Agenda: ldapscripts-sasl.diff
File ldapscripts-sasl.diff, 2.8 KB (added by admin, 8 years ago) |
---|
-
/usr/share/ldapscripts/runtime
old new 149 149 # Input : base ($1), filter ($2), attribute to display ($3) 150 150 # Output : entry/entries found (stdout) 151 151 _ldapsearch () { 152 if [ -n "$BINDPWDFILE" ] 152 if [ -n "$SASLAUTH" ] 153 then 154 $LDAPSEARCHBIN -Y "$SASLAUTH" -b "${1:-$SUFFIX}" -H "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 155 elif [ -n "$BINDPWDFILE" ] 153 156 then 154 157 $LDAPSEARCHBIN -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 155 158 else … … 174 177 ;; 175 178 esac 176 179 177 if [ -n "$BINDPWDFILE" ] 178 then 180 if [ -n "$SASLAUTH" ]; then 181 $LDAPADDBIN $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 182 elif [ -n "$BINDPWDFILE" ]; then 179 183 $LDAPADDBIN $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 180 184 else 181 185 $LDAPADDBIN $_OPTIONS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null … … 199 203 ;; 200 204 esac 201 205 202 if [ -n "$BINDPWDFILE" ] 206 if [ -n "$SASLAUTH" ] 207 then 208 $LDAPMODIFYBIN $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 1>/dev/null 209 elif [ -n "$BINDPWDFILE" ] 203 210 then 204 211 $LDAPMODIFYBIN $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 205 212 else … … 215 222 then 216 223 end_die "_ldaprename : missing argument(s)" 217 224 else 218 if [ -n "$BINDPWDFILE" ] 225 if [ -n "$SASLAUTH" ] 226 then 227 $LDAPMODRDNBIN -Y "$SASLAUTH" -H "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 228 elif [ -n "$BINDPWDFILE" ] 219 229 then 220 230 $LDAPMODRDNBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 221 231 else … … 229 239 # Output : nothing 230 240 _ldapdelete () { 231 241 [ -z "$1" ] && end_die "_ldapdelete : missing argument" 232 if [ -n "$BINDPWDFILE" ] 242 if [ -n "$SASLAUTH" ] 243 then 244 $LDAPDELETEBIN -Y "$SASLAUTH" -H "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 245 elif [ -n "$BINDPWDFILE" ] 233 246 then 234 247 $LDAPDELETEBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 235 248 else … … 567 580 echo "$2 : $1" >> "$PASSWORDFILE" 568 581 fi 569 582 570 if [ -n "$BINDPWDFILE" ] 583 if [ -n "$SASLAUTH" ] 584 then 585 end_die "Change password in $SASLAUTH database, e.g. kadmin" 586 elif [ -n "$BINDPWDFILE" ] 571 587 then 572 588 ## Change password in a secure way 573 589 # Allocate and create temp file … … 624 640 # Check for bindpwd file 625 641 if [ ! -f "$BINDPWDFILE" ] || [ ! -r "$BINDPWDFILE" ] 626 642 then 627 if [ -n "$BINDPWD" ] 643 if [ -n "$SASLAUTH" ] 644 then 645 true # all OK 646 elif [ -n "$BINDPWD" ] 628 647 then 629 648 warn_log "Warning : using command-line passwords, ldapscripts may not be safe" 630 649 else