#!/bin/bash ##### migration ldap des champs description en destinationlocator ##### # licence GPL # auteur : denis bonnenfant 6/02/2008 ## # $Id: install-ldap-internet.sh 3275 2008-10-12 18:10:44Z dbo $ ## if [ "$1" == "--help" -o "$1" == "-h" ] then echo "Script d'initialisation des enregistrements ldap cn=machine " echo "normalement exécuté à l'installation de se3-internet" echo "Usage : install-ldap-internet.sh [utilisateur|machine]" echo "--help cette aide" exit fi # réinitialisation des droits d'accès à internet : doit être executé la nuit # argument optionnel : un nom (login ou nom machine) if [ -z "$1" ]; then nom="*" else nom="$1" fi if [ -e /var/www/se3/includes/config.inc.php ]; then dbhost=`cat /var/www/se3/includes/config.inc.php | grep "dbhost=" | cut -d = -f 2 |cut -d \" -f 2` dbname=`cat /var/www/se3/includes/config.inc.php | grep "dbname=" | cut -d = -f 2 |cut -d \" -f 2` dbuser=`cat /var/www/se3/includes/config.inc.php | grep "dbuser=" | cut -d = -f 2 |cut -d \" -f 2` dbpass=`cat /var/www/se3/includes/config.inc.php | grep "dbpass=" | cut -d = -f 2 |cut -d \" -f 2` else echo "Fichier de conf inaccessible" >> $SE3LOG exit 1 fi # # Recuperation des params LDAP # BASEDN=`echo "SELECT value FROM params WHERE name='ldap_base_dn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` if [ -z "$BASEDN" ]; then echo "Impossible d'accéder au paramètre BASEDN" exit 1 fi COMPUTERSRDN=`echo "SELECT value FROM params WHERE name='computersRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` if [ -z "$COMPUTERSRDN" ]; then echo "Impossible d'accéder au paramètre COMPUTERSRDN" exit 1 fi PEOPLERDN=`echo "SELECT value FROM params WHERE name='peopleRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` if [ -z "$PEOPLERDN" ]; then echo "Impossible d'accéder au paramètre PEOPLERDN" exit 1 fi PARCSRDN=`echo "SELECT value FROM params WHERE name='parcsRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` if [ -z "$PARCSRDN" ]; then echo "Impossible d'accéder au paramètre PARCSRDN" exit 1 fi ADMINRDN=`echo "SELECT value FROM params WHERE name='adminRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` if [ -z "$ADMINRDN" ]; then echo "Impossible d'accéder au paramètre ADMINRDN" exit 1 fi ADMINPW=`echo "SELECT value FROM params WHERE name='adminPw'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` if [ -z "$ADMINPW" ]; then echo "Impossible d'accéder au paramètre ADMINPW" exit 1 fi # On cherche les machines echo "raz machines" for machine in $(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$nom))" cn | grep "cn:" | cut -d ' ' -f2) ; do droit_m=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$machine))" destinationIndicator | grep -i "destinationIndicator:" | cut -d " " -f2) if [ -z "$droit_m" ]; then droit_m=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$machine))" description | grep -i "description:" | cut -d " " -f2) if [ -n "$(echo $droit_m | grep ".*:.*:.*")" ]; then (echo "dn: cn=$machine,$COMPUTERSRDN,$BASEDN" echo "changetype: modify" echo "delete: description" echo "-" echo "add: destinationIndicator" echo "destinationIndicator: $droit_m" echo "-" )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null fi echo -n "." fi done # on cherche les utilisateurs et on réinitialise leurs droits echo "raz utilisateurs" for user in $(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$nom)" uid | grep "uid:" | cut -d " " -f2) ; do droit_u1=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$user)" destinationIndicator | grep -i "destinationIndicator:" | cut -d " " -f2) if [ -z "$(echo $droit_u1 | grep ".*:.*:.*")" ]; then droit_u=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$user)" description | grep -i "description" | cut -d " " -f2) if [ -n "$(echo $droit_u | grep ".*:.*:.*")" ]; then (echo "dn: uid=$user,$PEOPLERDN,$BASEDN" echo "changetype: modify" echo "delete: description" echo "-" if [ -n "$droit_u1" ]; then echo "delete: destinationIndicator" echo "-" fi echo "add: destinationIndicator" echo "destinationIndicator: $droit_u" echo "-" )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null fi echo -n "." fi done