blob: 9d62b4fab9c2390877644dbd9fc9099d7a68730d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/bin/sh
set -e
# source debconf library.
. /usr/share/debconf/confmodule
db_version 2.0
#DEBHELPER#
pam-auth-update --package
# check to see if name is configured to do lookups through
# LDAP and enable if not
# Note: this function is in both libnss-ldapd.postinst and libpam-ldapd.postinst
nss_enable()
{
name="$1"
if ! grep -q '^'$name':.*ldap.*' /etc/nsswitch.conf
then
echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
if grep -q '^'$name':' /etc/nsswitch.conf
then
# modify an existing entry by just adding ldap to the end
sed -i 's/^\('$name':.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' /etc/nsswitch.conf
else
# append a new line
printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
fi
fi
# we're done
return 0
}
# if /etc/nsswitch.conf contains passwd: ..ldap but not shadow: ...ldap
# warn the user that this will not work and offer to fix it
# (only do this if it seems we have switched to pam-auth-update)
if grep -q '^passwd:.*ldap' /etc/nsswitch.conf && \
! grep -q '^shadow:.*ldap' /etc/nsswitch.conf && \
grep -q pam-auth-update /etc/pam.d/common-auth
then
if db_input critical libpam-ldapd/enable_shadow
then
db_go
db_get libpam-ldapd/enable_shadow
if [ "$RET" = "true" ]
then
nss_enable shadow
fi
fi
fi
|