#!/bin/sh -e PACKAGE=libnss-ldap CONFFILE="/etc/libnss-ldap.conf" PASSWDFILE="/etc/libnss-ldap.secret" add_missing() { # FIXME: it would be nice to get the prototype from a template. parameter=$1 value=$2 echo "$parameter $value" >> $CONFFILE } change_value() { parameter=$1 value=$2 commented=0 ; notthere=0 egrep -i -q "^$parameter " $CONFFILE || notthere=1 if [ "$notthere" = "1" ]; then if ( egrep -i -q "^# *$parameter" $CONFFILE ); then notthere=0 commented=1 fi fi if [ "$notthere" = "1" ]; then add_missing $parameter $value else replacestring="^$parameter .*" if [ "$commented" = "1" ]; then replacestring="^# *$parameter .*" fi # i really need a better way to do this... # currently we replace only the first match, we need a better # way of dealing with multiple hits. value=$value parameter=$parameter perl -i -p -e 's/^# *\Q$ENV{"parameter"}\E .*/$ENV{"parameter"} $ENV{"value"}/i and $match=1 unless ($match)' $CONFFILE fi } disable_param() { parameter=$1 enabled=0 egrep -q "^$parameter " $CONFFILE && enabled=1 if [ "$enabled" = "1" ]; then perl -i -p -e "s/^($parameter .*)/#\$1/i" $CONFFILE fi } # Real functions begin here. case "$1" in configure) # ok, lets get to business.. . /usr/share/debconf/confmodule # lets create the configuration from example if it's not there. examplefile=/usr/share/$PACKAGE/ldap.conf if [ ! -e $CONFFILE -a -e $examplefile ]; then cat > $CONFFILE << EOM ###DEBCONF### # the configuration of this file will be done by debconf as long as the # first line of the file says '###DEBCONF###' # # you should use dpkg-reconfigure libnss-ldap to configure this file. # EOM cat $examplefile >> $CONFFILE chmod 0644 $CONFFILE db_set libnss-ldap/override true fi db_get libnss-ldap/override if [ "$RET" = "true" ]; then if ( head -1 $CONFFILE | grep -q -v '^###DEBCONF###$' ); then mv $CONFFILE $CONFFILE.tmp cat > $CONFFILE << EOM ###DEBCONF### EOM cat $CONFFILE.tmp >> $CONFFILE rm -f $CONFFILE.tmp chmod 0644 $CONFFILE fi db_get shared/ldapns/ldap-server if echo $RET | egrep -q '^ldaps?://'; then disable_param host change_value uri "$RET" else disable_param uri change_value host "$RET" fi db_get shared/ldapns/base-dn change_value base "$RET" db_get shared/ldapns/ldap_version change_value ldap_version "$RET" db_get libnss-ldap/dbrootlogin if [ "$RET" = "true" ]; then # user wants to log in to the database, so be it. db_get libnss-ldap/rootbinddn change_value rootbinddn "$RET" db_get libnss-ldap/rootbindpw if [ "$RET" != "" ]; then rm -f $PASSWDFILE echo $RET > $PASSWDFILE chmod 0600 $PASSWDFILE db_set libnss-ldap/rootbindpw '' fi else # ok, so the user refused to use this feature, better make # sure it's really off. disable_param rootbinddn rm -f $PASSWDFILE fi db_get libnss-ldap/dblogin if [ "$RET" = "true" ]; then # user wants to log in to the database, so be it. db_get libnss-ldap/binddn change_value binddn "$RET" db_get libnss-ldap/bindpw if [ "$RET" != "" ]; then change_value bindpw "$RET" db_set libnss-ldap/bindpw '' fi else # once again, user didn't.. lets make sure we dont. disable_param binddn disable_param bindpw fi db_get libnss-ldap/confperm if [ "$RET" = "true" ]; then # FIXME: we need a way to check if the file # was 0700 and we removed the flag. chmod 0600 $CONFFILE else # ICK! ugly hack, but i didn't get anything # better to work. find $CONFFILE -perm 0600 -exec chmod 0644 {} \; fi fi db_stop ;; abort-upgrade|abort-remove|abort-deconfigure) exit 0 ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac if [ -e /etc/ldap.secret -a ! -e /etc/libnss-ldap.secret ]; then cp -p /etc/ldap.secret /etc/libnss-ldap.secret fi if [ -s /usr/sbin/nscd ]; then if [ `pidof -s nscd` ]; then if which invoke-rc.d >/dev/null 2>&1; then invoke-rc.d nscd restart else /etc/init.d/nscd restart fi fi fi # This directory was used earlier, and should no longer have any # function (we use /lib/init/rw instead). if [ -d /var/lib/libnss-ldap ]; then rm -rf /var/lib/libnss-ldap fi #DEBHELPER#