inityp2l.sh revision 7c478bd95313f5f23a4c958a745db2134aa03244
#! /usr/bin/ksh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# ident "%Z%%M% %I% %E% SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# inityp2l -- Utility to generate YP (NIS) to LDAP
# configuration file (/etc/default/ypserv)
# and mapping file (/var/yp/NISLDAPmapping)
#
#
# Displays message corresponding to the argument tag passed.
#
display_msg()
{
case "$1" in
usage) cat <<EOF
$PROG: [ -m mapping_file ] [ -c config_file ]
m <mapping_file> Name of the generated NISLDAP mapping file
Default is /var/yp/NISLDAPmapping
c <config_file> Name of the generated ypserv configuration file
Default is /etc/default/ypserv
EOF
;;
no_config_file_name_specified) cat <<EOF
You have not specified the config file name. You still have the
option to skip creating this file, specify a config file name, or
continue creating it with the default file name (${CONFIG_FILE}).
EOF
;;
no_mapping_file_name_specified) cat <<EOF
You have not specified the mapping file name. You still have the
option to skip creating this file, specify a mapping file name, or
continue creating it with the default file name (${MAP_FILE}).
EOF
;;
new_config_file_name_help) cat <<EOF
You can either specify a new file name, or accept the default
config file name (${CONFIG_FILE}).
It is recommended not to use the default file name since this
script just helps with rapid creation of a config file. You
should examine it's content before using it.
EOF
;;
new_mapping_file_name_help) cat <<EOF
You can either specify a new file name, or accept the default
mapping file name (${MAP_FILE}).
It is recommended not to use the default file name since this
script just helps with rapid creation of a mapping file. You
should examine it's content before using it. And if there are
custom maps, then their entries in the mapping file need to be
customized too.
Also, creation of default mapping file would cause NIS components
to work in NIS to LDAP (N2L), rather than traditional NIS, mode
when next restarted.
EOF
;;
backup_config_file) cat <<EOF
The config file "${CONFIG_FILE}" already exists. It is strongly
recommended that you BACKUP this file before running $PROG.
However, even if you continue, you would be given the option to
back up this file before it gets overwritten.
EOF
;;
backup_mapping_file) cat <<EOF
The mapping file "${MAP_FILE}" already exists. It is strongly
recommended that you BACKUP this file before running $PROG.
However, even if you continue, you would be given the option to
back up this file before it gets overwritten.
EOF
;;
warn_n2l_mode) cat <<EOF
Warning : Creation of default mapping file (`basename $MAP_FILE`)
at default location (`dirname $MAP_FILE`) would cause NIS
components to work in NIS to LDAP (N2L) mode, rather than
traditional NIS mode, when next restarted.
"$PROG" assists with rapid creation of a simple N2L mapping
file. The user should examine it's content before using it.
For custom maps, this file needs to be customized which can
be done using standard text editors.
EOF
;;
config_auth_method_menu) cat <<EOF
The following are the supported Authentication Methods -
1 none
2 simple
3 sasl/cram-md5
4 sasl/digest-md5
EOF
;;
auth_method_menu) cat <<EOF
The following are the supported Authentication Methods -
1 simple
2 sasl/cram-md5
3 sasl/digest-md5
EOF
;;
tls_method_menu) cat <<EOF
The following are the supported TLS Methods -
1 none
2 ssl
EOF
;;
retrieve_error_action_menu) cat <<EOF
The following are the supported actions -
1 use_cached
2 fail
EOF
;;
store_error_action_menu) cat <<EOF
The following are the supported actions -
1 retry
2 fail
EOF
;;
sorry) cat <<EOF
HELP - No help is available for this topic.
EOF
;;
backup_config_file_cont_help) cat <<EOF
HELP - Since $PROG will overwrite the existing config file, it is
strongly recommended that you backup this file prior to
running this utility.
However, even if you continue, you would be given the option
to back up this file before it gets overwritten.
EOF
;;
backup_config_file_help) cat <<EOF
HELP - If you choose to backup the existing config file, it would be
saved with current date and time suffix in yymmdd.HH.MM.SS format.
EOF
;;
backup_mapping_file_cont_help) cat <<EOF
HELP - Since $PROG will overwrite the existing mapping file, it is
strongly recommended that you backup this file prior to running
this utility.
However, even if you continue, you would be given the option to
back up this file before it gets overwritten.
EOF
;;
backup_mapping_file_help) cat <<EOF
HELP - If you choose to backup the existing mapping file, it would be
saved with current date and time suffix in yymmdd.HH.MM.SS format.
EOF
;;
warn_n2l_mode_help) cat <<EOF
HELP - It is strongly recommended that the mapping file is created at
non-default location (other than `dirname $MAP_FILE`). After this,
it's content should be verified, custom maps should be handled,
and if NIS components are desired to run in NIS to LDAP (N2L),
then only it should be copied at the default location.
EOF
;;
nisLDAPconfigDN_help) cat <<EOF
HELP - The DN which stores the configuration information in LDAP.
There is no default value for this field. Leave empty or
undefined to get this information from config file (ypserv).
EOF
;;
nisLDAPconfigPreferredServerList_help) cat <<EOF
HELP - List of directory servers to provide the configuration
information. There is no default. The preferred servers
must be entered IN THE ORDER you wish to have them contacted.
The preferred server list is a space separated list of IP
addresses. Providing port numbers is optional, and when not
supplied, port 389 is assumed. For an LDAP server running
on this machine, at port 389, use "127.0.0.1:389".
EOF
;;
auth_help) cat <<EOF
HELP - The authentication method to be used to obtain information
from LDAP server. The supported methods are provided in menu.
EOF
;;
tls_help) cat <<EOF
HELP - The transport layer security used for connection to the LDAP
server. In order to successfully use transport layer security,
the server must also support the chosen values. The supported
methods are provided in menu. Default is "$DEF_TLS".
EOF
;;
TLSCertificateDBPath_help) cat <<EOF
HELP - The absolute path name of the file containing the certificate
database. The default value is "$DEF_TLSCertificateDBPath"
EOF
;;
nisLDAPconfigProxyUser_help) cat <<EOF
HELP - The bind DN of the proxy user used to obtain configuration
information. There is no default value. If the value ends
with a comma, the value of the nisLDAPconfigDN attribute
is appended.
EOF
;;
ProxyPassword_warn) cat <<EOF
Warning : In order to avoid having this password publicly visible
on the machine, the password should appear only in the
configuration file, and the file should have an appropriate
owner, group, and file mode.
So, once this file is ready, please modify appropriately
to make sure this file is well protected.
EOF
;;
preferredServerList_help) cat <<EOF
HELP - List of directory servers for mapping data to/from LDAP.
There is no default. The preferred servers must be entered
IN THE ORDER you wish to have them contacted. The preferred
server list is a space separated list of IP addresses.
Providing port numbers is optional, and when not supplied,
port 389 is assumed. For an LDAP server running on this
machine, at port 389, use "127.0.0.1:389".
EOF
;;
nisLDAPproxyUser_help) cat <<EOF
HELP - The bind DN of the proxy user the ypserv to read or write
from or to LDAP. Assumed to have the appropriate permission
to read and modify LDAP data. There is no default value. If
the value ends with a comma, the value of the context for
the current domain (as defined by a nisLDAPdomainContext
attribute (NISLDAPmapping(4))) is appended.
EOF
;;
nisLDAPbindTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP bind operation
will timeout. Default is $DEF_nisLDAPbindTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPsearchTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP search operation
will timeout. Default is $DEF_nisLDAPsearchTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPmodifyTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP modify operation
will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPaddTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP add operation
will timeout. Default is $DEF_nisLDAPaddTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPdeleteTimeout_help) cat <<EOF
HELP - The amount of time in seconds after which an LDAP delete operation
will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds.
Decimal values are allowed.
EOF
;;
nisLDAPsearchTimeLimit_help) cat <<EOF
HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which
suggests a time limit for the search operation on the LDAP
server. The server may impose its own constraints on possible
values. See your LDAP server documentation. The default is the
nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value.
Only integer values are allowed.
Since the nisLDAPsearchTimeout limits the amount of time the
client ypserv will wait for completion of a search operation,
setting the nisLDAPsearchTimeLimit larger than the
nisLDAPsearchTimeout is not recommended.
EOF
;;
nisLDAPsearchSizeLimit_help) cat <<EOF
HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which
suggests a size limit, in bytes, for the search results on
the LDAP server. The server may impose its own constraints
on possible values. See your LDAP server documentation. The
default is $DEF_nisLDAPsearchSizeLimit, which means unlimited.
Only integer values are allowed.
EOF
;;
nisLDAPfollowReferral_help) cat <<EOF
HELP - Determines if the ypserv should follow referrals or not.
Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral.
EOF
;;
nisLDAPretrieveErrorAction_help) cat <<EOF
HELP - If an error occurs while trying to retrieve an entry from
LDAP, one of the following actions can be selected:
use_cached : Retry the retrieval the number of time specified
by nisLDAPretrieveErrorAttempts, with the
nisLDAPretrieveErrorTimeout value controlling
the wait between each attempt.
If all attempts fail then log a warning and
return the value currently in the cache to the
client. This is the default value.
fail : Proceed as for 'use_cached' but if all attempts
fail return a YPERR_YPERR error to the client.
EOF
;;
nisLDAPretrieveErrorAttempts_help) cat <<EOF
HELP - The number of times a failed retrieval should be retried.
The default is unlimited. Note while retries are made, the
NIS daemon will be prevented from servicing further requests.
Hence, values other than 1 should be used with caution.
EOF
;;
nisLDAPretrieveErrorTimeout_help) cat <<EOF
HELP - The timeout (in seconds) between each new attempt to retrieve
LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds.
EOF
;;
nisLDAPstoreErrorAction_help) cat <<EOF
HELP - If an error occurs while trying to store data to the LDAP
repository, one of the following actions can be selected :
retry : Retry operation nisLDAPstoreErrorAttempts times with
nisLDAPstoreErrorTimeout seconds between each attempt.
Note while retries are made the NIS daemon will be
prevented from servicing further requests. Use with
caution. This is the default value.
fail : Return YPERR_YPERR error to the client.
EOF
;;
nisLDAPstoreErrorAttempts_help) cat <<EOF
HELP - The number of times a failed attempt to store data to the
LDAP repository should be retried. The default is unlimited.
The value for nisLDAPstoreErrorAttempts is ignored unless
nisLDAPstoreErrorAction=retry.
EOF
;;
nisLDAPstoreErrorTimeout_help) cat <<EOF
HELP - The timeout (in seconds) between each new attempt to store
LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds.
The value for nisLDAPstoreErrorTimeout is ignored unless
nisLDAPstoreErrorAction=retry.
EOF
;;
selectDomain4N2L_help) cat <<EOF
HELP - Whether this domain needs to be served by YP to LDAP transition
solution. The default is no in which case the data in this
domain would not be taken care for transitioning to LDAP.
EOF
;;
generate_comment_info_for_cust_map_help) cat <<EOF
HELP - If selected, this script will try to add relevant comments
in the mapping file which might help in customizing the
mapping information for custom maps.
EOF
;;
generate_mapping_info_for_cust_map_help) cat <<EOF
HELP - If selected, this script will try to generate mapping
information for this map assuming it is a "simple" map.
A map is assumed to be "simple" if each entry of this map
has only one "key value" entry in YP, and if each map entry
can be represented as a single DIT string in the LDAP server.
If this map is not a simple map and you do want to store it
in LDAP, you have two options :
1 - Answer yes, and this script would generate the mapping
information for this map assuming it is a simple map.
And once the execution of the script is over, you can
customize the mapping information by hand editing the
mapping file.
2 - Answer no, and this script would not generate mapping
info for this map. And once the execution of the script
is over, you can include the customized mapping
information by hand editing the mapping file.
EOF
;;
nisLDAPdomainContext_help) cat <<EOF
HELP - This parameter defines the context (default location) in
the directory tree at which all the name service entries
for this particular domain would be stored.
EOF
;;
nisLDAPyppasswddDomains_help) cat <<EOF
HELP - Lists the domains for which password changes should be
made. If this is not present then the value returned by
'domainname' will be used.
NIS password change requests do not specify the domains in
which any given password should be changed. (In traditional
NIS this information is effectively hard coded in the NIS
makefile.)
EOF
;;
custom_map_comment_char_help) cat <<EOF
HELP - If selected, it will allow you to specify a character which
would represent the start of the special 'comment' field in
a given NIS map. If this attribute is not present then the
default comment character '#' is used.
If a map cannot contain comments then the blank comment
character ('') should be specified (just hit the return key).
EOF
;;
same_comment_char_help) cat <<EOF
HELP - If selected, for a given map, it will allow you to specify
a common comment character for all the domains.
Or else by selecting NO, for the same map, you would be
given the option to specify different comment character
for different domains.
EOF
;;
secure_flag_on_help) cat <<EOF
HELP - Secure flag is set on maps which are generated with
"makedbm -s". When converting data from LDAP to YP,
it adds YP_SECURE entries.
EOF
;;
secure_flag_all_domains_help) cat <<EOF
HELP - If selected, it will allow you to set the secure flag on
for this map for all the domains.
Or else by selecting NO, you would be given the option to
set this flag, for the same map, on per domain basis.
EOF
;;
interdomain_flag_on_help) cat <<EOF
HELP - Interdomain flag is set on a set of maps which are generated
with "makedbm -b". It signals NIS servers to use the domain
name resolver for host name and address lookups for hosts
not found in the maps.
If selected, it adds YP_INTERDOMAIN entries in these maps
when converting data from LDAP to YP.
EOF
;;
interdomain_flag_all_domains_help) cat <<EOF
HELP - If selected, it will allow you to set the interdomain flag
on for all the domains.
Or else by selecting NO, you would be given the option to
set this flag on per domain basis.
EOF
;;
initialTTLlo_help) cat <<EOF
HELP - The lower limit for the initial TTL (in seconds) for data
read from disk when the ypserv starts. If initialTTLhi also
is specified, the actual initialTTL will be randomly selected
from the interval initialTTLlo to initialTTLhi (inclusive).
Leaving the field empty yields the default value of $DEF_iTTLlo.
EOF
;;
initialTTLhi_help) cat <<EOF
HELP - The upper limit for the initial TTL (in seconds).
If left empty, defaults to "$DEF_iTTLhi".
EOF
;;
runningTTL_help) cat <<EOF
HELP - The TTL (in seconds) for data retrieved from LDAP while the
ypserv is running. If left empty, defaults to "$DEF_runTTL".
EOF
;;
default_ttl_help) cat <<EOF
HELP - The default TTL value for each map is set to :
${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}
Select yes if you want to change the current TTL value.
EOF
;;
non_default_same_ttl_help) cat <<EOF
HELP - Select yes if you want to set a new TTL value, but want
to keep it same for all the maps.
EOF
;;
non_default_different_ttl_help) cat <<EOF
HELP - Select yes if you want to set TTL value for each map, but
want to keep it same for all the domains.
EOF
;;
default_different_ttl_help) cat <<EOF
HELP - Select yes if you want to accept the default TTL
value for this map.
EOF
;;
same_ttl_across_domains_help) cat <<EOF
HELP - Select yes if you want to set TTL value for the map,
but want to keep it same for all the domains.
EOF
;;
esac
}
#
# Echo the message passed only if DEBUG is set.
# Reduces the line width significantly.
#
d_echo()
{
[ DEBUG -eq 1 ] && echo $@
}
#
# get_ans(): gets an answer from the user.
# $1 instruction/comment/description/question
# $2 default value
#
get_ans()
{
if [ -z "$2" ]
then
echo "$1 \c"
else
echo "$1 [$2] \c"
fi
read ANS
if [ -z "$ANS" ]
then
ANS=$2
fi
}
#
# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
# $@ instruction/comment/description/question
#
get_ans_req()
{
ANS="" # Set ANS to NULL.
while [ "$ANS" = "" ]
do
get_ans "$@"
[ "$ANS" = "" ] && echo "NULL value not allowed!"
done
}
#
# get_integer(): Querys and verifies that number entered is integer.
# Function will repeat prompt user for integer value.
# $1 Message text.
# $2 default value.
# $3 Help argument.
#
get_integer()
{
ANS="" # Set ANS to NULL.
NUM=""
get_ans "$1" "$2"
# Verify that value is integer.
while not_integer $ANS
do
case "$ANS" in
[Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
* ) echo "Invalid value: \"${ANS}\". \c"
;;
esac
# Get a new value.
get_ans "Enter an integer value:" "$2"
done
NUM=$ANS
}
#
# get_number(): Querys and verifies that number entered is numeric.
# Function will repeat prompt user for numeric value.
# $1 Message text.
# $2 default value.
# $3 Help argument.
#
get_number()
{
ANS="" # Set ANS to NULL.
NUM=""
get_ans "$1" "$2"
# Verify that value is numeric.
while not_numeric $ANS
do
case "$ANS" in
[Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
* ) echo "Invalid value: \"${ANS}\". \c"
;;
esac
# Get a new value.
get_ans "Enter a numeric value:" "$2"
done
NUM=$ANS
}
#
# get_pos_int(): Only allows positive integer.
#
# $1 - Prompt message.
# $2 - Default value (require).
# $3 - Optional help argument.
get_pos_int()
{
while :
do
get_integer "$1" "$2" "$3"
if [ $ANS -lt 0 ]; then
echo "Invalid number: please enter a positive integer."
else
break # Positive integer
fi
done
}
#
# get_pos_num(): Only allows positive number.
#
# $1 - Prompt message.
# $2 - Default value (require).
# $3 - Optional help argument.
get_pos_num()
{
while :
do
get_number "$1" "$2" "$3"
if [ $ANS -lt 0 ]; then
echo "Invalid number: please enter a positive number."
else
break # Positive number
fi
done
}
#
#
# get_passwd(): Reads a password from the user and verify with second.
# $@ instruction/comment/description/question
#
get_passwd()
{
[ $DEBUG -eq 1 ] && echo "In get_passwd()"
# Temporary PASSWD variables
_PASS1=""
_PASS2=""
# Handle signals, so that echo can be turned back on if Ctrl-C.
trap "/usr/bin/stty echo; exit" 1 2 3 6 15
/usr/bin/stty -echo # Turn echo OFF
# Endless loop that continues until passwd and re-entered passwd
# match.
while :
do
ANS="" # Set ANS to NULL.
# Don't allow NULL for first try.
while [ "$ANS" = "" ]
do
get_ans "$@"
[ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!"
done
_PASS1=$ANS # Store first try.
# Get second try.
echo ""
get_ans "Re-enter passwd:"
_PASS2=$ANS
# Test if passwords are identical.
if [ "$_PASS1" = "$_PASS2" ]; then
break
fi
# Move cursor down to next line and print ERROR message.
echo ""
echo "ERROR: passwords don't match; try again."
done
/usr/bin/stty echo # Turn echo ON
# Removed signal handler
trap 1 2 3 6 15
echo ""
}
#
# get_passwd_nochk(): Reads a password from the user w/o check.
# $@ instruction/comment/description/question
#
get_passwd_nochk()
{
[ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()"
# Handle signals, so that echo can be turned back on if Ctrl-C.
trap "/usr/bin/stty echo; exit" 1 2 3 6 15
/usr/bin/stty -echo # Turn echo OFF
get_ans "$@"
/usr/bin/stty echo # Turn echo ON
# Removed signal handler
trap 1 2 3 6 15
echo ""
}
#
# get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
# $1 - Message
# $2 - default value.
#
get_confirm()
{
_ANSWER=
while :
do
# Display Internal ERROR if $2 not set.
if [ -z "$2" ]; then
echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
exit 2
fi
# Display prompt.
echo "$1 [$2] \c"
# Get the ANSWER.
read _ANSWER
if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
_ANSWER=$2
fi
case "$_ANSWER" in
[Yy] | yes | Yes | YES) return 1 ;;
[Nn] | no | No | NO) return 0 ;;
[Hh] | help | Help | \?) display_msg ${3:-sorry};;
* ) echo "Please enter y or n." ;;
esac
done
}
#
# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
# No default value supported. Returns 1 for yes.
#
get_confirm_nodef()
{
_ANSWER=
while :
do
echo "$@ \c"
read _ANSWER
case "$_ANSWER" in
[Yy] | yes | Yes | YES) return 1 ;;
[Nn] | no | No | NO) return 0 ;;
* ) echo "Please enter y or n." ;;
esac
done
}
#
# is_integer(): Tells if a string is numeric integer.
# 0 = Integer
# 1 = NOT Integer
#
is_integer()
{
# Check for parameter.
if [ $# -ne 1 ]; then
return 1
fi
# Determine if integer.
expr "$1" + 1 > /dev/null 2>&1
if [ $? -ge 2 ]; then
return 1
fi
# Made it here, it's Numeric.
return 0
}
#
# not_integer(): Reverses the return values of is_integer. Useful
# for if and while statements that want to test for
# non-integer data.
# 0 = NOT Integer
# 1 = Integer
#
not_integer()
{
is_integer $1
if [ $? -eq 0 ]; then
return 1
else
return 0
fi
}
#
# is_numeric(): Tells if a string is numeric.
# 0 = Numeric
# 1 = NOT Numeric
#
is_numeric()
{
# Check for parameter.
if [ $# -ne 1 ]; then
return 1
fi
# Determine if numeric.
let _NUM="$1 + 1" > /dev/null 2>&1
if [ $? -eq 0 ]; then
return 0
fi
}
#
# not_numeric(): Reverses the return values of is_numeric. Useful
# for if and while statements that want to test for
# non-numeric data.
# 0 = NOT Numeric
# 1 = Numeric
#
not_numeric()
{
is_numeric $1
if [ $? -eq 0 ]; then
return 1
else
return 0
fi
}
#
# domain_2_dc(): Convert a domain name into dc string.
# $1 .. Domain name.
#
domain_2_dc()
{
_DOM=$1 # Domain parameter.
_DOM_2_DC="" # Return value from function.
_FIRST=1 # Flag for first time.
export _DOM_2_DC # Make visible for others.
# Convert "."'s to spaces for "for" loop.
domtmp="`echo ${_DOM} | tr '.' ' '`"
for i in $domtmp; do
if [ $_FIRST -eq 1 ]; then
_DOM_2_DC="dc=${i}"
_FIRST=0
else
_DOM_2_DC="${_DOM_2_DC},dc=${i}"
fi
done
}
#
# is_root_user(): Check to see if logged in as super user.
#
is_root_user()
{
case `id` in
uid=0\(root\)*) return 0 ;;
* ) return 1 ;;
esac
}
#
# parse_arg(): Parses the command line arguments and sets the
# appropriate variables.
#
parse_arg()
{
while getopts ":dm:c:" ARG
do
case $ARG in
d) DEBUG=1;;
m) MAP_FILE=$OPTARG
MAPPING_FILE_SPECIFIED=1;;
c) CONFIG_FILE=$OPTARG
CONFIG_FILE_SPECIFIED=1;;
\?) echo "**ERROR: Invalid option '$OPTARG'"
display_msg usage
exit 1;;
esac
done
shift `expr $OPTIND - 1`
if [ $# -gt 0 ]; then
echo "**ERROR: wrong usage "
display_msg usage
exit 1
fi
}
#
# present() : Checks if the first argument exists in the
# argument list. Returns 0 if found, else 1.
#
present ()
{
_ELEMENT=$1
shift
ARG_LIST=$@
for item in $ARG_LIST
do
[ "$_ELEMENT" = "$item" ] && return 0
done
# If reached here, then the clement does not exist
return 1
}
#
# remove() : Returns a new string after removing the first
# argument in the argument list.
#
remove ()
{
_ELEMENT=$1
shift
ARG_LIST=$@
NEW_LIST=""
for item in $ARG_LIST
do
[ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item"
done
echo $NEW_LIST
return 0
}
#
# merge_lists() : Returns a list after merging elements
# (uniquely) supplied in the argument list.
#
merge_lists()
{
MERGED_LIST=""
for _VAR in "$@"
do
if ! present $_VAR $MERGED_LIST; then
MERGED_LIST="$MERGED_LIST $_VAR"
fi
done
echo $MERGED_LIST
return 0
}
#
# init(): initializes variables and options
#
init()
{
# General variables.
DEBUG=0 # Set Debug OFF
MAPPING_FILE_SPECIFIED=0 # No file name passed
CONFIG_FILE_SPECIFIED=0 # No file name passed
# Prevent others from snooping
umask 077
# Set default config and mapping files.
DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping"
DEFAULT_CONFIG_FILE="/etc/default/ypserv"
MAP_FILE="$DEFAULT_MAP_FILE"
CONFIG_FILE="$DEFAULT_CONFIG_FILE"
# Set and create TMPDIR. Use a safe place to discourage hackers.
TMPDIR="/var/yp/inityp2l"
# Temporary file names to be used to prevent system starting in
# N2L mode in case something goes wrong during file creation.
TMPCONF="ypserv-tmp"
TMPMAP="NISLDAPmapping-tmp"
# Remove if the temp directory has been leftover
[ -d "$TMPDIR" ] && rm -rf $TMPDIR
mkdir $TMPDIR
if [ $? -ne 0 ]; then
echo ERROR : Failed to create temp directory $TMPDIR
exit 1
fi
# Initialize the default NIS maps.
DEFAULT_NIS_MAPS="passwd.byname
passwd.byuid
group.byname
group.bygid
hosts.byaddr
hosts.byname
ipnodes.byaddr
ipnodes.byname
ethers.byaddr
ethers.byname
networks.byaddr
networks.byname
rpc.bynumber
services.byname
services.byservicename
printers.conf.byname
project.byname
project.byprojid
protocols.byname
protocols.bynumber
netgroup
netgroup.byuser
netgroup.byhost
bootparams
mail.aliases
mail.byaddr
publickey.byname
netid.byname
netmasks.byaddr
passwd.adjunct.byname
group.adjunct.byname
timezone.byname
auth_attr
exec_attr
prof_attr
user_attr
audit_user
auto.master
auto.home
ypservers"
set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS
# The default TTL maps in database ID format.
DEF_TTL_MAPLIST="audit_user
auto.home
auto.master
auth_attr
bootparams
ethers
exec_attr
group
group.adjunct.byname
keys.host
keys.pass
keys.nobody
hosts
multihosts
ipnodes
multiipnodes
netgroup
networks
passwd
passwd.adjunct.byname
printers.conf.byname
prof_attr
project
protocols
services
mail.aliases
mail.mapping
netid.host
netid.pass
netmasks.byaddr
rpc.bynumber
ageing.byname
timezone.byname
user_attr
ypservers"
# Initialize default values for config parameters.
configDN_flag=0
DEF_nisLDAPconfigDN=""
DEF_TLS=none
DEF_TLSCertificateDBPath=/var/yp/cert7.db
DEF_nisLDAPbindTimeout=15
DEF_nisLDAPsearchTimeout=180
DEF_nisLDAPmodifyTimeout=15
DEF_nisLDAPaddTimeout=15
DEF_nisLDAPdeleteTimeout=15
DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout}
DEF_nisLDAPsearchSizeLimit=0
DEF_nisLDAPfollowReferral=no
DEF_nisLDAPretrieveErrorAction=use_cached
# The default is unlimited, but since it prevents the NIS daemon,
# from servicing further requests, set 1 as the suggested value.
SUG_nisLDAPretrieveErrorAttempts=1
DEF_nisLDAPretrieveErrorTimeout=15
DEF_nisLDAPstoreErrorAction=retry
# The default is unlimited, but set 1 as the suggested value.
SUG_nisLDAPstoreErrorAttempts=1
DEF_nisLDAPstoreErrorTimeout=15
# Default TTL values (in seconds) for NIS MAPS for mapping file.
DEF_iTTLlo=1800
DEF_iTTLhi=5400
DEF_runTTL=3600
}
#
# config_auth_menu_handler(): Enter the authentication method
# for config server.
#
config_auth_menu_handler()
{
# Display Auth menu
display_msg config_auth_method_menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer.
get_ans_req " Choose one Authentication Method (h=help):"
# Determine choice.
_MENU_CHOICE=$ANS
case "$_MENU_CHOICE" in
1) _AUTHMETHOD="none"
break ;;
2) _AUTHMETHOD="simple"
break ;;
3) _AUTHMETHOD="sasl/cram-md5"
break ;;
4) _AUTHMETHOD="sasl/digest-md5"
break ;;
h) display_msg auth_help ;;
*) echo "Please enter 1-4, or h=help." ;;
esac
done
}
#
# auth_menu_handler(): Enter the Authentication method for LDAP server.
#
auth_menu_handler()
{
# Display Auth menu
display_msg auth_method_menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer.
get_ans_req " Choose one Authentication Method (h=help):"
# Determine choice.
_MENU_CHOICE=$ANS
case "$_MENU_CHOICE" in
1) _AUTHMETHOD="simple"
break ;;
2) _AUTHMETHOD="sasl/cram-md5"
break ;;
3) _AUTHMETHOD="sasl/digest-md5"
break ;;
h) display_msg auth_help ;;
*) echo "Please enter 1-3, or h=help." ;;
esac
done
}
#
# tls_menu_handler(): Enter the transport layer security
#
tls_menu_handler()
{
# Display TLS menu
display_msg tls_method_menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer.
# Default value is "none".
get_ans " Choose one Transport Layer Security Method (h=help):" "1"
# Determine choice.
_MENU_CHOICE=$ANS
case "$_MENU_CHOICE" in
1) _TLSMETHOD="none"
break ;;
2) _TLSMETHOD="ssl"
break ;;
h) display_msg tls_help ;;
*) echo "Please enter 1, 2, or h=help." ;;
esac
done
}
#
# retrieve_error_action_menu_handler(): Enter the retrieve error action
#
retrieve_error_action_menu_handler()
{
# Display retrieve error action menu
display_msg retrieve_error_action_menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer. use_cached is default
get_ans " Choose one retrieval error action (h=help):" "1"
# Determine choice.
_MENU_CHOICE=$ANS
case "$_MENU_CHOICE" in
1) _RET_ERR_ACT="use_cached"
break ;;
2) _RET_ERR_ACT="fail"
break ;;
h) display_msg nisLDAPretrieveErrorAction_help ;;
*) echo "Please enter 1, 2, or h=help." ;;
esac
done
}
#
# store_error_action_menu_handler(): Enter the store error action
#
store_error_action_menu_handler()
{
# Display store error action menu
display_msg store_error_action_menu
# Get a Valid choice.
while :
do
# Display appropriate prompt and get answer. retry is default
get_ans " Choose one store error action (h=help):" "1"
# Determine choice.
_MENU_CHOICE=$ANS
case "$_MENU_CHOICE" in
1) _STOR_ERR_ACT="retry"
break ;;
2) _STOR_ERR_ACT="fail"
break ;;
h) display_msg nisLDAPstoreErrorAction_help ;;
*) echo "Please enter 1, 2, or h=help." ;;
esac
done
}
#
# cleanup(): Remove the TMPDIR and all files in it.
#
cleanup()
{
[ $DEBUG -eq 1 ] && echo "In cleanup()"
# Leave the temp directory if debug is set
[ $DEBUG -eq 0 ] && rm -rf $TMPDIR
}
# Save existing config file if elected
check_back_config_file()
{
if [ -f $CONFIG_FILE ]; then
display_msg backup_config_file
get_confirm "Do you wish to continue (y/n/h)?" \
"n" "backup_config_file_cont_help"
if [ $? -eq 0 ]; then # if No, cleanup and exit.
cleanup ; exit 1
fi
get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \
"y" "backup_config_file_help"
if [ $? -eq 1 ]; then # Save the old config file with timestamp
# SCCS converts '% H %' (without spaces) in current date during putback.
# So use some other combination.
SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX}
echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}"
fi
fi
}
# Save existing mapping file if elected
check_back_mapping_file()
{
if [ -f $MAP_FILE ]; then
display_msg backup_mapping_file
get_confirm "Do you wish to continue (y/n/h)?" \
"n" "backup_mapping_file_cont_help"
if [ $? -eq 0 ]; then # if No, cleanup and exit.
cleanup ; exit 1
fi
get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \
"y" "backup_mapping_file_help"
if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp
# SCCS converts '% H %' (without spaces) in current date during putback.
# So use some other combination.
SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX}
echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}"
fi
else
if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then
display_msg warn_n2l_mode
get_confirm "Do you wish to continue (y/n/h)?" \
"n" "warn_n2l_mode_help"
if [ $? -eq 0 ]; then
cleanup ; exit 1
fi
fi
fi
}
put_config_file_copyright_info()
{
# Start with an emptty file, so don't append, but overwrite here.
# Just change the name, but keep the same date and version number
# as in the ident string of this script.
grep "ident \"@(#)$PROG" $ABS_PROG | \
sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE
echo "\
#
# Copyright 2003 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#\
" >> $MAP_FILE
}
get_nisLDAPconfigDN()
{
while :
do
get_ans "DN for configuration information (h=help):"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;;
* ) break ;;
esac
done
nisLDAPconfigDN="${ANS}"
# Store in config file only if a non-default value is specified.
if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then
echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE
fi
# Ask remaining config server related questions only if this
# DN is set. So, if a value is specified, set a flag.
[ "$ANS" != "" ] && configDN_flag=1
}
get_nisLDAPconfigPreferredServerList()
{
while :
do
get_ans_req "Preferred server list for configuration information (h=help):"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;;
* ) break ;;
esac
done
nisLDAPconfigPreferredServerList=${ANS}
echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE
}
get_nisLDAPconfigAuthenticationMethod()
{
_AUTHMETHOD=""
echo "Select the Authentication Method for configuration server :"
config_auth_menu_handler
nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}
echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
}
get_nisLDAPconfigTLS()
{
_TLSMETHOD=""
echo "Select the Transport Layer Security (TLS) for configuration server :"
tls_menu_handler
nisLDAPconfigTLS=${_TLSMETHOD}
# Store in config file only if a non-default value is specified.
if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE
fi
}
get_nisLDAPconfigTLSCertificateDBPath()
{
while :
do
get_ans "TLS Certificate DB for configuration server (h=help):"\
"${DEF_TLSCertificateDBPath}"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
* ) break ;;
esac
done
nisLDAPconfigTLSCertificateDBPath=${ANS}
# Store in config file only if a non-default value is specified.
if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
fi
}
get_nisLDAPconfigProxyUser()
{
while :
do
get_ans_req "Proxy user bind DN to obtain configuration information (h=help):"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;;
* ) break ;;
esac
done
nisLDAPconfigProxyUser=${ANS}
echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE
}
get_nisLDAPconfigProxyPassword()
{
get_passwd "Proxy user password to obtain configuration information :"
nisLDAPconfigProxyPassword=${ANS}
echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE
display_msg ProxyPassword_warn
}
get_preferredServerList()
{
while :
do
get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg preferredServerList_help ;;
* ) break ;;
esac
done
preferredServerList=${ANS}
echo "preferredServerList=${ANS}" >> $CONFIG_FILE
}
get_authenticationMethod()
{
_AUTHMETHOD=""
echo "Select the Authentication Method for mapping data to/from LDAP :"
auth_menu_handler
authenticationMethod=${_AUTHMETHOD}
echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
}
get_nisLDAPTLS()
{
_TLSMETHOD=""
echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :"
tls_menu_handler
nisLDAPTLS=${_TLSMETHOD}
# Store in config file only if a non-default value is specified.
if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE
fi
}
get_nisLDAPTLSCertificateDBPath()
{
while :
do
get_ans "TLS Certificate DB for LDAP data server (h=help):"\
"${DEF_nisLDAPTLSCertificateDBPath}"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
* ) break ;;
esac
done
nisLDAPTLSCertificateDBPath=${ANS}
# Store in config file only if a non-default value is specified.
if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
fi
}
get_nisLDAPproxyUser()
{
while :
do
get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;;
* ) break ;;
esac
done
nisLDAPproxyUser=${ANS}
echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE
}
get_nisLDAPproxyPassword()
{
get_passwd "Proxy user password to read/write data from/to LDAP :"
nisLDAPproxyPassword=${ANS}
echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE
display_msg ProxyPassword_warn
}
get_nisLDAPbindTimeout()
{
get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \
"${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help"
nisLDAPbindTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then
echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPsearchTimeout()
{
get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \
"${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help"
nisLDAPsearchTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then
echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPmodifyTimeout()
{
get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \
"${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help"
nisLDAPmodifyTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then
echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPaddTimeout()
{
get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \
"${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help"
nisLDAPaddTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then
echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPdeleteTimeout()
{
get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \
"${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help"
nisLDAPdeleteTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then
echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPsearchTimeLimit()
{
get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \
"${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help"
nisLDAPsearchTimeLimit=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then
echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPsearchSizeLimit()
{
get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \
"${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help"
nisLDAPsearchSizeLimit=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then
echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPfollowReferral()
{
get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \
"n" "nisLDAPfollowReferral_help"
if [ $? -eq 1 ]; then
_ANS="yes"
else
_ANS="no"
fi
# Store in config file only if a non-default value is specified.
if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then
echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE
fi
}
get_nisLDAPretrieveErrorAction()
{
_RET_ERR_ACT=""
echo "Select the action to be taken in case of LDAP retrieval error :"
retrieve_error_action_menu_handler
nisLDAPretrieveErrorAction=${_RET_ERR_ACT}
# Store in config file only if a non-default value is specified.
if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then
echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE
fi
}
get_nisLDAPretrieveErrorAttempts()
{
get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \
"$SUG_nisLDAPretrieveErrorAttempts" \
"nisLDAPretrieveErrorAttempts_help"
nisLDAPretrieveErrorAttempts=${NUM}
echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE
}
get_nisLDAPretrieveErrorTimeout()
{
# if nisLDAPretrieveErrorAttempts=0, then no point in asking
# for timeout vales as it is ignored anyway.
[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0
get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\
"${DEF_nisLDAPretrieveErrorTimeout}" \
"nisLDAPretrieveErrorTimeout_help"
nisLDAPretrieveErrorTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then
echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE
fi
}
get_nisLDAPstoreErrorAction()
{
_STOR_ERR_ACT=""
echo "Select the action to be taken in case of LDAP store error :"
store_error_action_menu_handler
nisLDAPstoreErrorAction=${_STOR_ERR_ACT}
# Store in config file only if a non-default value is specified.
if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then
echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE
fi
}
get_nisLDAPstoreErrorAttempts()
{
# if nisLDAPstoreErrorAction="fail", then no point in asking
# for no. of attempts or timeout vales as they are ignored.
[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
get_pos_int "Number of attempts in case of LDAP store error (h=help):" \
"$SUG_nisLDAPstoreErrorAttempts" \
"nisLDAPstoreErrorAttempts_help"
nisLDAPstoreErrorAttempts=${NUM}
echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE
}
get_nisLDAPstoreErrorTimeout()
{
# if nisLDAPstoreErrorAction="fail", then no point in asking
# for no. of attempts or timeout vales as they are ignored.
[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question.
[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0
get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\
"${DEF_nisLDAPstoreErrorTimeout}" \
"nisLDAPstoreErrorTimeout_help"
nisLDAPstoreErrorTimeout=${NUM}
# Store in config file only if a non-default value is specified.
if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then
echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE
fi
}
create_config_file()
{
# To prevent from leaving a partial config file in case some error or
# signal takes place, store the output being generated in a temporary
# file first, and move it at the final destination only at the end if
# everything goes fine.
_CONFIG_FILE=$CONFIG_FILE
CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$
echo "Generating config file temporarily as \"${CONFIG_FILE}\""
# Truncate the file before we append anything.
# Place copyright information
put_config_file_copyright_info
# Filter out all the YP domains in /var/yp
# The list of domains is stored in list "VARYP_DMN_LIST"
echo "\
#
# Configuration file for ypserv(1M); see ypserv(4) for more information,
# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping.
# Unless otherwise noted, commented lines show default values.
" >> $CONFIG_FILE
echo "\
# Where to look for configuration information in LDAP. Leave empty or
# undefined to use this file, in which case the values of the other
# 'nisLdapConfig*' attributes are ignored.
#
#nisLDAPconfigDN=\
" >> $CONFIG_FILE
get_nisLDAPconfigDN
echo "
# Server(s) for configuration information. There is no default;
# use the value on the line below for an LDAP server running on
# this machine, at port 389.
#nisLDAPconfigPreferredServerList=127.0.0.1:389\
" >> $CONFIG_FILE
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList
echo "
# Authentication method(s) to obtain configuration information.
#\
" >> $CONFIG_FILE
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod
echo "
# Transport layer security for configuration information
#
#nisLDAPconfigTLS=${DEF_TLS}\
" >> $CONFIG_FILE
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS
echo "
# Certificate DB for transport layer security
#
#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
" >> $CONFIG_FILE
# ask for Certificate DB only if SSL is set
if [ "${nisLDAPconfigTLS}" = "ssl" ]; then
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath
fi
echo "
# Proxy user(s) to obtain configuration information. The line below
# is an example of the format.
#
#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\
" >> $CONFIG_FILE
# Ask proxy user bind DN only if needed.
if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser
fi
echo "
# Password for proxy user. Must be supplied if the authentication method
# requires a password. If a password appears in this file, it should be
# protected appropriately against access by unauthorized users.
#
#nisLDAPconfigProxyPassword=\
" >> $CONFIG_FILE
if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
[ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword
fi
echo "
# Server list for mapping data to/from LDAP. There is no default;
# use the value on the line below for an LDAP server running on
# this machine, at port 389.
#preferredServerList=127.0.0.1:389\
" >> $CONFIG_FILE
get_preferredServerList
echo "
# Authentication method for mapping data to/from LDAP
#\
" >> $CONFIG_FILE
get_authenticationMethod
echo "
# Transport layer security for mapping data to/from LDAP.
#
#nisLDAPTLS=${DEF_TLS}\
" >> $CONFIG_FILE
get_nisLDAPTLS
echo "
# Certificate DB for transport layer security
#
#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
" >> $CONFIG_FILE
# ask for Certificate DB only if SSL is set
if [ "${nisLDAPTLS}" = "ssl" ]; then
get_nisLDAPTLSCertificateDBPath
fi
echo "
# Proxy user for ypserv. Assumed to have appropriate permission to read
# and/or create or modify LDAP data. The line below is an example of the
# format.
#
#nisLDAPproxyUser=cn=nisAdmin,ou=People,\
" >> $CONFIG_FILE
# Ask proxy user bind DN only if needed.
if [ "${authenticationMethod}" != "none" ]; then
get_nisLDAPproxyUser
fi
echo "
# Password for proxy user. Must be supplied if the authentication method
# requires a password. If a password appears in this file, it should be
# protected appropriately against unauthorized access.
#
#nisLDAPproxyPassword=\
" >> $CONFIG_FILE
if [ "${authenticationMethod}" != "none" ]; then
get_nisLDAPproxyPassword
fi
echo "
# Timeouts and time/size limits for LDAP operations.
#
#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\
" >> $CONFIG_FILE
get_nisLDAPbindTimeout
echo "
#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\
" >> $CONFIG_FILE
get_nisLDAPsearchTimeout
echo "
#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\
" >> $CONFIG_FILE
get_nisLDAPmodifyTimeout
echo "
#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\
" >> $CONFIG_FILE
get_nisLDAPaddTimeout
echo "
#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\
" >> $CONFIG_FILE
get_nisLDAPdeleteTimeout
echo "
#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\
" >> $CONFIG_FILE
get_nisLDAPsearchTimeLimit
echo "
#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\
" >> $CONFIG_FILE
get_nisLDAPsearchSizeLimit
echo "
# Should the ypserv follow LDAP referrals ?
#
#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\
" >> $CONFIG_FILE
get_nisLDAPfollowReferral
echo "
# Action, number of attempts, and timeout following an LDAP retrieval error
#
#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\
" >> $CONFIG_FILE
get_nisLDAPretrieveErrorAction
echo "
#nisLDAPretrieveErrorAttempts=\
" >> $CONFIG_FILE
get_nisLDAPretrieveErrorAttempts
echo "
#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\
" >> $CONFIG_FILE
get_nisLDAPretrieveErrorTimeout
echo "
# Action, number of attempts, and timeout following an LDAP store error
#
#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\
" >> $CONFIG_FILE
get_nisLDAPstoreErrorAction
echo "
#nisLDAPstoreErrorAttempts=\
" >> $CONFIG_FILE
get_nisLDAPstoreErrorAttempts
echo "
#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\
" >> $CONFIG_FILE
get_nisLDAPstoreErrorTimeout
# We are done, so move back the config file from temp. location
# to actual location.
# In case the config file name has a directory component which does
# not exist, then create it now, otherwise 'mv' will return error.
DIR_TO_CREATE=`dirname ${_CONFIG_FILE}`
mkdir -p ${DIR_TO_CREATE}
echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)"
mv $CONFIG_FILE $_CONFIG_FILE
# Revert back the config file name in case needed.
CONFIG_FILE=$_CONFIG_FILE
echo "Finished creation of config file ( $_CONFIG_FILE )"
}
put_mapping_file_copyright_info()
{
# Start with an emptty file, so don't append, but overwrite here.
# Just change the name and add the word pragma, but keep the same
# date and version number as in the ident string of this script.
grep "ident \"@(#)$PROG" $ABS_PROG | \
sed "s/ ident/pragma ident/g" | \
sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE
echo "\
#
# Copyright 2003 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#-------------------------------------------------------------------
#\
" >> $MAP_FILE
}
#
# Filter out all the YP domains in /var/yp
# The list of domains is stored in list "VARYP_DMN_LIST"
#
create_all_var_yp_domain_list()
{
VARYP_DMN_LIST=""
for entry in /var/yp/*
do
DMN=`basename $entry`
if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ]
then
VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN"
fi
done
# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
}
#
# Ask user which domains would be served by N2L
# The list of N2L domains is stored in global array
# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT
#
create_n2l_domain_list()
{
# First make a list of all the domains in /var/yp
create_all_var_yp_domain_list
# Now identify those to be served by N2L
let count=0
for DMN in $VARYP_DMN_LIST
do
get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \
"n" "selectDomain4N2L_help"
if [ $? -eq 1 ]; then
N2L_DMN_LIST[count]=$DMN
let count="count + 1"
fi
done
N2L_DMN_CNT=$count
[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]}
[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT
}
#
# Make various lists for different types of maps for each N2L domain
# and ask user if mapping information and comments need to be generated
# for custom maps.
#
# This function looks big, but since KSH does not support 2-D arrays, or
# two level of dereferencing, it forced to have so many lists and arrays.
# Lists are better for adding or removing elements, and arrays are better
# for accessing with index and in knowing the no. of elements.
#
create_map_lists()
{
# Initialize them with no maps.
ALL_DMN_ALL_MAPLIST=""
ALL_DMN_DEF_MAPLIST=""
ALL_DMN_CUST_MAPLIST=""
ALL_DMN_AUTO_CUST_MAPLIST=""
# Default to don't generate custom mapping info or comment info.
CUST_MAP_NEEDED=0
CUST_CMT_NEEDED=0
let count=0
while (( $count < $N2L_DMN_CNT ))
do
DMN=${N2L_DMN_LIST[count]}
MAPDIR=/var/yp/${DMN}
# Initialize per domain lists to NULL.
ALL_MAPLIST=""
DEF_MAPLIST=""
CUST_MAPLIST=""
AUTO_CUST_MAPLIST=""
for dbmfile in $MAPDIR/*.dir
do
MAP=`basename $dbmfile .dir`
# Ignore N2L maps (those with "LDAP_" prefix and ageing.byname)
if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \
[ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]]
then
ALL_MAPLIST="$ALL_MAPLIST $MAP"
if present $MAP $DEFAULT_NIS_MAPS
then
DEF_MAPLIST="$DEF_MAPLIST $MAP"
elif [[ $MAP = auto.* ]]
then
AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP"
else
# If we reached here, means it is custom map.
get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \
"n" "generate_mapping_info_for_cust_map_help"
if [ $? -eq 1 ]
then
CUST_MAPLIST="$CUST_MAPLIST $MAP"
else
# If a customer map is not desired, then delete it from
# all maplist too.
ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST)
fi
fi
fi
done
# Make ALL_DMN lists as they are very helpful in checking if a map exists.
ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST)
ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST)
ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST)
ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \
$AUTO_CUST_MAPLIST)
# Store per domain lists in arrays.
ALL_MAPS[$count]="$ALL_MAPLIST"
DEF_MAPS[$count]="$DEF_MAPLIST"
CUST_MAPS[$count]="$CUST_MAPLIST"
AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST"
[ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]}
[ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]}
[ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]}
[ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]}
let count="count + 1"
done
[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST
[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST
[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST
[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST
# Store all domain lists in array too.
set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST
set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST
set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST
set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST
# A positive customer map count implies custom mapping information
# is required. Set this flag.
[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1
# Give bit of info, and ask if comments need to be placed in mapping file
echo "
This script can place relevant information regarding custom
maps at appropriate places in the mapping file which can be
helpful in customizing this file.
"
get_confirm "Do you want such information to be generated (y/n/h)?" \
"n" "generate_comment_info_for_cust_map_help"
[ $? -eq 1 ] && CUST_CMT_NEEDED=1
[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED
[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED
}
#
# Ask user the context for each (N2l) domain
#
get_nisLDAPdomainContext()
{
echo "
# List domains and contexts
" >> $MAP_FILE
for DMN in ${N2L_DMN_LIST[*]}
do
while :
do
# Convert to domain in dc format for default choice
domain_2_dc $DMN
get_ans "Enter the naming context for $DMN domain (h=help):"\
"$_DOM_2_DC"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;;
* ) break ;;
esac
done
# If a value is specified, set it, and save in mapping file too.
if [ "$ANS" != "" ]; then
echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE
fi
[ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}"
done
}
#
# Ask user the domains for which passwords should be changed
#
get_nisLDAPyppasswddDomains()
{
echo "
# List domains for which passwords should be changed. If this is not
# present then the value returned by 'domainname' will be used.
" >> $MAP_FILE
for DMN in ${N2L_DMN_LIST[*]}
do
get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \
"n" "nisLDAPyppasswddDomains_help"
if [ $? -eq 1 ]; then
echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE
fi
done
echo "
#
#-------------------------------------------------------------------
#\
" >> $MAP_FILE
}
#
# Create NIS databaseId mappings (aliases)
#
create_nisLDAPdatabaseIdMapping()
{
echo '
# Associate map names with databaseIds (aliases)
# Standard maps
nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname
nisLDAPdatabaseIdMapping group: group.bygid group.byname
nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \
hosts.byaddr hosts.byname
# Special mapping to handle the YP_MULTI cases
nisLDAPdatabaseIdMapping multihosts: \
[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \
hosts.byname
nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname
nisLDAPdatabaseIdMapping project: project.byname project.byprojid
nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber
nisLDAPdatabaseIdMapping services: services.byname services.byservicename
# netid.byname is built up from the hosts and passwd files using different
# mappings. It thus has two associated nisLDAPdatabaseIdMappings.
nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname
nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname
# The next two are special databaseIds. They associate maps with databaseIds
# but additionally identify which maps contain password and password adjunct
# information for yppasswdd.
nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid
# mail.byaddr needs to select entries of the form x@y or x!y
nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \
mail.byaddr
# publickey.byname
# Each entry in publickey map consists of a network user name which
# may refer to a host or a user. It also contains a default entry for nobody.
# Hence, we need three nisLDAPdatabaseIdmappings to support the three
# different types of keys.
nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \
publickey.byname
nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \
publickey.byname
nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname
# Single standard maps. No point aliasing.
# mail.aliases
# netmasks.byaddr
# rpc.bynumber
# ypservers
# Other maps
# ipnodes looks identical to hosts but maps to a different context.
nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \
ipnodes.byaddr ipnodes.byname
# Special mapping to handle the YP_MULTI cases
nisLDAPdatabaseIdMapping multiipnodes: \
[addr="*:*,*"] \
ipnodes.byname
# Other single maps. No point aliasing
# audit_user
# auth_attr
# exec_attr
# prof_attr
# user_attr
# auto.home
# auto.master
# bootparams
# timezone.byname
# printers.conf.byname
# passwd.adjunct.byname
# group.adjunct.byname
' >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && \
echo "
# If any custom map needs to be aliased, then it should be listed
# here in the following format :
# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...]
" >> $MAP_FILE
[ CUST_MAP_NEEDED -eq 1 ] && \
echo "\
# Not aliasing non-default/custom maps as they are assumed to be
# simple, single maps.\
" >> $MAP_FILE
for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
do
echo "# $MAP" >> $MAP_FILE
done
echo "\
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
#
# Finds the domains in which the given map exists in the supplied list.
# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are
# set globally, so they can be accessed from any where.
# Input : $1 - map, $2 - list name (just name, not the value)
#
find_domains()
{
_MAP=$1
_ARRAY=$2
let PRESENT_COUNT=0
PRESENT_IN_DOMAINS=""
let count=0
while (( $count < $N2L_DMN_CNT ))
do
# Quick and dirty way to get around unavailability of 2D array
case "$_ARRAY" in
ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;;
DEF_MAPS ) _LIST=${DEF_MAPS[$count]} ;;
CUST_MAPS ) _LIST=${CUST_MAPS[$count]} ;;
AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;;
* ) echo "Invalid value: \"${_ARRAY}\". \c"
;;
esac
if present $_MAP $_LIST
then
let PRESENT_COUNT="$PRESENT_COUNT + 1"
PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}"
fi
let count="count + 1"
done
[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT"
[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS"
return 0
}
#
# For a given map, find out which list it belongs to (PRESENT_IN_LIST),
# and in how many domains this map shows up (PRESENT_COUNT), and in
# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so
# they can be accessed from any where.
#
find_map_presence_details()
{
_MAP=$1
let PRESENT_COUNT=0
PRESENT_IN_LIST=""
PRESENT_IN_DOMAINS=""
# If the map does not exist, return right away, else
# find which list it belongs to.
# If a map exists in def or auto or cust lists, then
# it also exists in "all" list.
if ! present $_MAP $ALL_DMN_ALL_MAPLIST
then
return 1
elif present $_MAP $ALL_DMN_DEF_MAPLIST
then
PRESENT_IN_LIST="DEF_MAPS"
elif present $_MAP $ALL_DMN_CUST_MAPLIST
then
PRESENT_IN_LIST="CUST_MAPS"
else
# If map exists, and not in previous two lists,
# then it has to be here only.
PRESENT_IN_LIST="AUTO_CUST_MAPS"
fi
# Now we know which list the map belongs to. So, we need to
# find which are the domains in which this map exists.
find_domains $_MAP $PRESENT_IN_LIST
# Since the above function sets the values of PRESENT_COUNT and
# PRESENT_IN_DOMAINS fields, we don't need to do anything else.
[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST"
return 0
}
#
# Check if the comment char is a single character, return 0 on success.
# Input is passed via global variable "COMMENT_CHAR"
#
valid_comment_char()
{
COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c`
# echo adds new line character, so adjust length appropriately
if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then
echo " Comment character has to be a blank or single character; try again."
return 1
else
return 0
fi
}
#
# Read the comment character for a MAP. Append in mapping file if valid.
# Input - $1 : MAP name
#
get_comment_char()
{
_MAP=$1
while :
do
get_ans "Specify the comment character for $_MAP :"
COMMENT_CHAR=$ANS
if valid_comment_char; then
break
fi
done
echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE
}
#
# Read a seperate comment character for a MAP for each domain and
# update this information in mapping file.
# Input - $1 : MAP name, $@ : list of domains
#
get_comment_char_per_domain()
{
_MAP=$1
shift
_DOMAIN_LIST="$@"
for _DMN in $_DOMAIN_LIST
do
while :
do
get_ans "Specify the comment character for $_MAP,${_DMN} :"
COMMENT_CHAR=$ANS
if valid_comment_char; then
break
fi
done
echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE
done
}
#
# This function generates custom comment entries. The output is
# appended in the mapping file.
#
get_custom_nisLDAPcommentChar()
{
# All the auto mounter maps are assumed to have '#' as the default comment
# char. But still list the non-default auto map entries here anyway. This
# will make it very easy in case these entries need to be changed.
for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE
done
if [ CUST_MAP_NEEDED -eq 1 ]; then
get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \
"n" "custom_map_comment_char_help"
if [ $? -eq 1 ]; then
for MAP in ${ALL_DMN_CUST_MAPS[*]}
do
get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \
"n" "custom_map_comment_char_help"
if [ $? -eq 1 ]; then
find_domains $MAP CUST_MAPS
if [ $PRESENT_COUNT -gt 1 ]; then
echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \
"y" "same_comment_char_help"
if [ $? -eq 1 ]; then
get_comment_char $MAP
else
get_comment_char_per_domain $MAP "$PRESENT_IN_DOMAINS"
fi
else
get_comment_char $MAP
fi
fi
done
fi
fi
}
# List comment character (if any) for maps
create_nisLDAPcommentChar()
{
echo "\
# Specify the character representing the start of comments.
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# The comment character represents the start of the special 'comment'
# field in a given NIS map. If this attribute is not present then the
# default comment character '#' is used. If a map cannot contain comments
# then the NULL ('') comment character should be specified. The format to
# specify the comment character is :
# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char'
" >> $MAP_FILE
echo "\
nisLDAPcommentChar group : ''
nisLDAPcommentChar passwd : ''
nisLDAPcommentChar ageing.byname : ''
nisLDAPcommentChar audit_user : ''
nisLDAPcommentChar auth_attr : ''
nisLDAPcommentChar exec_attr : ''
nisLDAPcommentChar user_attr : ''
nisLDAPcommentChar bootparams : ''
" >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
_MAP=passwd.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
done
fi
fi
# passwd.adjunct.byname done
# Need to handle group.adjunct.byname map for multiple domain.
_MAP=group.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
done
fi
fi
# group.adjunct.byname done
echo "" >> $MAP_FILE
# Ask user for comment char for custom maps
get_custom_nisLDAPcommentChar
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
#
# Generate secure flag entries
#
create_secure_flag_entries()
{
echo "\
# Specify YP_SECURE flags
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# If a map is secure, then it needs to be mentioned here
# in the following format :
# nisLDAPmapFlags mapname : s
">> $MAP_FILE
echo "\
# nisLDAPmapFlags audit_user : s
" >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
_MAP=passwd.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE
done
fi
fi
# Need to handle group.adjunct.byname map for multiple domain.
_MAP=group.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE
done
fi
fi
echo "" >> $MAP_FILE
STR="any" # Just to make the question look better.
while :
do
get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \
"n" "secure_flag_on_help"
if [ $? -eq 0 ]; then
return 0
else
get_ans "Enter the MAP name :"
MAP=$ANS
if [[ $MAP = "" ]]; then
echo " Error : BLANK map name not allowed; try again"
continue
fi
# Check if the supplied map name exists, and if yes, then
# set the PRESENT attributes for further processing
find_map_presence_details $MAP
case $PRESENT_COUNT in
0 ) echo " Error : $MAP not found in any domain; try again"
;;
1 ) # The map exists in only one domain.
echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
STR="another" # Just to make the question look better.
;;
* ) # The map exists in multiple domain. Ask if this flag needs
# to be set for all domains, or some specific ones.
echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \
"y" "secure_flag_all_domains_help"
if [ $? -eq 1 ]; then
echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
else
for _DMN in $PRESENT_IN_DOMAINS
do
get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?"
if [ $? -eq 1 ]; then
echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE
fi
done
fi
STR="another" # Just to make the question look better.
;;
esac
fi
done
}
#
# Generate interdomain flag entries
#
create_interdomain_flag_entries()
{
INTERDOMAIN_MAP_LIST="ipnodes
multiipnodes
hosts
multihosts
services.byservicename"
#
# Simple function to avoid duplication of code
#
print_interdomain_entries()
{
for _MAP in $INTERDOMAIN_MAP_LIST
do
echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
done
}
echo "
# Specify YP_INTERDOMAIN flags
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# It is used to indicate NIS servers to use the domain name resolver for
# host name and address lookups for hosts not found in the maps.
# If set, it adds YP_INTERDOMAIN entries in these maps when converting
# data from LDAP to YP. It needs to be set in the following format :
# nisLDAPmapFlags mapname : b
" >> $MAP_FILE
# List one set of entries in commented form anyway as it might help
# user understand what it means.
echo "\
# If \$B is set in /var/yp/Makefile, then this flag should be
# set for following maps :\
" >> $MAP_FILE
for _MAP in $INTERDOMAIN_MAP_LIST
do
echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
done
# Put a blank line for indentation purpose
echo >> $MAP_FILE
get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \
"n" "interdomain_flag_on_help"
if [ $? -eq 1 ]; then
if [ $N2L_DMN_CNT -gt 1 ]; then
get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \
"y" "interdomain_flag_all_domains_help"
if [ $? -eq 1 ]; then
print_interdomain_entries
else
for _DMN in ${N2L_DMN_LIST[*]}
do
get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?"
if [ $? -eq 1 ]; then
for _MAP in $INTERDOMAIN_MAP_LIST
do
echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE
done
fi
done
fi
else
print_interdomain_entries
fi
fi
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
return 0
}
#
# List SECURE and INTERDOMAIN flags
#
create_nisLDAPmapFlags()
{
create_secure_flag_entries
create_interdomain_flag_entries
}
#
# Print one Map TTL entry in mapping file using supplied TTL.
#
print_one_map_ttl_entry()
{
_Map=$1
_iTtlLo=$2
_iTtlHi=$3
_runTtl=$4
echo "\
nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\
" >> $MAP_FILE
return 0
}
#
# Print all the maps TTL entries of same TTL
# values using the supplied TTL triplet.
#
print_all_same_ttl_entries()
{
_iTTLlo=$1
_iTTLhi=$2
_runTTL=$3
for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
${ALL_DMN_AUTO_CUST_MAPS[*]}
do
if [ "$_MAP" != "passwd.adjunct.byname" ] && \
[ "$_MAP" != "group.adjunct.byname" ]
then
print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
else
# adjunct maps might not exist in all the domains.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
else
for _DMN_ in $PRESENT_IN_DOMAINS
do
_STR="${_MAP},${_DMN_}"
print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL
done
fi
fi
done
return 0
}
#
# Read the initialTTLlo. Set the value in global variable.
#
get_ittl_lo()
{
get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \
"$DEF_iTTLlo" "initialTTLlo_help"
iTTLlo=${NUM}
}
#
# Read the initialTTLhi. Set the value in global variable.
#
get_ittl_hi()
{
get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \
"$DEF_iTTLhi" "initialTTLhi_help"
iTTLhi=${NUM}
}
#
# Read the initialTTLhi. Set the value in global variable.
#
get_run_ttl()
{
get_pos_int "Runtime TTL (in seconds) (h=help):" \
"$DEF_runTTL" "runningTTL_help"
runTTL=${NUM}
}
#
# Read one TTL triplet. Set the result in global variables.
#
read_one_ttl_triplet()
{
# Just call the individual functions for each TTL.
get_ittl_lo
get_ittl_hi
get_run_ttl
[ $DEBUG -eq 1 ] && \
echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}"
return 0
}
#
# Takes MAP name (with or without domain name) as argument, asks
# user for TTL values, and appends the entry in the mapping file.
#
process_one_map_ttl_value()
{
_Map_="$1"
get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \
"y" "default_different_ttl_help"
if [ $? -eq 1 ]; then
print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
else
echo "Reading TTL values for $_Map_ :"
read_one_ttl_triplet
print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL
fi
return 0
}
#
# Read only one TTL triplet for each existing MAP without asking
# different values for each domain and update the mapping file.
#
read_all_maps_ttl_values_no_multiple_domain_issue()
{
# Need to read only one TTL triplet for each existing MAP.
for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
${ALL_DMN_AUTO_CUST_MAPS[*]}
do
if [ "$_MAP" != "passwd.adjunct.byname" ] && \
[ "$_MAP" != "group.adjunct.byname" ]
then
process_one_map_ttl_value $_MAP
else
# adjunct maps might not exist in all the domains.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
process_one_map_ttl_value $_MAP
else
for _DMN_ in $PRESENT_IN_DOMAINS
do
_STR="${_MAP},${_DMN_}"
process_one_map_ttl_value $_STR
done
fi
fi
done
return 0
}
#
# Read TTL triplet for each default MAP (in database ID form) while
# taking care of multiple domains issue and update the mapping file.
#
read_default_maps_ttl_values_with_multi_domain_issue()
{
for _MAP_ in ${DEF_TTL_MAPLIST}
do
if [ "$_MAP_" != "passwd.adjunct.byname" ] && \
[ "$_MAP_" != "group.adjunct.byname" ]
then
for _DMN_ in ${N2L_DMN_LIST[*]}
do
_STR_="${_MAP_},${_DMN_}"
# Now process each combination one at a time.
process_one_map_ttl_value "$_STR_"
done
else
# List only those domains in which adjunct.byname exists.
find_domains $_MAP_ DEF_MAPS
for _DMN_ in $PRESENT_IN_DOMAINS
do
_STR_="${_MAP_},${_DMN_}"
process_one_map_ttl_value "$_STR_"
done
fi
done
return 0
}
#
# Read TTL triplet for each existing custom MAP while taking
# care of multiple domains issue and update the mapping file.
#
read_custom_maps_ttl_values_with_multi_domain_issue()
{
for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
find_map_presence_details $_MAP_
if [ $PRESENT_COUNT -eq 1 ]; then
# This map exists in only one domain.
# So, no need to ask for multiple domains.
process_one_map_ttl_value $_MAP_
else
# Handle multiple domains.
echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS"
get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
"y" "same_ttl_across_domains_help"
if [ $? -eq 1 ]; then
# Need to read only one TTL triplet for this MAP.
process_one_map_ttl_value $_MAP_
else
# Need to ask for each domain
for _DMN_ in $PRESENT_IN_DOMAINS
do
_STR="${_MAP_},${_DMN_}"
# Now process each combination one at a time.
process_one_map_ttl_value "$_STR"
done
fi
fi
done
return 0
}
#
# List the TTL values for various MAPs
#
create_nisLDAPentryTtl()
{
echo "\
# Associate TTLs with NIS entries derived from LDAP
" >> $MAP_FILE
[ CUST_CMT_NEEDED -eq 1 ] && echo "\
# Each map has three TTL values which are specified in seconds.
# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial
# TTL (in seconds) for data read from disk when the ypserv starts.
#
# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL.
#
# 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data
# retrieved from LDAP while the ypserv is running.
#
# If any value is not specified, then default value is used.
# The format of TTL entry is :
# nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL
" >> $MAP_FILE
# If no maps are present, just return.
[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0
echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}"
get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \
"n" "default_ttl_help"
if [ $? -eq 0 ]; then
# Default values accepted for all the maps.
# So, just print all the maps with default TTL values.
print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
else
echo "You would be allowed to enter the new TTL values."
get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \
"y" "non_default_same_ttl_help"
if [ $? -eq 1 ]; then
# Need to read only one TTL triplet.
# Print all the maps with new TTL triplet.
# read one ttl triplet
echo "Enter the new TTL values :"
read_one_ttl_triplet
print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL
else
if [ $N2L_DMN_CNT -eq 1 ]; then
# TTL values are different now. But we haev only one domain.
# So, no need to worry about multiple domains. Need to read
# only one TTL triplet for each existing MAP.
read_all_maps_ttl_values_no_multiple_domain_issue
else
# TTL values are different now. And we have multiple domains
# too. Check if MAPS are going to have same TTL across domains.
# This is just to avoid asking too many TTL triplet inputs
echo "You would be allowed to enter different TTL values for each map."
get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
"y" "non_default_different_ttl_help"
if [ $? -eq 1 ]; then
# Need to read only one TTL triplet for each existing MAP.
read_all_maps_ttl_values_no_multiple_domain_issue
else
# We have hit the worst case scenario. TTLs could be
# different per map and per domain.
read_default_maps_ttl_values_with_multi_domain_issue
read_custom_maps_ttl_values_with_multi_domain_issue
fi
fi
fi
fi
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
return 0
}
#
# The custom maps for which we do not have enough
# information to be able to generate specific entries,
# we just log the message that the user needs to take
# care of those entries manually.
#
ask_user_to_update_the_custom_map_entries_too()
{
if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then
echo "
# Similar entries need to be created
# for following custom maps too :\
" >> $MAP_FILE
for _MAP in ${ALL_DMN_CUST_MAPS[*]}
do
echo "# $_MAP" >> $MAP_FILE
done
fi
}
put_default_nisLDAPnameFields()
{
echo '
# Associate names with fields in the maps. Must be same for all domains.
nisLDAPnameFields audit_user: \
("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags)
nisLDAPnameFields auto.home: \
("%s",value)
nisLDAPnameFields auto.master: \
("%s",value)
nisLDAPnameFields auth_attr: \
("%s:%s:%s:%s:%s:%s", \
name, res1, res2, short_desc, long_desc, attrs )
nisLDAPnameFields bootparams: \
("%s", params)
nisLDAPnameFields ethers: \
("%s %s", addr, name)
nisLDAPnameFields exec_attr: \
("%s:%s:%s:%s:%s:%s:%s", \
name, policy, type, res1, res2, id, attrs)
nisLDAPnameFields group: \
("%s:%s:%s:%s", name, passwd, gid, users)
' >> $MAP_FILE
# Need to handle group.adjunct.byname map for multiple domain.
_MAP=group.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo '#nisLDAPnameFields group.adjunct.byname: \
# ("%s:%s", name, passwd)
' >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPnameFields group.adjunct.byname: \
("%s:%s", name, passwd)
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\
(\"%s:%s\", name, passwd)
" >> $MAP_FILE
done
fi
fi
echo 'nisLDAPnameFields keys.host: \
("%s:%s", publicKey ,secretKey)
nisLDAPnameFields keys.pass: \
("%s:%s", publicKey ,secretKey)
nisLDAPnameFields keys.nobody: \
("%s:%s", publicKey ,secretKey)
nisLDAPnameFields hosts: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields multihosts: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields ipnodes: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields multiipnodes: \
("%a %s %s", addr, canonicalName, aliases)
nisLDAPnameFields mail.aliases: \
("%s", addresses)
nisLDAPnameFields mail.mapping: \
("%s", address)
# memberTriples is split into sub-fields by a latter nisLDAPsplitField
# attribute.
nisLDAPnameFields netgroup: \
("%s", memberTriples)
nisLDAPnameFields netid.host: \
("%s:%s", number, data)
nisLDAPnameFields netid.pass: \
("%s:%s", number, data)
nisLDAPnameFields netmasks.byaddr: \
("%a", mask)
nisLDAPnameFields networks: \
("%s %s %s", name, number, aliases)
nisLDAPnameFields project: \
("%s:%s:%s:%s:%s:%s", \
name, projID, comment, users, groups, attrs)
nisLDAPnameFields protocols: \
("%s %s %s", name, number, aliases)
nisLDAPnameFields rpc.bynumber: \
("%s %s %s", name, number, aliases)
nisLDAPnameFields passwd: \
("%s:%s:%s:%s:%s:%s:%s", \
name, passwd, uid, gid, gecos, home, shell)
# It is not obvious what the fields in passwd.adjunct are for. They are not
# the same as the shadow map. The following is based on information in:-
#
# lib/libbc/inc/include/pwdadj.h.
#
# This file implies that these are documented in getpwaent(3) but this man page
# does not seem to exist.
#
# It is believed that 'min','max' and 'def' labels were reserved fields in
# SunOS 4.x and are now unused. 'always' and 'never' audit information is
# now contained in audit_user(4) so is now unused.
#
' >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
_MAP=passwd.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo '#nisLDAPnameFields passwd.adjunct.byname: \
# ("%s:%s:%s:%s:%s:%s:%s", \
# name, passwd, min, max, def, always, \
# never)
' >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPnameFields passwd.adjunct.byname: \
("%s:%s:%s:%s:%s:%s:%s", \
name, passwd, min, max, def, always, \
never)
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\
(\"%s:%s:%s:%s:%s:%s:%s\", \\
name, passwd, min, max, def, always, \\
never)
" >> $MAP_FILE
done
fi
fi
echo '
nisLDAPnameFields printers.conf.byname: \
("%s:%s", names, values)
nisLDAPnameFields prof_attr: \
("%s:%s:%s:%s:%s", \
name, res1, res2, desc, attrs)
nisLDAPnameFields services: \
("%s %s/%s %s", name, port, protocol, aliases)
# This map is never created but yppasswd uses the mapping to extract password
# ageing information from the DIT. The password itself is not required by this
# mechanism so is not included in the ageing mapping.
nisLDAPnameFields ageing.byname: \
("%s:%s:%s:%s:%s:%s:%s:%s", \
name, lastchg, min, max, warn, inactive, \
expire, flag)
nisLDAPnameFields timezone.byname: \
("%s %s", zoneName, hostName)
nisLDAPnameFields user_attr: \
("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs)
' >> $MAP_FILE
}
#
# List namefields for non-default auto maps and custom maps.
#
put_auto_and_custom_map_nisLDAPnameFields()
{
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
do
echo "\
nisLDAPnameFields ${_MAP}: \\
(\"%s\",value)
" >> $MAP_FILE
done
}
create_nisLDAPnameFields()
{
# Put format information of "nisLDAPnameFields"
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# "nisLDAPnameFields" specifies the content of entries in a NIS map
# and how they should be broken into named fields. It is required as,
# unlike NIS+, NIS maps do not store information in named fields.
#
# Following is the syntax for nisLDAPnameFields :
#
# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
# fieldName = nameOrArrayName[","...]
# nameOrArrayName = Name of field or 'array' of repeated fields.
# matchspec = \" formatString \"
' >> $MAP_FILE
# List the default nameField values
put_default_nisLDAPnameFields
# List the underlying assumption
echo "\
# With the assumption that all the custom maps are simple, single
# map (single key-value pair type), below is the nisLDAPnameFields
# information for all the custom and non-default auto.* maps. If
# this assumption is not valid, then refer to the NISLDAPmapping
# man page for information on how to customize this section.
" >> $MAP_FILE
# List namefields for non-default auto maps and custom maps.
put_auto_and_custom_map_nisLDAPnameFields
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
return 0
}
#
# List repeated field seperators
#
create_nisLDAPrepeatedFieldSeparators()
{
[ CUST_CMT_NEEDED -eq 1 ] && echo "
# nisLDAPrepeatedFieldSeparators : It is a character which separates
# the repeatable instnaces of splitable fields. It's format is :
#
# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\"
# sepChar = A separator character.
# Default value is space or tab.
" >> $MAP_FILE
echo "\
#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\"
" >> $MAP_FILE
}
#
# List split fields
#
create_nisLDAPsplitField()
{
# List the default split fields
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPsplitFields : It defines how a field, or list of fields,
# named by nisLDAPnameFields is split into sub fields. The original
# field is compared with each line of this attribute until one matches.
# When a match is found named sub-fields are generated. In latter
# operations sub-field names can be used in the same way as other
# field names. The format of nisLDAPsplitFields is :
#
# "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
# splitSpec = "(" matchspec "," subFieldNames ")"
# fieldName = Name of a field from nisLDAPnameFields
# subFieldNames = subFieldname[","...]
# matchspec = \" formatString \"
' >> $MAP_FILE
echo '
nisLDAPsplitField memberTriples: \
("(%s,%s,%s)", host, user, domain), \
("%s", group)
' >> $MAP_FILE
}
#
# List split fields and repeated field separators.
#
create_split_field_and_repeatedfield_seperators()
{
echo "\
# Specify how to break fields up into sub fields.
" >> $MAP_FILE
create_nisLDAPrepeatedFieldSeparators
create_nisLDAPsplitField
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
list_default_nisLDAPobjectDN()
{
echo '
# Associate maps with RDNs and object classes. Base DN comes from the
# nisLDAPdomainContext.
#
# As supplied this file gives only the most derived objectClass for each map.
# For some servers it may be necessary to add "objectClass=" statements for
# all the superclasses. This should be done here.
nisLDAPobjectDN auto.home: \
automountmapname=auto_home,?one? \
objectClass=automount:
nisLDAPobjectDN auto.master: \
automountmapname=auto_master,?one? \
objectClass=automount:
nisLDAPobjectDN auth_attr: \
ou=SolarisAuthAttr,?one? \
objectClass=SolarisAuthAttr:
nisLDAPobjectDN bootparams: \
ou=ethers,?one? \
objectClass=bootableDevice, \
bootParameter=*:\
ou=ethers,?one? \
objectClass=device, \
objectClass=bootableDevice
nisLDAPobjectDN exec_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
SolarisKernelSecurityPolicy=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
objectClass=SolarisProfAttr,\
objectClass=top
nisLDAPobjectDN ethers: \
ou=ethers,?one? \
objectClass=ieee802Device, \
macAddress=*:\
ou=ethers,?one? \
objectClass=device, \
objectClass=ieee802Device
nisLDAPobjectDN group: \
ou=group,?one? \
objectClass=posixGroup:
' >> $MAP_FILE
# Need to handle group.adjunct.byname map for multiple domain.
_MAP=group.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo '#nisLDAPobjectDN group.adjunct.byname: \
# ou=group,?one? \
# objectClass=posixGroup:
' >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPobjectDN group.adjunct.byname: \
ou=group,?one? \
objectClass=posixGroup:
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\
ou=group,?one? \\
objectClass=posixGroup:
" >> $MAP_FILE
done
fi
fi
echo 'nisLDAPobjectDN hosts: \
ou=hosts,?one? \
objectClass=ipHost:\
ou=hosts,?one? \
objectClass=device, \
objectClass=ipHost
nisLDAPobjectDN multihosts: \
ou=hosts,?one? \
objectClass=ipHost, \
ipHostNumber=*.*
nisLDAPobjectDN ipnodes: \
ou=hosts,?one? \
objectClass=ipHost:\
ou=hosts,?one? \
objectClass=device, \
objectClass=ipHost
nisLDAPobjectDN multiipnodes: \
ou=hosts,?one? \
objectClass=ipHost, \
ipHostNumber=*\:*
nisLDAPobjectDN mail.aliases: \
ou=aliases,?one? \
objectClass=mailGroup:
nisLDAPobjectDN mail.mapping: \
ou=aliases,?one? \
objectClass=mailGroup
nisLDAPobjectDN netgroup: \
ou=netgroup,?one? \
objectClass=nisNetgroup:
nisLDAPobjectDN networks: \
ou=networks,?one? \
objectClass=ipNetwork, \
cn=*:
# Must come after networks (or equivalent) that creates ipNetworks
nisLDAPobjectDN netmasks.byaddr: \
ou=networks,?one? \
objectClass=ipNetwork, \
ipNetMaskNumber=*:
nisLDAPobjectDN passwd: \
ou=people,?one? \
objectClass=posixAccount:\
ou=people,?one? \
objectClass=account, \
objectClass=shadowAccount, \
objectClass=posixAccount
' >> $MAP_FILE
# Need to handle passwd.adjunct.byname map for multiple domain.
_MAP=passwd.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the syntax in comment form
echo '#nisLDAPobjectDN passwd.adjunct.byname: \
# ou=people,?one? \
# objectClass=posixAccount:\
# ou=people,?one? \
# objectClass=account, \
# objectClass=shadowAccount, \
# objectClass=posixAccount
' >> $MAP_FILE
else
# Find the domains in which this map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# Don't put domain info as the map is present in all of them.
echo 'nisLDAPobjectDN passwd.adjunct.byname: \
ou=people,?one? \
objectClass=posixAccount:\
ou=people,?one? \
objectClass=account, \
objectClass=shadowAccount, \
objectClass=posixAccount
' >> $MAP_FILE
else
# Not every domain has this map. So, list for the ones which do.
for _DMN in $PRESENT_IN_DOMAINS
do
echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\
ou=people,?one? \\
objectClass=posixAccount:\\
ou=people,?one? \\
objectClass=account, \\
objectClass=shadowAccount, \\
objectClass=posixAccount
" >> $MAP_FILE
done
fi
fi
echo '# Must follow passwd
nisLDAPobjectDN netid.pass: \
ou=people,?one? \
objectClass=posixAccount
# Must follow hosts
nisLDAPobjectDN netid.host: \
ou=hosts,?one? \
objectClass=ipHost
nisLDAPobjectDN printers.conf.byname: \
ou=printers,?one? \
objectClass=printerService:\
ou=printers,?one? \
objectClass=sunPrinter, \
objectClass=printerService, \
objectClass=printerLPR, \
objectClass=printerAbstract
nisLDAPobjectDN prof_attr:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
SolarisAttrLongDesc=*:\
ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
objectClass=SolarisExecAttr,\
objectClass=top
nisLDAPobjectDN project: \
ou=project,?one? \
objectClass=SolarisProject:
nisLDAPobjectDN protocols: \
ou=protocols,?one? \
objectClass=ipProtocol:
nisLDAPobjectDN rpc.bynumber: \
ou=rpc,?one? \
objectClass=oncRpc:
nisLDAPobjectDN services.byname: \
ou=services,?one? \
objectClass=ipService:
# Because services.byservicename contains keys of form both 'name'
# and 'name/protocol' we generate the DIT just from services.byname.
# Hence, write-disabled for services.byservicename
nisLDAPobjectDN services.byservicename: \
ou=services,?one? \
objectClass=ipService
# This map is never created but yppasswd uses the mapping to extract password
# aging information from the DIT.
nisLDAPobjectDN ageing.byname: \
ou=people,?one? \
objectClass=shadowAccount:
# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap
nisLDAPobjectDN timezone.byname: \
ou=Timezone,?one? \
objectClass=nisplusTimeZoneData:
nisLDAPobjectDN user_attr: \
ou=people,?one? \
objectClass=SolarisUserAttr:
# Must come after passwd (or equivalent) that creates posixAccounts
nisLDAPobjectDN audit_user: \
ou=people,?one? \
objectClass=SolarisAuditUser:
# Must come after hosts + passwd.
nisLDAPobjectDN keys.host: \
ou=hosts,?one? \
objectClass=NisKeyObject:
nisLDAPobjectDN keys.pass: \
ou=people,?one? \
objectClass=NisKeyObject:
nisLDAPobjectDN keys.nobody: \
ou=people,?one? \
objectClass=NisKeyObject:\
ou=people,?one? \
objectClass=account, \
objectClass=NisKeyObject
nisLDAPobjectDN ypservers: \
ou=ypservers,?one? \
objectClass=device:
' >> $MAP_FILE
}
# List all the non-default auto.* and custom maps.
list_auto_custom_nisLDAPobjectDN()
{
# auto.* entries are easy.
if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
# We need to find one container for each auto.* map.
# Assume that each auto.* maps's container is auto_*.
_MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"`
echo "\
nisLDAPobjectDN ${_MAP}: \\
automountmapname=${_MAP_UNDERSCORE},?one? \\
objectClass=automount:
" >> $MAP_FILE
done
fi
# Since we do not have enough information to generate
# entries for other custom maps, best we can do is to
# log this map names and ask user to take care of them.
ask_user_to_update_the_custom_map_entries_too
}
#
# List association of maps with RDNs and object classes.
#
create_nisLDAPobjectDN()
{
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPobjectDN : It specifies the connection between group of NIS
# maps and the LDAP directory. This attribute also defines the 'order'
# of the NIS maps. When NIS maps are bulk copied to or from the DIT
# they are processed in the same order as related nisLDAPobjectDN
# attributes appear in /var/yp/NISLDAPmapping.
# The format of "nisLDAPobjectDN" is :
#
# mapName[" "...] ":" objectDN *( ";" objectDN )
#
# where:
#
# objectDN = readObjectSpec [":"[writeObjectSpec]]
# readObjectSpec = [baseAndScope [filterAttrValList]]
# writeObjectSpec = [baseAndScope [attrValList]]
# baseAndScope = [baseDN] ["?" [scope]]
# filterAttrValList = ["?" [filter | attrValList]]]
# scope = "base" | "one" | "sub"
# attrValList = attribute "=" value
# *("," attribute "=" value)
' >> $MAP_FILE
# List all the default entries anyway.
list_default_nisLDAPobjectDN
# List all the non-default auto.* and custom maps.
list_auto_custom_nisLDAPobjectDN
}
#
# List all the default nisLDAPattributeFromField entries
#
list_default_nisLDAPattributeFromField()
{
echo '
# Describe how named fields are mapped to DIT entries.
# audit_user
nisLDAPattributeFromField audit_user: \
dn=("uid=%s,", rf_key ), \
SolarisAuditAlways=alwaysAuditFlags, \
SolarisAuditNever=neverAuditFlags
# auto.home
nisLDAPattributeFromField auto.home: \
dn=("automountKey=%s,", rf_key ), \
automountKey=rf_key, \
automountInformation=value
# auto.master
nisLDAPattributeFromField auto.master: \
dn=("automountKey=%s,", rf_key ), \
automountKey=rf_key, \
automountInformation=value
# auth_attr
nisLDAPattributeFromField auth_attr: \
dn=("cn=%s,", rf_key ), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrShortDesc=short_desc, \
SolarisAttrLongDesc=long_desc, \
SolarisAttrKeyValue=attrs
# exec_attr. Because of the messy NIS keys special handling is required here
nisLDAPattributeFromField exec_attr: \
dn=("cn=%s+SolarisKernelSecurityPolicy=%s\
+SolarisProfileType=%s+SolarisProfileID=%s,", \
name, policy,type,id), \
("%s:*", cn)=rf_key, \
("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \
("*:*:%s", SolarisProfileId)=rf_key, \
solarisProfileType=type, \
solarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
solarisAttrKeyValue=attrs
# ethers
nisLDAPattributeFromField ethers.byname: \
dn=("cn=%s,", rf_key ), \
macAddress=addr
nisLDAPattributeFromField ethers.byaddr: \
dn=("cn=%s,", name ), \
macAddress=rf_key
nisLDAPattributeFromField ethers: \
cn=name, \
description=rf_comment
# bootparams. Must be done after ethers
nisLDAPattributeFromField bootparams: \
dn=("cn=%s,", rf_key ), \
cn=rf_key, \
(bootParameter)=(params, " ")
' >> $MAP_FILE
# group syntax is different when group.adjunct map is present.
# So, need to handle the various possibilities
_MAP=group.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the group.adjunct syntax in comment form
echo '# group
nisLDAPattributeFromField group.byname: \
dn=("cn=%s,", rf_key ), \
gidNumber=gid
nisLDAPattributeFromField group.bygid: \
dn=("cn=%s,", name ), \
gidNumber=rf_key
nisLDAPattributeFromField group: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
(memberUid)=(users, ",")
#
# If you are using group.adjunct, comment the group section above
# and uncomment the following group and group.adjunct sections
#
# group
#nisLDAPattributeFromField group.byname: \
# dn=("cn=%s,", rf_key ), \
# gidNumber=gid
#nisLDAPattributeFromField group.bygid: \
# dn=("cn=%s,", name ), \
# gidNumber=rf_key
#nisLDAPattributeFromField group: \
# cn=name, \
# (memberUid)=(users, ",")
# group.adjunct
#nisLDAPattributeFromField group.adjunct.byname: \
# dn=("cn=%s,", rf_key ), \
# cn=name, \
# userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Find the domains in which group.adjunct map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have group.adjunct map.
echo '# group
#nisLDAPattributeFromField group.byname: \
# dn=("cn=%s,", rf_key ), \
# gidNumber=gid
#nisLDAPattributeFromField group.bygid: \
# dn=("cn=%s,", name ), \
# gidNumber=rf_key
#nisLDAPattributeFromField group: \
# cn=name, \
# userPassword=("{crypt}%s",passwd), \
# (memberUid)=(users, ",")
# If you are not using group.adjunct, uncomment the group section above
# and comment the following group and group.adjunct sections
#
# group
nisLDAPattributeFromField group.byname: \
dn=("cn=%s,", rf_key ), \
gidNumber=gid
nisLDAPattributeFromField group.bygid: \
dn=("cn=%s,", name ), \
gidNumber=rf_key
nisLDAPattributeFromField group: \
cn=name, \
(memberUid)=(users, ",")
# group.adjunct
nisLDAPattributeFromField group.adjunct.byname: \
dn=("cn=%s,", rf_key ), \
cn=name, \
userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Not every domain has group.adjunct map.
# First put the password syntax with domain name for domains
# in which group.adjunct exists.
echo "# group" >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
# domain-specific group
nisLDAPattributeFromField group.byname,${_DMN}: \\
dn=(\"cn=%s,\", rf_key ), \\
gidNumber=gid
nisLDAPattributeFromField group.bygid,${_DMN}: \\
dn=(\"cn=%s,\", name ), \\
gidNumber=rf_key
nisLDAPattributeFromField group,${_DMN}: \\
cn=name, \\
(memberUid)=(users, \",\")
" >> $MAP_FILE
done
# Now put the other group syntax. We do not need to
# append the domain name here.
echo '
nisLDAPattributeFromField group.byname: \
dn=("cn=%s,", rf_key ), \
gidNumber=gid
nisLDAPattributeFromField group.bygid: \
dn=("cn=%s,", name ), \
gidNumber=rf_key
nisLDAPattributeFromField group: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
(memberUid)=(users, ",")
' >> $MAP_FILE
# Now we need to put the group.adjunct syntax for domains
# in which this map exists.
echo "# group.adjunct" >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\
dn=(\"cn=%s,\", rf_key ), \\
cn=name, \\
userPassword=(\"{crypt}%s\",passwd)
" >> $MAP_FILE
done
fi
fi
echo '
# hosts
# Cannot forward map hosts.byname key as the YP_MULTI entries will not work.
nisLDAPattributeFromField hosts.byname: \
cn=rf_searchkey
nisLDAPattributeFromField hosts.byaddr: \
ipHostNumber=rf_searchipkey
nisLDAPattributeFromField hosts: \
ipHostNumber=addr, \
dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
cn=canonicalName, \
(cn)=(aliases, " "), \
description=rf_comment
nisLDAPattributeFromField multihosts: \
("YP_MULTI_%s", cn)=rf_searchkey
# ipnodes
# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work.
nisLDAPattributeFromField ipnodes.byname: \
cn=rf_searchkey
nisLDAPattributeFromField ipnodes.byaddr: \
ipHostNumber=rf_searchipkey
nisLDAPattributeFromField ipnodes: \
ipHostNumber=addr, \
dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
cn=canonicalName, \
(cn)=(aliases, " "), \
description=rf_comment
nisLDAPattributeFromField multiipnodes: \
("YP_MULTI_%s", cn)=rf_searchkey
#mail.aliases
nisLDAPattributeFromField mail.aliases: \
dn=("mail=%s,", rf_key), \
mail=rf_key, \
(mgrprfc822mailmember)=(addresses, ",")
#mail.mapping
#Commented out because all NIS->LDAP mappings are done by mail.aliases
#nisLDAPattributeFromField mail.mapping: \
# dn=("mail=%s,", address), \
# mail=address, \
# mgrprfc822mailmember=rf_key
nisLDAPattributeFromField mail.mapping: \
mgrprfc822mailmember=rf_searchkey
# netgroup.
#
# Only need to create DIT entries for netgroup. This contains a superset of
# the information in netgroup.byhost and netgroup.byuser
nisLDAPattributeFromField netgroup: \
dn=("cn=%s,", rf_key ), \
(memberNisNetgroup)=group, \
(nisNetgroupTriple)= \
("(%s,%s,%s)", host, user, domain), \
cn=rf_key, \
description=rf_comment
# netid.pass
#
# Commented out because, unless remote domains (and thus /etc/netid) is
# supported, all NIS->LDAP mappings are set up from passwd.
#nisLDAPattributeFromField netid.pass: \
# ("unix.%s@*", uidNumber)=rf_key, \
# (gidNumber)=("%s", (data), " "), \
# description=rf_comment
nisLDAPattributeFromField netid.pass: \
("unix.%s@*", uidNumber)=rf_searchkey
# netid.host
#
# Commented out because, unless remote domains (and thus /etc/netid) is
# supported, all NIS->LDAP mappings are set up from hosts.
#nisLDAPattributeFromField netid.host: \
# dn=("cn=%s+ipHostNumber=%s,", data, \
# ldap:ipHostNumber:?one?("cn=%s", data)), \
# ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \
# ("unix.%s@*", cn)=rf_key, \
# description=rf_comment
nisLDAPattributeFromField netid.host: \
("unix.%s@*", cn)=rf_searchkey
# netmasks.byaddr
nisLDAPattributeFromField netmasks.byaddr: \
dn=("ipNetworkNumber=%s,", rf_ipkey ), \
ipNetworkNumber=rf_ipkey, \
ipNetmaskNumber=mask, \
description=rf_comment
# networks.
nisLDAPattributeFromField networks.byname: \
dn=("ipNetworkNumber=%s,", number ), \
cn=name, \
cn=rf_key
nisLDAPattributeFromField networks.byaddr: \
dn=("ipNetworkNumber=%s,", rf_key ), \
cn=name
nisLDAPattributeFromField networks: \
(cn)=(aliases, " "), \
ipNetworkNumber=number, \
description=rf_comment
' >> $MAP_FILE
# passwd syntax is different when passwd.adjunct map is present.
# So, need to handle the various possibilities
_MAP=passwd.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the passwd.adjunct syntax in comment form
echo '# passwd
nisLDAPattributeFromField passwd.byname: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
uidNumber=uid
nisLDAPattributeFromField passwd.byuid: \
dn=("uid=%s,", name ), \
uidNumber=rf_key, \
uid=name
nisLDAPattributeFromField passwd: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
gidNumber=gid, \
gecos=gecos, \
homeDirectory=home, \
loginShell=shell
#
# If you are using passwd.adjunct, comment the passwd section above
# and uncomment the following passwd and passwd.adjunct sections
#
# passwd
#nisLDAPattributeFromField passwd.byname: \
# dn=("uid=%s,", rf_key ), \
# uid=rf_key, \
# uidNumber=uid
#nisLDAPattributeFromField passwd.byuid: \
# dn=("uid=%s,", name ), \
# uidNumber=rf_key, \
# uid=name
#nisLDAPattributeFromField passwd: \
# cn=name, \
# gidNumber=gid, \
# gecos=gecos, \
# homeDirectory=home, \
# loginShell=shell
# passwd.adjunct
#nisLDAPattributeFromField passwd.adjunct.byname: \
# dn=("uid=%s,", rf_key ), \
# uid=name, \
# userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Find the domains in which passwd.adjunct map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have passwd.adjunct map. So, put the right
# passwd syntax and comment-in the passwd.adjunct syntax.
echo '# passwd
#nisLDAPattributeFromField passwd.byname: \
# dn=("uid=%s,", rf_key ), \
# uid=rf_key, \
# uidNumber=uid
#nisLDAPattributeFromField passwd.byuid: \
# dn=("uid=%s,", name ), \
# uidNumber=rf_key, \
# uid=name
#nisLDAPattributeFromField passwd: \
# cn=name, \
# userPassword=("{crypt}%s",passwd), \
# gidNumber=gid, \
# gecos=gecos, \
# homeDirectory=home, \
# loginShell=shell
# If you are not using passwd.adjunct, uncomment the passwd section above
# and comment the following passwd and passwd.adjunct sections
#
# passwd
nisLDAPattributeFromField passwd.byname: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
uidNumber=uid
nisLDAPattributeFromField passwd.byuid: \
dn=("uid=%s,", name ), \
uidNumber=rf_key, \
uid=name
nisLDAPattributeFromField passwd: \
cn=name, \
gidNumber=gid, \
gecos=gecos, \
homeDirectory=home, \
loginShell=shell
# passwd.adjunct
nisLDAPattributeFromField passwd.adjunct.byname: \
dn=("uid=%s,", rf_key ), \
uid=name, \
userPassword=("{crypt}%s",passwd)
' >> $MAP_FILE
else
# Not every domain has passwd.adjunct map.
# First put the password syntax with domain name for domains
# in which passwd.adjunct exists.
echo "# passwd" >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPattributeFromField passwd.byname,${_DMN}: \\
dn=(\"uid=%s,\", rf_key ), \\
uid=rf_key, \\
uidNumber=uid
nisLDAPattributeFromField passwd.byuid,${_DMN}: \\
dn=(\"uid=%s,\", name ), \\
uidNumber=rf_key, \\
uid=name
nisLDAPattributeFromField passwd,${_DMN}: \\
cn=name, \\
gidNumber=gid, \\
gecos=gecos, \\
homeDirectory=home, \\
loginShell=shell
" >> $MAP_FILE
done
# Now put the other passwd syntax. We do not need to
# append the domain name here.
echo '
nisLDAPattributeFromField passwd.byname: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
uidNumber=uid
nisLDAPattributeFromField passwd.byuid: \
dn=("uid=%s,", name ), \
uidNumber=rf_key, \
uid=name
nisLDAPattributeFromField passwd: \
cn=name, \
userPassword=("{crypt}%s",passwd), \
gidNumber=gid, \
gecos=gecos, \
homeDirectory=home, \
loginShell=shell
' >> $MAP_FILE
# Now we need to put the passwd.adjunct syntax for domains
# in which this map exists.
echo "# passwd.adjunct" >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\
dn=(\"uid=%s,\", rf_key ), \\
uid=name, \\
userPassword=(\"{crypt}%s\",passwd)
" >> $MAP_FILE
done
fi
fi
echo '
# This map is never created but yppasswd uses the mapping to extract password
# aging information from the DIT.
nisLDAPattributeFromField ageing.byname: \
dn=("uid=%s,", rf_key ), \
uid=name, \
shadowLastChange=lastchg, \
shadowMin=min, \
shadowMax=max, \
shadowWarning=warn, \
shadowInactive=inactive, \
shadowExpire=expire, \
shadowFlag=flag
# printers.conf.byname
nisLDAPattributeFromField printers.conf.byname: \
dn=("printer-uri=%s,", rf_key ), \
printer-name=rf_key, \
(printer-aliases)=(names, "|"), \
sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \
(sun-printer-kvp)=(values,":"), \
description=rf_comment
# prof_attr
nisLDAPattributeFromField prof_attr: \
dn=("cn=%s,", rf_key ), \
cn=name, \
SolarisAttrReserved1=res1, \
SolarisAttrReserved2=res2, \
SolarisAttrLongDesc=desc, \
SolarisAttrKeyValue=attrs
# project
nisLDAPattributeFromField project.byname: \
dn=("SolarisProjectName=%s,", rf_key )
nisLDAPattributeFromField project.byprojid: \
dn=("SolarisProjectName=%s,", name ), \
SolarisProjectID=rf_searchkey
nisLDAPattributeFromField project: \
SolarisProjectName=name, \
SolarisProjectID=projID, \
(memberUid)=(users, ","), \
(memberGid)=(groups, ","), \
(SolarisProjectAttr)=(attrs, ";"), \
description=comment
# protocols
nisLDAPattributeFromField protocols.byname: \
ipProtocolNumber=number, \
cn=rf_searchkey
nisLDAPattributeFromField protocols.bynumber: \
ipProtocolNumber=rf_key, \
description=rf_comment
nisLDAPattributeFromField protocols: \
dn=("cn=%s,", name ), \
(cn)=(aliases, " "), \
cn=name
# rpc.bynumber
nisLDAPattributeFromField rpc.bynumber: \
dn=("cn=%s,", name ), \
oncRpcNumber=rf_key, \
(cn)=(aliases, " "), \
cn=name, \
description=rf_comment
# services
# services.byservicename rule is only used to speed single search
nisLDAPattributeFromField services.byservicename: \
("%s/%s", cn, ipServiceProtocol) = rf_searchkey
nisLDAPattributeFromField services.byname: \
dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \
("*/%s", ipServiceProtocol)=rf_key, \
("%s/*", ipServicePort)=rf_key, \
(cn)=(aliases, " "), \
cn=name, \
description=rf_comment
# timezone.byname
nisLDAPattributeFromField timezone.byname: \
dn=("cn=%s,", rf_key ), \
cn=hostName, \
nisplusTimeZone=zoneName, \
description=comment
# user_attr
nisLDAPattributeFromField user_attr: \
dn=("uid=%s,", rf_key ), \
uid=rf_key, \
SolarisUserAttr=qualifier, \
SolarisUserReserved1=res1, \
SolarisUserReserved2=res2, \
SolarisAttrKeyValue=attrs
# publickey.byname
nisLDAPattributeFromField keys.host: \
dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \
nisPublicKey=publicKey, \
nisSecretKey=secretKey
nisLDAPattributeFromField keys.pass: \
dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \
nisPublicKey=publicKey, \
nisSecretKey=secretKey
nisLDAPattributeFromField keys.nobody: \
dn=("uid=%s,",yp:rf_key), \
cn=rf_key, \
nisPublicKey=publicKey, \
nisSecretKey=secretKey
# ypservers. This derived from IPlanet implementation not RFC.
nisLDAPattributeFromField ypservers: \
dn=("cn=%s,", rf_key), \
cn=rf_key
' >> $MAP_FILE
}
#
# List all the non-default auto.* and custom maps.
#
list_auto_and_custom_nisLDAPattributeFromField()
{
# auto.* entries are easy.
if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
fi
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
echo "\
# ${_MAP}
nisLDAPattributeFromField ${_MAP}: \\
dn=(\"automountKey=%s,\", rf_key ), \\
automountKey=rf_key, \\
automountInformation=value
" >> $MAP_FILE
done
# Since we do not have enough information to generate
# entries for other custom maps, best we can do is to
# log this map names and ask user to take care of them.
ask_user_to_update_the_custom_map_entries_too
}
#
# List mapping of named fields to DIT entries
#
create_nisLDAPattributeFromField()
{
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPattributeFromField : It specifies how an LDAP attribute
# value is derived from a NIS entries field values.
#
# The format of nisLDAPattributeFromField entry is :
# mapName ":" fieldattrspec *("," fieldattrspec )
' >> $MAP_FILE
# List all the default entries anyway.
list_default_nisLDAPattributeFromField
# List all the non-default auto.* and custom maps.
list_auto_and_custom_nisLDAPattributeFromField
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
#
# List all the default nisLDAPattributeFromField entries
#
list_default_nisLDAPfieldFromAttribute()
{
echo '
# Describe how named fields are mapped from DIT entries.
# audit_user
nisLDAPfieldFromAttribute audit_user: \
("uid=%s,*", rf_key)=dn, \
("uid=%s,*", name)=dn, \
alwaysAuditFlags=SolarisAuditAlways, \
neverAuditFlags=SolarisAuditNever
# auto.home
nisLDAPfieldFromAttribute auto.home: \
rf_key=automountKey, \
value=automountInformation
# auto.master
nisLDAPfieldFromAttribute auto.master: \
rf_key=automountKey, \
value=automountInformation
# auth_attr
nisLDAPfieldFromAttribute auth_attr: \
rf_key=cn, \
name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
short_desc=SolarisAttrShortDesc, \
long_desc=SolarisAttrLongDesc, \
attrs=SolarisAttrKeyValue
# Exec_attr. Because of messy NIS keys special handlind is required here
nisLDAPfieldFromAttribute exec_attr: \
rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \
solarisProfileId), \
name=cn, \
policy=SolarisKernelSecurityPolicy, \
type=SolarisProfileType, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
id=SolarisProfileId, \
attrs=SolarisAttrKeyValue
# ethers
nisLDAPfieldFromAttribute ethers.byname: \
rf_key=cn
nisLDAPfieldFromAttribute ethers.byaddr: \
rf_key=macAddress
nisLDAPfieldFromAttribute ethers: \
name=cn, \
addr=macAddress, \
rf_comment=description
# bootparams. Must be done after ethers
nisLDAPfieldFromAttribute bootparams: \
rf_key=cn, \
params=("%s ", (bootParameter), " ")
' >> $MAP_FILE
# group syntax is different when group.adjunct map is present.
# So, need to handle the various possibilities
_MAP=group.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the group.adjunct syntax in comment form
echo '# group
nisLDAPfieldFromAttribute group.byname: \
rf_key=cn
nisLDAPfieldFromAttribute group.bygid: \
rf_key=gidNumber
nisLDAPfieldFromAttribute group: \
gid=gidNumber, \
name=cn, \
("{crypt}%s", passwd)=userPassword, \
users=("%s,", (memberUid), ",")
#
# If you are using group.adjunct, comment the group section above
# and uncomment the following group and group.adjunct section
#
# group
#nisLDAPfieldFromAttribute group.byname: \
# rf_key=cn
#nisLDAPfieldFromAttribute group.bygid: \
# rf_key=gidNumber
#nisLDAPfieldFromAttribute group: \
# gid=gidNumber, \
# name=cn, \
# passwd=("#$%s", cn), \
# users=("%s,", (memberUid), ",")
# group.adjunct
#nisLDAPfieldFromAttribute group.adjunct.byname: \
# rf_key=cn, \
# name=cn, \
# ("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Find the domains in which group.adjunct map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have group.adjunct map.
echo '# group
#nisLDAPfieldFromAttribute group.byname: \
# rf_key=cn
#nisLDAPfieldFromAttribute group.bygid: \
# rf_key=gidNumber
#nisLDAPfieldFromAttribute group: \
# gid=gidNumber, \
# name=cn, \
# ("{crypt}%s", passwd)=userPassword, \
# users=("%s,", (memberUid), ",")
#
# If you are not using group.adjunct, comment the group section above
# and uncomment the following group and group.adjunct sections
#
# group
nisLDAPfieldFromAttribute group.byname: \
rf_key=cn
nisLDAPfieldFromAttribute group.bygid: \
rf_key=gidNumber
nisLDAPfieldFromAttribute group: \
gid=gidNumber, \
name=cn, \
passwd=("#$%s", cn), \
users=("%s,", (memberUid), ",")
#
# group.adjunct
nisLDAPfieldFromAttribute group.adjunct.byname: \
rf_key=cn, \
name=cn, \
("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Not every domain has group.adjunct map.
echo "# group" >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPfieldFromAttribute group.byname,${_DMN}: \\
rf_key=cn
nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\
rf_key=gidNumber
nisLDAPfieldFromAttribute group,${_DMN}: \\
gid=gidNumber, \\
name=cn, \\
passwd=(\"#$%s\", cn), \\
users=(\"%s,\", (memberUid), \",\")
" >> $MAP_FILE
done
# Now put the generic group syntax. We do not need to
# append the domain name here.
echo '
nisLDAPfieldFromAttribute group.byname: \
rf_key=cn
nisLDAPfieldFromAttribute group.bygid: \
rf_key=gidNumber
nisLDAPfieldFromAttribute group: \
gid=gidNumber, \
name=cn, \
("{crypt}%s", passwd)=userPassword, \
users=("%s,", (memberUid), ",")
' >> $MAP_FILE
# Now we need to put the group.adjunct syntax for domains
# in which this map exists.
echo "#
# group.adjunct
# " >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\
rf_key=cn, \\
name=cn, \\
(\"{crypt}%s\", passwd)=userPassword
" >> $MAP_FILE
done
fi
fi
echo '
# hosts
nisLDAPfieldFromAttribute hosts.byaddr: \
rf_ipkey=ipHostNumber
nisLDAPfieldFromAttribute hosts.byname: \
(rf_key)=(cn)
nisLDAPfieldFromAttribute hosts: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
addr=ipHostNumber, \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description
nisLDAPfieldFromAttribute multihosts: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
(rf_key)=("YP_MULTI_%s", cn), \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description, \
(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
(ipHostNumber=*.*))", yp:canonicalName)), \
addr=("%s,", (yp:tmp), ",")
# ipnodes
nisLDAPfieldFromAttribute ipnodes.byaddr: \
rf_ipkey=ipHostNumber
nisLDAPfieldFromAttribute ipnodes.byname: \
("cn=%s+ipHostNumber=*", rf_key)=dn
nisLDAPfieldFromAttribute ipnodes: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
addr=ipHostNumber, \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description
nisLDAPfieldFromAttribute multiipnodes: \
("cn=%s+ipHostNumber=*", canonicalName)=dn, \
(rf_key)=("YP_MULTI_%s", cn), \
aliases=("%s ", (cn) - yp:canonicalName, " "), \
rf_comment=description, \
(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
(ipHostNumber=*:*))", yp:canonicalName)), \
addr=("%s,", (yp:tmp), ",")
#mail.aliases
nisLDAPfieldFromAttribute mail.aliases: \
rf_key=mail, \
addresses= ("%s,", (mgrprfc822mailmember), ","), \
rf_comment=description
#mail.mapping
nisLDAPfieldFromAttribute mail.mapping: \
rf_key=mgrprfc822mailmember, \
address=mail, \
rf_comment=description
# netgroup.
nisLDAPfieldFromAttribute netgroup: \
rf_key=cn, \
(group)=(memberNisNetgroup), \
("(%s,%s,%s)", host, user, domain)= \
(nisNetgroupTriple), \
rf_comment=description
# netid.pass
nisLDAPfieldFromAttribute netid.pass: \
number=uidNumber, \
(tmp)=("%s", gidNumber:ou=group,?one?\
("memberUid=%s", ldap:uid)), \
sgid=("%s,", (yp:tmp) - gidNumber, ","), \
data=("%s,%s", gidNumber, yp:sgid), \
data=gidNumber, \
(rf_key)=("unix.%s@%s", yp:number, yp:rf_domain)
# netid.host
nisLDAPfieldFromAttribute netid.host: \
("cn=%s+ipHostNumber=*", data)=dn, \
number=("0"), \
(rf_key)=("unix.%s@%s", yp:data, yp:rf_domain)
# netmasks.byaddr
nisLDAPfieldFromAttribute netmasks.byaddr: \
("ipNetworkNumber=%s,*", rf_ipkey)=dn, \
mask=ipNetmaskNumber, \
rf_comment=description
# networks.
nisLDAPfieldFromAttribute networks.byname: \
(rf_key)=(cn)
nisLDAPfieldFromAttribute networks.byaddr: \
("ipNetworkNumber=%s,*", rf_key)=dn
nisLDAPfieldFromAttribute networks: \
name=cn, \
aliases=("%s ", (cn) - yp:name, " "), \
number=ipNetworkNumber, \
rf_comment=description
' >> $MAP_FILE
# passwd syntax is different when passwd.adjunct map is present.
# So, need to handle the various possibilities
_MAP=passwd.adjunct.byname
if ! present $_MAP $ALL_DMN_DEF_MAPLIST
then
# Just put the passwd.adjunct syntax in comment form
echo '# passwd
nisLDAPfieldFromAttribute passwd.byname: \
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid: \
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd: \
name=uid, \
uid=uidNumber, \
("{crypt}%s", passwd)=userPassword, \
gid=gidNumber, \
gecos=gecos, \
home=homeDirectory, \
shell=loginShell
#
# If you are using passwd.adjunct, comment the passwd section above
# and uncomment the following passwd and passwd.adjunct sections
#
# passwd
#nisLDAPfieldFromAttribute passwd.byname: \
# rf_key=uid
#nisLDAPfieldFromAttribute passwd.byuid: \
# rf_key=uidNumber
#nisLDAPfieldFromAttribute passwd: \
# name=uid, \
# uid=uidNumber, \
# passwd=("##%s", uid), \
# gid=gidNumber, \
# gecos=gecos, \
# home=homeDirectory, \
# shell=loginShell
# passwd.adjunct
#nisLDAPfieldFromAttribute passwd.adjunct.byname: \
# rf_key=uid, \
# name=uid, \
# ("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Find the domains in which passwd.adjunct map exists.
find_domains $_MAP DEF_MAPS
if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
then
# All the domains have passwd.adjunct map. So, put the right
# passwd syntax and comment-in the passwd.adjunct syntax.
echo '# passwd
#nisLDAPfieldFromAttribute passwd.byname: \
# rf_key=uid
#nisLDAPfieldFromAttribute passwd.byuid: \
# rf_key=uidNumber
#nisLDAPfieldFromAttribute passwd: \
# name=uid, \
# uid=uidNumber, \
# ("{crypt}%s", passwd)=userPassword, \
# gid=gidNumber, \
# gecos=gecos, \
# home=homeDirectory, \
# shell=loginShell
#
# If you are not using passwd.adjunct, uncomment the passwd section
# above and comment the following passwd and passwd.adjunct sections
#
# passwd
nisLDAPfieldFromAttribute passwd.byname: \
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid: \
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd: \
name=uid, \
uid=uidNumber, \
passwd=("##%s", uid), \
gid=gidNumber, \
gecos=gecos, \
home=homeDirectory, \
shell=loginShell
#
# passwd.adjunct Must follow passwd
#
nisLDAPfieldFromAttribute passwd.adjunct.byname: \
rf_key=uid, \
name=uid, \
("{crypt}%s", passwd)=userPassword
' >> $MAP_FILE
else
# Not every domain has passwd.adjunct map.
# First put the password syntax with domain name for domains
# in which passwd.adjunct exists.
echo "# passwd" >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd,${_DMN}: \\
name=uid, \\
uid=uidNumber, \\
passwd=(\"##%s\", uid), \\
gid=gidNumber, \\
gecos=gecos, \\
home=homeDirectory, \\
shell=loginShell
" >> $MAP_FILE
done
# Now put the other passwd syntax. We do not need to
# append the domain name here.
echo '
nisLDAPfieldFromAttribute passwd.byname: \
rf_key=uid
nisLDAPfieldFromAttribute passwd.byuid: \
rf_key=uidNumber
nisLDAPfieldFromAttribute passwd: \
name=uid, \
uid=uidNumber, \
("{crypt}%s", passwd)=userPassword, \
gid=gidNumber, \
gecos=gecos, \
home=homeDirectory, \
shell=loginShell
' >> $MAP_FILE
# Now we need to put the passwd.adjunct syntax for domains
# in which this map exists.
echo "#
# passwd.adjunct Must follow passwd
# " >> $MAP_FILE
for _DMN in $PRESENT_IN_DOMAINS
do
echo "\
nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\
rf_key=uid, \\
name=uid, \\
(\"{crypt}%s\", passwd)=userPassword
" >> $MAP_FILE
done
fi
fi
echo '
# This map is never created but yppasswd uses the mapping to extract password
# ageing information from the DIT.
nisLDAPfieldFromAttribute ageing.byname: \
rf_key=uid, \
name=uid, \
lastchg=shadowLastChange, \
min=shadowMin, \
max=shadowMax, \
warn=shadowWarning, \
inactive=shadowInactive, \
expire=shadowExpire, \
flag=shadowFlag
# printers.conf.byname
nisLDAPfieldFromAttribute printers.conf.byname: \
rf_key=printer-uri, \
names=("%s|", (printer-aliases), "|"), \
bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \
kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \
values=("%s:%s", yp:bsdaddr, yp:kvps), \
values=("%s:", yp:bsdaddr), \
values=yp:kvps, \
rf_comment=description
# prof_attr
nisLDAPfieldFromAttribute prof_attr: \
rf_key=cn, \
name=cn, \
res1=SolarisAttrReserved1, \
res2=SolarisAttrReserved2, \
desc=SolarisAttrLongDesc, \
attrs=SolarisAttrKeyValue
# project
nisLDAPfieldFromAttribute project.byname: \
rf_key=SolarisProjectName
nisLDAPfieldFromAttribute project.byprojid: \
rf_key=SolarisProjectID
nisLDAPfieldFromAttribute project: \
name=SolarisProjectName, \
projID=SolarisProjectID, \
comment=description, \
users=("%s,", (memberUid), ","), \
groups=("%s,", (memberGid), ","), \
attrs=("%s;", (SolarisProjectAttr), ";")
# protocols
nisLDAPfieldFromAttribute protocols.byname: \
("cn=%s,*", rf_key)=dn, \
(rf_key)=(cn)
nisLDAPfieldFromAttribute protocols.bynumber: \
rf_key=ipProtocolNumber, \
rf_comment=description
nisLDAPfieldFromAttribute protocols: \
("cn=%s,*", name)=dn, \
number=ipProtocolNumber, \
aliases=("%s ", (cn) - yp:name, " ")
# rpc.bynumber
nisLDAPfieldFromAttribute rpc.bynumber: \
rf_key=oncRpcNumber, \
number=oncRpcNumber, \
("cn=%s,*", name)=dn, \
aliases=("%s ", (cn) - yp:name, " "), \
rf_comment=description
# services
nisLDAPfieldFromAttribute services.byname: \
rf_key = ("%s/%s", ipServicePort, ipServiceProtocol)
nisLDAPfieldFromAttribute services.byservicename: \
(rf_key)=("%s/%s", cn, ipServiceProtocol), \
(rf_key)=(cn)
nisLDAPfieldFromAttribute services: \
("cn=%s+ipServiceProtocol=*", name)=dn, \
protocol=ipServiceProtocol, \
port=ipServicePort, \
aliases=("%s ", (cn) - yp:name, " "), \
rf_comment=description
# timezone.byname
nisLDAPfieldFromAttribute timezone.byname: \
rf_key=cn, \
hostName=cn, \
zoneName=nisplusTimeZone, \
rf_comment=description
# user_attr
nisLDAPfieldFromAttribute user_attr: \
("uid=%s,*", rf_key)=dn, \
("uid=%s,*", user)=dn, \
qualifier=SolarisUserAttr, \
res1=SolarisUserReserved1, \
res2=SolarisUserReserved2, \
attrs=SolarisAttrKeyValue
# publickey.byname
nisLDAPfieldFromAttribute keys.host: \
("cn=%s+ipHostNumber=*", cname)=dn, \
rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \
publicKey=nisPublicKey, \
secretKey=nisSecretKey
nisLDAPfieldFromAttribute keys.pass: \
rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \
publicKey=nisPublicKey, \
secretKey=nisSecretKey
nisLDAPfieldFromAttribute keys.nobody: \
rf_key=uid, \
publicKey=nisPublicKey, \
secretKey=nisSecretKey
# ypservers. This derived from IPlanet implementation not RFC.
nisLDAPfieldFromAttribute ypservers: \
rf_key=cn
' >> $MAP_FILE
}
#
# List all the non-default auto.* and custom maps.
#
list_auto_and_custom_nisLDAPfieldFromAttribute()
{
# auto.* entries are easy.
if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
fi
for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
do
echo "\
# ${_MAP}
nisLDAPfieldFromAttribute ${_MAP}: \\
rf_key=automountKey, \\
value=automountInformation
" >> $MAP_FILE
done
# Since we do not have enough information to generate
# entries for other custom maps, best we can do is to
# log this map names and ask user to take care of them.
ask_user_to_update_the_custom_map_entries_too
}
#
# List mapping of named fields from DIT entries
#
create_nisLDAPfieldFromAttribute()
{
[ CUST_CMT_NEEDED -eq 1 ] && echo '
# nisLDAPfieldFromAttribute : It specifies how a NIS entries
# field values are derived from LDAP attribute values.
#
# The format of nisLDAPfieldFromAttribute is :
# mapName ":" fieldattrspec *("," fieldattrspec)
' >> $MAP_FILE
# List all the default entries anyway.
list_default_nisLDAPfieldFromAttribute
# List all the non-default auto.* and custom maps.
list_auto_and_custom_nisLDAPfieldFromAttribute
echo "
#
#------------------------------------------------------------------------------
#
" >> $MAP_FILE
}
# Main function for creating the mapping file
create_mapping_file()
{
# Ask user the list of domains to be served by N2L
create_n2l_domain_list
# If there are no N2L domains or none selected, then exit
if [ $N2L_DMN_CNT -eq 0 ]; then
echo "There are no domains to serve. No mapping file generated."
return 1
fi
while :
do
get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;;
* ) break ;;
esac
done
MAP_FILE=${ANS}
[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE
# Backup existing mapping file if selected
check_back_mapping_file
# To prevent from leaving a partial mapping file in case some error
# or signal takes place which might result in machine starting in N2L
# mode at next reboot, store the output being generated in a temporary
# file first, and move it at the final destination only at the end if
# everything goes fine.
_MAP_FILE=$MAP_FILE
MAP_FILE=${TMPDIR}/${TMPMAP}.$$
echo "Generating mapping file temporarily as \"${MAP_FILE}\""
# Place copyright information
put_mapping_file_copyright_info
# Prepare various map lists for each domain
create_map_lists
# List domains and contexts
get_nisLDAPdomainContext
# List domains for which passwords should be changed
get_nisLDAPyppasswddDomains
# List databaseId mappings (aliases)
create_nisLDAPdatabaseIdMapping
# List comment character for maps
create_nisLDAPcommentChar
# List SECURE and INTERDOMAIN flags
create_nisLDAPmapFlags
# List TTL values
create_nisLDAPentryTtl
# List name fields
create_nisLDAPnameFields
# List split fields and repeated fields seperators.
create_split_field_and_repeatedfield_seperators
# List association of maps with RDNs and object classes.
create_nisLDAPobjectDN
# List mapping of named fields to DIT entries
create_nisLDAPattributeFromField
# List mapping of named fields from DIT entries
create_nisLDAPfieldFromAttribute
# We are done, so move back the mapping file from temp. location
# to actual location.
# In case the mapping file name has a directory component which does
# not exist, then create it now, otherwise 'mv' will return error.
DIR_TO_CREATE=`dirname ${_MAP_FILE}`
mkdir -p ${DIR_TO_CREATE}
echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)"
mv $MAP_FILE $_MAP_FILE
# Revert back the mapping file name in case needed.
MAP_FILE=$_MAP_FILE
echo "Finished creation of mapping file ( $MAP_FILE )"
}
#
# Main function for creating config file (ypserv)
#
process_config_file()
{
# Ask for confirmation if the file name is not specified.
if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then
display_msg no_config_file_name_specified
get_confirm_nodef "Do you want to create the config file (y/n) ?"
[ $? -eq 0 ] && return 0
while :
do
get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}"
# If help continue, otherwise break.
case "$ANS" in
[Hh] | help | Help | \?) display_msg new_config_file_name_help ;;
* ) break ;;
esac
done
CONFIG_FILE=${ANS}
[ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE
fi
# Backup existing config file if selected
check_back_config_file
# Create config file
create_config_file
}
#
# Main function for creating mapping file (NISLDAPmapping)
#
process_mapping_file()
{
# Ask for confirmation if the file name is not specified.
if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then
display_msg no_mapping_file_name_specified
get_confirm_nodef "Do you want to create the mapping file (y/n) ?"
[ $? -eq 0 ] && return 0
fi
# Create mapping file
create_mapping_file
}
###########################################
########### MAIN ###########
###########################################
PROG=`basename $0` # Program name
ABS_PROG=$0 # absolute path needed
# Only superuser should be able to run this script.
is_root_user
if [ $? -ne 0 ]; then
echo "ERROR : Only root can run $PROG"
exit 1
fi
# Initialize things
init
# Parse command line arguments.
parse_arg $*
# Create config file (ypserv)
process_config_file
# Create mapping file (NISLDAPmapping).
process_mapping_file
# Cleanup temp files and directories unless debug.
[ $DEBUG -eq 0 ] && cleanup
exit 0