPDIR}/chk_nisdomain ${VERB}"
41617c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
41627c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. NisDomainObject for ${LDAP_BASEDN} was already set."
41637c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
41647c478bd9Sstevel@tonic-gate	return 0
41657c478bd9Sstevel@tonic-gate    fi
41667c478bd9Sstevel@tonic-gate
41677c478bd9Sstevel@tonic-gate    # Add the new top level containers.
41687c478bd9Sstevel@tonic-gate    ( cat <<EOF
41697c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN}
41707c478bd9Sstevel@tonic-gatechangetype: modify
41717c478bd9Sstevel@tonic-gateobjectclass: nisDomainObject
41727c478bd9Sstevel@tonic-gatenisdomain: ${LDAP_DOMAIN}
41737c478bd9Sstevel@tonic-gateEOF
41747c478bd9Sstevel@tonic-gate) > ${TMPDIR}/nis_domain
41757c478bd9Sstevel@tonic-gate
41767c478bd9Sstevel@tonic-gate    # Add the entry.
41777c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/nis_domain ${VERB}"
41787c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
41797c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: update of NisDomainObject in ${LDAP_BASEDN} failed."
41807c478bd9Sstevel@tonic-gate	cleanup
41817c478bd9Sstevel@tonic-gate	exit 1
41827c478bd9Sstevel@tonic-gate    fi
41837c478bd9Sstevel@tonic-gate
41847c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
41857c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. NisDomainObject added to ${LDAP_BASEDN}."
41867c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
41877c478bd9Sstevel@tonic-gate}
41887c478bd9Sstevel@tonic-gate
41897c478bd9Sstevel@tonic-gate
41907c478bd9Sstevel@tonic-gate#
41917c478bd9Sstevel@tonic-gate# check_attrName(): Check that the attribute name is valid.
41927c478bd9Sstevel@tonic-gate#              $1   Key to check.
41937c478bd9Sstevel@tonic-gate#         Returns   0 : valid name	1 : invalid name
41947c478bd9Sstevel@tonic-gate#
41957c478bd9Sstevel@tonic-gatecheck_attrName()
41967c478bd9Sstevel@tonic-gate{
41977c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In check_attrName()"
41987c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "check_attrName: Input Param = $1"
41997c478bd9Sstevel@tonic-gate
42007c478bd9Sstevel@tonic-gate    ${ECHO} $1 | ${EGREP} '^[0-9]+(\.[0-9]+)*$' > /dev/null 2>&1
42017c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
42027c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \
42037c478bd9Sstevel@tonic-gate			attributeTypes | ${EGREP} -i '^attributetypes[ ]*=[ ]*\([ ]*$1 ' ${VERB}"
42047c478bd9Sstevel@tonic-gate    else
42057c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPSEARCH} ${SERVER_ARGS} -b cn=schema -s base \"objectclass=*\" \
42067c478bd9Sstevel@tonic-gate			attributeTypes | ${EGREP} -i \"'$1'\" ${VERB}"
42077c478bd9Sstevel@tonic-gate    fi
42087c478bd9Sstevel@tonic-gate
42097c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
42107c478bd9Sstevel@tonic-gate	return 1
42117c478bd9Sstevel@tonic-gate    else
42127c478bd9Sstevel@tonic-gate	return 0
42137c478bd9Sstevel@tonic-gate    fi
42147c478bd9Sstevel@tonic-gate}
42157c478bd9Sstevel@tonic-gate
42167c478bd9Sstevel@tonic-gate
42177c478bd9Sstevel@tonic-gate#
42187c478bd9Sstevel@tonic-gate# get_objectclass():   Determine the objectclass for the given attribute name
42197c478bd9Sstevel@tonic-gate#              $1   Attribute name to check.
42207c478bd9Sstevel@tonic-gate#      _ATTR_NAME   Return value, Object Name or NULL if unknown to idsconfig.
42217c478bd9Sstevel@tonic-gate#
42227c478bd9Sstevel@tonic-gate#      NOTE: An attribute name can be valid but still we might not be able
42237c478bd9Sstevel@tonic-gate#            to determine the objectclass from the table.
42247c478bd9Sstevel@tonic-gate#            In such cases, the user needs to create the necessary object(s).
42257c478bd9Sstevel@tonic-gate#
42267c478bd9Sstevel@tonic-gateget_objectclass()
42277c478bd9Sstevel@tonic-gate{
42287c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In get_objectclass()"
42297c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: Input Param = $1"
42307c478bd9Sstevel@tonic-gate
42317c478bd9Sstevel@tonic-gate    # Set return value to NULL string.
42327c478bd9Sstevel@tonic-gate    _ATTR_NAME=""
42337c478bd9Sstevel@tonic-gate
42347c478bd9Sstevel@tonic-gate    # Test key for type:
42357c478bd9Sstevel@tonic-gate    case `${ECHO} ${1} | tr '[A-Z]' '[a-z]'` in
42367c478bd9Sstevel@tonic-gate	ou | organizationalunitname | 2.5.4.11) _ATTR_NAME="organizationalUnit" ;;
42377c478bd9Sstevel@tonic-gate	dc | domaincomponent | 0.9.2342.19200300.100.1.25) _ATTR_NAME="domain" ;;
42387c478bd9Sstevel@tonic-gate	 o | organizationname | 2.5.4.10) _ATTR_NAME="organization" ;;
42397c478bd9Sstevel@tonic-gate	 c | countryname | 2.5.4.6) _ATTR_NAME="country" ;;
42407c478bd9Sstevel@tonic-gate	 *)  _ATTR_NAME="" ;;
42417c478bd9Sstevel@tonic-gate    esac
42427c478bd9Sstevel@tonic-gate
42437c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "get_objectclass: _ATTR_NAME = $_ATTR_NAME"
42447c478bd9Sstevel@tonic-gate}
42457c478bd9Sstevel@tonic-gate
42467c478bd9Sstevel@tonic-gate
42477c478bd9Sstevel@tonic-gate#
42487c478bd9Sstevel@tonic-gate# add_base_objects(): Add any necessary base objects.
42497c478bd9Sstevel@tonic-gate#
42507c478bd9Sstevel@tonic-gateadd_base_objects()
42517c478bd9Sstevel@tonic-gate{
42527c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_base_objects()"
42537c478bd9Sstevel@tonic-gate
42547c478bd9Sstevel@tonic-gate    # Convert to lower case for basename.
42557c478bd9Sstevel@tonic-gate    format_string "${LDAP_BASEDN}"
42567c478bd9Sstevel@tonic-gate    LOWER_BASEDN="${FMT_STR}"
42577c478bd9Sstevel@tonic-gate    format_string "${LDAP_SUFFIX}"
42587c478bd9Sstevel@tonic-gate    LOWER_SUFFIX="${FMT_STR}"
42597c478bd9Sstevel@tonic-gate
42607c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_BASEDN: ${LOWER_BASEDN}"
42617c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "LOWER_SUFFIX: ${LOWER_SUFFIX}"
42627c478bd9Sstevel@tonic-gate
42637c478bd9Sstevel@tonic-gate    # Create additional components.
42647c478bd9Sstevel@tonic-gate    if [ "${LOWER_BASEDN}" = "${LOWER_SUFFIX}" ]; then
42657c478bd9Sstevel@tonic-gate	[ $DEBUG -eq 1 ] && ${ECHO} "Base DN and Suffix equivalent"
42667c478bd9Sstevel@tonic-gate    else
42677c478bd9Sstevel@tonic-gate	# first, test that the suffix is valid
42687c478bd9Sstevel@tonic-gate	dcstmp=`basename "${LOWER_BASEDN}" "${LOWER_SUFFIX}"`
42697c478bd9Sstevel@tonic-gate	if [ "$dcstmp" = "${LOWER_BASEDN}" ]; then
42707c478bd9Sstevel@tonic-gate	    # should not happen since check_basedn_suffix() succeeded
42717c478bd9Sstevel@tonic-gate	    ${ECHO} "Invalid suffix ${LOWER_SUFFIX}"
42727c478bd9Sstevel@tonic-gate	    ${ECHO} "for Base DN ${LOWER_BASEDN}"
42737c478bd9Sstevel@tonic-gate	    cleanup
42747c478bd9Sstevel@tonic-gate	    exit 1
42757c478bd9Sstevel@tonic-gate	fi
42767c478bd9Sstevel@tonic-gate	# OK, suffix is valid, start working with LDAP_BASEDN
42777c478bd9Sstevel@tonic-gate	# field separator is ',' (i.e., space is a valid character)
42787c478bd9Sstevel@tonic-gate	dcstmp2="`${ECHO} ${LDAP_BASEDN} |
42797c478bd9Sstevel@tonic-gate		sed -e 's/[ ]*,[ ]*/,/g' -e 's/[ ]*=[ ]*/=/g'`"
42807c478bd9Sstevel@tonic-gate	dcs=""
42817c478bd9Sstevel@tonic-gate	# use dcstmp to count the loop, and dcstmp2 to get the correct
42827c478bd9Sstevel@tonic-gate	# string case
42837c478bd9Sstevel@tonic-gate	# dcs should be in reverse order, only for these components
42847c478bd9Sstevel@tonic-gate	# that need to be added
42857c478bd9Sstevel@tonic-gate	while [ -n "${dcstmp}" ]
42867c478bd9Sstevel@tonic-gate	do
42877c478bd9Sstevel@tonic-gate	    i2=`${ECHO} "$dcstmp2" | cut -f1 -d','`
42887c478bd9Sstevel@tonic-gate	    dk=`${ECHO} $i2 | awk -F= '{print $1}'`
42897c478bd9Sstevel@tonic-gate	    dc=`${ECHO} $i2 | awk -F= '{print $2}'`
42907c478bd9Sstevel@tonic-gate	    dcs="$dk=$dc,$dcs";
42917c478bd9Sstevel@tonic-gate	    dcstmp2=`${ECHO} "$dcstmp2" | cut -f2- -d','`
42927c478bd9Sstevel@tonic-gate	    dcstmp=`${ECHO} "$dcstmp" | cut -f2- -d','`
42937c478bd9Sstevel@tonic-gate	    [ $DEBUG -eq 1 ] && \
42947c478bd9Sstevel@tonic-gate		${ECHO} "dcs: ${dcs}\ndcstmp: ${dcstmp}\ndcstmp2: ${dcstmp2}\n"
42957c478bd9Sstevel@tonic-gate	done
42967c478bd9Sstevel@tonic-gate
42977c478bd9Sstevel@tonic-gate
42987c478bd9Sstevel@tonic-gate
42997c478bd9Sstevel@tonic-gate	lastdc=${LDAP_SUFFIX}
43007c478bd9Sstevel@tonic-gate	dc=`${ECHO} "${dcs}" | cut -f1 -d','`
43017c478bd9Sstevel@tonic-gate	dcstmp=`${ECHO} "${dcs}" | cut -f2- -d','`
43027c478bd9Sstevel@tonic-gate	while [ -n "${dc}" ]; do
43037c478bd9Sstevel@tonic-gate	    # Get Key and component from $dc.
43047c478bd9Sstevel@tonic-gate	    dk2=`${ECHO} $dc | awk -F= '{print $1}'`
43057c478bd9Sstevel@tonic-gate	    dc2=`${ECHO} $dc | awk -F= '{print $2}'`
43067c478bd9Sstevel@tonic-gate
43077c478bd9Sstevel@tonic-gate	    # At this point, ${dk2} is a valid attribute name
43087c478bd9Sstevel@tonic-gate
43097c478bd9Sstevel@tonic-gate	    # Check if entry exists first, if so, skip to next.
43107c478bd9Sstevel@tonic-gate	    ${LDAPSEARCH} ${SERVER_ARGS} -b "${dk2}=${dc2},$lastdc" -s base "objectclass=*" > /dev/null 2>&1
43117c478bd9Sstevel@tonic-gate	    if [ $? -eq 0 ]; then
43127c478bd9Sstevel@tonic-gate	        # Set the $lastdc to new dc.
43137c478bd9Sstevel@tonic-gate	        lastdc="${dk2}=${dc2},$lastdc"
43147c478bd9Sstevel@tonic-gate
43157c478bd9Sstevel@tonic-gate		# Process next component.
43167c478bd9Sstevel@tonic-gate		dc=`${ECHO} "${dcstmp}" | cut -f1 -d','`
43177c478bd9Sstevel@tonic-gate		dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','`
43187c478bd9Sstevel@tonic-gate		continue
43197c478bd9Sstevel@tonic-gate
43207c478bd9Sstevel@tonic-gate	    fi
43217c478bd9Sstevel@tonic-gate
43227c478bd9Sstevel@tonic-gate	    # Determine the objectclass for the entry.
43237c478bd9Sstevel@tonic-gate            get_objectclass $dk2
43247c478bd9Sstevel@tonic-gate	    OBJ_Name=${_ATTR_NAME}
43257c478bd9Sstevel@tonic-gate	    if [ "${OBJ_Name}" = "" ]; then
43267c478bd9Sstevel@tonic-gate	        ${ECHO} "Cannot determine objectclass for $dk2"
43277c478bd9Sstevel@tonic-gate	        ${ECHO} "Please create ${dk2}=${dc2},$lastdc entry and rerun idsconfig"
43287c478bd9Sstevel@tonic-gate	        exit 1
43297c478bd9Sstevel@tonic-gate	    fi
43307c478bd9Sstevel@tonic-gate
43317c478bd9Sstevel@tonic-gate	    # Add the new container.
43327c478bd9Sstevel@tonic-gate	    ( cat <<EOF
43337c478bd9Sstevel@tonic-gatedn: ${dk2}=${dc2},$lastdc
43347c478bd9Sstevel@tonic-gate${dk2}: $dc2
43357c478bd9Sstevel@tonic-gateobjectClass: top
43367c478bd9Sstevel@tonic-gateobjectClass: ${OBJ_Name}
43377c478bd9Sstevel@tonic-gateEOF
43387c478bd9Sstevel@tonic-gate) > ${TMPDIR}/base_objects
43397c478bd9Sstevel@tonic-gate
43407c478bd9Sstevel@tonic-gate
43417c478bd9Sstevel@tonic-gate	    # Set the $lastdc to new dc.
43427c478bd9Sstevel@tonic-gate	    lastdc="${dk2}=${dc2},$lastdc"
43437c478bd9Sstevel@tonic-gate
43447c478bd9Sstevel@tonic-gate	    # Add the entry.
43457c478bd9Sstevel@tonic-gate	    ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/base_objects ${VERB}"
43467c478bd9Sstevel@tonic-gate	    if [ $? -ne 0 ]; then
43477c478bd9Sstevel@tonic-gate		${ECHO} "  ERROR: update of base objects ${dc} failed."
43487c478bd9Sstevel@tonic-gate		cleanup
43497c478bd9Sstevel@tonic-gate		exit 1
43507c478bd9Sstevel@tonic-gate	    fi
43517c478bd9Sstevel@tonic-gate
43527c478bd9Sstevel@tonic-gate	    # Display message that schema is updated.
43537c478bd9Sstevel@tonic-gate	    ${ECHO} "  ${STEP}. Created DN component ${dc}."
43547c478bd9Sstevel@tonic-gate	    STEP=`expr $STEP + 1`
43557c478bd9Sstevel@tonic-gate
43567c478bd9Sstevel@tonic-gate	    # Process next component.
43577c478bd9Sstevel@tonic-gate	    dc=`${ECHO} "${dcstmp}" | cut -f1 -d','`
43587c478bd9Sstevel@tonic-gate	    dcstmp=`${ECHO} "${dcstmp}" | cut -f2- -d','`
43597c478bd9Sstevel@tonic-gate	done
43607c478bd9Sstevel@tonic-gate    fi
43617c478bd9Sstevel@tonic-gate}
43627c478bd9Sstevel@tonic-gate
43637c478bd9Sstevel@tonic-gate
43647c478bd9Sstevel@tonic-gate#
43657c478bd9Sstevel@tonic-gate# add_new_containers(): Add the top level classes.
43667c478bd9Sstevel@tonic-gate#
43677c478bd9Sstevel@tonic-gate#    $1 = Base DN
43687c478bd9Sstevel@tonic-gate#
43697c478bd9Sstevel@tonic-gateadd_new_containers()
43707c478bd9Sstevel@tonic-gate{
43717c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_new_containers()"
43727c478bd9Sstevel@tonic-gate
43737c478bd9Sstevel@tonic-gate    for ou in people group rpc protocols networks netgroup \
43747c478bd9Sstevel@tonic-gate	aliases hosts services ethers profile printers \
437545916cd2Sjpk	SolarisAuthAttr SolarisProfAttr Timezone ipTnet ; do
43767c478bd9Sstevel@tonic-gate
43777c478bd9Sstevel@tonic-gate	# Check if nismaps already exist.
43787c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"ou=${ou},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
43797c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
43807c478bd9Sstevel@tonic-gate	    continue
43817c478bd9Sstevel@tonic-gate	fi
43827c478bd9Sstevel@tonic-gate
43837c478bd9Sstevel@tonic-gate	# Create TMP file to add.
43847c478bd9Sstevel@tonic-gate	( cat <<EOF
43857c478bd9Sstevel@tonic-gatedn: ou=${ou},${LDAP_BASEDN}
43867c478bd9Sstevel@tonic-gateou: ${ou}
43877c478bd9Sstevel@tonic-gateobjectClass: top
43887c478bd9Sstevel@tonic-gateobjectClass: organizationalUnit
43897c478bd9Sstevel@tonic-gateEOF
43907c478bd9Sstevel@tonic-gate) > ${TMPDIR}/toplevel.${ou}
43917c478bd9Sstevel@tonic-gate
43927c478bd9Sstevel@tonic-gate	# Add the entry.
43937c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/toplevel.${ou} ${VERB}"
43947c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
43957c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Add of ou=${ou} container failed!"
43967c478bd9Sstevel@tonic-gate	    cleanup
43977c478bd9Sstevel@tonic-gate	    exit 1
43987c478bd9Sstevel@tonic-gate	fi
43997c478bd9Sstevel@tonic-gate    done
44007c478bd9Sstevel@tonic-gate
44017c478bd9Sstevel@tonic-gate    # Display message that top level OU containers complete.
44027c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Top level \"ou\" containers complete."
44037c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
44047c478bd9Sstevel@tonic-gate}
44057c478bd9Sstevel@tonic-gate
44067c478bd9Sstevel@tonic-gate
44077c478bd9Sstevel@tonic-gate#
44087c478bd9Sstevel@tonic-gate# add_auto_maps(): Add the automount map entries.
44097c478bd9Sstevel@tonic-gate#
44107c478bd9Sstevel@tonic-gate# auto_home, auto_direct, auto_master, auto_shared
44117c478bd9Sstevel@tonic-gate#
44127c478bd9Sstevel@tonic-gateadd_auto_maps()
44137c478bd9Sstevel@tonic-gate{
44147c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_auto_maps()"
44157c478bd9Sstevel@tonic-gate
44167c478bd9Sstevel@tonic-gate    # Set AUTO_MAPS for maps to create.
44177c478bd9Sstevel@tonic-gate    AUTO_MAPS="auto_home auto_direct auto_master auto_shared"
44187c478bd9Sstevel@tonic-gate
44197c478bd9Sstevel@tonic-gate    for automap in $AUTO_MAPS; do
44207c478bd9Sstevel@tonic-gate	# Check if automaps already exist.
44217c478bd9Sstevel@tonic-gate	eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"automountMapName=${automap},${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
44227c478bd9Sstevel@tonic-gate	if [ $? -eq 0 ]; then
44237c478bd9Sstevel@tonic-gate	    continue
44247c478bd9Sstevel@tonic-gate	fi
44257c478bd9Sstevel@tonic-gate
44267c478bd9Sstevel@tonic-gate	# Create the tmp file to add.
44277c478bd9Sstevel@tonic-gate	( cat <<EOF
44287c478bd9Sstevel@tonic-gatedn: automountMapName=${automap},${LDAP_BASEDN}
44297c478bd9Sstevel@tonic-gateautomountMapName: ${automap}
44307c478bd9Sstevel@tonic-gateobjectClass: top
44317c478bd9Sstevel@tonic-gateobjectClass: automountMap
44327c478bd9Sstevel@tonic-gateEOF
44337c478bd9Sstevel@tonic-gate) > ${TMPDIR}/automap.${automap}
44347c478bd9Sstevel@tonic-gate
44357c478bd9Sstevel@tonic-gate	# Add the entry.
44367c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/automap.${automap} ${VERB}"
44377c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
44387c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Add of automap ${automap} failed!"
44397c478bd9Sstevel@tonic-gate	    cleanup
44407c478bd9Sstevel@tonic-gate	    exit 1
44417c478bd9Sstevel@tonic-gate	fi
44427c478bd9Sstevel@tonic-gate    done
44437c478bd9Sstevel@tonic-gate
44447c478bd9Sstevel@tonic-gate    # Display message that automount entries are updated.
44457c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. automount maps: $AUTO_MAPS processed."
44467c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
44477c478bd9Sstevel@tonic-gate}
44487c478bd9Sstevel@tonic-gate
44497c478bd9Sstevel@tonic-gate
44507c478bd9Sstevel@tonic-gate#
44517c478bd9Sstevel@tonic-gate# add_proxyagent(): Add entry for nameservice to use to access server.
44527c478bd9Sstevel@tonic-gate#
44537c478bd9Sstevel@tonic-gateadd_proxyagent()
44547c478bd9Sstevel@tonic-gate{
44557c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_proxyagent()"
44567c478bd9Sstevel@tonic-gate
44577c478bd9Sstevel@tonic-gate    # Check if nismaps already exist.
44587c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_PROXYAGENT}\" -s base \"objectclass=*\" ${VERB}"
44597c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
44607c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} already exists."
44617c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
44627c478bd9Sstevel@tonic-gate	return 0
44637c478bd9Sstevel@tonic-gate    fi
44647c478bd9Sstevel@tonic-gate
44657c478bd9Sstevel@tonic-gate    # Get cn and sn names from LDAP_PROXYAGENT.
44667c478bd9Sstevel@tonic-gate    cn_tmp=`${ECHO} ${LDAP_PROXYAGENT} | cut -f1 -d, | cut -f2 -d=`
44677c478bd9Sstevel@tonic-gate
44687c478bd9Sstevel@tonic-gate    # Create the tmp file to add.
44697c478bd9Sstevel@tonic-gate    ( cat <<EOF
44707c478bd9Sstevel@tonic-gatedn: ${LDAP_PROXYAGENT}
44717c478bd9Sstevel@tonic-gatecn: ${cn_tmp}
44727c478bd9Sstevel@tonic-gatesn: ${cn_tmp}
44737c478bd9Sstevel@tonic-gateobjectclass: top
44747c478bd9Sstevel@tonic-gateobjectclass: person
44757c478bd9Sstevel@tonic-gateuserpassword: ${LDAP_PROXYAGENT_CRED}
44767c478bd9Sstevel@tonic-gateEOF
44777c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxyagent
44787c478bd9Sstevel@tonic-gate
44797c478bd9Sstevel@tonic-gate    # Add the entry.
44807c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/proxyagent ${VERB}"
44817c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
44827c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Adding proxyagent failed!"
44837c478bd9Sstevel@tonic-gate	cleanup
44847c478bd9Sstevel@tonic-gate	exit 1
44857c478bd9Sstevel@tonic-gate    fi
44867c478bd9Sstevel@tonic-gate
44877c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
44887c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Proxy Agent ${LDAP_PROXYAGENT} added."
44897c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
44907c478bd9Sstevel@tonic-gate}
44917c478bd9Sstevel@tonic-gate
44927c478bd9Sstevel@tonic-gate
44937c478bd9Sstevel@tonic-gate#
44947c478bd9Sstevel@tonic-gate# allow_proxy_read_pw(): Give Proxy Agent read permission for password.
44957c478bd9Sstevel@tonic-gate#
44967c478bd9Sstevel@tonic-gateallow_proxy_read_pw()
44977c478bd9Sstevel@tonic-gate{
44987c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In allow_proxy_read_pw()"
44997c478bd9Sstevel@tonic-gate
45007c478bd9Sstevel@tonic-gate    # Set ACI Name
45017c478bd9Sstevel@tonic-gate    PROXY_ACI_NAME="LDAP_Naming_Services_proxy_password_read"
45027c478bd9Sstevel@tonic-gate
45037c478bd9Sstevel@tonic-gate    # Search for ACI_NAME
45047c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"${LDAP_BASEDN}\" -s base objectclass=* aci > ${TMPDIR}/chk_proxyread_aci 2>&1"
45057c478bd9Sstevel@tonic-gate    ${GREP} "${PROXY_ACI_NAME}" ${TMPDIR}/chk_proxyread_aci > /dev/null 2>&1
45067c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
45077c478bd9Sstevel@tonic-gate	${ECHO} "  ${STEP}. Proxy ACI ${PROXY_ACI_NAME=} already exists for ${LDAP_BASEDN}."
45087c478bd9Sstevel@tonic-gate	STEP=`expr $STEP + 1`
45097c478bd9Sstevel@tonic-gate	return 0
45107c478bd9Sstevel@tonic-gate    fi
45117c478bd9Sstevel@tonic-gate
45127c478bd9Sstevel@tonic-gate    # Create the tmp file to add.
45137c478bd9Sstevel@tonic-gate    ( cat <<EOF
45147c478bd9Sstevel@tonic-gatedn: ${LDAP_BASEDN}
45157c478bd9Sstevel@tonic-gatechangetype: modify
45167c478bd9Sstevel@tonic-gateadd: aci
45177c478bd9Sstevel@tonic-gateaci: (target="ldap:///${LDAP_BASEDN}")(targetattr="userPassword")(version 3.0; acl ${PROXY_ACI_NAME}; allow (compare,read,search) userdn = "ldap:///${LDAP_PROXYAGENT}";)
45187c478bd9Sstevel@tonic-gateEOF
45197c478bd9Sstevel@tonic-gate) > ${TMPDIR}/proxy_read
45207c478bd9Sstevel@tonic-gate
45217c478bd9Sstevel@tonic-gate    # Add the entry.
45227c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} ${LDAP_ARGS} -f ${TMPDIR}/proxy_read ${VERB}"
45237c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
45247c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Allow ${LDAP_PROXYAGENT} to read password failed!"
45257c478bd9Sstevel@tonic-gate	cleanup
45267c478bd9Sstevel@tonic-gate	exit 1
45277c478bd9Sstevel@tonic-gate    fi
45287c478bd9Sstevel@tonic-gate
45297c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
45307c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Give ${LDAP_PROXYAGENT} read permission for password."
45317c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
45327c478bd9Sstevel@tonic-gate}
45337c478bd9Sstevel@tonic-gate
45347c478bd9Sstevel@tonic-gate
45357c478bd9Sstevel@tonic-gate#
45367c478bd9Sstevel@tonic-gate# add_profile(): Add client profile to server.
45377c478bd9Sstevel@tonic-gate#
45387c478bd9Sstevel@tonic-gateadd_profile()
45397c478bd9Sstevel@tonic-gate{
45407c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In add_profile()"
45417c478bd9Sstevel@tonic-gate
45427c478bd9Sstevel@tonic-gate    # If profile name already exists, DELETE it, and add new one.
45437c478bd9Sstevel@tonic-gate    eval "${LDAPSEARCH} ${LDAP_ARGS} -b \"cn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN}\" -s base \"objectclass=*\" ${VERB}"
45447c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then
45457c478bd9Sstevel@tonic-gate	# Create Delete file.
45467c478bd9Sstevel@tonic-gate	( cat <<EOF
45477c478bd9Sstevel@tonic-gatecn=${LDAP_PROFILE_NAME},ou=profile,${LDAP_BASEDN}
45487c478bd9Sstevel@tonic-gateEOF
45497c478bd9Sstevel@tonic-gate) > ${TMPDIR}/del_profile
45507c478bd9Sstevel@tonic-gate
45517c478bd9Sstevel@tonic-gate	# Check if DEL_OLD_PROFILE is set.  (If not ERROR)
45527c478bd9Sstevel@tonic-gate	if [ $DEL_OLD_PROFILE -eq 0 ]; then
45537c478bd9Sstevel@tonic-gate	    ${ECHO} "ERROR: Profile name ${LDAP_PROFILE_NAME} exists! Add failed!"
45547c478bd9Sstevel@tonic-gate	    exit 1
45557c478bd9Sstevel@tonic-gate	fi
45567c478bd9Sstevel@tonic-gate
45577c478bd9Sstevel@tonic-gate	# Delete the OLD profile.
45587c478bd9Sstevel@tonic-gate	${EVAL} "${LDAPDELETE} ${LDAP_ARGS} -f ${TMPDIR}/del_profile ${VERB}"
45597c478bd9Sstevel@tonic-gate	if [ $? -ne 0 ]; then
45607c478bd9Sstevel@tonic-gate	    ${ECHO} "  ERROR: Attempt to DELETE profile failed!"
45617c478bd9Sstevel@tonic-gate	    cleanup
45627c478bd9Sstevel@tonic-gate	    exit 1
45637c478bd9Sstevel@tonic-gate	fi
45647c478bd9Sstevel@tonic-gate    fi
45657c478bd9Sstevel@tonic-gate
45667c478bd9Sstevel@tonic-gate    # Build the "ldapclient genprofile" command string to execute.
45677c478bd9Sstevel@tonic-gate    GEN_CMD="ldapclient genprofile -a \"profileName=${LDAP_PROFILE_NAME}\""
45687c478bd9Sstevel@tonic-gate
45697c478bd9Sstevel@tonic-gate    # Add required argument defaultSearchBase.
45707c478bd9Sstevel@tonic-gate    GEN_CMD="${GEN_CMD} -a \"defaultSearchBase=${LDAP_BASEDN}\""
45717c478bd9Sstevel@tonic-gate
45727c478bd9Sstevel@tonic-gate    # Add optional parameters.
45737c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SERVER_LIST" ] && \
45747c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"defaultServerList=${LDAP_SERVER_LIST}\""
45757c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SEARCH_SCOPE" ] && \
45767c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"defaultSearchScope=${LDAP_SEARCH_SCOPE}\""
45777c478bd9Sstevel@tonic-gate    [ -n "$LDAP_CRED_LEVEL" ] && \
45787c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"credentialLevel=${LDAP_CRED_LEVEL}\""
45797c478bd9Sstevel@tonic-gate    [ -n "$LDAP_AUTHMETHOD" ] && \
45807c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"authenticationMethod=${LDAP_AUTHMETHOD}\""
45817c478bd9Sstevel@tonic-gate    [ -n "$LDAP_FOLLOWREF" ] && \
45827c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"followReferrals=${LDAP_FOLLOWREF}\""
45837c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SEARCH_TIME_LIMIT" ] && \
45847c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"searchTimeLimit=${LDAP_SEARCH_TIME_LIMIT}\""
45857c478bd9Sstevel@tonic-gate    [ -n "$LDAP_PROFILE_TTL" ] && \
45867c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"profileTTL=${LDAP_PROFILE_TTL}\""
45877c478bd9Sstevel@tonic-gate    [ -n "$LDAP_BIND_LIMIT" ] && \
45887c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"bindTimeLimit=${LDAP_BIND_LIMIT}\""
45897c478bd9Sstevel@tonic-gate    [ -n "$LDAP_PREF_SRVLIST" ] && \
45907c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"preferredServerList=${LDAP_PREF_SRVLIST}\""
45917c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SRV_AUTHMETHOD_PAM" ] && \
45927c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_PAM}\""
45937c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SRV_AUTHMETHOD_KEY" ] && \
45947c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_KEY}\""
45957c478bd9Sstevel@tonic-gate    [ -n "$LDAP_SRV_AUTHMETHOD_CMD" ] && \
45967c478bd9Sstevel@tonic-gate	GEN_CMD="${GEN_CMD} -a \"serviceAuthenticationMethod=${LDAP_SRV_AUTHMETHOD_CMD}\""
45977c478bd9Sstevel@tonic-gate
45987c478bd9Sstevel@tonic-gate    # Check if there are any service search descriptors to ad.
45997c478bd9Sstevel@tonic-gate    if [ -s "${SSD_FILE}" ]; then
46007c478bd9Sstevel@tonic-gate	ssd_2_profile
46017c478bd9Sstevel@tonic-gate    fi
46027c478bd9Sstevel@tonic-gate
46037c478bd9Sstevel@tonic-gate    # Execute "ldapclient genprofile" to create profile.
46047c478bd9Sstevel@tonic-gate    eval ${GEN_CMD} > ${TMPDIR}/gen_profile 2> ${TMPDIR}/gen_profile_ERR
46057c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
46067c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: ldapclient genprofile failed!"
46077c478bd9Sstevel@tonic-gate	cleanup
46087c478bd9Sstevel@tonic-gate	exit 1
46097c478bd9Sstevel@tonic-gate    fi
46107c478bd9Sstevel@tonic-gate
46117c478bd9Sstevel@tonic-gate    # Add the generated profile..
46127c478bd9Sstevel@tonic-gate    ${EVAL} "${LDAPMODIFY} -a ${LDAP_ARGS} -f ${TMPDIR}/gen_profile ${VERB}"
46137c478bd9Sstevel@tonic-gate    if [ $? -ne 0 ]; then
46147c478bd9Sstevel@tonic-gate	${ECHO} "  ERROR: Attempt to add profile failed!"
46157c478bd9Sstevel@tonic-gate	cleanup
46167c478bd9Sstevel@tonic-gate	exit 1
46177c478bd9Sstevel@tonic-gate    fi
46187c478bd9Sstevel@tonic-gate
46197c478bd9Sstevel@tonic-gate    # Display message that schema is updated.
46207c478bd9Sstevel@tonic-gate    ${ECHO} "  ${STEP}. Generated client profile and loaded on server."
46217c478bd9Sstevel@tonic-gate    STEP=`expr $STEP + 1`
46227c478bd9Sstevel@tonic-gate}
46237c478bd9Sstevel@tonic-gate
46247c478bd9Sstevel@tonic-gate
46257c478bd9Sstevel@tonic-gate#
46267c478bd9Sstevel@tonic-gate# cleanup(): Remove the TMPDIR and all files in it.
46277c478bd9Sstevel@tonic-gate#
46287c478bd9Sstevel@tonic-gatecleanup()
46297c478bd9Sstevel@tonic-gate{
46307c478bd9Sstevel@tonic-gate    [ $DEBUG -eq 1 ] && ${ECHO} "In cleanup()"
46317c478bd9Sstevel@tonic-gate
46327c478bd9Sstevel@tonic-gate    rm -fr ${TMPDIR}
46337c478bd9Sstevel@tonic-gate}
46347c478bd9Sstevel@tonic-gate
46357c478bd9Sstevel@tonic-gate
46367c478bd9Sstevel@tonic-gate#
46377c478bd9Sstevel@tonic-gate# 			* * * MAIN * * *
46387c478bd9Sstevel@tonic-gate#
46397c478bd9Sstevel@tonic-gate# Description:
46407c478bd9Sstevel@tonic-gate# This script assumes that the iPlanet Directory Server (iDS) is
46417c478bd9Sstevel@tonic-gate# installed and that setup has been run.  This script takes the
46427c478bd9Sstevel@tonic-gate# iDS server from that point and sets up the infrastructure for
46437c478bd9Sstevel@tonic-gate# LDAP Naming Services.  After running this script, ldapaddent(1M)
46447c478bd9Sstevel@tonic-gate# or some other tools can be used to populate data.
46457c478bd9Sstevel@tonic-gate
46467c478bd9Sstevel@tonic-gate# Initialize the variables that need to be set to NULL, or some
46477c478bd9Sstevel@tonic-gate# other initial value before the rest of the functions can be called.
46487c478bd9Sstevel@tonic-gateinit
46497c478bd9Sstevel@tonic-gate
46507c478bd9Sstevel@tonic-gate# Parse command line arguments.
46517c478bd9Sstevel@tonic-gateparse_arg $*
46527c478bd9Sstevel@tonic-gateshift $?
46537c478bd9Sstevel@tonic-gate
46547c478bd9Sstevel@tonic-gate# Print extra line to separate from prompt.
46557c478bd9Sstevel@tonic-gate${ECHO} " "
46567c478bd9Sstevel@tonic-gate
46577c478bd9Sstevel@tonic-gate# Either Load the user specified config file
46587c478bd9Sstevel@tonic-gate# or prompt user for config info.
46597c478bd9Sstevel@tonic-gateif [ -n "$INPUT_FILE" ]
46607c478bd9Sstevel@tonic-gatethen
46617c478bd9Sstevel@tonic-gate    load_config_file
46627c478bd9Sstevel@tonic-gate    INTERACTIVE=0      # Turns off prompts that occur later.
46637c478bd9Sstevel@tonic-gate    validate_info      # Validate basic info in file.
46647c478bd9Sstevel@tonic-gate    chk_ids_version    # Check iDS version for compatibility.
4665*cb5caa98Sdjl    gssapi_setup_auto
46667c478bd9Sstevel@tonic-gateelse
46677c478bd9Sstevel@tonic-gate    # Display BACKUP warning to user.
46687c478bd9Sstevel@tonic-gate    display_msg backup_server
46697c478bd9Sstevel@tonic-gate    get_confirm "Do you wish to continue with server setup (y/n/h)?" "n" "backup_help"
46707c478bd9Sstevel@tonic-gate    if [ $? -eq 0 ]; then    # if No, cleanup and exit.
46717c478bd9Sstevel@tonic-gate	cleanup ; exit 1
46727c478bd9Sstevel@tonic-gate    fi
46737c478bd9Sstevel@tonic-gate
46747c478bd9Sstevel@tonic-gate    # Prompt for values.
46757c478bd9Sstevel@tonic-gate    prompt_config_info
46767c478bd9Sstevel@tonic-gate    display_summary    # Allow user to modify results.
46777c478bd9Sstevel@tonic-gate    INTERACTIVE=1      # Insures future prompting.
46787c478bd9Sstevel@tonic-gatefi
46797c478bd9Sstevel@tonic-gate
46807c478bd9Sstevel@tonic-gate# Modify slapd.oc.conf to ALLOW cn instead of REQUIRE.
46817c478bd9Sstevel@tonic-gatemodify_cn
46827c478bd9Sstevel@tonic-gate
46837c478bd9Sstevel@tonic-gate# Modify timelimit to user value.
46847c478bd9Sstevel@tonic-gate[ $NEED_TIME -eq 1 ] && modify_timelimit
46857c478bd9Sstevel@tonic-gate
46867c478bd9Sstevel@tonic-gate# Modify sizelimit to user value.
46877c478bd9Sstevel@tonic-gate[ $NEED_SIZE -eq 1 ] && modify_sizelimit
46887c478bd9Sstevel@tonic-gate
46897c478bd9Sstevel@tonic-gate# Modify the password storage scheme to support CRYPT.
46907c478bd9Sstevel@tonic-gateif [ "$NEED_CRYPT" = "TRUE" ]; then
46917c478bd9Sstevel@tonic-gate    modify_pwd_crypt
46927c478bd9Sstevel@tonic-gatefi
46937c478bd9Sstevel@tonic-gate
46947c478bd9Sstevel@tonic-gate# Update the schema (Attributes, Objectclass Definitions)
4695*cb5caa98Sdjlif [ ${SCHEMA_UPDATED} -eq 0 ]; then
4696*cb5caa98Sdjl        update_schema_attr
4697*cb5caa98Sdjl        update_schema_obj
4698*cb5caa98Sdjlfi
46997c478bd9Sstevel@tonic-gate
4700017e8b01Svl# Add suffix together with its root entry (if needed)
4701017e8b01Svladd_suffix ||
4702017e8b01Svl{
4703017e8b01Svl	cleanup
4704017e8b01Svl	exit 1
4705017e8b01Svl}
4706017e8b01Svl
47077c478bd9Sstevel@tonic-gate# Add base objects (if needed)
47087c478bd9Sstevel@tonic-gateadd_base_objects
47097c478bd9Sstevel@tonic-gate
47107c478bd9Sstevel@tonic-gate# Update the NisDomainObject.
47117c478bd9Sstevel@tonic-gate#   The Base DN might of just been created, so this MUST happen after
47127c478bd9Sstevel@tonic-gate#   the base objects have been added!
47137c478bd9Sstevel@tonic-gateset_nisdomain
47147c478bd9Sstevel@tonic-gate
47157c478bd9Sstevel@tonic-gate# Add top level classes (new containers)
47167c478bd9Sstevel@tonic-gateadd_new_containers
47177c478bd9Sstevel@tonic-gate
47187c478bd9Sstevel@tonic-gate# Add common nismaps.
47197c478bd9Sstevel@tonic-gateadd_auto_maps
47207c478bd9Sstevel@tonic-gate
47217c478bd9Sstevel@tonic-gate# Modify top ACI.
47227c478bd9Sstevel@tonic-gatemodify_top_aci
47237c478bd9Sstevel@tonic-gate
47247c478bd9Sstevel@tonic-gate# Add Access Control Information for VLV.
47257c478bd9Sstevel@tonic-gateadd_vlv_aci
47267c478bd9Sstevel@tonic-gate
47277c478bd9Sstevel@tonic-gate# if Proxy needed, Add Proxy Agent and give read permission for password.
47287c478bd9Sstevel@tonic-gateif [ $NEED_PROXY -eq 1 ]; then
47297c478bd9Sstevel@tonic-gate    add_proxyagent
47307c478bd9Sstevel@tonic-gate    allow_proxy_read_pw
47317c478bd9Sstevel@tonic-gatefi
47327c478bd9Sstevel@tonic-gate
47337c478bd9Sstevel@tonic-gate# Generate client profile and add it to the server.
47347c478bd9Sstevel@tonic-gateadd_profile
47357c478bd9Sstevel@tonic-gate
47367c478bd9Sstevel@tonic-gate# Add Indexes to improve Search Performance.
47377c478bd9Sstevel@tonic-gateadd_eq_indexes
47387c478bd9Sstevel@tonic-gateadd_sub_indexes
47397c478bd9Sstevel@tonic-gateadd_vlv_indexes
47407c478bd9Sstevel@tonic-gate
47417c478bd9Sstevel@tonic-gate# Display setup complete message
47427c478bd9Sstevel@tonic-gatedisplay_msg setup_complete
47437c478bd9Sstevel@tonic-gate
47447c478bd9Sstevel@tonic-gate# Display VLV index commands to be executed on server.
47457c478bd9Sstevel@tonic-gatedisplay_vlv_cmds
47467c478bd9Sstevel@tonic-gate
47477c478bd9Sstevel@tonic-gate# Create config file if requested.
47487c478bd9Sstevel@tonic-gate[ -n "$OUTPUT_FILE" ] && create_config_file
47497c478bd9Sstevel@tonic-gate
47507c478bd9Sstevel@tonic-gate# Removed the TMPDIR and all files in it.
47517c478bd9Sstevel@tonic-gatecleanup
47527c478bd9Sstevel@tonic-gate
47537c478bd9Sstevel@tonic-gateexit 0
47547c478bd9Sstevel@tonic-gate# end of MAIN.
4755