#!/bin/sh
set -e
CONFFILE="/etc/nslcd.conf"
OCONFFILE="/etc/nss-ldapd.conf"
# set an option in the configuration file to the specified value
cfg_set()
{
parameter="$1"
value="$2"
# make matching of spaces better in parameter
# this is complicated becase of the "base [map] dn" keyword
param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
# lines to not match
nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
# check if the parameter is defined
line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1`
if [ -z "$line" ]
then
# check if the parameter is commented out
param_re="#$param_re"
nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
line=`sed -n '/'"$nomatch_re"'/n;/^'"$param_re"'[[:space:]]/p' "$CONFFILE" | head -n 1`
fi
# decide what to do
if [ -z "$line" ]
then
# just append a new line
echo "$parameter $value" >> $CONFFILE
else
# escape line to replace
replace=`echo "$line" | sed 's#\\\#\\\\\\\#g;s#\([.*+?^$|]\)#\\\\\1#g'`
# escape value (parameter doesn't have any special stuff)
value=`echo "$value" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'`
# replace the first occurrence of the line
sed -i '1,\|^'"$replace"'$| s|^'"$replace"'$|'"$parameter"' '"$value"'|i' "$CONFFILE"
fi
# we're done
return 0
}
# disable an option in the configuration file by commenting it out
cfg_disable()
{
parameter="$1"
# make matching of spaces better in parameter
param_re=`echo "$parameter" | sed 's#^#[[:space:]]*#;s#[[:space:]][[:space:]]*#[[:space:]][[:space:]]*#g'`
# lines to not match
nomatch_re="^$param_re[[:space:]][[:space:]]*\(aliases\|ethers\|group\|hosts\|netgroup\|networks\|passwd\|protocols\|rpc\|services\|shadow\)"
# comment out the option
sed -i '/'"$nomatch_re"'/n;s/^'"$param_re"'[[:space:]].*$/#&/i' "$CONFFILE"
# we're done
return 0
}
# set the list of uris
cfg_uris()
{
uris="$1"
# escape all uri directives
sed -i 's/^uri /_uri_ /i' $CONFFILE
# set the uri options
echo "$uris" | sed 's/ */\n/g' | while read uri
do
if grep -qi '^_uri_ ' $CONFFILE
then
# escape uri for use in regexp replacement
uri=`echo "$uri" | sed 's#\\\#\\\\\\\#g;s#|#\\\|#g;s#&#\\\&#g'`
# replace the first occurrence of _uri_
sed -i '1,/^_uri_ / s|^_uri_ .*$|uri '"$uri"'|i' "$CONFFILE"
else
# append new uri
echo "uri $uri" >> $CONFFILE
fi
done
# comment out the remaining escaped uris
sed -i 's/^_uri_ /#uri /' $CONFFILE
}
# create a default configuration file if nothing exists yet
create_config()
{
if [ ! -e "$CONFFILE" ]
then
# check if the file with the old name exists
if [ -e "$OCONFFILE" ]
then
# copy the existing file
cp -p $OCONFFILE $CONFFILE
# fix reference to manual page
sed -i 's/nss-ldapd/nslcd/' $CONFFILE
else
# create a simple configuration file from this template
cat > "$CONFFILE" << EOM
# $CONFFILE
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost/
# The search base that will be used for all queries.
base dc=example,dc=net
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
#tls_reqcert never
# The search scope.
#scope sub
EOM
# fix permissions
chmod 640 "$CONFFILE"
chown root:nslcd "$CONFFILE"
fi
fi
# we're done
return 0
}
# real functions begin here
if [ "$1" = "configure" ]
then
# get configuration data from debconf
. /usr/share/debconf/confmodule
# check if the nslcd user exists
if getent passwd nslcd >/dev/null
then
:
else
# create nslcd user and group
adduser --system --group --home /var/run/nslcd/ \
--gecos "nslcd name service LDAP connection daemon" \
--no-create-home \
nslcd
# add uid/gid options to the config file if it exists
# (this is when we're upgrading)
if [ -f "$CONFFILE" ]
then
echo "Adding uid and gid options to $CONFFILE..." >&2
echo "# automatically added on upgrade of nslcd package" >> "$CONFFILE"
cfg_set uid nslcd
cfg_set gid nslcd
fi
fi
# create a default configuration
create_config
# set server uri
db_get nslcd/ldap-uris
cfg_uris "$RET"
# set search base
db_get nslcd/ldap-base
if [ -n "$RET" ]
then
cfg_set base "$RET"
else
cfg_disable base
fi
# set bind dn/pw
db_get nslcd/ldap-binddn
if [ -n "$RET" ]
then
cfg_set binddn "$RET"
db_get nslcd/ldap-bindpw
if [ -n "$RET" ]
then
cfg_set bindpw "$RET"
else
# no bindpw set
if grep -i -q "^bindpw " $CONFFILE
then
cfg_set bindpw "*removed*"
cfg_disable bindpw
fi
fi
else
# no binddn/pw, disable options
cfg_disable binddn
if grep -i -q "^bindpw " $CONFFILE
then
cfg_set bindpw "*removed*"
cfg_disable bindpw
fi
fi
# remove password from database
db_set nslcd/ldap-bindpw ""
# set ssl option
db_get nslcd/ldap-starttls
if [ "$RET" = "true" ]
then
cfg_set ssl "start_tls"
elif grep -qi '^ssl[[:space:]]*start_*tls' $CONFFILE
then
cfg_disable ssl
fi
# set tls_reqcert option
db_get nslcd/ldap-reqcert
if [ -n "$RET" ]
then
# rename any tls_checkpeer options
sed -i 's/^tls_checkpeer/tls_reqcert/i' "$CONFFILE"
# set tls_reqcert option
cfg_set tls_reqcert "$RET"
# clear debconf value so that this option is only set if the question is asked
db_set nslcd/ldap-reqcert ""
fi
# we're done
db_stop
# rename reconnect_maxsleeptime to reconnect_retrytime
if grep -qi '^reconnect_maxsleeptime[[:space:]]' $CONFFILE
then
echo "Renaming reconnect_maxsleeptime to reconnect_retrytime in $CONFFILE..." >&2
sed -i 's/^reconnect_maxsleeptime[[:space:]]/reconnect_retrytime /' "$CONFFILE"
fi
# fix permissions of configfile if upgrading from an old version
if dpkg --compare-versions "$2" lt-nl "0.6.7.1"
then
echo "Fixing permissions of $CONFFILE"
chmod 640 "$CONFFILE"
chown root:nslcd "$CONFFILE"
fi
fi
#DEBHELPER#
exit 0