blob: e74381fc7519068198256a71aa7a50905e6711ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#!/bin/sh
set -e
# source debconf library.
. /usr/share/debconf/confmodule
db_version 2.0
#DEBHELPER#
pam-auth-update --package
# check whether the name is configure to do lookups through
# LDAP
# Note: this function is in libnss-ldapd.postinst, libnss-ldapd.postrm
# and libpam-ldapd.postinst
nss_is_enabled()
{
name="$1"
grep -q '^[[:space:]]*'$name'[[:space:]]*:.*ldap.*' /etc/nsswitch.conf
}
# check to see if name is configured to do lookups through
# LDAP and enable if not
# Note: this function is in libnss-ldapd.postinst and libpam-ldapd.postinst
nss_enable()
{
name="$1"
if ! nss_is_enabled "$name"
then
echo "/etc/nsswitch.conf: enable LDAP lookups for $name" >&2
if grep -q '^[[:space:]]*'$name'[[:space:]]*:' /etc/nsswitch.conf
then
# modify an existing entry by just adding ldap to the end
sed -i 's/^\([[:space:]]*'$name'[[:space:]]*:.*[^[:space:]]\)[[:space:]]*$/\1 ldap/' /etc/nsswitch.conf
else
# append a new line
printf '%-15s ldap\n' $name':' >> /etc/nsswitch.conf
fi
# invalidate nscd cache
nscd -i "$name" > /dev/null 2>&1 || true
fi
# we're done
return 0
}
# if /etc/nsswitch.conf contains passwd: ..ldap but not shadow: ...ldap
# warn the user that this will not work and offer to fix it
# (only do this if it seems we have switched to pam-auth-update)
if nss_is_enabled "passwd" && \
! nss_is_enabled "shadow" && \
grep -q pam-auth-update /etc/pam.d/common-auth
then
if db_input critical libpam-ldapd/enable_shadow
then
db_go
db_get libpam-ldapd/enable_shadow
if [ "$RET" = "true" ]
then
nss_enable "shadow"
fi
fi
fi
|