aboutsummaryrefslogtreecommitdiff
path: root/handlers/ldap.helper.in
blob: 4870ae47277fb39d47b1ab57957f637efb9fae4b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-

HELPERS="$HELPERS ldap:ldap_database_backup"

ldap_create_file() {
   while true; do
      checkBox "ldap action wizard" "check options (slapcat OR ldapsearch)" \
         "slapcat" "export ldif using slapcat" yes \
         "ldapsearch" "export ldif using ldapsearch" no \
         "compress" "compress the ldif output files" yes \
         "ssl" "use SSL (deprecated)" no \
         "tls" "use TLS extended operations (RFC2246, RFC2830)" yes
      status=$?
      compress="compress = no"
      method="method = <unset>"
      restart="restart = no"
      binddn=""
      passwordfile=""
      ssl="ssl = no"
      tls="tls = no"
      [ $status = 1 ] && return;
      result="$REPLY"
      for opt in $result; do
         case $opt in
            '"compress"') compress="compress = yes";;
            '"slapcat"')
               method="method = slapcat"
               [ "$_RESTART" == "yes" ] && restart="restart = yes"
               ;;
            '"ldapsearch"')
               method="method = ldapsearch"
               inputBox "ldap action wizard" "ldapsearch requires authentication. Specify here what password file to use. It must have the password with no trailing return and it should not be world readable."
               [ $? = 1 ] && return
               passwordfile="passwordfile = $REPLY"
               inputBox "ldap action wizard" "ldapsearch requires authentication. Specify here what DN to bind as:"
               [ $? = 1 ] && return
               binddn="binddn = $REPLY"
               require_packages ldap-utils
               ;;
            '"ssl"') ssl="ssl = yes";;
            '"tls"') tls="tls = yes";;
         esac
      done
      get_next_filename $configdirectory/30.ldap
      cat > $next_filename <<EOF
$method
$compress
$restart
$binddn
$passwordfile
$ssl
$tls
# backupdir = /var/backups/ldap
# conf = /etc/ldap/slapd.conf
# databases = all
EOF
      chmod 600 $next_filename
      return
   done
}

ldap_wizard() {
   bdb=no
   hdb=no
   ldbm=no
   for backend in `grep -e "^backend" /etc/ldap/slapd.conf | @AWK@ '{print $2}'`; do
      if [ "$backend" == "bdb" ]; then
         bdb=yes
      elif [ "$backend" == "hdb" ]; then
         hdb=yes
      elif [ "$backend" == "ldbm" ]; then
         ldbm=yes
      fi
   done

   if [ "$bdb" == "yes" -o "$hdb" == "yes" ]; then
      if [ "$ldbm" == "no" ]; then
         msgBox "ldap action wizard" "It looks like the backend in your slapd.conf is set to BDB or HDB. If this is not the case, exit this wizard! From this point on, we will assume BDB or HDB backend, which might have disasterious consequences if this is incorrect."
         _RESTART=no
         ldap_create_file
      fi
   elif [ "$ldbm" == "yes" ]; then
      msgBox "ldap action wizard" "It looks like the backend in your slapd.conf is set to LDBM. Because of this, you will have less options (because it is not safe to use slapcat while slapd is running LDBM)."
      _RESTART=yes
      ldap_create_file
   else
      msgBox "ldap action wizard" "I couldn't find any supported backend in your slapd.conf. Bailing out."
      return
   fi
}