Newer
Older
#!/bin/sh
#
# Starts nslcd needed for LDAP
#
MONIT=/usr/bin/monit
dotconfig=/wr/etc/dot-config
log_output=/dev/kmsg
start_counter() {
# increase boot counter
COUNTER_FILE="/tmp/start_cnt_ldap"
START_COUNTER=1
if [ -f "$COUNTER_FILE" ];
then
read -r START_COUNTER < $COUNTER_FILE
START_COUNTER=$((START_COUNTER+1))
fi
echo "$START_COUNTER" > $COUNTER_FILE
}
start() {
echo -n "Starting nslcd (LDAP): "
if [ -f "$dotconfig" ]; then
. "$dotconfig"
else
echo "$0 unable to source dot-config ($dotconfig)!" | tee $log_output
fi
if [ "$CONFIG_LDAP_ENABLE" != "y" ]; then
echo "LDAP not enabled in dot-config" | tee $log_output
# Unmonitor web server (nslcd), ignore all printouts
# from monit.
# Run in background since monit may wait for a timeout.
$MONIT unmonitor nslcd &>/dev/null &
exit 0
fi
if [ -z "$CONFIG_LDAP_SERVER" ]; then
echo "Failed! LDAP server not defined" | tee $log_output
exit 0
fi
# fill LDAP server address
cp -a /usr/etc/nslcd.conf /etc/nslcd.conf
sed -i "s,^uri CONFIG_LDAP_SERVER_ADDRESS,uri $CONFIG_LDAP_SERVER,g" /etc/nslcd.conf
if [ -z "$CONFIG_LDAP_SEARCH_BASE" ]; then
echo "Failed! LDAP search base not defined" | tee $log_output
exit 0
fi
# fill LDAP search base
sed -i "s/CONFIG_LDAP_SEARCH_BASE/$CONFIG_LDAP_SEARCH_BASE/g" /etc/nslcd.conf
if [ "$CONFIG_LDAP_FILTER_NONE" = "y" ]; then
# no filter
sed -i "s/CONFIG_LDAP_FILTER//g" /etc/nslcd.conf
elif [ "$CONFIG_LDAP_FILTER_EGROUP" = "y" ]; then
if [ -z "$CONFIG_LDAP_FILTER_EGROUP_STR" ]; then
echo -n "Warning: CONFIG_LDAP_FILTER_EGROUP_STR empty! " | tee $log_output
fi
sed -i "s/CONFIG_LDAP_FILTER/(memberOf=CN=$CONFIG_LDAP_FILTER_EGROUP_STR,OU=e-groups,OU=Workgroups,$CONFIG_LDAP_SEARCH_BASE)/g" /etc/nslcd.conf
elif [ "$CONFIG_LDAP_FILTER_CUSTOM" = "y" ]; then
if [ -z "$CONFIG_LDAP_FILTER_CUSTOM_STR" ]; then
echo -n "Warning: CONFIG_LDAP_FILTER_CUSTOM_STR empty! " | tee $log_output
fi
sed -i "s/CONFIG_LDAP_FILTER/$CONFIG_LDAP_FILTER_CUSTOM_STR/g" /etc/nslcd.conf
fi
# add ldap to /etc/nsswitch.conf
cp -a /usr/etc/nsswitch.conf /etc/nsswitch.conf
sed -i "s/^passwd:[ \t]*files\$/passwd: files ldap/g" /etc/nsswitch.conf
sed -i "s/^group:[ \t]*files\$/group: files ldap/g" /etc/nsswitch.conf
sed -i "s/^shadow:[ \t]*files\$/shadow: files ldap/g" /etc/nsswitch.conf
cp -a /usr/etc/pam.d/sshd /etc/pam.d/sshd
if [ "$CONFIG_AUTH_KRB5" = "y" ]; then
if [ -z "$CONFIG_AUTH_KRB5_SERVER" ]; then
echo "Failed! CONFIG_AUTH_KRB5_SERVER empty!" | tee $log_output
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
exit 0
fi
sed -i "s,# auth line to be replaced by startup scripts,# added by $0\nauth sufficient /lib/security/pam_krb5.so minimum_uid=1000\n,g" /etc/pam.d/sshd
sed -i "s,# account line to be replaced by startup scripts,# added by $0\naccount required /lib/security/pam_krb5.so minimum_uid=1000\n,g" /etc/pam.d/sshd
sed -i "s,# session line to be replaced by startup scripts,# added by $0\nsession required /lib/security/pam_krb5.so minimum_uid=1000\n,g" /etc/pam.d/sshd
cp -a /usr/etc/krb5.conf /etc/krb5.conf
sed -i "s,default_realm = CONFIG_AUTH_KRB5_SERVER,default_realm = $CONFIG_AUTH_KRB5_SERVER,g" /etc/krb5.conf
fi
if [ "$CONFIG_AUTH_LDAP" = "y" ]; then
sed -i "s,# auth line to be replaced by startup scripts,# added by $0\nauth sufficient /lib/security/pam_ldap.so minimum_uid=1000\n,g" /etc/pam.d/sshd
sed -i "s,# account line to be replaced by startup scripts,# added by $0\naccount required /lib/security/pam_ldap.so minimum_uid=1000\n,g" /etc/pam.d/sshd
sed -i "s,# session line to be replaced by startup scripts,# added by $0\nsession required /lib/security/pam_ldap.so minimum_uid=1000\n,g" /etc/pam.d/sshd
fi
# /var/run/nslcd/nslcd.pid is created automatically by nslcd
start-stop-daemon -S -q -p /var/run/nslcd/nslcd.pid --exec /usr/sbin/nslcd
ret=$?
if [ $ret -eq 0 ]; then
start_counter
echo "OK"
elif [ $ret -eq 1 ]; then
echo "Failed (already running?)"
else
echo "Failed"
fi
}
stop() {
echo -n "Stopping nslcd (LDAP): "
start-stop-daemon -K -q -p /var/run/nslcd/nslcd.pid
if [ $? -eq 0 ]; then
echo "OK"
else
echo "Failed"
fi
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
restart
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?