This repository has been archived by the owner on Jan 7, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathexec-ldapupdate.sh
executable file
·135 lines (114 loc) · 4.46 KB
/
exec-ldapupdate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/sh
# exec-ldapupdate.sh
# Script to update LDAP user with proper Mobile ID SerialNumber of the DN
#
# arg1: User to be found
# arg2: MobileID SerialNumber
#
# Dependencies: ldapsearch, ldapmodify, sed, logger
#
# License: Licensed under the Apache License, Version 2.0 or later; see LICENSE.md
# Author: Swisscom (Schweiz) AG
# Possible return codes
RLM_MODULE_SUCCESS=0 # ok: the module succeeded
RLM_MODULE_FAIL=2 # fail: the module failed
RLM_MODULE_NOTFOUND=7 # notfound: the user was not found
# Logging functions
VERBOSITY=2 # Default verbosity to error (can be set by .properties)
silent_lvl=0
inf_lvl=1
err_lvl=2
dbg_lvl=3
inform() { log $inf_lvl "INFO: $@"; }
error() { log $err_lvl "ERROR: $@"; }
debug() { log $dbg_lvl "DEBUG: $@"; }
log() {
if [ $VERBOSITY -ge $1 ]; then # Logging to syslog and STDERR
logger -s "freeradius:exec-ldapupdate::$2"
if [ "$3" != "" ]; then logger -s "$3" ; fi
fi
}
# Cleanups of temporary files
cleanups()
{
[ -w "$TMP" ] && rm $TMP
[ -w "$TMP.update" ] && rm $TMP.search
[ -w "$TMP.update" ] && rm $TMP.update
}
# Get the Path of the script
PWD=$(dirname $0)
# Seeds the random number generator from PID of script
RANDOM=$$
# Check the dependencies
for cmd in ldapsearch ldapmodify sed logger; do
hash $cmd &> /dev/null
if [ $? -eq 1 ]; then error "Dependency error: '$cmd' not found" ; fi
done
# Get the params
USERID=$1
UNIQUEID=$2
[ "$USERID" = "" ] && error "Missing arg1: User to be found"
[ "$UNIQUEID" = "" ] && error "Missing arg2: MobileID SerialNumber"
# Read configuration from property file
FILE="$PWD/exec-ldapupdate.properties"
[ -r "$FILE" ] || error "Properties file ($FILE) missing or not readable"
. $PWD/exec-ldapupdate.properties
[ "$server" = "" ] && error "Missing 'server' setting in the properties file ($FILE)"
# Temporary files
TMP=$(mktemp /tmp/_tmp.XXXXXX)
[ -r "$TMP" ] || error "Error in creating temporary file(s)"
# Lookup for the user and get the DN
inform "Searching for $filter"
OPT="-LLL" # Print responses in LDIF format without comments and version
[ "$server" = "" ] || OPT="$OPT -H $server" # ldap server
[ "$basedn" = "" ] || OPT="$OPT -b $basedn" # base DN
[ "$userid" = "" ] || OPT="$OPT -D $userid" # Bind DN
[ "$password" = "" ] || OPT="$OPT -w $password" # Password
OPT="$OPT -s sub -z 1" # Other options: scope, results, timeout
[ "$timeout" = "" ] || OPT="$OPT -o nettimeout=$timeout"
OPT="$OPT $filter" # Filter
[ "$attributes" = "" ] || OPT="$OPT $attributes" # and attributes
debug "ldapsearch $OPT"
ldapsearch $OPT > $TMP.search
RC_LDAP=$?
DEBUG_INFO=`cat $TMP.search`
debug ">>> $TMP.search <<<" "$DEBUG_INFO"
if [ "$RC_LDAP" = "0" ]; then # Parse the search result
RES_DN=$(sed -n -e 's|dn: ||p' $TMP.search)
if [ "$RES_DN" != "" ]; then # Entry found
inform "Found entry $RES_DN"
if [ "$UNIQUEID" != "" ]; then # New value has been passed/set
inform "Changing $attribute_toupdate on entry $RES_DN with value $UNIQUEID"
# Updating the entry
UPDATE="dn: $RES_DN
changetype: modify
replace: $attribute_toupdate
$attribute_toupdate: $UNIQUEID"
echo "$UPDATE" > $TMP.update
OPT="-f $TMP.update" # File with LDIF content
[ "$server" = "" ] || OPT="$OPT -H $server" # ldap server
[ "$userid" = "" ] || OPT="$OPT -D $userid" # Bind DN
[ "$password" = "" ] || OPT="$OPT -w $password" # Password
OPT="$OPT -x" # Other options: quiet, timeout
[ "$timeout" = "" ] || OPT="$OPT -o nettimeout=$timeout"
debug "ldapmodify $OPT"
ldapmodify $OPT > /dev/null 2>&1
RC_LDAP=$?
DEBUG_INFO=`cat $TMP.update`
debug ">>> $TMP.update <<<" "$DEBUG_INFO"
if [ "$RC_LDAP" != "0" ]; then # Error in ldapmodify
error "ldapmodify failed with $RC_LDAP"
fi
fi
else # -> entry not found
inform "No entry $USERID found"
fi
else # -> error in ldapsearch
error "ldapsearch failed with $RC_LDAP"
fi
cleanups # Cleanups
# Allways return succes to avoid login error
RC=$RLM_MODULE_SUCCESS
inform "RC=$RC"
exit $RC
#==========================================================