#!/bin/sh set -e CONFFILE="/etc/nslcd.conf" OCONFFILE="/etc/nss-ldapd.conf" # set an option in the configuration file to the specified value cfg_set() { parameter="$1" value="$2" # make matching of spaces better in parameter # this is complicated becase of the "base [map] dn" keyword param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'` # lines to not match nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" # check if the parameter is defined line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1` if [ -z "$line" ] then # check if the parameter is commented out param_re="#$param_re" nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1` fi # decide what to do if [ -z "$line" ] then # just append a new line echo "$parameter $value" >> $CONFFILE else # escape line to replace replace=`echo "$line" | sed 's#\\\#\\\\\\\#g;s#\([.*+?^$|]\)#\\\\\1#g'` # escape value (parameter doesn't have any special stuff) value=`echo "$value" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'` # replace the first occurrence of the line sed -i '1,\|^'"$replace"'$| s|^'"$replace"'$|'"$parameter"' '"$value"'|i' "$CONFFILE" fi # we're done return 0 } # disable an option in the configuration file by commenting it out cfg_disable() { parameter="$1" # make matching of spaces better in parameter param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'` # lines to not match nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)" # comment out the option sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE" # we're done return 0 } # set the list of uris cfg_uris() { uris="$1" # escape all uri directives sed -i 's/^uri /_uri_ /i' $CONFFILE # set the uri options echo "$uris" | sed 's/ */\n/g' | while read uri do if grep -qi '^_uri_ ' $CONFFILE then # escape uri for use in regexp replacement uri=`echo "$uri" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'` # replace the first occurrence of _uri_ sed -i '1,/^_uri_ / s|^_uri_ .*$|uri '"$uri"'|i' "$CONFFILE" else # append new uri echo "uri $uri" >> $CONFFILE fi done # comment out the remaining escaped uris sed -i 's/^_uri_ /#uri /' $CONFFILE } # create a default configuration file if nothing exists yet create_config() { if [ ! -e "$CONFFILE" ] then # check if the file with the old name exists if [ -e "$OCONFFILE" ] then # copy the existing file cp -p $OCONFFILE $CONFFILE # fix reference to manual page sed -i 's/nss-ldapd/nslcd/' $CONFFILE else # create a simple configuration file from this template cat > "$CONFFILE" << EOM # $CONFFILE # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://localhost/ # The search base that will be used for all queries. base dc=example,dc=net # The LDAP protocol version to use. #ldap_version 3 # The DN to bind with for normal lookups. #binddn cn=annonymous,dc=example,dc=net #bindpw secret # The DN used for password modifications by root. #rootpwmoddn cn=admin,dc=example,dc=com # SSL options #ssl off #tls_reqcert never # The search scope. #scope sub EOM # fix permissions chmod 640 "$CONFFILE" chown root:nslcd "$CONFFILE" fi fi # we're done return 0 } # real functions begin here if [ "$1" = "configure" ] then # get configuration data from debconf . /usr/share/debconf/confmodule # check if the nslcd user exists if getent passwd nslcd >/dev/null then : else # create nslcd user and group adduser --system --group --home /var/run/nslcd/ \ --gecos "nslcd name service LDAP connection daemon" \ --no-create-home \ nslcd # add uid/gid options to the config file if it exists # (this is when we're upgrading) if [ -f "$CONFFILE" ] then echo "Adding uid and gid options to $CONFFILE..." >&2 echo "# automatically added on upgrade of nslcd package" >> "$CONFFILE" cfg_set uid nslcd cfg_set gid nslcd fi fi # create a default configuration create_config # set server uri db_get nslcd/ldap-uris cfg_uris "$RET" # set search base db_get nslcd/ldap-base if [ -n "$RET" ] then cfg_set base "$RET" else cfg_disable base fi # set bind dn/pw db_get nslcd/ldap-binddn if [ -n "$RET" ] then cfg_set binddn "$RET" db_get nslcd/ldap-bindpw if [ -n "$RET" ] then cfg_set bindpw "$RET" else # no bindpw set if grep -i -q "^bindpw " $CONFFILE then cfg_set bindpw "*removed*" cfg_disable bindpw fi fi else # no binddn/pw, disable options cfg_disable binddn if grep -i -q "^bindpw " $CONFFILE then cfg_set bindpw "*removed*" cfg_disable bindpw fi fi # remove password from database db_set nslcd/ldap-bindpw "" # set ssl option db_get nslcd/ldap-starttls if [ "$RET" = "true" ] then cfg_set ssl "start_tls" elif grep -qi '^ssl[[:space:]]*start_*tls' $CONFFILE then cfg_disable ssl fi # set tls_reqcert option db_get nslcd/ldap-reqcert if [ -n "$RET" ] then # rename any tls_checkpeer options sed -i 's/^tls_checkpeer/tls_reqcert/i' "$CONFFILE" # set tls_reqcert option cfg_set tls_reqcert "$RET" # clear debconf value so that this option is only set if the question is asked db_set nslcd/ldap-reqcert "" fi # we're done db_stop # fix permissions of configfile if upgrading from an old version if dpkg --compare-versions "$2" lt-nl "0.6.7.1" then echo "Fixing permissions of $CONFFILE" chmod 640 "$CONFFILE" chown root:nslcd "$CONFFILE" fi fi #DEBHELPER# exit 0