#!/bin/sh
set -e
CONFFILE="/etc/nss-ldapd.conf"
# source debconf library.
. /usr/share/debconf/confmodule
db_version 2.0
db_capb backup
# set title
db_title "Configuring libnss-ldapd"
#
# This is the fist part of the script. In this part an attempt
# is made to get or guess the current configuration. This information
# is later on used to prompt the user and to provide a sensible
# default.
#
# check the system (non-LDAP configuration files) for some
# reasonable defaults
parsesys()
{
# guess domain based on system information
domain=`hostname --domain` || true
[ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
[ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true
[ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true
if [ -n "$domain" ]
then
# set search base
searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/'` || true
db_set libnss-ldapd/ldap-base "$searchbase"
fi
# guess ldap server
server=`getent hosts ldap` || true
[ -z "$server" ] && server=`getent hosts dirhost` || true
if [ -n "$domain" ] && [ -z "$server" ]
then
server=`getent hosts ldap."$domain"` || true
[ -z "$server" ] && server=`getent hosts dirhost."$domain"` || true
fi
if [ -n "$server" ]
then
# extract ip address from host entry and quote ipv6 address
ip=`echo $server | sed 's/[[:space:]].*//;s/^\(.*:.*\)$/[\1]/'`
db_set libnss-ldapd/ldap-uris "ldap://$ip/"
fi
}
# parse a LDAP-like configuration file
parsecfg()
{
cfgfile="$1"
# check existance
[ -f "$cfgfile" ] || return 0
# find uri/host/port combo
uris=`sed -n 's/^uri[[:space:]]*//ip' "$cfgfile"`
if [ -z "$uris" ]
then
hosts=`sed -n 's/^host[[:space:]]*//ip' "$cfgfile"`
port=`sed -n 's/^port[[:space:]]*//ip' "$cfgfile"`
for host in $hosts
do
if [ -z "$port" ] || (echo "$host" | grep -q ':' )
then
uris="$uris ldap://$host/"
else
uris="$uris ldap://$host:$port/"
fi
done
fi
[ -n "$uris" ] && db_set libnss-ldapd/ldap-uris "$uris"
# find base config
searchbase=`sed -n 's/^base[[:space:]]*//ip' "$cfgfile"`
[ -n "$searchbase" ] && db_set libnss-ldapd/ldap-base "$searchbase"
# find ldap_version
ldapversion=`sed -n 's/^ldap_version[[:space:]]*//ip' "$cfgfile"`
[ -n "$searchbase" ] && db_set libnss-ldapd/ldap-version "$ldapversion"
# find binddb
binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile"`
[ -n "$binddn" ] && db_set libnss-ldapd/ldap-binddn "$binddn"
# find bindpw
bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile"`
[ -n "$bindpw" ] && db_set libnss-ldapd/ldap-bindpw "$bindpw"
# find rootbinddb
rootbinddn=`sed -n 's/^rootbinddn[[:space:]]*//ip' "$cfgfile"`
[ -n "$rootbinddn" ] && db_set libnss-ldapd/ldap-rootbinddn "$rootbinddn"
# find rootbindpw
rootbindpw=`sed -n 's/^rootbindpw[[:space:]]*//ip' "$cfgfile"`
[ -n "$rootbindpw" ] && db_set libnss-ldapd/ldap-rootbindpw "$rootbindpw"
# we're done
return 0
}
# parse /etc/nsswitch.conf and see which services have ldap specified
parsensswitch()
{
# find name services that currently use LDAP
configured=`sed -n 's/^\([^[:space:]]*\):.*[[:space:]]ldap\([[:space:]].*\)\?/\1/p' /etc/nsswitch.conf`
# separate by commas
configured=`echo $configured | sed 's/ /, /g'`
# store configured services
db_set libnss-ldapd/nsswitch "$configured"
# we're done
return 0
}
# clear some settings in case they are not set in the config
db_set libnss-ldapd/ldap-binddn ""
db_set libnss-ldapd/ldap-bindpw ""
db_set libnss-ldapd/ldap-rootbinddn ""
db_set libnss-ldapd/ldap-rootbindpw ""
# fill our defaults with the current configuration if available
# and fall back to guessing the config from some other system files
if [ -f "$CONFFILE" ]
then
# parse current configuration
parsecfg "$CONFFILE"
else
# newer found values override older values
parsesys
parsecfg /etc/ldap/ldap.conf
parsecfg /etc/pam_ldap.conf
parsecfg /etc/libnss-ldap.conf
fi
# check /etc/nsswitch.conf
parsensswitch
#
# This is the second part of the script. In this part the configurable
# settings will be presented to the user for approval. The postinst
# will finaly perform the actual modifications.
#
state="server"
while [ "$state" != "done" ]
do
case "$state" in
server)
# ask about server configuration
db_input high libnss-ldapd/ldap-uris || true
db_input high libnss-ldapd/ldap-base || true
db_input low libnss-ldapd/ldap-version || true
# ask the questions, go to the next question or exit
state="binddn"
db_go || exit 1
# TODO: add error checking on options
;;
binddn)
# ask for login information
db_input medium libnss-ldapd/ldap-binddn || true
# ask the question, go to the next question or back
state="bindpw"
db_go || state="server"
# TODO: if answer is empty also clear passwd
;;
bindpw)
# only ask question if we have a binddn
db_get libnss-ldapd/ldap-binddn
if [ -n "$RET" ]
then
# ask for login information
db_input medium libnss-ldapd/ldap-bindpw || true
fi
# ask the question, go to the next question or back
state="rootbinddn"
db_go || state="binddn"
;;
rootbinddn)
# ask for login information
db_input medium libnss-ldapd/ldap-rootbinddn || true
# ask the question, go to the next question or back
state="rootbindpw"
db_go || state="bindpw"
# TODO: if answer is empty also clear passwd
;;
rootbindpw)
# only ask question if we have a rootbinddn
db_get libnss-ldapd/ldap-rootbinddn
if [ -n "$RET" ]
then
# ask for login information
db_input medium libnss-ldapd/ldap-rootbindpw || true
fi
# ask the question, go to the next question or back
state="nsswitch"
db_go || state="rootbinddn"
;;
nsswitch)
# ask for which nsswitch options to configure
db_capb multiselect
db_input high libnss-ldapd/nsswitch || true
state="done"
db_go || state="rootbindpw"
;;
esac
done
exit 0