Agenda: ldapscripts-sasl.diff

File ldapscripts-sasl.diff, 2.8 KB (added by admin, 8 years ago)
  • /usr/share/ldapscripts/runtime

    old new  
    149149# Input : base ($1), filter ($2), attribute to display ($3) 
    150150# Output : entry/entries found (stdout) 
    151151_ldapsearch () { 
    152   if [ -n "$BINDPWDFILE" ] 
     152  if [ -n "$SASLAUTH" ] 
     153  then 
     154    $LDAPSEARCHBIN -Y "$SASLAUTH" -b "${1:-$SUFFIX}" -H "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"  
     155  elif [ -n "$BINDPWDFILE" ] 
    153156  then 
    154157    $LDAPSEARCHBIN -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"  
    155158  else 
     
    174177    ;; 
    175178  esac 
    176179 
    177   if [ -n "$BINDPWDFILE" ] 
    178   then 
     180  if [ -n "$SASLAUTH" ]; then 
     181    $LDAPADDBIN $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 
     182  elif [ -n "$BINDPWDFILE" ]; then 
    179183    $LDAPADDBIN $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 
    180184  else 
    181185    $LDAPADDBIN $_OPTIONS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 
     
    199203    ;; 
    200204  esac 
    201205 
    202   if [ -n "$BINDPWDFILE" ] 
     206  if [ -n "$SASLAUTH" ] 
     207  then 
     208    $LDAPMODIFYBIN $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 1>/dev/null 
     209  elif [ -n "$BINDPWDFILE" ] 
    203210  then 
    204211    $LDAPMODIFYBIN $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 
    205212  else 
     
    215222  then 
    216223    end_die "_ldaprename : missing argument(s)" 
    217224  else 
    218     if [ -n "$BINDPWDFILE" ] 
     225    if [ -n "$SASLAUTH" ] 
     226    then 
     227      $LDAPMODRDNBIN -Y "$SASLAUTH" -H "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 
     228    elif [ -n "$BINDPWDFILE" ] 
    219229    then 
    220230      $LDAPMODRDNBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 
    221231    else 
     
    229239# Output : nothing 
    230240_ldapdelete () { 
    231241  [ -z "$1" ] && end_die "_ldapdelete : missing argument" 
    232   if [ -n "$BINDPWDFILE" ] 
     242  if [ -n "$SASLAUTH" ] 
     243  then 
     244    $LDAPDELETEBIN -Y "$SASLAUTH" -H "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 
     245  elif [ -n "$BINDPWDFILE" ] 
    233246  then 
    234247    $LDAPDELETEBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 
    235248  else 
     
    567580      echo "$2 : $1" >> "$PASSWORDFILE" 
    568581    fi 
    569582 
    570     if [ -n "$BINDPWDFILE" ] 
     583    if [ -n "$SASLAUTH" ] 
     584    then 
     585      end_die "Change password in $SASLAUTH database, e.g. kadmin" 
     586    elif [ -n "$BINDPWDFILE" ] 
    571587    then 
    572588      ## Change password in a secure way 
    573589      # Allocate and create temp file 
     
    624640# Check for bindpwd file 
    625641if [ ! -f "$BINDPWDFILE" ] || [ ! -r "$BINDPWDFILE" ] 
    626642then 
    627   if [ -n "$BINDPWD" ] 
     643  if [ -n "$SASLAUTH" ] 
     644  then 
     645    true # all OK 
     646  elif [ -n "$BINDPWD" ] 
    628647  then 
    629648    warn_log "Warning : using command-line passwords, ldapscripts may not be safe" 
    630649  else