4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#!/bin/ksh
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# The contents of this file are subject to the terms
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# of the Common Development and Distribution License
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# (the License). You may not use this file except in
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# compliance with the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# You can obtain a copy of the License at
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# https://opensso.dev.java.net/public/CDDLv1.0.html or
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# opensso/legal/CDDLv1.0.txt
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# See the License for the specific language governing
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# permission and limitations under the License.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# When distributing Covered Code, include this CDDL
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Header Notice in each file and include the License file
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# at opensso/legal/CDDLv1.0.txt.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# If applicable, add the following below the CDDL Header,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# with the fields enclosed by brackets [] replaced by
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# your own identifying information:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# "Portions Copyrighted [year] [name of copyright owner]"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# $Id
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#########################################################################
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# This is a convenient script for federating SAMLv2 users in a bulk manner.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# The script assumes that the backend user database is LDAP compliant
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# and the OpenSSO or the Sun Java System Federation
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Manager as the federation SAML version 2 software provider.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# This script expects userdn mappins file as the primary input for creating
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# federation data for the users specified in the file. The userdns must be
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# separated by "|" and must be in the order of localuser followed by a
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# remote user.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# For e.g.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# uid=spuser,dc=iplanet,dc=com | uid=idpuser,dc=iplanet,dc=com
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# This script generates unique random identifiers for each user mapping
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# and creates four different files namely:
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# localnameidentifiers.txt, remotenameidentifiers.txt,
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# localuserdata.ldif and remoteuserdata.ldif.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# This will also load federation data (localuserdata.ldif file) locally.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# The remoteuserdata.ldif will also be kept locally for
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# convenient loading using ldapmodify command if the remote provider is
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# also an OpenSSO instance.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# If the remote provider is not an OpenSSO instance, the generated
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# files
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# localnameidentifies.txt/remotenameidentifies.txt can be exchanged to the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# remote party so that it can generate federation/user specific data based on
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# this input.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster#########################################################################
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterBASE=BASEDIR/PRODUCT_DIR
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostergettext=/bin/gettext
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterECHO=/bin/echo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterRM=/bin/rm
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterCP=/bin/cp
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterMV=/bin/mv
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterOMIT='\c'
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterLDAPMODIFY=/bin/ldapmodify
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterGENERATE_LDIF=$BASE/saml2/lib/saml2GenerateLDIF.pl
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan FosterGENERATE_NI=$BASE/saml2/lib/saml2GenerateNI.pl
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterpdir=`dirname $0`
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercheckldapmodify() {
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ ! -f $LDAPMODIFY ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "`$gettext 'ldapmodify command path is not correct.'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "`$gettext 'please set the ldapmodify correctly..'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster}
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdisplay_help() {
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext 'Usage: ' `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' ' `$0 [ -u | --user ] [ -w | --passfile ] [ -h | --host ] [ -p | --port ] [ -t | --role ] [ -l | --hostid ] [ -r | --remoteid ] [-f | --file]"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext 'Where:'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -f, --file`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Flat file that contains userDN mappings for `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' the spusers and idpusers separated by | . `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -u, --user'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Administrative userdn in LDAP server who has '`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' write priveleges for modifying user entries '`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -w, --passfile` "
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Password file` "
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -t, --role` "
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Host entity role. It must be either IDP or SP` "
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -h, --host`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' LDAP Server HostName. Assumes localhost if not present. `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -p, --port`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' LDAP Server Port. Assumes localport if not present. `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -l, --hostid `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Host Provider Entity ID`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -r, --remoteid`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Remote Provider Entity ID `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext 'Options:`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -H, --help`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Print Help(this message) and exit. `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' -V, --version `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "`$gettext ' Prints Version `"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster}
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdisplay_version() {
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster cat $pdir/../lib/version
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster}
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterget_password() {
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster while [ 1 ]
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster do
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster eval $ECHO "`$gettext 'Enter user password : ${OMIT}'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster stty -echo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster read password
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster eval $ECHO "`$gettext 'Re-enter user password : ${OMIT}'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster stty -echo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster read password1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ $password = $password1 ];then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster return
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster else
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $ECHO "\a`$gettext 'Password does not match!'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster done
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster}
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Main starts here.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterrole=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosteruser=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterpfile=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfile=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhost=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterport=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterhostentityid=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterremoteentityid=""
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ $# -eq 0 ]
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthen
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterwhile [ $# -ne 0 ]
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdo
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster case "$1" in
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-t" | "--role")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" != "SP" ] && [ "$2" != "IDP" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster else
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster role=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-u" | "--user")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster user=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-w" | "--passfile")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster pfile=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-h" | "--host")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster host=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-p" | "--port")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster port=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-V" | "--version")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_version
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 0
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-l" | "--hostid")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster hostentityid=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-r" | "--remoteid")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster remoteentityid=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster "-f" | "--file")
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ "$2" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster file=$2
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster shift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster *)
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster ;;
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster esac
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostershift
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterdone
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ "$pfile" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster get_password
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterelse
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster password=`cat $pfile`
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster if [ $? != 0 ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster fi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Check for the non-null values
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ "$remoteentityid" = "" ] && [ "$hostentityid" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ "$host" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster host="localhost"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ "$port" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster port="389"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ "$file" = "" ] && [ "$user" = "" ] && [ "$password" = "" ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster display_help
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ ! -f $GENERATE_NI ] && [ ! -f $GENERATE_LDIF ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "\a `$gettext 'Missing saml2GenerateNI.pl and saml2GenerateLDIF.pl scripts'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fostercheckldapmodify
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "\n"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "`$gettext 'Generating name identifier mappings ..'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "\n"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$GENERATE_NI $file
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ $? != 0 ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "\a `$gettext 'Failed in generating name identifier mappings'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ -f userdata.ldif ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $RM userdata.ldif
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "`$gettext 'Generating LDIF files ..'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "\n"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$GENERATE_LDIF localnameidentifiers.txt $hostentityid $remoteentityid $role
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ $? != 0 ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "\a `$gettext 'Failed in generating LOCAL LDIF files'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ -f userdata.ldif ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $MV userdata.ldif localuserdata.ldif
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# This is for the remote party consumption. Just generate LDIF incase if the
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# remote party is an OpenSSO server can leverage this
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# generated ldif file.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ "$role" = "SP" ]
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterthen
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster role="IDP"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterelse
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster role="SP"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$GENERATE_LDIF remotenameidentifiers.txt $remoteentityid $hostentityid $role
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ $? != 0 ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "\a `$gettext 'Failed in generating REMOTE LDIF files'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ -f userdata.ldif ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster $MV userdata.ldif remoteuserdata.ldif
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster# Update user accounts locally.
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "`$gettext 'Updating user accounts ..'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterprint "\n"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster$LDAPMODIFY -D "$user" -w "$password" -h $host -p $port -c -f localuserdata.ldif
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterif [ $? != 0 ]; then
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster print "\a `$gettext 'Failed in modifying users data'`"
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Foster exit 1
4fe4e4f798a84a46e567f64ceadd3648eb0582d4Allan Fosterfi