1#! /usr/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 24# 25 26# 27# inityp2l -- Utility to generate YP (NIS) to LDAP 28# configuration file (/etc/default/ypserv) 29# and mapping file (/var/yp/NISLDAPmapping) 30# 31 32 33 34# 35# Displays message corresponding to the argument tag passed. 36# 37display_msg() 38{ 39 case "$1" in 40 usage) cat <<EOF 41 42 $PROG: [ -m mapping_file ] [ -c config_file ] 43 m <mapping_file> Name of the generated NISLDAP mapping file 44 Default is /var/yp/NISLDAPmapping 45 c <config_file> Name of the generated ypserv configuration file 46 Default is /etc/default/ypserv 47 48EOF 49 ;; 50 no_config_file_name_specified) cat <<EOF 51 52You have not specified the config file name. You still have the 53option to skip creating this file, specify a config file name, or 54continue creating it with the default file name (${CONFIG_FILE}). 55 56EOF 57 ;; 58 no_mapping_file_name_specified) cat <<EOF 59 60You have not specified the mapping file name. You still have the 61option to skip creating this file, specify a mapping file name, or 62continue creating it with the default file name (${MAP_FILE}). 63 64EOF 65 ;; 66 new_config_file_name_help) cat <<EOF 67 68You can either specify a new file name, or accept the default 69config file name (${CONFIG_FILE}). 70 71It is recommended not to use the default file name since this 72script just helps with rapid creation of a config file. You 73should examine it's content before using it. 74 75EOF 76 ;; 77 new_mapping_file_name_help) cat <<EOF 78 79You can either specify a new file name, or accept the default 80mapping file name (${MAP_FILE}). 81 82It is recommended not to use the default file name since this 83script just helps with rapid creation of a mapping file. You 84should examine it's content before using it. And if there are 85custom maps, then their entries in the mapping file need to be 86customized too. 87 88Also, creation of default mapping file would cause NIS components 89to work in NIS to LDAP (N2L), rather than traditional NIS, mode 90when next restarted. 91 92EOF 93 ;; 94 backup_config_file) cat <<EOF 95 96The config file "${CONFIG_FILE}" already exists. It is strongly 97recommended that you BACKUP this file before running $PROG. 98 99However, even if you continue, you would be given the option to 100back up this file before it gets overwritten. 101 102EOF 103 ;; 104 backup_mapping_file) cat <<EOF 105 106The mapping file "${MAP_FILE}" already exists. It is strongly 107recommended that you BACKUP this file before running $PROG. 108 109However, even if you continue, you would be given the option to 110back up this file before it gets overwritten. 111 112EOF 113 ;; 114 warn_n2l_mode) cat <<EOF 115 116Warning : Creation of default mapping file (`basename $MAP_FILE`) 117 at default location (`dirname $MAP_FILE`) would cause NIS 118 components to work in NIS to LDAP (N2L) mode, rather than 119 traditional NIS mode, when next restarted. 120 121 "$PROG" assists with rapid creation of a simple N2L mapping 122 file. The user should examine it's content before using it. 123 For custom maps, this file needs to be customized which can 124 be done using standard text editors. 125 126EOF 127 ;; 128 config_auth_method_menu) cat <<EOF 129 The following are the supported Authentication Methods - 130 1 none 131 2 simple 132 3 sasl/cram-md5 133 4 sasl/digest-md5 134EOF 135 ;; 136 auth_method_menu) cat <<EOF 137 The following are the supported Authentication Methods - 138 1 simple 139 2 sasl/cram-md5 140 3 sasl/digest-md5 141EOF 142 ;; 143 tls_method_menu) cat <<EOF 144 The following are the supported TLS Methods - 145 1 none 146 2 ssl 147EOF 148 ;; 149 retrieve_error_action_menu) cat <<EOF 150 The following are the supported actions - 151 1 use_cached 152 2 fail 153EOF 154 ;; 155 store_error_action_menu) cat <<EOF 156 The following are the supported actions - 157 1 retry 158 2 fail 159EOF 160 ;; 161 sorry) cat <<EOF 162 163HELP - No help is available for this topic. 164 165EOF 166 ;; 167 backup_config_file_cont_help) cat <<EOF 168 169HELP - Since $PROG will overwrite the existing config file, it is 170 strongly recommended that you backup this file prior to 171 running this utility. 172 173 However, even if you continue, you would be given the option 174 to back up this file before it gets overwritten. 175 176EOF 177 ;; 178 backup_config_file_help) cat <<EOF 179 180HELP - If you choose to backup the existing config file, it would be 181 saved with current date and time suffix in yymmdd.HH.MM.SS format. 182 183EOF 184 ;; 185 backup_mapping_file_cont_help) cat <<EOF 186 187HELP - Since $PROG will overwrite the existing mapping file, it is 188 strongly recommended that you backup this file prior to running 189 this utility. 190 191 However, even if you continue, you would be given the option to 192 back up this file before it gets overwritten. 193 194EOF 195 ;; 196 backup_mapping_file_help) cat <<EOF 197 198HELP - If you choose to backup the existing mapping file, it would be 199 saved with current date and time suffix in yymmdd.HH.MM.SS format. 200 201EOF 202 ;; 203 warn_n2l_mode_help) cat <<EOF 204 205HELP - It is strongly recommended that the mapping file is created at 206 non-default location (other than `dirname $MAP_FILE`). After this, 207 it's content should be verified, custom maps should be handled, 208 and if NIS components are desired to run in NIS to LDAP (N2L), 209 then only it should be copied at the default location. 210 211EOF 212 ;; 213 nisLDAPconfigDN_help) cat <<EOF 214 215HELP - The DN which stores the configuration information in LDAP. 216 There is no default value for this field. Leave empty or 217 undefined to get this information from config file (ypserv). 218 219EOF 220 ;; 221 nisLDAPconfigPreferredServerList_help) cat <<EOF 222 223HELP - List of directory servers to provide the configuration 224 information. There is no default. The preferred servers 225 must be entered IN THE ORDER you wish to have them contacted. 226 The preferred server list is a space separated list of IP 227 addresses. Providing port numbers is optional, and when not 228 supplied, port 389 is assumed. For an LDAP server running 229 on this machine, at port 389, use "127.0.0.1:389". 230 231EOF 232 ;; 233 auth_help) cat <<EOF 234 235HELP - The authentication method to be used to obtain information 236 from LDAP server. The supported methods are provided in menu. 237 238EOF 239 ;; 240 tls_help) cat <<EOF 241 242HELP - The transport layer security used for connection to the LDAP 243 server. In order to successfully use transport layer security, 244 the server must also support the chosen values. The supported 245 methods are provided in menu. Default is "$DEF_TLS". 246 247EOF 248 ;; 249 TLSCertificateDBPath_help) cat <<EOF 250 251HELP - The absolute path name of the directory containing the certificate 252 database. The default value is "$DEF_TLSCertificateDBPath" 253 254EOF 255 ;; 256 nisLDAPconfigProxyUser_help) cat <<EOF 257 258HELP - The bind DN of the proxy user used to obtain configuration 259 information. There is no default value. If the value ends 260 with a comma, the value of the nisLDAPconfigDN attribute 261 is appended. 262 263EOF 264 ;; 265 ProxyPassword_warn) cat <<EOF 266 267Warning : In order to avoid having this password publicly visible 268 on the machine, the password should appear only in the 269 configuration file, and the file should have an appropriate 270 owner, group, and file mode. 271 272 So, once this file is ready, please modify appropriately 273 to make sure this file is well protected. 274 275EOF 276 ;; 277 preferredServerList_help) cat <<EOF 278 279HELP - List of directory servers for mapping data to/from LDAP. 280 There is no default. The preferred servers must be entered 281 IN THE ORDER you wish to have them contacted. The preferred 282 server list is a space separated list of IP addresses. 283 Providing port numbers is optional, and when not supplied, 284 port 389 is assumed. For an LDAP server running on this 285 machine, at port 389, use "127.0.0.1:389". 286 287EOF 288 ;; 289 nisLDAPproxyUser_help) cat <<EOF 290 291HELP - The bind DN of the proxy user the ypserv to read or write 292 from or to LDAP. Assumed to have the appropriate permission 293 to read and modify LDAP data. There is no default value. If 294 the value ends with a comma, the value of the context for 295 the current domain (as defined by a nisLDAPdomainContext 296 attribute (NISLDAPmapping(5))) is appended. 297 298EOF 299 ;; 300 nisLDAPbindTimeout_help) cat <<EOF 301 302HELP - The amount of time in seconds after which an LDAP bind operation 303 will timeout. Default is $DEF_nisLDAPbindTimeout seconds. 304 Decimal values are allowed. 305 306EOF 307 ;; 308 nisLDAPsearchTimeout_help) cat <<EOF 309 310HELP - The amount of time in seconds after which an LDAP search operation 311 will timeout. Default is $DEF_nisLDAPsearchTimeout seconds. 312 Decimal values are allowed. 313 314EOF 315 ;; 316 nisLDAPmodifyTimeout_help) cat <<EOF 317 318HELP - The amount of time in seconds after which an LDAP modify operation 319 will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds. 320 Decimal values are allowed. 321 322EOF 323 ;; 324 nisLDAPaddTimeout_help) cat <<EOF 325 326HELP - The amount of time in seconds after which an LDAP add operation 327 will timeout. Default is $DEF_nisLDAPaddTimeout seconds. 328 Decimal values are allowed. 329 330EOF 331 ;; 332 nisLDAPdeleteTimeout_help) cat <<EOF 333 334HELP - The amount of time in seconds after which an LDAP delete operation 335 will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds. 336 Decimal values are allowed. 337 338EOF 339 ;; 340 nisLDAPsearchTimeLimit_help) cat <<EOF 341 342HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which 343 suggests a time limit for the search operation on the LDAP 344 server. The server may impose its own constraints on possible 345 values. See your LDAP server documentation. The default is the 346 nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value. 347 Only integer values are allowed. 348 349 Since the nisLDAPsearchTimeout limits the amount of time the 350 client ypserv will wait for completion of a search operation, 351 setting the nisLDAPsearchTimeLimit larger than the 352 nisLDAPsearchTimeout is not recommended. 353 354EOF 355 ;; 356 nisLDAPsearchSizeLimit_help) cat <<EOF 357 358HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which 359 suggests a size limit, in bytes, for the search results on 360 the LDAP server. The server may impose its own constraints 361 on possible values. See your LDAP server documentation. The 362 default is $DEF_nisLDAPsearchSizeLimit, which means unlimited. 363 Only integer values are allowed. 364 365EOF 366 ;; 367 nisLDAPfollowReferral_help) cat <<EOF 368 369HELP - Determines if the ypserv should follow referrals or not. 370 Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral. 371 372EOF 373 ;; 374 nisLDAPretrieveErrorAction_help) cat <<EOF 375 376HELP - If an error occurs while trying to retrieve an entry from 377 LDAP, one of the following actions can be selected: 378 379 use_cached : Retry the retrieval the number of time specified 380 by nisLDAPretrieveErrorAttempts, with the 381 nisLDAPretrieveErrorTimeout value controlling 382 the wait between each attempt. 383 384 If all attempts fail then log a warning and 385 return the value currently in the cache to the 386 client. This is the default value. 387 388 fail : Proceed as for 'use_cached' but if all attempts 389 fail return a YPERR_YPERR error to the client. 390 391EOF 392 ;; 393 nisLDAPretrieveErrorAttempts_help) cat <<EOF 394 395HELP - The number of times a failed retrieval should be retried. 396 The default is unlimited. Note while retries are made, the 397 NIS daemon will be prevented from servicing further requests. 398 Hence, values other than 1 should be used with caution. 399 400EOF 401 ;; 402 nisLDAPretrieveErrorTimeout_help) cat <<EOF 403 404HELP - The timeout (in seconds) between each new attempt to retrieve 405 LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds. 406 407EOF 408 ;; 409 nisLDAPstoreErrorAction_help) cat <<EOF 410 411HELP - If an error occurs while trying to store data to the LDAP 412 repository, one of the following actions can be selected : 413 414 retry : Retry operation nisLDAPstoreErrorAttempts times with 415 nisLDAPstoreErrorTimeout seconds between each attempt. 416 Note while retries are made the NIS daemon will be 417 prevented from servicing further requests. Use with 418 caution. This is the default value. 419 420 fail : Return YPERR_YPERR error to the client. 421 422EOF 423 ;; 424 nisLDAPstoreErrorAttempts_help) cat <<EOF 425 426HELP - The number of times a failed attempt to store data to the 427 LDAP repository should be retried. The default is unlimited. 428 429 The value for nisLDAPstoreErrorAttempts is ignored unless 430 nisLDAPstoreErrorAction=retry. 431 432EOF 433 ;; 434 nisLDAPstoreErrorTimeout_help) cat <<EOF 435 436HELP - The timeout (in seconds) between each new attempt to store 437 LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds. 438 439 The value for nisLDAPstoreErrorTimeout is ignored unless 440 nisLDAPstoreErrorAction=retry. 441 442EOF 443 ;; 444 selectDomain4N2L_help) cat <<EOF 445 446HELP - Whether this domain needs to be served by YP to LDAP transition 447 solution. The default is no in which case the data in this 448 domain would not be taken care for transitioning to LDAP. 449 450EOF 451 ;; 452 generate_comment_info_for_cust_map_help) cat <<EOF 453 454HELP - If selected, this script will try to add relevant comments 455 in the mapping file which might help in customizing the 456 mapping information for custom maps. 457 458EOF 459 ;; 460 generate_mapping_info_for_cust_map_help) cat <<EOF 461 462HELP - If selected, this script will try to generate mapping 463 information for this map assuming it is a "simple" map. 464 465 A map is assumed to be "simple" if each entry of this map 466 has only one "key value" entry in YP, and if each map entry 467 can be represented as a single DIT string in the LDAP server. 468 469 If this map is not a simple map and you do want to store it 470 in LDAP, you have two options : 471 472 1 - Answer yes, and this script would generate the mapping 473 information for this map assuming it is a simple map. 474 And once the execution of the script is over, you can 475 customize the mapping information by hand editing the 476 mapping file. 477 478 2 - Answer no, and this script would not generate mapping 479 info for this map. And once the execution of the script 480 is over, you can include the customized mapping 481 information by hand editing the mapping file. 482 483EOF 484 ;; 485 nisLDAPdomainContext_help) cat <<EOF 486 487HELP - This parameter defines the context (default location) in 488 the directory tree at which all the name service entries 489 for this particular domain would be stored. 490 491EOF 492 ;; 493 nisLDAPyppasswddDomains_help) cat <<EOF 494 495HELP - Lists the domains for which password changes should be 496 made. If this is not present then the value returned by 497 'domainname' will be used. 498 499 NIS password change requests do not specify the domains in 500 which any given password should be changed. (In traditional 501 NIS this information is effectively hard coded in the NIS 502 makefile.) 503 504EOF 505 ;; 506 custom_map_comment_char_help) cat <<EOF 507 508HELP - If selected, it will allow you to specify a character which 509 would represent the start of the special 'comment' field in 510 a given NIS map. If this attribute is not present then the 511 default comment character '#' is used. 512 513 If a map cannot contain comments then the blank comment 514 character ('') should be specified (just hit the return key). 515 516EOF 517 ;; 518 same_comment_char_help) cat <<EOF 519 520HELP - If selected, for a given map, it will allow you to specify 521 a common comment character for all the domains. 522 523 Or else by selecting NO, for the same map, you would be 524 given the option to specify different comment character 525 for different domains. 526 527EOF 528 ;; 529 secure_flag_on_help) cat <<EOF 530 531HELP - Secure flag is set on maps which are generated with 532 "makedbm -s". When converting data from LDAP to YP, 533 it adds YP_SECURE entries. 534 535EOF 536 ;; 537 secure_flag_all_domains_help) cat <<EOF 538 539HELP - If selected, it will allow you to set the secure flag on 540 for this map for all the domains. 541 542 Or else by selecting NO, you would be given the option to 543 set this flag, for the same map, on per domain basis. 544 545EOF 546 ;; 547 interdomain_flag_on_help) cat <<EOF 548 549HELP - Interdomain flag is set on a set of maps which are generated 550 with "makedbm -b". It signals NIS servers to use the domain 551 name resolver for host name and address lookups for hosts 552 not found in the maps. 553 554 If selected, it adds YP_INTERDOMAIN entries in these maps 555 when converting data from LDAP to YP. 556 557EOF 558 ;; 559 interdomain_flag_all_domains_help) cat <<EOF 560 561HELP - If selected, it will allow you to set the interdomain flag 562 on for all the domains. 563 564 Or else by selecting NO, you would be given the option to 565 set this flag on per domain basis. 566 567EOF 568 ;; 569 initialTTLlo_help) cat <<EOF 570 571HELP - The lower limit for the initial TTL (in seconds) for data 572 read from disk when the ypserv starts. If initialTTLhi also 573 is specified, the actual initialTTL will be randomly selected 574 from the interval initialTTLlo to initialTTLhi (inclusive). 575 576 Leaving the field empty yields the default value of $DEF_iTTLlo. 577 578EOF 579 ;; 580 initialTTLhi_help) cat <<EOF 581 582HELP - The upper limit for the initial TTL (in seconds). 583 If left empty, defaults to "$DEF_iTTLhi". 584 585EOF 586 ;; 587 runningTTL_help) cat <<EOF 588 589HELP - The TTL (in seconds) for data retrieved from LDAP while the 590 ypserv is running. If left empty, defaults to "$DEF_runTTL". 591 592EOF 593 ;; 594 default_ttl_help) cat <<EOF 595 596HELP - The default TTL value for each map is set to : 597 ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL} 598 599 Select yes if you want to change the current TTL value. 600 601EOF 602 ;; 603 non_default_same_ttl_help) cat <<EOF 604 605HELP - Select yes if you want to set a new TTL value, but want 606 to keep it same for all the maps. 607 608EOF 609 ;; 610 non_default_different_ttl_help) cat <<EOF 611 612HELP - Select yes if you want to set TTL value for each map, but 613 want to keep it same for all the domains. 614 615EOF 616 ;; 617 default_different_ttl_help) cat <<EOF 618 619HELP - Select yes if you want to accept the default TTL 620 value for this map. 621 622EOF 623 ;; 624 same_ttl_across_domains_help) cat <<EOF 625 626HELP - Select yes if you want to set TTL value for the map, 627 but want to keep it same for all the domains. 628 629EOF 630 ;; 631 632 esac 633} 634 635# 636# Echo the message passed only if DEBUG is set. 637# Reduces the line width significantly. 638# 639d_echo() 640{ 641[ DEBUG -eq 1 ] && echo $@ 642} 643 644 645# 646# get_ans(): gets an answer from the user. 647# $1 instruction/comment/description/question 648# $2 default value 649# 650get_ans() 651{ 652 if [ -z "$2" ] 653 then 654 echo "$1 \c" 655 else 656 echo "$1 [$2] \c" 657 fi 658 659 read ANS 660 if [ -z "$ANS" ] 661 then 662 ANS=$2 663 fi 664} 665 666 667# 668# get_ans_req(): gets an answer (required) from the user, NULL value not allowed. 669# $@ instruction/comment/description/question 670# 671get_ans_req() 672{ 673 ANS="" # Set ANS to NULL. 674 while [ "$ANS" = "" ] 675 do 676 get_ans "$@" 677 [ "$ANS" = "" ] && echo "NULL value not allowed!" 678 done 679} 680 681 682# 683# get_integer(): Querys and verifies that number entered is integer. 684# Function will repeat prompt user for integer value. 685# $1 Message text. 686# $2 default value. 687# $3 Help argument. 688# 689get_integer() 690{ 691 ANS="" # Set ANS to NULL. 692 NUM="" 693 694 get_ans "$1" "$2" 695 696 # Verify that value is integer. 697 while not_integer $ANS 698 do 699 case "$ANS" in 700 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 701 * ) echo "Invalid value: \"${ANS}\". \c" 702 ;; 703 esac 704 705 # Get a new value. 706 get_ans "Enter an integer value:" "$2" 707 done 708 NUM=$ANS 709} 710 711 712# 713# get_number(): Querys and verifies that number entered is numeric. 714# Function will repeat prompt user for numeric value. 715# $1 Message text. 716# $2 default value. 717# $3 Help argument. 718# 719get_number() 720{ 721 ANS="" # Set ANS to NULL. 722 NUM="" 723 724 get_ans "$1" "$2" 725 726 # Verify that value is numeric. 727 while not_numeric $ANS 728 do 729 case "$ANS" in 730 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 731 * ) echo "Invalid value: \"${ANS}\". \c" 732 ;; 733 esac 734 735 # Get a new value. 736 get_ans "Enter a numeric value:" "$2" 737 done 738 NUM=$ANS 739} 740 741 742# 743# get_pos_int(): Only allows positive integer. 744# 745# $1 - Prompt message. 746# $2 - Default value (require). 747# $3 - Optional help argument. 748get_pos_int() 749{ 750 while : 751 do 752 get_integer "$1" "$2" "$3" 753 754 if [ $ANS -lt 0 ]; then 755 echo "Invalid number: please enter a positive integer." 756 else 757 break # Positive integer 758 fi 759 done 760} 761 762 763# 764# get_pos_num(): Only allows positive number. 765# 766# $1 - Prompt message. 767# $2 - Default value (require). 768# $3 - Optional help argument. 769get_pos_num() 770{ 771 while : 772 do 773 get_number "$1" "$2" "$3" 774 775 if [ $ANS -lt 0 ]; then 776 echo "Invalid number: please enter a positive number." 777 else 778 break # Positive number 779 fi 780 done 781} 782 783 784# 785# 786# get_passwd(): Reads a password from the user and verify with second. 787# $@ instruction/comment/description/question 788# 789get_passwd() 790{ 791 [ $DEBUG -eq 1 ] && echo "In get_passwd()" 792 793 # Temporary PASSWD variables 794 _PASS1="" 795 _PASS2="" 796 797 # Handle signals, so that echo can be turned back on if Ctrl-C. 798 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 799 800 /usr/bin/stty -echo # Turn echo OFF 801 802 # Endless loop that continues until passwd and re-entered passwd 803 # match. 804 while : 805 do 806 ANS="" # Set ANS to NULL. 807 808 # Don't allow NULL for first try. 809 while [ "$ANS" = "" ] 810 do 811 get_ans "$@" 812 [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!" 813 done 814 _PASS1=$ANS # Store first try. 815 816 # Get second try. 817 echo "" 818 get_ans "Re-enter passwd:" 819 _PASS2=$ANS 820 821 # Test if passwords are identical. 822 if [ "$_PASS1" = "$_PASS2" ]; then 823 break 824 fi 825 826 # Move cursor down to next line and print ERROR message. 827 echo "" 828 echo "ERROR: passwords don't match; try again." 829 done 830 831 /usr/bin/stty echo # Turn echo ON 832 833 # Removed signal handler 834 trap 1 2 3 6 15 835 836 echo "" 837} 838 839 840# 841# get_passwd_nochk(): Reads a password from the user w/o check. 842# $@ instruction/comment/description/question 843# 844get_passwd_nochk() 845{ 846 [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()" 847 848 # Handle signals, so that echo can be turned back on if Ctrl-C. 849 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 850 851 /usr/bin/stty -echo # Turn echo OFF 852 853 get_ans "$@" 854 855 /usr/bin/stty echo # Turn echo ON 856 857 # Removed signal handler 858 trap 1 2 3 6 15 859 860 echo "" 861} 862 863 864# 865# get_confirm(): Get confirmation from the user. (Y/Yes or N/No) 866# $1 - Message 867# $2 - default value. 868# 869get_confirm() 870{ 871 _ANSWER= 872 873 while : 874 do 875 # Display Internal ERROR if $2 not set. 876 if [ -z "$2" ]; then 877 echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional." 878 exit 2 879 fi 880 881 # Display prompt. 882 echo "$1 [$2] \c" 883 884 # Get the ANSWER. 885 read _ANSWER 886 if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then 887 _ANSWER=$2 888 fi 889 case "$_ANSWER" in 890 [Yy] | yes | Yes | YES) return 1 ;; 891 [Nn] | no | No | NO) return 0 ;; 892 [Hh] | help | Help | \?) display_msg ${3:-sorry};; 893 * ) echo "Please enter y or n." ;; 894 esac 895 done 896} 897 898 899# 900# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No) 901# No default value supported. Returns 1 for yes. 902# 903get_confirm_nodef() 904{ 905 _ANSWER= 906 907 while : 908 do 909 echo "$@ \c" 910 read _ANSWER 911 case "$_ANSWER" in 912 [Yy] | yes | Yes | YES) return 1 ;; 913 [Nn] | no | No | NO) return 0 ;; 914 * ) echo "Please enter y or n." ;; 915 esac 916 done 917} 918 919 920# 921# is_integer(): Tells if a string is numeric integer. 922# 0 = Integer 923# 1 = NOT Integer 924# 925is_integer() 926{ 927 # Check for parameter. 928 if [ $# -ne 1 ]; then 929 return 1 930 fi 931 932 # Determine if integer. 933 expr "$1" + 1 > /dev/null 2>&1 934 935 if [ $? -ge 2 ]; then 936 return 1 937 fi 938 939 # Made it here, it's Numeric. 940 return 0 941} 942 943 944# 945# not_integer(): Reverses the return values of is_integer. Useful 946# for if and while statements that want to test for 947# non-integer data. 948# 0 = NOT Integer 949# 1 = Integer 950# 951not_integer() 952{ 953 is_integer $1 954 if [ $? -eq 0 ]; then 955 return 1 956 else 957 return 0 958 fi 959} 960 961 962# 963# is_numeric(): Tells if a string is numeric. 964# 0 = Numeric 965# 1 = NOT Numeric 966# 967is_numeric() 968{ 969 # Check for parameter. 970 if [ $# -ne 1 ]; then 971 return 1 972 fi 973 974 # Determine if numeric. 975 let _NUM="$1 + 1" > /dev/null 2>&1 976 977 if [ $? -eq 0 ]; then 978 return 0 979 fi 980 981} 982 983 984# 985# not_numeric(): Reverses the return values of is_numeric. Useful 986# for if and while statements that want to test for 987# non-numeric data. 988# 0 = NOT Numeric 989# 1 = Numeric 990# 991not_numeric() 992{ 993 is_numeric $1 994 if [ $? -eq 0 ]; then 995 return 1 996 else 997 return 0 998 fi 999} 1000 1001 1002# 1003# domain_2_dc(): Convert a domain name into dc string. 1004# $1 .. Domain name. 1005# 1006domain_2_dc() 1007{ 1008 _DOM=$1 # Domain parameter. 1009 _DOM_2_DC="" # Return value from function. 1010 _FIRST=1 # Flag for first time. 1011 1012 export _DOM_2_DC # Make visible for others. 1013 1014 # Convert "."'s to spaces for "for" loop. 1015 domtmp="`echo ${_DOM} | tr '.' ' '`" 1016 for i in $domtmp; do 1017 if [ $_FIRST -eq 1 ]; then 1018 _DOM_2_DC="dc=${i}" 1019 _FIRST=0 1020 else 1021 _DOM_2_DC="${_DOM_2_DC},dc=${i}" 1022 fi 1023 done 1024} 1025 1026 1027# 1028# is_root_user(): Check to see if logged in as super user. 1029# 1030is_root_user() 1031{ 1032 case `id` in 1033 uid=0\(root\)*) return 0 ;; 1034 * ) return 1 ;; 1035 esac 1036} 1037 1038 1039# 1040# parse_arg(): Parses the command line arguments and sets the 1041# appropriate variables. 1042# 1043parse_arg() 1044{ 1045 while getopts ":dm:c:" ARG 1046 do 1047 case $ARG in 1048 d) DEBUG=1;; 1049 1050 m) MAP_FILE=$OPTARG 1051 MAPPING_FILE_SPECIFIED=1;; 1052 1053 c) CONFIG_FILE=$OPTARG 1054 CONFIG_FILE_SPECIFIED=1;; 1055 1056 \?) echo "**ERROR: Invalid option '$OPTARG'" 1057 display_msg usage 1058 exit 1;; 1059 esac 1060 done 1061 1062 shift `expr $OPTIND - 1` 1063 if [ $# -gt 0 ]; then 1064 echo "**ERROR: wrong usage " 1065 display_msg usage 1066 exit 1 1067 fi 1068} 1069 1070 1071# 1072# present() : Checks if the first argument exists in the 1073# argument list. Returns 0 if found, else 1. 1074# 1075present () 1076{ 1077_ELEMENT=$1 1078 1079shift 1080ARG_LIST=$@ 1081 1082for item in $ARG_LIST 1083do 1084 [ "$_ELEMENT" = "$item" ] && return 0 1085done 1086 1087# If reached here, then the clement does not exist 1088return 1 1089} 1090 1091 1092# 1093# remove() : Returns a new string after removing the first 1094# argument in the argument list. 1095# 1096remove () 1097{ 1098_ELEMENT=$1 1099 1100shift 1101ARG_LIST=$@ 1102 1103NEW_LIST="" 1104 1105for item in $ARG_LIST 1106do 1107 [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item" 1108done 1109 1110echo $NEW_LIST 1111return 0 1112} 1113 1114 1115# 1116# merge_lists() : Returns a list after merging elements 1117# (uniquely) supplied in the argument list. 1118# 1119merge_lists() 1120{ 1121MERGED_LIST="" 1122 1123for _VAR in "$@" 1124do 1125 if ! present $_VAR $MERGED_LIST; then 1126 MERGED_LIST="$MERGED_LIST $_VAR" 1127 fi 1128done 1129 1130echo $MERGED_LIST 1131return 0 1132} 1133 1134 1135# 1136# init(): initializes variables and options 1137# 1138init() 1139{ 1140# General variables. 1141DEBUG=0 # Set Debug OFF 1142 1143MAPPING_FILE_SPECIFIED=0 # No file name passed 1144CONFIG_FILE_SPECIFIED=0 # No file name passed 1145 1146# Prevent others from snooping 1147umask 077 1148 1149# Set default config and mapping files. 1150DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping" 1151DEFAULT_CONFIG_FILE="/etc/default/ypserv" 1152 1153MAP_FILE="$DEFAULT_MAP_FILE" 1154CONFIG_FILE="$DEFAULT_CONFIG_FILE" 1155 1156# Set and create TMPDIR. Use a safe place to discourage hackers. 1157TMPDIR="/var/yp/inityp2l" 1158 1159# Temporary file names to be used to prevent system starting in 1160# N2L mode in case something goes wrong during file creation. 1161TMPCONF="ypserv-tmp" 1162TMPMAP="NISLDAPmapping-tmp" 1163 1164# Remove if the temp directory has been leftover 1165[ -d "$TMPDIR" ] && rm -rf $TMPDIR 1166mkdir $TMPDIR 1167if [ $? -ne 0 ]; then 1168 echo ERROR : Failed to create temp directory $TMPDIR 1169 exit 1 1170fi 1171 1172# Initialize the default NIS maps. 1173DEFAULT_NIS_MAPS="passwd.byname 1174 passwd.byuid 1175 group.byname 1176 group.bygid 1177 hosts.byaddr 1178 hosts.byname 1179 ipnodes.byaddr 1180 ipnodes.byname 1181 ethers.byaddr 1182 ethers.byname 1183 networks.byaddr 1184 networks.byname 1185 rpc.bynumber 1186 services.byname 1187 services.byservicename 1188 printers.conf.byname 1189 project.byname 1190 project.byprojid 1191 protocols.byname 1192 protocols.bynumber 1193 netgroup 1194 netgroup.byuser 1195 netgroup.byhost 1196 bootparams 1197 mail.aliases 1198 mail.byaddr 1199 publickey.byname 1200 netid.byname 1201 netmasks.byaddr 1202 passwd.adjunct.byname 1203 group.adjunct.byname 1204 timezone.byname 1205 auth_attr 1206 exec_attr 1207 prof_attr 1208 user_attr 1209 audit_user 1210 auto.master 1211 auto.home 1212 ypservers" 1213 1214set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS 1215 1216# The default TTL maps in database ID format. 1217DEF_TTL_MAPLIST="audit_user 1218 auto.home 1219 auto.master 1220 auth_attr 1221 bootparams 1222 ethers 1223 exec_attr 1224 group 1225 group.adjunct.byname 1226 keys.host 1227 keys.pass 1228 keys.nobody 1229 hosts 1230 multihosts 1231 ipnodes 1232 multiipnodes 1233 netgroup 1234 networks 1235 passwd 1236 passwd.adjunct.byname 1237 printers.conf.byname 1238 prof_attr 1239 project 1240 protocols 1241 services 1242 mail.aliases 1243 mail.mapping 1244 netid.host 1245 netid.pass 1246 netmasks.byaddr 1247 rpc.bynumber 1248 ageing.byname 1249 timezone.byname 1250 user_attr 1251 ypservers" 1252 1253 1254# Initialize default values for config parameters. 1255 1256configDN_flag=0 1257DEF_nisLDAPconfigDN="" 1258DEF_TLS=none 1259DEF_TLSCertificateDBPath=/var/yp/ 1260DEF_nisLDAPbindTimeout=15 1261DEF_nisLDAPsearchTimeout=180 1262DEF_nisLDAPmodifyTimeout=15 1263DEF_nisLDAPaddTimeout=15 1264DEF_nisLDAPdeleteTimeout=15 1265DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout} 1266DEF_nisLDAPsearchSizeLimit=0 1267DEF_nisLDAPfollowReferral=no 1268DEF_nisLDAPretrieveErrorAction=use_cached 1269 1270# The default is unlimited, but since it prevents the NIS daemon, 1271# from servicing further requests, set 1 as the suggested value. 1272SUG_nisLDAPretrieveErrorAttempts=1 1273DEF_nisLDAPretrieveErrorTimeout=15 1274DEF_nisLDAPstoreErrorAction=retry 1275 1276# The default is unlimited, but set 1 as the suggested value. 1277SUG_nisLDAPstoreErrorAttempts=1 1278DEF_nisLDAPstoreErrorTimeout=15 1279 1280# Default TTL values (in seconds) for NIS MAPS for mapping file. 1281DEF_iTTLlo=1800 1282DEF_iTTLhi=5400 1283DEF_runTTL=3600 1284 1285} 1286 1287 1288# 1289# config_auth_menu_handler(): Enter the authentication method 1290# for config server. 1291# 1292config_auth_menu_handler() 1293{ 1294 # Display Auth menu 1295 display_msg config_auth_method_menu 1296 1297 # Get a Valid choice. 1298 while : 1299 do 1300 # Display appropriate prompt and get answer. 1301 get_ans_req " Choose one Authentication Method (h=help):" 1302 1303 # Determine choice. 1304 _MENU_CHOICE=$ANS 1305 case "$_MENU_CHOICE" in 1306 1) _AUTHMETHOD="none" 1307 break ;; 1308 2) _AUTHMETHOD="simple" 1309 break ;; 1310 3) _AUTHMETHOD="sasl/cram-md5" 1311 break ;; 1312 4) _AUTHMETHOD="sasl/digest-md5" 1313 break ;; 1314 h) display_msg auth_help ;; 1315 *) echo "Please enter 1-4, or h=help." ;; 1316 esac 1317 done 1318} 1319 1320 1321# 1322# auth_menu_handler(): Enter the Authentication method for LDAP server. 1323# 1324auth_menu_handler() 1325{ 1326 # Display Auth menu 1327 display_msg auth_method_menu 1328 1329 # Get a Valid choice. 1330 while : 1331 do 1332 # Display appropriate prompt and get answer. 1333 get_ans_req " Choose one Authentication Method (h=help):" 1334 1335 # Determine choice. 1336 _MENU_CHOICE=$ANS 1337 case "$_MENU_CHOICE" in 1338 1) _AUTHMETHOD="simple" 1339 break ;; 1340 2) _AUTHMETHOD="sasl/cram-md5" 1341 break ;; 1342 3) _AUTHMETHOD="sasl/digest-md5" 1343 break ;; 1344 h) display_msg auth_help ;; 1345 *) echo "Please enter 1-3, or h=help." ;; 1346 esac 1347 done 1348} 1349 1350 1351# 1352# tls_menu_handler(): Enter the transport layer security 1353# 1354tls_menu_handler() 1355{ 1356 # Display TLS menu 1357 display_msg tls_method_menu 1358 1359 # Get a Valid choice. 1360 while : 1361 do 1362 # Display appropriate prompt and get answer. 1363 # Default value is "none". 1364 1365 get_ans " Choose one Transport Layer Security Method (h=help):" "1" 1366 1367 # Determine choice. 1368 _MENU_CHOICE=$ANS 1369 case "$_MENU_CHOICE" in 1370 1) _TLSMETHOD="none" 1371 break ;; 1372 2) _TLSMETHOD="ssl" 1373 break ;; 1374 h) display_msg tls_help ;; 1375 *) echo "Please enter 1, 2, or h=help." ;; 1376 esac 1377 done 1378} 1379 1380 1381# 1382# retrieve_error_action_menu_handler(): Enter the retrieve error action 1383# 1384retrieve_error_action_menu_handler() 1385{ 1386 # Display retrieve error action menu 1387 display_msg retrieve_error_action_menu 1388 1389 # Get a Valid choice. 1390 while : 1391 do 1392 # Display appropriate prompt and get answer. use_cached is default 1393 get_ans " Choose one retrieval error action (h=help):" "1" 1394 1395 # Determine choice. 1396 _MENU_CHOICE=$ANS 1397 case "$_MENU_CHOICE" in 1398 1) _RET_ERR_ACT="use_cached" 1399 break ;; 1400 2) _RET_ERR_ACT="fail" 1401 break ;; 1402 h) display_msg nisLDAPretrieveErrorAction_help ;; 1403 *) echo "Please enter 1, 2, or h=help." ;; 1404 esac 1405 done 1406} 1407 1408 1409# 1410# store_error_action_menu_handler(): Enter the store error action 1411# 1412store_error_action_menu_handler() 1413{ 1414 # Display store error action menu 1415 display_msg store_error_action_menu 1416 1417 # Get a Valid choice. 1418 while : 1419 do 1420 # Display appropriate prompt and get answer. retry is default 1421 get_ans " Choose one store error action (h=help):" "1" 1422 1423 # Determine choice. 1424 _MENU_CHOICE=$ANS 1425 case "$_MENU_CHOICE" in 1426 1) _STOR_ERR_ACT="retry" 1427 break ;; 1428 2) _STOR_ERR_ACT="fail" 1429 break ;; 1430 h) display_msg nisLDAPstoreErrorAction_help ;; 1431 *) echo "Please enter 1, 2, or h=help." ;; 1432 esac 1433 done 1434} 1435 1436 1437# 1438# cleanup(): Remove the TMPDIR and all files in it. 1439# 1440cleanup() 1441{ 1442[ $DEBUG -eq 1 ] && echo "In cleanup()" 1443 1444# Leave the temp directory if debug is set 1445[ $DEBUG -eq 0 ] && rm -rf $TMPDIR 1446} 1447 1448 1449# Save existing config file if elected 1450check_back_config_file() 1451{ 1452if [ -f $CONFIG_FILE ]; then 1453 display_msg backup_config_file 1454 1455 get_confirm "Do you wish to continue (y/n/h)?" \ 1456 "n" "backup_config_file_cont_help" 1457 1458 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1459 cleanup ; exit 1 1460 fi 1461 1462 get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \ 1463 "y" "backup_config_file_help" 1464 1465 if [ $? -eq 1 ]; then # Save the old config file with timestamp 1466 1467 # SCCS converts '% H %' (without spaces) in current date during putback. 1468 # So use some other combination. 1469 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1470 1471 cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX} 1472 echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}" 1473 fi 1474fi 1475} 1476 1477 1478# Save existing mapping file if elected 1479check_back_mapping_file() 1480{ 1481if [ -f $MAP_FILE ]; then 1482 display_msg backup_mapping_file 1483 1484 get_confirm "Do you wish to continue (y/n/h)?" \ 1485 "n" "backup_mapping_file_cont_help" 1486 1487 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1488 cleanup ; exit 1 1489 fi 1490 1491 get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \ 1492 "y" "backup_mapping_file_help" 1493 1494 if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp 1495 1496 # SCCS converts '% H %' (without spaces) in current date during putback. 1497 # So use some other combination. 1498 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1499 1500 cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX} 1501 echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}" 1502 fi 1503 1504else 1505 if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then 1506 display_msg warn_n2l_mode 1507 1508 get_confirm "Do you wish to continue (y/n/h)?" \ 1509 "n" "warn_n2l_mode_help" 1510 1511 if [ $? -eq 0 ]; then 1512 cleanup ; exit 1 1513 fi 1514 fi 1515fi 1516} 1517 1518 1519put_config_file_copyright_info() 1520{ 1521 1522# Start with an empty file, so don't append, but overwrite here. 1523# Just change the name, but keep the same date and version number 1524# as in the ident string of this script. 1525 1526grep "ident \"@(#)$PROG" $ABS_PROG | \ 1527 sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE 1528 1529echo "\ 1530# 1531# CDDL HEADER START 1532# 1533# The contents of this file are subject to the terms of the 1534# Common Development and Distribution License (the "License"). 1535# You may not use this file except in compliance with the License. 1536# 1537# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 1538# or http://www.opensolaris.org/os/licensing. 1539# See the License for the specific language governing permissions 1540# and limitations under the License. 1541# 1542# When distributing Covered Code, include this CDDL HEADER in each 1543# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1544# If applicable, add the following below this CDDL HEADER, with the 1545# fields enclosed by brackets "[]" replaced with your own identifying 1546# information: Portions Copyright [yyyy] [name of copyright owner] 1547# 1548# CDDL HEADER END 1549# 1550# 1551# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 1552#\ 1553" >> $MAP_FILE 1554} 1555 1556 1557get_nisLDAPconfigDN() 1558{ 1559while : 1560do 1561 1562get_ans "DN for configuration information (h=help):" 1563 1564# If help continue, otherwise break. 1565case "$ANS" in 1566 [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;; 1567 * ) break ;; 1568esac 1569done 1570 1571nisLDAPconfigDN="${ANS}" 1572 1573# Store in config file only if a non-default value is specified. 1574if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then 1575 echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE 1576fi 1577 1578# Ask remaining config server related questions only if this 1579# DN is set. So, if a value is specified, set a flag. 1580 1581[ "$ANS" != "" ] && configDN_flag=1 1582} 1583 1584 1585get_nisLDAPconfigPreferredServerList() 1586{ 1587while : 1588do 1589 1590get_ans_req "Preferred server list for configuration information (h=help):" 1591 1592# If help continue, otherwise break. 1593case "$ANS" in 1594 [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;; 1595 * ) break ;; 1596esac 1597done 1598 1599nisLDAPconfigPreferredServerList=${ANS} 1600echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE 1601} 1602 1603 1604get_nisLDAPconfigAuthenticationMethod() 1605{ 1606_AUTHMETHOD="" 1607 1608echo "Select the Authentication Method for configuration server :" 1609config_auth_menu_handler 1610 1611nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD} 1612echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1613} 1614 1615 1616get_nisLDAPconfigTLS() 1617{ 1618_TLSMETHOD="" 1619 1620echo "Select the Transport Layer Security (TLS) for configuration server :" 1621tls_menu_handler 1622 1623nisLDAPconfigTLS=${_TLSMETHOD} 1624 1625# Store in config file only if a non-default value is specified. 1626if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1627 echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1628fi 1629} 1630 1631 1632get_nisLDAPconfigTLSCertificateDBPath() 1633{ 1634while : 1635do 1636 1637get_ans "Path with TLS Certificate DB for configuration server (h=help):"\ 1638 "${DEF_TLSCertificateDBPath}" 1639 1640# If help continue, otherwise break. 1641case "$ANS" in 1642 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1643 * ) break ;; 1644esac 1645done 1646 1647nisLDAPconfigTLSCertificateDBPath=${ANS} 1648 1649# Store in config file only if a non-default value is specified. 1650if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1651 echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1652fi 1653} 1654 1655 1656get_nisLDAPconfigProxyUser() 1657{ 1658while : 1659do 1660 1661get_ans_req "Proxy user bind DN to obtain configuration information (h=help):" 1662# If help continue, otherwise break. 1663case "$ANS" in 1664 [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;; 1665 * ) break ;; 1666esac 1667done 1668 1669nisLDAPconfigProxyUser=${ANS} 1670echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE 1671} 1672 1673 1674get_nisLDAPconfigProxyPassword() 1675{ 1676get_passwd "Proxy user password to obtain configuration information :" 1677nisLDAPconfigProxyPassword=${ANS} 1678 1679echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE 1680 1681display_msg ProxyPassword_warn 1682} 1683 1684 1685get_preferredServerList() 1686{ 1687while : 1688do 1689 1690get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):" 1691 1692# If help continue, otherwise break. 1693case "$ANS" in 1694 [Hh] | help | Help | \?) display_msg preferredServerList_help ;; 1695 * ) break ;; 1696esac 1697done 1698 1699preferredServerList=${ANS} 1700echo "preferredServerList=${ANS}" >> $CONFIG_FILE 1701} 1702 1703 1704get_authenticationMethod() 1705{ 1706_AUTHMETHOD="" 1707 1708echo "Select the Authentication Method for mapping data to/from LDAP :" 1709auth_menu_handler 1710 1711authenticationMethod=${_AUTHMETHOD} 1712echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1713} 1714 1715 1716get_nisLDAPTLS() 1717{ 1718_TLSMETHOD="" 1719 1720echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :" 1721tls_menu_handler 1722 1723nisLDAPTLS=${_TLSMETHOD} 1724 1725# Store in config file only if a non-default value is specified. 1726if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1727 echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1728fi 1729} 1730 1731 1732get_nisLDAPTLSCertificateDBPath() 1733{ 1734while : 1735do 1736 1737get_ans "Path with TLS Certificate DB for LDAP data server (h=help):"\ 1738 "${DEF_nisLDAPTLSCertificateDBPath}" 1739 1740# If help continue, otherwise break. 1741case "$ANS" in 1742 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1743 * ) break ;; 1744esac 1745done 1746 1747nisLDAPTLSCertificateDBPath=${ANS} 1748 1749# Store in config file only if a non-default value is specified. 1750if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1751 echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1752fi 1753} 1754 1755 1756get_nisLDAPproxyUser() 1757{ 1758while : 1759do 1760 1761get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):" 1762 1763# If help continue, otherwise break. 1764case "$ANS" in 1765 [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;; 1766 * ) break ;; 1767esac 1768done 1769 1770nisLDAPproxyUser=${ANS} 1771echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE 1772} 1773 1774 1775get_nisLDAPproxyPassword() 1776{ 1777get_passwd "Proxy user password to read/write data from/to LDAP :" 1778nisLDAPproxyPassword=${ANS} 1779 1780echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE 1781 1782display_msg ProxyPassword_warn 1783} 1784 1785 1786get_nisLDAPbindTimeout() 1787{ 1788get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \ 1789 "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help" 1790 1791nisLDAPbindTimeout=${NUM} 1792 1793# Store in config file only if a non-default value is specified. 1794if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then 1795 echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE 1796fi 1797} 1798 1799 1800get_nisLDAPsearchTimeout() 1801{ 1802get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \ 1803 "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help" 1804 1805nisLDAPsearchTimeout=${NUM} 1806 1807# Store in config file only if a non-default value is specified. 1808if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then 1809 echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE 1810fi 1811} 1812 1813 1814get_nisLDAPmodifyTimeout() 1815{ 1816get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \ 1817 "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help" 1818 1819nisLDAPmodifyTimeout=${NUM} 1820 1821# Store in config file only if a non-default value is specified. 1822if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then 1823 echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE 1824fi 1825} 1826 1827 1828get_nisLDAPaddTimeout() 1829{ 1830get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \ 1831 "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help" 1832 1833nisLDAPaddTimeout=${NUM} 1834 1835# Store in config file only if a non-default value is specified. 1836if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then 1837 echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE 1838fi 1839} 1840 1841 1842get_nisLDAPdeleteTimeout() 1843{ 1844get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \ 1845 "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help" 1846 1847nisLDAPdeleteTimeout=${NUM} 1848 1849# Store in config file only if a non-default value is specified. 1850if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then 1851 echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE 1852fi 1853} 1854 1855 1856get_nisLDAPsearchTimeLimit() 1857{ 1858get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \ 1859 "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help" 1860 1861nisLDAPsearchTimeLimit=${NUM} 1862 1863# Store in config file only if a non-default value is specified. 1864if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then 1865 echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE 1866fi 1867} 1868 1869 1870get_nisLDAPsearchSizeLimit() 1871{ 1872get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \ 1873 "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help" 1874 1875nisLDAPsearchSizeLimit=${NUM} 1876 1877# Store in config file only if a non-default value is specified. 1878if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then 1879 echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE 1880fi 1881} 1882 1883 1884get_nisLDAPfollowReferral() 1885{ 1886get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \ 1887 "n" "nisLDAPfollowReferral_help" 1888 1889if [ $? -eq 1 ]; then 1890 _ANS="yes" 1891else 1892 _ANS="no" 1893fi 1894 1895# Store in config file only if a non-default value is specified. 1896if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then 1897 echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE 1898fi 1899} 1900 1901 1902get_nisLDAPretrieveErrorAction() 1903{ 1904_RET_ERR_ACT="" 1905 1906echo "Select the action to be taken in case of LDAP retrieval error :" 1907retrieve_error_action_menu_handler 1908 1909nisLDAPretrieveErrorAction=${_RET_ERR_ACT} 1910 1911# Store in config file only if a non-default value is specified. 1912if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then 1913 echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE 1914fi 1915} 1916 1917 1918get_nisLDAPretrieveErrorAttempts() 1919{ 1920 1921get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \ 1922 "$SUG_nisLDAPretrieveErrorAttempts" \ 1923 "nisLDAPretrieveErrorAttempts_help" 1924 1925nisLDAPretrieveErrorAttempts=${NUM} 1926 1927echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE 1928} 1929 1930 1931get_nisLDAPretrieveErrorTimeout() 1932{ 1933# if nisLDAPretrieveErrorAttempts=0, then no point in asking 1934# for timeout vales as it is ignored anyway. 1935 1936[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0 1937 1938get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\ 1939 "${DEF_nisLDAPretrieveErrorTimeout}" \ 1940 "nisLDAPretrieveErrorTimeout_help" 1941 1942nisLDAPretrieveErrorTimeout=${NUM} 1943 1944# Store in config file only if a non-default value is specified. 1945if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then 1946 echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE 1947fi 1948} 1949 1950 1951get_nisLDAPstoreErrorAction() 1952{ 1953_STOR_ERR_ACT="" 1954 1955echo "Select the action to be taken in case of LDAP store error :" 1956store_error_action_menu_handler 1957 1958nisLDAPstoreErrorAction=${_STOR_ERR_ACT} 1959 1960# Store in config file only if a non-default value is specified. 1961if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then 1962 echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE 1963fi 1964} 1965 1966 1967get_nisLDAPstoreErrorAttempts() 1968{ 1969 1970# if nisLDAPstoreErrorAction="fail", then no point in asking 1971# for no. of attempts or timeout vales as they are ignored. 1972 1973[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1974 1975get_pos_int "Number of attempts in case of LDAP store error (h=help):" \ 1976 "$SUG_nisLDAPstoreErrorAttempts" \ 1977 "nisLDAPstoreErrorAttempts_help" 1978 1979nisLDAPstoreErrorAttempts=${NUM} 1980 1981echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE 1982} 1983 1984 1985get_nisLDAPstoreErrorTimeout() 1986{ 1987 1988# if nisLDAPstoreErrorAction="fail", then no point in asking 1989# for no. of attempts or timeout vales as they are ignored. 1990 1991[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1992 1993# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question. 1994 1995[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0 1996 1997get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\ 1998 "${DEF_nisLDAPstoreErrorTimeout}" \ 1999 "nisLDAPstoreErrorTimeout_help" 2000 2001nisLDAPstoreErrorTimeout=${NUM} 2002 2003# Store in config file only if a non-default value is specified. 2004if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then 2005 echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE 2006fi 2007} 2008 2009 2010 2011create_config_file() 2012{ 2013 2014# To prevent from leaving a partial config file in case some error or 2015# signal takes place, store the output being generated in a temporary 2016# file first, and move it at the final destination only at the end if 2017# everything goes fine. 2018 2019_CONFIG_FILE=$CONFIG_FILE 2020CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$ 2021 2022echo "Generating config file temporarily as \"${CONFIG_FILE}\"" 2023 2024# Truncate the file before we append anything. 2025# Place copyright information 2026put_config_file_copyright_info 2027 2028# Filter out all the YP domains in /var/yp 2029# The list of domains is stored in list "VARYP_DMN_LIST" 2030 2031echo "\ 2032# 2033# Configuration file for ypserv(8); see ypserv(5) for more information, 2034# and NISLDAPmapping(5) for configuration of NIS to LDAP mapping. 2035 2036# Unless otherwise noted, commented lines show default values. 2037" >> $CONFIG_FILE 2038 2039echo "\ 2040# Where to look for configuration information in LDAP. Leave empty or 2041# undefined to use this file, in which case the values of the other 2042# 'nisLdapConfig*' attributes are ignored. 2043# 2044#nisLDAPconfigDN=\ 2045" >> $CONFIG_FILE 2046 2047get_nisLDAPconfigDN 2048 2049echo " 2050 2051# Server(s) for configuration information. There is no default; 2052# use the value on the line below for an LDAP server running on 2053# this machine, at port 389. 2054#nisLDAPconfigPreferredServerList=127.0.0.1:389\ 2055" >> $CONFIG_FILE 2056 2057[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList 2058 2059echo " 2060 2061# Authentication method(s) to obtain configuration information. 2062#\ 2063" >> $CONFIG_FILE 2064 2065[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod 2066 2067echo " 2068 2069# Transport layer security for configuration information 2070# 2071#nisLDAPconfigTLS=${DEF_TLS}\ 2072" >> $CONFIG_FILE 2073 2074[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS 2075 2076echo " 2077 2078# Certificate DB for transport layer security 2079# 2080#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2081" >> $CONFIG_FILE 2082 2083# ask for Certificate DB only if SSL is set 2084if [ "${nisLDAPconfigTLS}" = "ssl" ]; then 2085 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath 2086fi 2087 2088echo " 2089 2090# Proxy user(s) to obtain configuration information. The line below 2091# is an example of the format. 2092# 2093#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\ 2094" >> $CONFIG_FILE 2095 2096# Ask proxy user bind DN only if needed. 2097if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2098 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser 2099fi 2100 2101echo " 2102 2103# Password for proxy user. Must be supplied if the authentication method 2104# requires a password. If a password appears in this file, it should be 2105# protected appropriately against access by unauthorized users. 2106# 2107#nisLDAPconfigProxyPassword=\ 2108" >> $CONFIG_FILE 2109 2110if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2111 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword 2112fi 2113 2114echo " 2115 2116# Server list for mapping data to/from LDAP. There is no default; 2117# use the value on the line below for an LDAP server running on 2118# this machine, at port 389. 2119#preferredServerList=127.0.0.1:389\ 2120" >> $CONFIG_FILE 2121 2122get_preferredServerList 2123 2124echo " 2125 2126# Authentication method for mapping data to/from LDAP 2127#\ 2128" >> $CONFIG_FILE 2129 2130get_authenticationMethod 2131 2132echo " 2133 2134# Transport layer security for mapping data to/from LDAP. 2135# 2136#nisLDAPTLS=${DEF_TLS}\ 2137" >> $CONFIG_FILE 2138 2139get_nisLDAPTLS 2140 2141echo " 2142 2143# Certificate DB for transport layer security 2144# 2145#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2146" >> $CONFIG_FILE 2147 2148# ask for Certificate DB only if SSL is set 2149if [ "${nisLDAPTLS}" = "ssl" ]; then 2150 get_nisLDAPTLSCertificateDBPath 2151fi 2152 2153echo " 2154 2155# Proxy user for ypserv. Assumed to have appropriate permission to read 2156# and/or create or modify LDAP data. The line below is an example of the 2157# format. 2158# 2159#nisLDAPproxyUser=cn=nisAdmin,ou=People,\ 2160" >> $CONFIG_FILE 2161 2162# Ask proxy user bind DN only if needed. 2163if [ "${authenticationMethod}" != "none" ]; then 2164 get_nisLDAPproxyUser 2165fi 2166 2167echo " 2168 2169# Password for proxy user. Must be supplied if the authentication method 2170# requires a password. If a password appears in this file, it should be 2171# protected appropriately against unauthorized access. 2172# 2173#nisLDAPproxyPassword=\ 2174" >> $CONFIG_FILE 2175 2176if [ "${authenticationMethod}" != "none" ]; then 2177 get_nisLDAPproxyPassword 2178fi 2179 2180echo " 2181 2182# Timeouts and time/size limits for LDAP operations. 2183# 2184#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\ 2185" >> $CONFIG_FILE 2186 2187get_nisLDAPbindTimeout 2188 2189echo " 2190#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\ 2191" >> $CONFIG_FILE 2192 2193get_nisLDAPsearchTimeout 2194 2195echo " 2196#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\ 2197" >> $CONFIG_FILE 2198 2199get_nisLDAPmodifyTimeout 2200 2201echo " 2202#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\ 2203" >> $CONFIG_FILE 2204 2205get_nisLDAPaddTimeout 2206 2207echo " 2208#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\ 2209" >> $CONFIG_FILE 2210 2211get_nisLDAPdeleteTimeout 2212 2213echo " 2214#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\ 2215" >> $CONFIG_FILE 2216 2217get_nisLDAPsearchTimeLimit 2218 2219echo " 2220#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\ 2221" >> $CONFIG_FILE 2222 2223get_nisLDAPsearchSizeLimit 2224 2225echo " 2226 2227# Should the ypserv follow LDAP referrals ? 2228# 2229#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\ 2230" >> $CONFIG_FILE 2231 2232get_nisLDAPfollowReferral 2233 2234echo " 2235 2236# Action, number of attempts, and timeout following an LDAP retrieval error 2237# 2238#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\ 2239" >> $CONFIG_FILE 2240 2241get_nisLDAPretrieveErrorAction 2242 2243echo " 2244#nisLDAPretrieveErrorAttempts=\ 2245" >> $CONFIG_FILE 2246 2247get_nisLDAPretrieveErrorAttempts 2248 2249echo " 2250#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\ 2251" >> $CONFIG_FILE 2252 2253get_nisLDAPretrieveErrorTimeout 2254 2255echo " 2256 2257# Action, number of attempts, and timeout following an LDAP store error 2258# 2259#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\ 2260" >> $CONFIG_FILE 2261 2262get_nisLDAPstoreErrorAction 2263 2264echo " 2265#nisLDAPstoreErrorAttempts=\ 2266" >> $CONFIG_FILE 2267 2268get_nisLDAPstoreErrorAttempts 2269 2270echo " 2271#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\ 2272" >> $CONFIG_FILE 2273 2274get_nisLDAPstoreErrorTimeout 2275 2276 2277# We are done, so move back the config file from temp. location 2278# to actual location. 2279# In case the config file name has a directory component which does 2280# not exist, then create it now, otherwise 'mv' will return error. 2281 2282DIR_TO_CREATE=`dirname ${_CONFIG_FILE}` 2283mkdir -p ${DIR_TO_CREATE} 2284 2285echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)" 2286mv $CONFIG_FILE $_CONFIG_FILE 2287 2288# Revert back the config file name in case needed. 2289CONFIG_FILE=$_CONFIG_FILE 2290echo "Finished creation of config file ( $_CONFIG_FILE )" 2291 2292} 2293 2294 2295put_mapping_file_copyright_info() 2296{ 2297 2298# Start with an emptty file, so don't append, but overwrite here. 2299# Just change the name and add the word pragma, but keep the same 2300# date and version number as in the ident string of this script. 2301 2302grep "ident \"@(#)$PROG" $ABS_PROG | \ 2303 sed "s/ ident/pragma ident/g" | \ 2304 sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE 2305 2306echo "\ 2307# 2308# CDDL HEADER START 2309# 2310# The contents of this file are subject to the terms of the 2311# Common Development and Distribution License (the "License"). 2312# You may not use this file except in compliance with the License. 2313# 2314# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 2315# or http://www.opensolaris.org/os/licensing. 2316# See the License for the specific language governing permissions 2317# and limitations under the License. 2318# 2319# When distributing Covered Code, include this CDDL HEADER in each 2320# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 2321# If applicable, add the following below this CDDL HEADER, with the 2322# fields enclosed by brackets "[]" replaced with your own identifying 2323# information: Portions Copyright [yyyy] [name of copyright owner] 2324# 2325# CDDL HEADER END 2326# 2327# 2328# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 2329# 2330#------------------------------------------------------------------- 2331#\ 2332" >> $MAP_FILE 2333} 2334 2335 2336# 2337# Filter out all the YP domains in /var/yp 2338# The list of domains is stored in list "VARYP_DMN_LIST" 2339# 2340create_all_var_yp_domain_list() 2341{ 2342VARYP_DMN_LIST="" 2343 2344for entry in /var/yp/* 2345do 2346 DMN=`basename $entry` 2347 if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ] 2348 then 2349 VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN" 2350 fi 2351done 2352 2353# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2354[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2355} 2356 2357 2358# 2359# Ask user which domains would be served by N2L 2360# The list of N2L domains is stored in global array 2361# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT 2362# 2363create_n2l_domain_list() 2364{ 2365# First make a list of all the domains in /var/yp 2366create_all_var_yp_domain_list 2367 2368# Now identify those to be served by N2L 2369let count=0 2370 2371for DMN in $VARYP_DMN_LIST 2372do 2373 get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \ 2374 "n" "selectDomain4N2L_help" 2375 2376 if [ $? -eq 1 ]; then 2377 N2L_DMN_LIST[count]=$DMN 2378 let count="count + 1" 2379 fi 2380 2381done 2382N2L_DMN_CNT=$count 2383 2384[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]} 2385[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT 2386} 2387 2388 2389# 2390# Make various lists for different types of maps for each N2L domain 2391# and ask user if mapping information and comments need to be generated 2392# for custom maps. 2393# 2394# This function looks big, but since KSH does not support 2-D arrays, or 2395# two level of dereferencing, it forced to have so many lists and arrays. 2396# Lists are better for adding or removing elements, and arrays are better 2397# for accessing with index and in knowing the no. of elements. 2398# 2399create_map_lists() 2400{ 2401# Initialize them with no maps. 2402ALL_DMN_ALL_MAPLIST="" 2403ALL_DMN_DEF_MAPLIST="" 2404ALL_DMN_CUST_MAPLIST="" 2405ALL_DMN_AUTO_CUST_MAPLIST="" 2406 2407# Default to don't generate custom mapping info or comment info. 2408CUST_MAP_NEEDED=0 2409CUST_CMT_NEEDED=0 2410 2411let count=0 2412 2413while (( $count < $N2L_DMN_CNT )) 2414do 2415 DMN=${N2L_DMN_LIST[count]} 2416 MAPDIR=/var/yp/${DMN} 2417 2418 # Initialize per domain lists to NULL. 2419 ALL_MAPLIST="" 2420 DEF_MAPLIST="" 2421 CUST_MAPLIST="" 2422 AUTO_CUST_MAPLIST="" 2423 2424 for dbmfile in $MAPDIR/*.dir 2425 do 2426 MAP=`basename $dbmfile .dir` 2427 2428 # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname) 2429 if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \ 2430 [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]] 2431 then 2432 ALL_MAPLIST="$ALL_MAPLIST $MAP" 2433 2434 if present $MAP $DEFAULT_NIS_MAPS 2435 then 2436 DEF_MAPLIST="$DEF_MAPLIST $MAP" 2437 2438 elif [[ $MAP = auto.* ]] 2439 then 2440 AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP" 2441 2442 else 2443 # If we reached here, means it is custom map. 2444 get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \ 2445 "n" "generate_mapping_info_for_cust_map_help" 2446 2447 if [ $? -eq 1 ] 2448 then 2449 CUST_MAPLIST="$CUST_MAPLIST $MAP" 2450 else 2451 # If a customer map is not desired, then delete it from 2452 # all maplist too. 2453 ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST) 2454 fi 2455 2456 fi 2457 2458 fi 2459 2460 done 2461 2462 # Make ALL_DMN lists as they are very helpful in checking if a map exists. 2463 ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST) 2464 ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST) 2465 ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST) 2466 ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \ 2467 $AUTO_CUST_MAPLIST) 2468 2469 # Store per domain lists in arrays. 2470 ALL_MAPS[$count]="$ALL_MAPLIST" 2471 DEF_MAPS[$count]="$DEF_MAPLIST" 2472 CUST_MAPS[$count]="$CUST_MAPLIST" 2473 AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST" 2474 2475 [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]} 2476 [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]} 2477 [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]} 2478 [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]} 2479 2480 let count="count + 1" 2481done 2482 2483[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST 2484[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST 2485[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST 2486[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST 2487 2488# Store all domain lists in array too. 2489set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST 2490set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST 2491set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST 2492set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST 2493 2494# A positive customer map count implies custom mapping information 2495# is required. Set this flag. 2496[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1 2497 2498# Give bit of info, and ask if comments need to be placed in mapping file 2499echo " 2500 This script can place relevant information regarding custom 2501 maps at appropriate places in the mapping file which can be 2502 helpful in customizing this file. 2503" 2504 2505get_confirm "Do you want such information to be generated (y/n/h)?" \ 2506 "n" "generate_comment_info_for_cust_map_help" 2507 2508[ $? -eq 1 ] && CUST_CMT_NEEDED=1 2509 2510[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED 2511[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED 2512 2513} 2514 2515 2516# 2517# Ask user the context for each (N2l) domain 2518# 2519get_nisLDAPdomainContext() 2520{ 2521echo " 2522# List domains and contexts 2523" >> $MAP_FILE 2524 2525for DMN in ${N2L_DMN_LIST[*]} 2526do 2527 while : 2528 do 2529 # Convert to domain in dc format for default choice 2530 domain_2_dc $DMN 2531 2532 get_ans "Enter the naming context for $DMN domain (h=help):"\ 2533 "$_DOM_2_DC" 2534 2535 # If help continue, otherwise break. 2536 case "$ANS" in 2537 [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;; 2538 * ) break ;; 2539 esac 2540 done 2541 2542 # If a value is specified, set it, and save in mapping file too. 2543 if [ "$ANS" != "" ]; then 2544 echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE 2545 fi 2546 2547 [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}" 2548done 2549} 2550 2551 2552# 2553# Ask user the domains for which passwords should be changed 2554# 2555get_nisLDAPyppasswddDomains() 2556{ 2557 2558echo " 2559# List domains for which passwords should be changed. If this is not 2560# present then the value returned by 'domainname' will be used. 2561" >> $MAP_FILE 2562 2563for DMN in ${N2L_DMN_LIST[*]} 2564do 2565 get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \ 2566 "n" "nisLDAPyppasswddDomains_help" 2567 2568 if [ $? -eq 1 ]; then 2569 echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE 2570 fi 2571done 2572 2573echo " 2574# 2575#------------------------------------------------------------------- 2576#\ 2577" >> $MAP_FILE 2578} 2579 2580 2581# 2582# Create NIS databaseId mappings (aliases) 2583# 2584create_nisLDAPdatabaseIdMapping() 2585{ 2586echo ' 2587# Associate map names with databaseIds (aliases) 2588 2589# Standard maps 2590nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname 2591nisLDAPdatabaseIdMapping group: group.bygid group.byname 2592nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \ 2593 hosts.byaddr hosts.byname 2594# Special mapping to handle the YP_MULTI cases 2595nisLDAPdatabaseIdMapping multihosts: \ 2596 [addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \ 2597 hosts.byname 2598nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname 2599nisLDAPdatabaseIdMapping project: project.byname project.byprojid 2600nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber 2601nisLDAPdatabaseIdMapping services: services.byname services.byservicename 2602 2603# netid.byname is built up from the hosts and passwd files using different 2604# mappings. It thus has two associated nisLDAPdatabaseIdMappings. 2605nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname 2606nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname 2607 2608# The next two are special databaseIds. They associate maps with databaseIds 2609# but additionally identify which maps contain password and password adjunct 2610# information for yppasswdd. 2611nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid 2612 2613# mail.byaddr needs to select entries of the form x@y or x!y 2614nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \ 2615 mail.byaddr 2616 2617# publickey.byname 2618# Each entry in publickey map consists of a network user name which 2619# may refer to a host or a user. It also contains a default entry for nobody. 2620# Hence, we need three nisLDAPdatabaseIdmappings to support the three 2621# different types of keys. 2622nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \ 2623 publickey.byname 2624nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \ 2625 publickey.byname 2626nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname 2627 2628# Single standard maps. No point aliasing. 2629# mail.aliases 2630# netmasks.byaddr 2631# rpc.bynumber 2632# ypservers 2633 2634# Other maps 2635# ipnodes looks identical to hosts but maps to a different context. 2636nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \ 2637 ipnodes.byaddr ipnodes.byname 2638# Special mapping to handle the YP_MULTI cases 2639nisLDAPdatabaseIdMapping multiipnodes: \ 2640 [addr="*:*,*"] \ 2641 ipnodes.byname 2642 2643# Other single maps. No point aliasing 2644# audit_user 2645# auth_attr 2646# exec_attr 2647# prof_attr 2648# user_attr 2649# auto.home 2650# auto.master 2651# bootparams 2652# timezone.byname 2653# printers.conf.byname 2654# passwd.adjunct.byname 2655# group.adjunct.byname 2656' >> $MAP_FILE 2657 2658[ CUST_CMT_NEEDED -eq 1 ] && \ 2659echo " 2660# If any custom map needs to be aliased, then it should be listed 2661# here in the following format : 2662# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...] 2663" >> $MAP_FILE 2664 2665[ CUST_MAP_NEEDED -eq 1 ] && \ 2666echo "\ 2667# Not aliasing non-default/custom maps as they are assumed to be 2668# simple, single maps.\ 2669" >> $MAP_FILE 2670 2671for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 2672do 2673 echo "# $MAP" >> $MAP_FILE 2674done 2675 2676echo "\ 2677# 2678#------------------------------------------------------------------------------ 2679# 2680" >> $MAP_FILE 2681} 2682 2683 2684# 2685# Finds the domains in which the given map exists in the supplied list. 2686# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are 2687# set globally, so they can be accessed from any where. 2688# Input : $1 - map, $2 - list name (just name, not the value) 2689# 2690find_domains() 2691{ 2692_MAP=$1 2693_ARRAY=$2 2694 2695let PRESENT_COUNT=0 2696PRESENT_IN_DOMAINS="" 2697 2698let count=0 2699 2700while (( $count < $N2L_DMN_CNT )) 2701do 2702 2703 # Quick and dirty way to get around unavailability of 2D array 2704 case "$_ARRAY" in 2705 ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;; 2706 DEF_MAPS ) _LIST=${DEF_MAPS[$count]} ;; 2707 CUST_MAPS ) _LIST=${CUST_MAPS[$count]} ;; 2708 AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;; 2709 * ) echo "Invalid value: \"${_ARRAY}\". \c" 2710 ;; 2711 esac 2712 2713 if present $_MAP $_LIST 2714 then 2715 let PRESENT_COUNT="$PRESENT_COUNT + 1" 2716 PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}" 2717 fi 2718 let count="count + 1" 2719done 2720 2721[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT" 2722[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS" 2723 2724return 0 2725} 2726 2727 2728# 2729# For a given map, find out which list it belongs to (PRESENT_IN_LIST), 2730# and in how many domains this map shows up (PRESENT_COUNT), and in 2731# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so 2732# they can be accessed from any where. 2733# 2734find_map_presence_details() 2735{ 2736_MAP=$1 2737 2738let PRESENT_COUNT=0 2739PRESENT_IN_LIST="" 2740PRESENT_IN_DOMAINS="" 2741 2742# If the map does not exist, return right away, else 2743# find which list it belongs to. 2744# If a map exists in def or auto or cust lists, then 2745# it also exists in "all" list. 2746 2747if ! present $_MAP $ALL_DMN_ALL_MAPLIST 2748then 2749 return 1 2750 2751elif present $_MAP $ALL_DMN_DEF_MAPLIST 2752then 2753 PRESENT_IN_LIST="DEF_MAPS" 2754 2755elif present $_MAP $ALL_DMN_CUST_MAPLIST 2756then 2757 PRESENT_IN_LIST="CUST_MAPS" 2758 2759else 2760 # If map exists, and not in previous two lists, 2761 # then it has to be here only. 2762 PRESENT_IN_LIST="AUTO_CUST_MAPS" 2763fi 2764 2765# Now we know which list the map belongs to. So, we need to 2766# find which are the domains in which this map exists. 2767 2768find_domains $_MAP $PRESENT_IN_LIST 2769 2770# Since the above function sets the values of PRESENT_COUNT and 2771# PRESENT_IN_DOMAINS fields, we don't need to do anything else. 2772 2773[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST" 2774 2775return 0 2776} 2777 2778 2779# 2780# Check if the comment char is a single character, return 0 on success. 2781# Input is passed via global variable "COMMENT_CHAR" 2782# 2783valid_comment_char() 2784{ 2785COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c` 2786 2787# echo adds new line character, so adjust length appropriately 2788if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then 2789 echo " Comment character has to be a blank or single character; try again." 2790 return 1 2791else 2792 return 0 2793fi 2794} 2795 2796 2797# 2798# Read the comment character for a MAP. Append in mapping file if valid. 2799# Input - $1 : MAP name 2800# 2801get_comment_char() 2802{ 2803_MAP=$1 2804 2805while : 2806do 2807 get_ans "Specify the comment character for $_MAP :" 2808 COMMENT_CHAR=$ANS 2809 2810 if valid_comment_char; then 2811 break 2812 fi 2813done 2814 2815echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE 2816} 2817 2818 2819# 2820# Read a seperate comment character for a MAP for each domain and 2821# update this information in mapping file. 2822# Input - $1 : MAP name, $@ : list of domains 2823# 2824get_comment_char_per_domain() 2825{ 2826_MAP=$1 2827shift 2828_DOMAIN_LIST="$@" 2829 2830for _DMN in $_DOMAIN_LIST 2831do 2832 2833 while : 2834 do 2835 2836 get_ans "Specify the comment character for $_MAP,${_DMN} :" 2837 COMMENT_CHAR=$ANS 2838 2839 if valid_comment_char; then 2840 break 2841 fi 2842 2843 done 2844 echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE 2845 2846done 2847} 2848 2849 2850# 2851# This function generates custom comment entries. The output is 2852# appended in the mapping file. 2853# 2854get_custom_nisLDAPcommentChar() 2855{ 2856 2857# All the auto mounter maps are assumed to have '#' as the default comment 2858# char. But still list the non-default auto map entries here anyway. This 2859# will make it very easy in case these entries need to be changed. 2860 2861for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 2862do 2863 echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE 2864done 2865 2866if [ CUST_MAP_NEEDED -eq 1 ]; then 2867 get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \ 2868 "n" "custom_map_comment_char_help" 2869 2870 if [ $? -eq 1 ]; then 2871 for MAP in ${ALL_DMN_CUST_MAPS[*]} 2872 do 2873 2874 get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \ 2875 "n" "custom_map_comment_char_help" 2876 2877 if [ $? -eq 1 ]; then 2878 find_domains $MAP CUST_MAPS 2879 if [ $PRESENT_COUNT -gt 1 ]; then 2880 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 2881 2882 get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \ 2883 "y" "same_comment_char_help" 2884 2885 if [ $? -eq 1 ]; then 2886 get_comment_char $MAP 2887 else 2888 get_comment_char_per_domain $MAP "$PRESENT_IN_DOMAINS" 2889 fi 2890 2891 else 2892 get_comment_char $MAP 2893 fi 2894 2895 fi 2896 done 2897 fi 2898fi 2899 2900} 2901 2902 2903# List comment character (if any) for maps 2904create_nisLDAPcommentChar() 2905{ 2906 2907echo "\ 2908# Specify the character representing the start of comments. 2909" >> $MAP_FILE 2910 2911[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2912# The comment character represents the start of the special 'comment' 2913# field in a given NIS map. If this attribute is not present then the 2914# default comment character '#' is used. If a map cannot contain comments 2915# then the NULL ('') comment character should be specified. The format to 2916# specify the comment character is : 2917# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char' 2918" >> $MAP_FILE 2919 2920echo "\ 2921nisLDAPcommentChar group : '' 2922nisLDAPcommentChar passwd : '' 2923nisLDAPcommentChar ageing.byname : '' 2924nisLDAPcommentChar audit_user : '' 2925nisLDAPcommentChar auth_attr : '' 2926nisLDAPcommentChar exec_attr : '' 2927nisLDAPcommentChar user_attr : '' 2928nisLDAPcommentChar bootparams : '' 2929" >> $MAP_FILE 2930 2931# Need to handle passwd.adjunct.byname map for multiple domain. 2932_MAP=passwd.adjunct.byname 2933if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2934then 2935 # Just put the syntax in comment form 2936 echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2937else 2938 # Find the domains in which this map exists. 2939 find_domains $_MAP DEF_MAPS 2940 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2941 then 2942 # Don't put domain info as the map is present in all of them. 2943 echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2944 else 2945 # Not every domain has this map. So, list for the ones which do. 2946 for _DMN in $PRESENT_IN_DOMAINS 2947 do 2948 echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2949 done 2950 fi 2951fi 2952# passwd.adjunct.byname done 2953 2954 2955# Need to handle group.adjunct.byname map for multiple domain. 2956_MAP=group.adjunct.byname 2957if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2958then 2959 # Just put the syntax in comment form 2960 echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2961else 2962 # Find the domains in which this map exists. 2963 find_domains $_MAP DEF_MAPS 2964 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2965 then 2966 # Don't put domain info as the map is present in all of them. 2967 echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2968 else 2969 # Not every domain has this map. So, list for the ones which do. 2970 for _DMN in $PRESENT_IN_DOMAINS 2971 do 2972 echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2973 done 2974 fi 2975fi 2976# group.adjunct.byname done 2977 2978echo "" >> $MAP_FILE 2979 2980# Ask user for comment char for custom maps 2981get_custom_nisLDAPcommentChar 2982 2983echo " 2984# 2985#------------------------------------------------------------------------------ 2986# 2987" >> $MAP_FILE 2988} 2989 2990 2991# 2992# Generate secure flag entries 2993# 2994create_secure_flag_entries() 2995{ 2996echo "\ 2997# Specify YP_SECURE flags 2998" >> $MAP_FILE 2999 3000[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3001# If a map is secure, then it needs to be mentioned here 3002# in the following format : 3003# nisLDAPmapFlags mapname : s 3004">> $MAP_FILE 3005 3006# Need to handle passwd.adjunct.byname map for multiple domain. 3007_MAP=passwd.adjunct.byname 3008if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3009then 3010 # Just put the syntax in comment form 3011 echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 3012else 3013 # Find the domains in which this map exists. 3014 find_domains $_MAP DEF_MAPS 3015 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3016 then 3017 # Don't put domain info as the map is present in all of them. 3018 echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 3019 else 3020 # Not every domain has this map. So, list for the ones which do. 3021 for _DMN in $PRESENT_IN_DOMAINS 3022 do 3023 echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE 3024 done 3025 fi 3026fi 3027 3028# Need to handle group.adjunct.byname map for multiple domain. 3029_MAP=group.adjunct.byname 3030if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3031then 3032 # Just put the syntax in comment form 3033 echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 3034else 3035 # Find the domains in which this map exists. 3036 find_domains $_MAP DEF_MAPS 3037 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3038 then 3039 # Don't put domain info as the map is present in all of them. 3040 echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 3041 else 3042 # Not every domain has this map. So, list for the ones which do. 3043 for _DMN in $PRESENT_IN_DOMAINS 3044 do 3045 echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE 3046 done 3047 fi 3048fi 3049 3050echo "" >> $MAP_FILE 3051 3052STR="any" # Just to make the question look better. 3053while : 3054do 3055 get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \ 3056 "n" "secure_flag_on_help" 3057 3058 if [ $? -eq 0 ]; then 3059 return 0 3060 3061 else 3062 get_ans "Enter the MAP name :" 3063 MAP=$ANS 3064 3065 if [[ $MAP = "" ]]; then 3066 echo " Error : BLANK map name not allowed; try again" 3067 continue 3068 fi 3069 3070 # Check if the supplied map name exists, and if yes, then 3071 # set the PRESENT attributes for further processing 3072 3073 find_map_presence_details $MAP 3074 3075 case $PRESENT_COUNT in 3076 3077 0 ) echo " Error : $MAP not found in any domain; try again" 3078 ;; 3079 3080 1 ) # The map exists in only one domain. 3081 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3082 STR="another" # Just to make the question look better. 3083 ;; 3084 3085 * ) # The map exists in multiple domain. Ask if this flag needs 3086 # to be set for all domains, or some specific ones. 3087 3088 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 3089 get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \ 3090 "y" "secure_flag_all_domains_help" 3091 3092 if [ $? -eq 1 ]; then 3093 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3094 else 3095 3096 for _DMN in $PRESENT_IN_DOMAINS 3097 do 3098 3099 get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?" 3100 3101 if [ $? -eq 1 ]; then 3102 echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE 3103 fi 3104 3105 done 3106 fi 3107 STR="another" # Just to make the question look better. 3108 ;; 3109 3110 esac 3111 3112 fi 3113done 3114} 3115 3116 3117# 3118# Generate interdomain flag entries 3119# 3120create_interdomain_flag_entries() 3121{ 3122 3123INTERDOMAIN_MAP_LIST="ipnodes 3124 multiipnodes 3125 hosts 3126 multihosts 3127 services.byservicename" 3128 3129# 3130# Simple function to avoid duplication of code 3131# 3132print_interdomain_entries() 3133{ 3134for _MAP in $INTERDOMAIN_MAP_LIST 3135do 3136 echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3137done 3138} 3139 3140echo " 3141# Specify YP_INTERDOMAIN flags 3142" >> $MAP_FILE 3143 3144[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3145# It is used to indicate NIS servers to use the domain name resolver for 3146# host name and address lookups for hosts not found in the maps. 3147# If set, it adds YP_INTERDOMAIN entries in these maps when converting 3148# data from LDAP to YP. It needs to be set in the following format : 3149# nisLDAPmapFlags mapname : b 3150" >> $MAP_FILE 3151 3152# List one set of entries in commented form anyway as it might help 3153# user understand what it means. 3154 3155echo "\ 3156# If \$B is set in /var/yp/Makefile, then this flag should be 3157# set for following maps :\ 3158" >> $MAP_FILE 3159 3160for _MAP in $INTERDOMAIN_MAP_LIST 3161do 3162 echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3163done 3164 3165# Put a blank line for indentation purpose 3166echo >> $MAP_FILE 3167 3168get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \ 3169 "n" "interdomain_flag_on_help" 3170 3171if [ $? -eq 1 ]; then 3172 3173 if [ $N2L_DMN_CNT -gt 1 ]; then 3174 3175 get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \ 3176 "y" "interdomain_flag_all_domains_help" 3177 3178 if [ $? -eq 1 ]; then 3179 print_interdomain_entries 3180 else 3181 3182 for _DMN in ${N2L_DMN_LIST[*]} 3183 do 3184 get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?" 3185 3186 if [ $? -eq 1 ]; then 3187 for _MAP in $INTERDOMAIN_MAP_LIST 3188 do 3189 echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE 3190 done 3191 fi 3192 3193 done 3194 fi 3195 3196 else 3197 print_interdomain_entries 3198 fi 3199fi 3200 3201echo " 3202# 3203#------------------------------------------------------------------------------ 3204# 3205" >> $MAP_FILE 3206 3207return 0 3208} 3209 3210 3211# 3212# List SECURE and INTERDOMAIN flags 3213# 3214create_nisLDAPmapFlags() 3215{ 3216create_secure_flag_entries 3217create_interdomain_flag_entries 3218} 3219 3220 3221# 3222# Print one Map TTL entry in mapping file using supplied TTL. 3223# 3224print_one_map_ttl_entry() 3225{ 3226_Map=$1 3227_iTtlLo=$2 3228_iTtlHi=$3 3229_runTtl=$4 3230 3231echo "\ 3232nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\ 3233" >> $MAP_FILE 3234 3235return 0 3236} 3237 3238 3239# 3240# Print all the maps TTL entries of same TTL 3241# values using the supplied TTL triplet. 3242# 3243print_all_same_ttl_entries() 3244{ 3245_iTTLlo=$1 3246_iTTLhi=$2 3247_runTTL=$3 3248 3249for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3250 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3251do 3252 3253 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3254 [ "$_MAP" != "group.adjunct.byname" ] 3255 then 3256 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3257 3258 else 3259 3260 # adjunct maps might not exist in all the domains. 3261 find_domains $_MAP DEF_MAPS 3262 3263 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3264 then 3265 3266 # Don't put domain info as the map is present in all of them. 3267 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3268 3269 else 3270 3271 for _DMN_ in $PRESENT_IN_DOMAINS 3272 do 3273 _STR="${_MAP},${_DMN_}" 3274 print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL 3275 done 3276 3277 fi 3278 fi 3279done 3280 3281return 0 3282} 3283 3284# 3285# Read the initialTTLlo. Set the value in global variable. 3286# 3287get_ittl_lo() 3288{ 3289get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \ 3290 "$DEF_iTTLlo" "initialTTLlo_help" 3291 3292iTTLlo=${NUM} 3293} 3294 3295 3296# 3297# Read the initialTTLhi. Set the value in global variable. 3298# 3299get_ittl_hi() 3300{ 3301get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \ 3302 "$DEF_iTTLhi" "initialTTLhi_help" 3303 3304iTTLhi=${NUM} 3305} 3306 3307 3308# 3309# Read the initialTTLhi. Set the value in global variable. 3310# 3311get_run_ttl() 3312{ 3313get_pos_int "Runtime TTL (in seconds) (h=help):" \ 3314 "$DEF_runTTL" "runningTTL_help" 3315 3316runTTL=${NUM} 3317} 3318 3319 3320# 3321# Read one TTL triplet. Set the result in global variables. 3322# 3323read_one_ttl_triplet() 3324{ 3325# Just call the individual functions for each TTL. 3326 3327 get_ittl_lo 3328 get_ittl_hi 3329 get_run_ttl 3330 3331[ $DEBUG -eq 1 ] && \ 3332 echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}" 3333 3334return 0 3335} 3336 3337# 3338# Takes MAP name (with or without domain name) as argument, asks 3339# user for TTL values, and appends the entry in the mapping file. 3340# 3341process_one_map_ttl_value() 3342{ 3343 3344_Map_="$1" 3345 3346get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \ 3347 "y" "default_different_ttl_help" 3348 3349if [ $? -eq 1 ]; then 3350 print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3351else 3352 3353 echo "Reading TTL values for $_Map_ :" 3354 read_one_ttl_triplet 3355 print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL 3356 3357fi 3358return 0 3359} 3360 3361 3362# 3363# Read only one TTL triplet for each existing MAP without asking 3364# different values for each domain and update the mapping file. 3365# 3366read_all_maps_ttl_values_no_multiple_domain_issue() 3367{ 3368 3369# Need to read only one TTL triplet for each existing MAP. 3370 3371for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3372 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3373do 3374 3375 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3376 [ "$_MAP" != "group.adjunct.byname" ] 3377 then 3378 process_one_map_ttl_value $_MAP 3379 3380 else 3381 3382 # adjunct maps might not exist in all the domains. 3383 find_domains $_MAP DEF_MAPS 3384 3385 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3386 then 3387 3388 # Don't put domain info as the map is present in all of them. 3389 process_one_map_ttl_value $_MAP 3390 3391 else 3392 3393 for _DMN_ in $PRESENT_IN_DOMAINS 3394 do 3395 _STR="${_MAP},${_DMN_}" 3396 process_one_map_ttl_value $_STR 3397 done 3398 3399 fi 3400 fi 3401done 3402 3403return 0 3404} 3405 3406 3407# 3408# Read TTL triplet for each default MAP (in database ID form) while 3409# taking care of multiple domains issue and update the mapping file. 3410# 3411read_default_maps_ttl_values_with_multi_domain_issue() 3412{ 3413 3414for _MAP_ in ${DEF_TTL_MAPLIST} 3415do 3416 if [ "$_MAP_" != "passwd.adjunct.byname" ] && \ 3417 [ "$_MAP_" != "group.adjunct.byname" ] 3418 then 3419 3420 for _DMN_ in ${N2L_DMN_LIST[*]} 3421 do 3422 _STR_="${_MAP_},${_DMN_}" 3423 # Now process each combination one at a time. 3424 process_one_map_ttl_value "$_STR_" 3425 done 3426 3427 else 3428 # List only those domains in which adjunct.byname exists. 3429 find_domains $_MAP_ DEF_MAPS 3430 for _DMN_ in $PRESENT_IN_DOMAINS 3431 do 3432 _STR_="${_MAP_},${_DMN_}" 3433 process_one_map_ttl_value "$_STR_" 3434 done 3435 fi 3436done 3437 3438return 0 3439} 3440 3441 3442# 3443# Read TTL triplet for each existing custom MAP while taking 3444# care of multiple domains issue and update the mapping file. 3445# 3446read_custom_maps_ttl_values_with_multi_domain_issue() 3447{ 3448 3449for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]} 3450do 3451 3452 find_map_presence_details $_MAP_ 3453 3454 if [ $PRESENT_COUNT -eq 1 ]; then 3455 3456 # This map exists in only one domain. 3457 # So, no need to ask for multiple domains. 3458 3459 process_one_map_ttl_value $_MAP_ 3460 3461 else 3462 3463 # Handle multiple domains. 3464 3465 echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS" 3466 3467 get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3468 "y" "same_ttl_across_domains_help" 3469 3470 if [ $? -eq 1 ]; then 3471 3472 # Need to read only one TTL triplet for this MAP. 3473 process_one_map_ttl_value $_MAP_ 3474 3475 else 3476 3477 # Need to ask for each domain 3478 3479 for _DMN_ in $PRESENT_IN_DOMAINS 3480 do 3481 _STR="${_MAP_},${_DMN_}" 3482 3483 # Now process each combination one at a time. 3484 process_one_map_ttl_value "$_STR" 3485 3486 done 3487 fi 3488 fi 3489done 3490 3491return 0 3492} 3493 3494 3495# 3496# List the TTL values for various MAPs 3497# 3498create_nisLDAPentryTtl() 3499{ 3500 3501echo "\ 3502# Associate TTLs with NIS entries derived from LDAP 3503" >> $MAP_FILE 3504 3505[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3506# Each map has three TTL values which are specified in seconds. 3507# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial 3508# TTL (in seconds) for data read from disk when the ypserv starts. 3509# 3510# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL. 3511# 3512# 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data 3513# retrieved from LDAP while the ypserv is running. 3514# 3515# If any value is not specified, then default value is used. 3516# The format of TTL entry is : 3517# nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL 3518" >> $MAP_FILE 3519 3520# If no maps are present, just return. 3521[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0 3522 3523echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}" 3524get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \ 3525 "n" "default_ttl_help" 3526 3527if [ $? -eq 0 ]; then 3528 # Default values accepted for all the maps. 3529 # So, just print all the maps with default TTL values. 3530 3531 print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3532 3533else 3534 echo "You would be allowed to enter the new TTL values." 3535 get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \ 3536 "y" "non_default_same_ttl_help" 3537 3538 if [ $? -eq 1 ]; then 3539 # Need to read only one TTL triplet. 3540 # Print all the maps with new TTL triplet. 3541 3542 # read one ttl triplet 3543 echo "Enter the new TTL values :" 3544 3545 read_one_ttl_triplet 3546 3547 print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL 3548 3549 else 3550 if [ $N2L_DMN_CNT -eq 1 ]; then 3551 3552 # TTL values are different now. But we haev only one domain. 3553 # So, no need to worry about multiple domains. Need to read 3554 # only one TTL triplet for each existing MAP. 3555 3556 read_all_maps_ttl_values_no_multiple_domain_issue 3557 3558 else 3559 3560 # TTL values are different now. And we have multiple domains 3561 # too. Check if MAPS are going to have same TTL across domains. 3562 # This is just to avoid asking too many TTL triplet inputs 3563 3564 echo "You would be allowed to enter different TTL values for each map." 3565 3566 get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3567 "y" "non_default_different_ttl_help" 3568 3569 if [ $? -eq 1 ]; then 3570 3571 # Need to read only one TTL triplet for each existing MAP. 3572 read_all_maps_ttl_values_no_multiple_domain_issue 3573 3574 else 3575 3576 # We have hit the worst case scenario. TTLs could be 3577 # different per map and per domain. 3578 3579 read_default_maps_ttl_values_with_multi_domain_issue 3580 read_custom_maps_ttl_values_with_multi_domain_issue 3581 fi 3582 fi 3583 fi 3584fi 3585 3586echo " 3587# 3588#------------------------------------------------------------------------------ 3589# 3590" >> $MAP_FILE 3591 3592return 0 3593} 3594 3595 3596# 3597# The custom maps for which we do not have enough 3598# information to be able to generate specific entries, 3599# we just log the message that the user needs to take 3600# care of those entries manually. 3601# 3602ask_user_to_update_the_custom_map_entries_too() 3603{ 3604 3605if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then 3606 3607 echo " 3608# Similar entries need to be created 3609# for following custom maps too :\ 3610" >> $MAP_FILE 3611 3612 for _MAP in ${ALL_DMN_CUST_MAPS[*]} 3613 do 3614 echo "# $_MAP" >> $MAP_FILE 3615 done 3616fi 3617} 3618 3619 3620put_default_nisLDAPnameFields() 3621{ 3622echo ' 3623# Associate names with fields in the maps. Must be same for all domains. 3624nisLDAPnameFields audit_user: \ 3625 ("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags) 3626 3627nisLDAPnameFields auto.home: \ 3628 ("%s",value) 3629 3630nisLDAPnameFields auto.master: \ 3631 ("%s",value) 3632 3633nisLDAPnameFields auth_attr: \ 3634 ("%s:%s:%s:%s:%s:%s", \ 3635 name, res1, res2, short_desc, long_desc, attrs ) 3636 3637nisLDAPnameFields bootparams: \ 3638 ("%s", params) 3639 3640nisLDAPnameFields ethers: \ 3641 ("%s %s", addr, name) 3642 3643nisLDAPnameFields exec_attr: \ 3644 ("%s:%s:%s:%s:%s:%s:%s", \ 3645 name, policy, type, res1, res2, id, attrs) 3646 3647nisLDAPnameFields group: \ 3648 ("%s:%s:%s:%s", name, passwd, gid, users) 3649' >> $MAP_FILE 3650 3651# Need to handle group.adjunct.byname map for multiple domain. 3652 3653_MAP=group.adjunct.byname 3654if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3655then 3656 # Just put the syntax in comment form 3657 echo '#nisLDAPnameFields group.adjunct.byname: \ 3658# ("%s:%s", name, passwd) 3659' >> $MAP_FILE 3660else 3661 # Find the domains in which this map exists. 3662 find_domains $_MAP DEF_MAPS 3663 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3664 then 3665 3666 # Don't put domain info as the map is present in all of them. 3667 echo 'nisLDAPnameFields group.adjunct.byname: \ 3668 ("%s:%s", name, passwd) 3669' >> $MAP_FILE 3670 else 3671 # Not every domain has this map. So, list for the ones which do. 3672 for _DMN in $PRESENT_IN_DOMAINS 3673 do 3674 echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\ 3675 (\"%s:%s\", name, passwd) 3676" >> $MAP_FILE 3677 done 3678 fi 3679fi 3680 3681echo 'nisLDAPnameFields keys.host: \ 3682 ("%s:%s", publicKey ,secretKey) 3683 3684nisLDAPnameFields keys.pass: \ 3685 ("%s:%s", publicKey ,secretKey) 3686 3687nisLDAPnameFields keys.nobody: \ 3688 ("%s:%s", publicKey ,secretKey) 3689 3690nisLDAPnameFields hosts: \ 3691 ("%a %s %s", addr, canonicalName, aliases) 3692 3693nisLDAPnameFields multihosts: \ 3694 ("%a %s %s", addr, canonicalName, aliases) 3695 3696nisLDAPnameFields ipnodes: \ 3697 ("%a %s %s", addr, canonicalName, aliases) 3698 3699nisLDAPnameFields multiipnodes: \ 3700 ("%a %s %s", addr, canonicalName, aliases) 3701 3702nisLDAPnameFields mail.aliases: \ 3703 ("%s", addresses) 3704 3705nisLDAPnameFields mail.mapping: \ 3706 ("%s", address) 3707 3708# memberTriples is split into sub-fields by a latter nisLDAPsplitField 3709# attribute. 3710nisLDAPnameFields netgroup: \ 3711 ("%s", memberTriples) 3712 3713nisLDAPnameFields netid.host: \ 3714 ("%s:%s", number, data) 3715 3716nisLDAPnameFields netid.pass: \ 3717 ("%s:%s", number, data) 3718 3719nisLDAPnameFields netmasks.byaddr: \ 3720 ("%a", mask) 3721 3722nisLDAPnameFields networks: \ 3723 ("%s %s %s", name, number, aliases) 3724 3725nisLDAPnameFields project: \ 3726 ("%s:%s:%s:%s:%s:%s", \ 3727 name, projID, comment, users, groups, attrs) 3728 3729nisLDAPnameFields protocols: \ 3730 ("%s %s %s", name, number, aliases) 3731 3732nisLDAPnameFields rpc.bynumber: \ 3733 ("%s %s %s", name, number, aliases) 3734 3735nisLDAPnameFields passwd: \ 3736 ("%s:%s:%s:%s:%s:%s:%s", \ 3737 name, passwd, uid, gid, gecos, home, shell) 3738 3739# It is not obvious what the fields in passwd.adjunct are for. They are not 3740# the same as the shadow map. The following is based on information in:- 3741# 3742# lib/libbc/inc/include/pwdadj.h. 3743# 3744# This file implies that these are documented in getpwaent(3) but this man page 3745# does not seem to exist. 3746# 3747# It is believed that 'min','max' and 'def' labels were reserved fields in 3748# SunOS 4.x and are now unused. 'always' and 'never' audit information is 3749# now contained in audit_user(5) so is now unused. 3750# 3751' >> $MAP_FILE 3752 3753# Need to handle passwd.adjunct.byname map for multiple domain. 3754 3755_MAP=passwd.adjunct.byname 3756if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3757then 3758 # Just put the syntax in comment form 3759 echo '#nisLDAPnameFields passwd.adjunct.byname: \ 3760# ("%s:%s:%s:%s:%s:%s:%s", \ 3761# name, passwd, min, max, def, always, \ 3762# never) 3763' >> $MAP_FILE 3764else 3765 # Find the domains in which this map exists. 3766 find_domains $_MAP DEF_MAPS 3767 3768 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3769 then 3770 3771 # Don't put domain info as the map is present in all of them. 3772 echo 'nisLDAPnameFields passwd.adjunct.byname: \ 3773 ("%s:%s:%s:%s:%s:%s:%s", \ 3774 name, passwd, min, max, def, always, \ 3775 never) 3776' >> $MAP_FILE 3777 else 3778 # Not every domain has this map. So, list for the ones which do. 3779 for _DMN in $PRESENT_IN_DOMAINS 3780 do 3781 echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\ 3782 (\"%s:%s:%s:%s:%s:%s:%s\", \\ 3783 name, passwd, min, max, def, always, \\ 3784 never) 3785" >> $MAP_FILE 3786 done 3787 fi 3788fi 3789 3790echo ' 3791nisLDAPnameFields printers.conf.byname: \ 3792 ("%s:%s", names, values) 3793 3794nisLDAPnameFields prof_attr: \ 3795 ("%s:%s:%s:%s:%s", \ 3796 name, res1, res2, desc, attrs) 3797 3798nisLDAPnameFields services: \ 3799 ("%s %s/%s %s", name, port, protocol, aliases) 3800 3801# This map is never created but yppasswd uses the mapping to extract password 3802# ageing information from the DIT. The password itself is not required by this 3803# mechanism so is not included in the ageing mapping. 3804nisLDAPnameFields ageing.byname: \ 3805 ("%s:%s:%s:%s:%s:%s:%s:%s", \ 3806 name, lastchg, min, max, warn, inactive, \ 3807 expire, flag) 3808 3809nisLDAPnameFields timezone.byname: \ 3810 ("%s %s", zoneName, hostName) 3811 3812nisLDAPnameFields user_attr: \ 3813 ("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs) 3814' >> $MAP_FILE 3815} 3816 3817# 3818# List namefields for non-default auto maps and custom maps. 3819# 3820put_auto_and_custom_map_nisLDAPnameFields() 3821{ 3822for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 3823do 3824 3825 echo "\ 3826nisLDAPnameFields ${_MAP}: \\ 3827 (\"%s\",value) 3828" >> $MAP_FILE 3829 3830done 3831} 3832 3833 3834create_nisLDAPnameFields() 3835{ 3836# Put format information of "nisLDAPnameFields" 3837[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3838# "nisLDAPnameFields" specifies the content of entries in a NIS map 3839# and how they should be broken into named fields. It is required as, 3840# unlike NIS+, NIS maps do not store information in named fields. 3841# 3842# Following is the syntax for nisLDAPnameFields : 3843# 3844# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")" 3845# fieldName = nameOrArrayName[","...] 3846# nameOrArrayName = Name of field or 'array' of repeated fields. 3847# matchspec = \" formatString \" 3848' >> $MAP_FILE 3849 3850# List the default nameField values 3851put_default_nisLDAPnameFields 3852 3853# List the underlying assumption 3854echo "\ 3855# With the assumption that all the custom maps are simple, single 3856# map (single key-value pair type), below is the nisLDAPnameFields 3857# information for all the custom and non-default auto.* maps. If 3858# this assumption is not valid, then refer to the NISLDAPmapping 3859# man page for information on how to customize this section. 3860" >> $MAP_FILE 3861 3862# List namefields for non-default auto maps and custom maps. 3863put_auto_and_custom_map_nisLDAPnameFields 3864 3865 3866echo " 3867# 3868#------------------------------------------------------------------------------ 3869# 3870" >> $MAP_FILE 3871 3872return 0 3873} 3874 3875 3876# 3877# List repeated field seperators 3878# 3879create_nisLDAPrepeatedFieldSeparators() 3880{ 3881 3882[ CUST_CMT_NEEDED -eq 1 ] && echo " 3883# nisLDAPrepeatedFieldSeparators : It is a character which separates 3884# the repeatable instnaces of splitable fields. It's format is : 3885# 3886# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\" 3887# sepChar = A separator character. 3888# Default value is space or tab. 3889" >> $MAP_FILE 3890 3891echo "\ 3892#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\" 3893" >> $MAP_FILE 3894 3895} 3896 3897 3898# 3899# List split fields 3900# 3901create_nisLDAPsplitField() 3902{ 3903# List the default split fields 3904 3905[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3906# nisLDAPsplitFields : It defines how a field, or list of fields, 3907# named by nisLDAPnameFields is split into sub fields. The original 3908# field is compared with each line of this attribute until one matches. 3909# When a match is found named sub-fields are generated. In latter 3910# operations sub-field names can be used in the same way as other 3911# field names. The format of nisLDAPsplitFields is : 3912# 3913# "nisLDAPsplitFields" fieldName ":" splitSpec[","...] 3914# splitSpec = "(" matchspec "," subFieldNames ")" 3915# fieldName = Name of a field from nisLDAPnameFields 3916# subFieldNames = subFieldname[","...] 3917# matchspec = \" formatString \" 3918' >> $MAP_FILE 3919 3920echo ' 3921nisLDAPsplitField memberTriples: \ 3922 ("(%s,%s,%s)", host, user, domain), \ 3923 ("%s", group) 3924' >> $MAP_FILE 3925 3926} 3927 3928# 3929# List split fields and repeated field separators. 3930# 3931create_split_field_and_repeatedfield_seperators() 3932{ 3933 3934echo "\ 3935# Specify how to break fields up into sub fields. 3936" >> $MAP_FILE 3937 3938create_nisLDAPrepeatedFieldSeparators 3939 3940create_nisLDAPsplitField 3941 3942echo " 3943# 3944#------------------------------------------------------------------------------ 3945# 3946" >> $MAP_FILE 3947} 3948 3949list_default_nisLDAPobjectDN() 3950{ 3951echo ' 3952# Associate maps with RDNs and object classes. Base DN comes from the 3953# nisLDAPdomainContext. 3954# 3955# As supplied this file gives only the most derived objectClass for each map. 3956# For some servers it may be necessary to add "objectClass=" statements for 3957# all the superclasses. This should be done here. 3958 3959nisLDAPobjectDN auto.home: \ 3960 automountmapname=auto_home,?one? \ 3961 objectClass=automount: 3962 3963nisLDAPobjectDN auto.master: \ 3964 automountmapname=auto_master,?one? \ 3965 objectClass=automount: 3966 3967nisLDAPobjectDN auth_attr: \ 3968 ou=SolarisAuthAttr,?one? \ 3969 objectClass=SolarisAuthAttr: 3970 3971nisLDAPobjectDN bootparams: \ 3972 ou=ethers,?one? \ 3973 objectClass=bootableDevice, \ 3974 bootParameter=*:\ 3975 ou=ethers,?one? \ 3976 objectClass=device, \ 3977 objectClass=bootableDevice 3978 3979 3980nisLDAPobjectDN exec_attr:\ 3981 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3982 SolarisKernelSecurityPolicy=*:\ 3983 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3984 objectClass=SolarisProfAttr,\ 3985 objectClass=top 3986 3987nisLDAPobjectDN ethers: \ 3988 ou=ethers,?one? \ 3989 objectClass=ieee802Device, \ 3990 macAddress=*:\ 3991 ou=ethers,?one? \ 3992 objectClass=device, \ 3993 objectClass=ieee802Device 3994 3995nisLDAPobjectDN group: \ 3996 ou=group,?one? \ 3997 objectClass=posixGroup: 3998' >> $MAP_FILE 3999 4000 4001# Need to handle group.adjunct.byname map for multiple domain. 4002 4003_MAP=group.adjunct.byname 4004if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4005then 4006 # Just put the syntax in comment form 4007 echo '#nisLDAPobjectDN group.adjunct.byname: \ 4008# ou=group,?one? \ 4009# objectClass=posixGroup: 4010' >> $MAP_FILE 4011else 4012 # Find the domains in which this map exists. 4013 find_domains $_MAP DEF_MAPS 4014 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4015 then 4016 # Don't put domain info as the map is present in all of them. 4017 echo 'nisLDAPobjectDN group.adjunct.byname: \ 4018 ou=group,?one? \ 4019 objectClass=posixGroup: 4020' >> $MAP_FILE 4021 else 4022 # Not every domain has this map. So, list for the ones which do. 4023 for _DMN in $PRESENT_IN_DOMAINS 4024 do 4025 echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\ 4026 ou=group,?one? \\ 4027 objectClass=posixGroup: 4028" >> $MAP_FILE 4029 done 4030 fi 4031fi 4032 4033 4034echo 'nisLDAPobjectDN hosts: \ 4035 ou=hosts,?one? \ 4036 objectClass=ipHost:\ 4037 ou=hosts,?one? \ 4038 objectClass=device, \ 4039 objectClass=ipHost 4040 4041nisLDAPobjectDN multihosts: \ 4042 ou=hosts,?one? \ 4043 objectClass=ipHost, \ 4044 ipHostNumber=*.* 4045 4046nisLDAPobjectDN ipnodes: \ 4047 ou=hosts,?one? \ 4048 objectClass=ipHost:\ 4049 ou=hosts,?one? \ 4050 objectClass=device, \ 4051 objectClass=ipHost 4052 4053nisLDAPobjectDN multiipnodes: \ 4054 ou=hosts,?one? \ 4055 objectClass=ipHost, \ 4056 ipHostNumber=*\:* 4057 4058nisLDAPobjectDN mail.aliases: \ 4059 ou=aliases,?one? \ 4060 objectClass=mailGroup: 4061 4062nisLDAPobjectDN mail.mapping: \ 4063 ou=aliases,?one? \ 4064 objectClass=mailGroup 4065 4066nisLDAPobjectDN netgroup: \ 4067 ou=netgroup,?one? \ 4068 objectClass=nisNetgroup: 4069 4070nisLDAPobjectDN networks: \ 4071 ou=networks,?one? \ 4072 objectClass=ipNetwork, \ 4073 cn=*: 4074 4075# Must come after networks (or equivalent) that creates ipNetworks 4076nisLDAPobjectDN netmasks.byaddr: \ 4077 ou=networks,?one? \ 4078 objectClass=ipNetwork, \ 4079 ipNetMaskNumber=*: 4080 4081nisLDAPobjectDN passwd: \ 4082 ou=people,?one? \ 4083 objectClass=posixAccount:\ 4084 ou=people,?one? \ 4085 objectClass=account, \ 4086 objectClass=shadowAccount, \ 4087 objectClass=posixAccount 4088' >> $MAP_FILE 4089 4090 4091# Need to handle passwd.adjunct.byname map for multiple domain. 4092 4093_MAP=passwd.adjunct.byname 4094if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4095then 4096 # Just put the syntax in comment form 4097 echo '#nisLDAPobjectDN passwd.adjunct.byname: \ 4098# ou=people,?one? \ 4099# objectClass=posixAccount:\ 4100# ou=people,?one? \ 4101# objectClass=account, \ 4102# objectClass=shadowAccount, \ 4103# objectClass=posixAccount 4104' >> $MAP_FILE 4105else 4106 # Find the domains in which this map exists. 4107 find_domains $_MAP DEF_MAPS 4108 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4109 then 4110 # Don't put domain info as the map is present in all of them. 4111 echo 'nisLDAPobjectDN passwd.adjunct.byname: \ 4112 ou=people,?one? \ 4113 objectClass=posixAccount:\ 4114 ou=people,?one? \ 4115 objectClass=account, \ 4116 objectClass=shadowAccount, \ 4117 objectClass=posixAccount 4118' >> $MAP_FILE 4119 else 4120 # Not every domain has this map. So, list for the ones which do. 4121 for _DMN in $PRESENT_IN_DOMAINS 4122 do 4123 echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\ 4124 ou=people,?one? \\ 4125 objectClass=posixAccount:\\ 4126 ou=people,?one? \\ 4127 objectClass=account, \\ 4128 objectClass=shadowAccount, \\ 4129 objectClass=posixAccount 4130" >> $MAP_FILE 4131 done 4132 fi 4133fi 4134 4135 4136echo '# Must follow passwd 4137nisLDAPobjectDN netid.pass: \ 4138 ou=people,?one? \ 4139 objectClass=posixAccount 4140 4141# Must follow hosts 4142nisLDAPobjectDN netid.host: \ 4143 ou=hosts,?one? \ 4144 objectClass=ipHost 4145 4146nisLDAPobjectDN printers.conf.byname: \ 4147 ou=printers,?one? \ 4148 objectClass=printerService:\ 4149 ou=printers,?one? \ 4150 objectClass=sunPrinter, \ 4151 objectClass=printerService, \ 4152 objectClass=printerLPR, \ 4153 objectClass=printerAbstract 4154 4155nisLDAPobjectDN prof_attr:\ 4156 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4157 SolarisAttrLongDesc=*:\ 4158 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4159 objectClass=SolarisExecAttr,\ 4160 objectClass=top 4161nisLDAPobjectDN project: \ 4162 ou=project,?one? \ 4163 objectClass=SolarisProject: 4164 4165nisLDAPobjectDN protocols: \ 4166 ou=protocols,?one? \ 4167 objectClass=ipProtocol: 4168 4169nisLDAPobjectDN rpc.bynumber: \ 4170 ou=rpc,?one? \ 4171 objectClass=oncRpc: 4172 4173nisLDAPobjectDN services.byname: \ 4174 ou=services,?one? \ 4175 objectClass=ipService: 4176 4177# Because services.byservicename contains keys of form both 'name' 4178# and 'name/protocol' we generate the DIT just from services.byname. 4179# Hence, write-disabled for services.byservicename 4180nisLDAPobjectDN services.byservicename: \ 4181 ou=services,?one? \ 4182 objectClass=ipService 4183 4184# This map is never created but yppasswd uses the mapping to extract password 4185# aging information from the DIT. 4186nisLDAPobjectDN ageing.byname: \ 4187 ou=people,?one? \ 4188 objectClass=shadowAccount: 4189 4190# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap 4191nisLDAPobjectDN timezone.byname: \ 4192 ou=Timezone,?one? \ 4193 objectClass=nisplusTimeZoneData: 4194 4195nisLDAPobjectDN user_attr: \ 4196 ou=people,?one? \ 4197 objectClass=SolarisUserAttr: 4198 4199# Must come after passwd (or equivalent) that creates posixAccounts 4200nisLDAPobjectDN audit_user: \ 4201 ou=people,?one? \ 4202 objectClass=SolarisAuditUser: 4203 4204# Must come after hosts + passwd. 4205nisLDAPobjectDN keys.host: \ 4206 ou=hosts,?one? \ 4207 objectClass=NisKeyObject: 4208 4209nisLDAPobjectDN keys.pass: \ 4210 ou=people,?one? \ 4211 objectClass=NisKeyObject: 4212 4213nisLDAPobjectDN keys.nobody: \ 4214 ou=people,?one? \ 4215 objectClass=NisKeyObject:\ 4216 ou=people,?one? \ 4217 objectClass=account, \ 4218 objectClass=NisKeyObject 4219 4220nisLDAPobjectDN ypservers: \ 4221 ou=ypservers,?one? \ 4222 objectClass=device: 4223' >> $MAP_FILE 4224} 4225 4226# List all the non-default auto.* and custom maps. 4227list_auto_custom_nisLDAPobjectDN() 4228{ 4229 4230# auto.* entries are easy. 4231if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4232 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4233 4234 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4235 do 4236 4237 # We need to find one container for each auto.* map. 4238 # Assume that each auto.* maps's container is auto_*. 4239 4240 _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"` 4241 4242 echo "\ 4243nisLDAPobjectDN ${_MAP}: \\ 4244 automountmapname=${_MAP_UNDERSCORE},?one? \\ 4245 objectClass=automount: 4246" >> $MAP_FILE 4247 done 4248fi 4249 4250# Since we do not have enough information to generate 4251# entries for other custom maps, best we can do is to 4252# log this map names and ask user to take care of them. 4253 4254ask_user_to_update_the_custom_map_entries_too 4255 4256} 4257 4258 4259# 4260# List association of maps with RDNs and object classes. 4261# 4262create_nisLDAPobjectDN() 4263{ 4264 4265[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4266# nisLDAPobjectDN : It specifies the connection between group of NIS 4267# maps and the LDAP directory. This attribute also defines the 'order' 4268# of the NIS maps. When NIS maps are bulk copied to or from the DIT 4269# they are processed in the same order as related nisLDAPobjectDN 4270# attributes appear in /var/yp/NISLDAPmapping. 4271# The format of "nisLDAPobjectDN" is : 4272# 4273# mapName[" "...] ":" objectDN *( ";" objectDN ) 4274# 4275# where: 4276# 4277# objectDN = readObjectSpec [":"[writeObjectSpec]] 4278# readObjectSpec = [baseAndScope [filterAttrValList]] 4279# writeObjectSpec = [baseAndScope [attrValList]] 4280# baseAndScope = [baseDN] ["?" [scope]] 4281# filterAttrValList = ["?" [filter | attrValList]]] 4282# scope = "base" | "one" | "sub" 4283# attrValList = attribute "=" value 4284# *("," attribute "=" value) 4285' >> $MAP_FILE 4286 4287# List all the default entries anyway. 4288list_default_nisLDAPobjectDN 4289 4290# List all the non-default auto.* and custom maps. 4291list_auto_custom_nisLDAPobjectDN 4292 4293} 4294 4295# 4296# List all the default nisLDAPattributeFromField entries 4297# 4298list_default_nisLDAPattributeFromField() 4299{ 4300echo ' 4301# Describe how named fields are mapped to DIT entries. 4302 4303# audit_user 4304nisLDAPattributeFromField audit_user: \ 4305 dn=("uid=%s,", rf_key ), \ 4306 SolarisAuditAlways=alwaysAuditFlags, \ 4307 SolarisAuditNever=neverAuditFlags 4308 4309# auto.home 4310nisLDAPattributeFromField auto.home: \ 4311 dn=("automountKey=%s,", rf_key ), \ 4312 automountKey=rf_key, \ 4313 automountInformation=value 4314 4315# auto.master 4316nisLDAPattributeFromField auto.master: \ 4317 dn=("automountKey=%s,", rf_key ), \ 4318 automountKey=rf_key, \ 4319 automountInformation=value 4320 4321# auth_attr 4322nisLDAPattributeFromField auth_attr: \ 4323 dn=("cn=%s,", rf_key ), \ 4324 cn=name, \ 4325 SolarisAttrReserved1=res1, \ 4326 SolarisAttrReserved2=res2, \ 4327 SolarisAttrShortDesc=short_desc, \ 4328 SolarisAttrLongDesc=long_desc, \ 4329 SolarisAttrKeyValue=attrs 4330 4331# exec_attr. Because of the messy NIS keys special handling is required here 4332nisLDAPattributeFromField exec_attr: \ 4333 dn=("cn=%s+SolarisKernelSecurityPolicy=%s\ 4334 +SolarisProfileType=%s+SolarisProfileID=%s,", \ 4335 name, policy,type,id), \ 4336 ("%s:*", cn)=rf_key, \ 4337 ("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \ 4338 ("*:*:%s", SolarisProfileId)=rf_key, \ 4339 solarisProfileType=type, \ 4340 solarisAttrReserved1=res1, \ 4341 SolarisAttrReserved2=res2, \ 4342 solarisAttrKeyValue=attrs 4343 4344# ethers 4345nisLDAPattributeFromField ethers.byname: \ 4346 dn=("cn=%s,", rf_key ), \ 4347 macAddress=addr 4348nisLDAPattributeFromField ethers.byaddr: \ 4349 dn=("cn=%s,", name ), \ 4350 macAddress=rf_key 4351nisLDAPattributeFromField ethers: \ 4352 cn=name, \ 4353 description=rf_comment 4354 4355# bootparams. Must be done after ethers 4356nisLDAPattributeFromField bootparams: \ 4357 dn=("cn=%s,", rf_key ), \ 4358 cn=rf_key, \ 4359 (bootParameter)=(params, " ") 4360' >> $MAP_FILE 4361 4362# group syntax is different when group.adjunct map is present. 4363# So, need to handle the various possibilities 4364 4365_MAP=group.adjunct.byname 4366 4367if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4368then 4369 4370 # Just put the group.adjunct syntax in comment form 4371 4372 echo '# group 4373nisLDAPattributeFromField group.byname: \ 4374 dn=("cn=%s,", rf_key ), \ 4375 gidNumber=gid 4376nisLDAPattributeFromField group.bygid: \ 4377 dn=("cn=%s,", name ), \ 4378 gidNumber=rf_key 4379nisLDAPattributeFromField group: \ 4380 cn=name, \ 4381 userPassword=("{crypt}%s",passwd), \ 4382 (memberUid)=(users, ",") 4383 4384# 4385# If you are using group.adjunct, comment the group section above 4386# and uncomment the following group and group.adjunct sections 4387# 4388# group 4389#nisLDAPattributeFromField group.byname: \ 4390# dn=("cn=%s,", rf_key ), \ 4391# gidNumber=gid 4392#nisLDAPattributeFromField group.bygid: \ 4393# dn=("cn=%s,", name ), \ 4394# gidNumber=rf_key 4395#nisLDAPattributeFromField group: \ 4396# cn=name, \ 4397# (memberUid)=(users, ",") 4398 4399# group.adjunct 4400#nisLDAPattributeFromField group.adjunct.byname: \ 4401# dn=("cn=%s,", rf_key ), \ 4402# cn=name, \ 4403# userPassword=("{crypt}%s",passwd) 4404' >> $MAP_FILE 4405 4406else 4407 4408 # Find the domains in which group.adjunct map exists. 4409 find_domains $_MAP DEF_MAPS 4410 4411 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4412 then 4413 4414 # All the domains have group.adjunct map. 4415 4416 echo '# group 4417#nisLDAPattributeFromField group.byname: \ 4418# dn=("cn=%s,", rf_key ), \ 4419# gidNumber=gid 4420#nisLDAPattributeFromField group.bygid: \ 4421# dn=("cn=%s,", name ), \ 4422# gidNumber=rf_key 4423#nisLDAPattributeFromField group: \ 4424# cn=name, \ 4425# userPassword=("{crypt}%s",passwd), \ 4426# (memberUid)=(users, ",") 4427 4428# If you are not using group.adjunct, uncomment the group section above 4429# and comment the following group and group.adjunct sections 4430# 4431# group 4432nisLDAPattributeFromField group.byname: \ 4433 dn=("cn=%s,", rf_key ), \ 4434 gidNumber=gid 4435nisLDAPattributeFromField group.bygid: \ 4436 dn=("cn=%s,", name ), \ 4437 gidNumber=rf_key 4438nisLDAPattributeFromField group: \ 4439 cn=name, \ 4440 (memberUid)=(users, ",") 4441 4442# group.adjunct 4443nisLDAPattributeFromField group.adjunct.byname: \ 4444 dn=("cn=%s,", rf_key ), \ 4445 cn=name, \ 4446 userPassword=("{crypt}%s",passwd) 4447' >> $MAP_FILE 4448 4449 else 4450 # Not every domain has group.adjunct map. 4451 4452 # First put the password syntax with domain name for domains 4453 # in which group.adjunct exists. 4454 4455 echo "# group" >> $MAP_FILE 4456 4457 for _DMN in $PRESENT_IN_DOMAINS 4458 do 4459 4460 echo "\ 4461# domain-specific group 4462nisLDAPattributeFromField group.byname,${_DMN}: \\ 4463 dn=(\"cn=%s,\", rf_key ), \\ 4464 gidNumber=gid 4465nisLDAPattributeFromField group.bygid,${_DMN}: \\ 4466 dn=(\"cn=%s,\", name ), \\ 4467 gidNumber=rf_key 4468nisLDAPattributeFromField group,${_DMN}: \\ 4469 cn=name, \\ 4470 (memberUid)=(users, \",\") 4471" >> $MAP_FILE 4472 done 4473 4474 # Now put the other group syntax. We do not need to 4475 # append the domain name here. 4476 4477 echo ' 4478nisLDAPattributeFromField group.byname: \ 4479 dn=("cn=%s,", rf_key ), \ 4480 gidNumber=gid 4481nisLDAPattributeFromField group.bygid: \ 4482 dn=("cn=%s,", name ), \ 4483 gidNumber=rf_key 4484nisLDAPattributeFromField group: \ 4485 cn=name, \ 4486 userPassword=("{crypt}%s",passwd), \ 4487 (memberUid)=(users, ",") 4488' >> $MAP_FILE 4489 4490 # Now we need to put the group.adjunct syntax for domains 4491 # in which this map exists. 4492 4493 echo "# group.adjunct" >> $MAP_FILE 4494 4495 for _DMN in $PRESENT_IN_DOMAINS 4496 do 4497 4498 echo "\ 4499nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\ 4500 dn=(\"cn=%s,\", rf_key ), \\ 4501 cn=name, \\ 4502 userPassword=(\"{crypt}%s\",passwd) 4503" >> $MAP_FILE 4504 done 4505 4506 fi 4507 4508fi 4509 4510 4511echo ' 4512# hosts 4513# Cannot forward map hosts.byname key as the YP_MULTI entries will not work. 4514nisLDAPattributeFromField hosts.byname: \ 4515 cn=rf_searchkey 4516nisLDAPattributeFromField hosts.byaddr: \ 4517 ipHostNumber=rf_searchipkey 4518nisLDAPattributeFromField hosts: \ 4519 ipHostNumber=addr, \ 4520 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4521 cn=canonicalName, \ 4522 (cn)=(aliases, " "), \ 4523 description=rf_comment 4524 4525nisLDAPattributeFromField multihosts: \ 4526 ("YP_MULTI_%s", cn)=rf_searchkey 4527 4528# ipnodes 4529# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work. 4530nisLDAPattributeFromField ipnodes.byname: \ 4531 cn=rf_searchkey 4532nisLDAPattributeFromField ipnodes.byaddr: \ 4533 ipHostNumber=rf_searchipkey 4534nisLDAPattributeFromField ipnodes: \ 4535 ipHostNumber=addr, \ 4536 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4537 cn=canonicalName, \ 4538 (cn)=(aliases, " "), \ 4539 description=rf_comment 4540 4541nisLDAPattributeFromField multiipnodes: \ 4542 ("YP_MULTI_%s", cn)=rf_searchkey 4543 4544#mail.aliases 4545nisLDAPattributeFromField mail.aliases: \ 4546 dn=("mail=%s,", rf_key), \ 4547 mail=rf_key, \ 4548 (mgrprfc822mailmember)=(addresses, ",") 4549 4550#mail.mapping 4551#Commented out because all NIS->LDAP mappings are done by mail.aliases 4552#nisLDAPattributeFromField mail.mapping: \ 4553# dn=("mail=%s,", address), \ 4554# mail=address, \ 4555# mgrprfc822mailmember=rf_key 4556nisLDAPattributeFromField mail.mapping: \ 4557 mgrprfc822mailmember=rf_searchkey 4558 4559# netgroup. 4560# 4561# Only need to create DIT entries for netgroup. This contains a superset of 4562# the information in netgroup.byhost and netgroup.byuser 4563nisLDAPattributeFromField netgroup: \ 4564 dn=("cn=%s,", rf_key ), \ 4565 (memberNisNetgroup)=group, \ 4566 (nisNetgroupTriple)= \ 4567 ("(%s,%s,%s)", host, user, domain), \ 4568 cn=rf_key, \ 4569 description=rf_comment 4570 4571# netid.pass 4572# 4573# Commented out because, unless remote domains (and thus /etc/netid) is 4574# supported, all NIS->LDAP mappings are set up from passwd. 4575#nisLDAPattributeFromField netid.pass: \ 4576# ("unix.%s@*", uidNumber)=rf_key, \ 4577# (gidNumber)=("%s", (data), " "), \ 4578# description=rf_comment 4579nisLDAPattributeFromField netid.pass: \ 4580 ("unix.%s@*", uidNumber)=rf_searchkey 4581 4582# netid.host 4583# 4584# Commented out because, unless remote domains (and thus /etc/netid) is 4585# supported, all NIS->LDAP mappings are set up from hosts. 4586#nisLDAPattributeFromField netid.host: \ 4587# dn=("cn=%s+ipHostNumber=%s,", data, \ 4588# ldap:ipHostNumber:?one?("cn=%s", data)), \ 4589# ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \ 4590# ("unix.%s@*", cn)=rf_key, \ 4591# description=rf_comment 4592nisLDAPattributeFromField netid.host: \ 4593 ("unix.%s@*", cn)=rf_searchkey 4594 4595# netmasks.byaddr 4596nisLDAPattributeFromField netmasks.byaddr: \ 4597 dn=("ipNetworkNumber=%s,", rf_ipkey ), \ 4598 ipNetworkNumber=rf_ipkey, \ 4599 ipNetmaskNumber=mask, \ 4600 description=rf_comment 4601 4602# networks. 4603nisLDAPattributeFromField networks.byname: \ 4604 dn=("ipNetworkNumber=%s,", number ), \ 4605 cn=name, \ 4606 cn=rf_key 4607nisLDAPattributeFromField networks.byaddr: \ 4608 dn=("ipNetworkNumber=%s,", rf_key ), \ 4609 cn=name 4610nisLDAPattributeFromField networks: \ 4611 (cn)=(aliases, " "), \ 4612 ipNetworkNumber=number, \ 4613 description=rf_comment 4614' >> $MAP_FILE 4615 4616 4617# passwd syntax is different when passwd.adjunct map is present. 4618# So, need to handle the various possibilities 4619 4620_MAP=passwd.adjunct.byname 4621 4622if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4623then 4624 4625 # Just put the passwd.adjunct syntax in comment form 4626 4627 echo '# passwd 4628nisLDAPattributeFromField passwd.byname: \ 4629 dn=("uid=%s,", rf_key ), \ 4630 uid=rf_key, \ 4631 uidNumber=uid 4632nisLDAPattributeFromField passwd.byuid: \ 4633 dn=("uid=%s,", name ), \ 4634 uidNumber=rf_key, \ 4635 uid=name 4636nisLDAPattributeFromField passwd: \ 4637 cn=name, \ 4638 userPassword=("{crypt}%s",passwd), \ 4639 gidNumber=gid, \ 4640 gecos=gecos, \ 4641 homeDirectory=home, \ 4642 loginShell=shell 4643 4644# 4645# If you are using passwd.adjunct, comment the passwd section above 4646# and uncomment the following passwd and passwd.adjunct sections 4647# 4648# passwd 4649#nisLDAPattributeFromField passwd.byname: \ 4650# dn=("uid=%s,", rf_key ), \ 4651# uid=rf_key, \ 4652# uidNumber=uid 4653#nisLDAPattributeFromField passwd.byuid: \ 4654# dn=("uid=%s,", name ), \ 4655# uidNumber=rf_key, \ 4656# uid=name 4657#nisLDAPattributeFromField passwd: \ 4658# cn=name, \ 4659# gidNumber=gid, \ 4660# gecos=gecos, \ 4661# homeDirectory=home, \ 4662# loginShell=shell 4663 4664# passwd.adjunct 4665#nisLDAPattributeFromField passwd.adjunct.byname: \ 4666# dn=("uid=%s,", rf_key ), \ 4667# uid=name, \ 4668# userPassword=("{crypt}%s",passwd) 4669' >> $MAP_FILE 4670 4671else 4672 4673 # Find the domains in which passwd.adjunct map exists. 4674 find_domains $_MAP DEF_MAPS 4675 4676 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4677 then 4678 4679 # All the domains have passwd.adjunct map. So, put the right 4680 # passwd syntax and comment-in the passwd.adjunct syntax. 4681 4682 4683 echo '# passwd 4684#nisLDAPattributeFromField passwd.byname: \ 4685# dn=("uid=%s,", rf_key ), \ 4686# uid=rf_key, \ 4687# uidNumber=uid 4688#nisLDAPattributeFromField passwd.byuid: \ 4689# dn=("uid=%s,", name ), \ 4690# uidNumber=rf_key, \ 4691# uid=name 4692#nisLDAPattributeFromField passwd: \ 4693# cn=name, \ 4694# userPassword=("{crypt}%s",passwd), \ 4695# gidNumber=gid, \ 4696# gecos=gecos, \ 4697# homeDirectory=home, \ 4698# loginShell=shell 4699 4700# If you are not using passwd.adjunct, uncomment the passwd section above 4701# and comment the following passwd and passwd.adjunct sections 4702# 4703# passwd 4704nisLDAPattributeFromField passwd.byname: \ 4705 dn=("uid=%s,", rf_key ), \ 4706 uid=rf_key, \ 4707 uidNumber=uid 4708nisLDAPattributeFromField passwd.byuid: \ 4709 dn=("uid=%s,", name ), \ 4710 uidNumber=rf_key, \ 4711 uid=name 4712nisLDAPattributeFromField passwd: \ 4713 cn=name, \ 4714 gidNumber=gid, \ 4715 gecos=gecos, \ 4716 homeDirectory=home, \ 4717 loginShell=shell 4718 4719# passwd.adjunct 4720nisLDAPattributeFromField passwd.adjunct.byname: \ 4721 dn=("uid=%s,", rf_key ), \ 4722 uid=name, \ 4723 userPassword=("{crypt}%s",passwd) 4724' >> $MAP_FILE 4725 4726 else 4727 # Not every domain has passwd.adjunct map. 4728 4729 # First put the password syntax with domain name for domains 4730 # in which passwd.adjunct exists. 4731 4732 echo "# passwd" >> $MAP_FILE 4733 4734 for _DMN in $PRESENT_IN_DOMAINS 4735 do 4736 4737 echo "\ 4738nisLDAPattributeFromField passwd.byname,${_DMN}: \\ 4739 dn=(\"uid=%s,\", rf_key ), \\ 4740 uid=rf_key, \\ 4741 uidNumber=uid 4742nisLDAPattributeFromField passwd.byuid,${_DMN}: \\ 4743 dn=(\"uid=%s,\", name ), \\ 4744 uidNumber=rf_key, \\ 4745 uid=name 4746nisLDAPattributeFromField passwd,${_DMN}: \\ 4747 cn=name, \\ 4748 gidNumber=gid, \\ 4749 gecos=gecos, \\ 4750 homeDirectory=home, \\ 4751 loginShell=shell 4752" >> $MAP_FILE 4753 done 4754 4755 # Now put the other passwd syntax. We do not need to 4756 # append the domain name here. 4757 4758 echo ' 4759nisLDAPattributeFromField passwd.byname: \ 4760 dn=("uid=%s,", rf_key ), \ 4761 uid=rf_key, \ 4762 uidNumber=uid 4763nisLDAPattributeFromField passwd.byuid: \ 4764 dn=("uid=%s,", name ), \ 4765 uidNumber=rf_key, \ 4766 uid=name 4767nisLDAPattributeFromField passwd: \ 4768 cn=name, \ 4769 userPassword=("{crypt}%s",passwd), \ 4770 gidNumber=gid, \ 4771 gecos=gecos, \ 4772 homeDirectory=home, \ 4773 loginShell=shell 4774' >> $MAP_FILE 4775 4776 # Now we need to put the passwd.adjunct syntax for domains 4777 # in which this map exists. 4778 4779 echo "# passwd.adjunct" >> $MAP_FILE 4780 4781 for _DMN in $PRESENT_IN_DOMAINS 4782 do 4783 4784 echo "\ 4785nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\ 4786 dn=(\"uid=%s,\", rf_key ), \\ 4787 uid=name, \\ 4788 userPassword=(\"{crypt}%s\",passwd) 4789" >> $MAP_FILE 4790 done 4791 4792 fi 4793 4794fi 4795 4796echo ' 4797# This map is never created but yppasswd uses the mapping to extract password 4798# aging information from the DIT. 4799nisLDAPattributeFromField ageing.byname: \ 4800 dn=("uid=%s,", rf_key ), \ 4801 uid=name, \ 4802 shadowLastChange=lastchg, \ 4803 shadowMin=min, \ 4804 shadowMax=max, \ 4805 shadowWarning=warn, \ 4806 shadowInactive=inactive, \ 4807 shadowExpire=expire, \ 4808 shadowFlag=flag 4809 4810# printers.conf.byname 4811nisLDAPattributeFromField printers.conf.byname: \ 4812 dn=("printer-uri=%s,", rf_key ), \ 4813 printer-name=rf_key, \ 4814 (printer-aliases)=(names, "|"), \ 4815 sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \ 4816 (sun-printer-kvp)=(values,":"), \ 4817 description=rf_comment 4818 4819# prof_attr 4820nisLDAPattributeFromField prof_attr: \ 4821 dn=("cn=%s,", rf_key ), \ 4822 cn=name, \ 4823 SolarisAttrReserved1=res1, \ 4824 SolarisAttrReserved2=res2, \ 4825 SolarisAttrLongDesc=desc, \ 4826 SolarisAttrKeyValue=attrs 4827 4828# project 4829nisLDAPattributeFromField project.byname: \ 4830 dn=("SolarisProjectName=%s,", rf_key ) 4831nisLDAPattributeFromField project.byprojid: \ 4832 dn=("SolarisProjectName=%s,", name ), \ 4833 SolarisProjectID=rf_searchkey 4834nisLDAPattributeFromField project: \ 4835 SolarisProjectName=name, \ 4836 SolarisProjectID=projID, \ 4837 (memberUid)=(users, ","), \ 4838 (memberGid)=(groups, ","), \ 4839 (SolarisProjectAttr)=(attrs, ";"), \ 4840 description=comment 4841 4842# protocols 4843nisLDAPattributeFromField protocols.byname: \ 4844 ipProtocolNumber=number, \ 4845 cn=rf_searchkey 4846nisLDAPattributeFromField protocols.bynumber: \ 4847 ipProtocolNumber=rf_key, \ 4848 description=rf_comment 4849nisLDAPattributeFromField protocols: \ 4850 dn=("cn=%s,", name ), \ 4851 (cn)=(aliases, " "), \ 4852 cn=name 4853 4854# rpc.bynumber 4855nisLDAPattributeFromField rpc.bynumber: \ 4856 dn=("cn=%s,", name ), \ 4857 oncRpcNumber=rf_key, \ 4858 (cn)=(aliases, " "), \ 4859 cn=name, \ 4860 description=rf_comment 4861 4862# services 4863# services.byservicename rule is only used to speed single search 4864nisLDAPattributeFromField services.byservicename: \ 4865 ("%s/%s", cn, ipServiceProtocol) = rf_searchkey 4866 4867nisLDAPattributeFromField services.byname: \ 4868 dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \ 4869 ("*/%s", ipServiceProtocol)=rf_key, \ 4870 ("%s/*", ipServicePort)=rf_key, \ 4871 (cn)=(aliases, " "), \ 4872 cn=name, \ 4873 description=rf_comment 4874 4875# timezone.byname 4876nisLDAPattributeFromField timezone.byname: \ 4877 dn=("cn=%s,", rf_key ), \ 4878 cn=hostName, \ 4879 nisplusTimeZone=zoneName, \ 4880 description=comment 4881 4882# user_attr 4883nisLDAPattributeFromField user_attr: \ 4884 dn=("uid=%s,", rf_key ), \ 4885 uid=rf_key, \ 4886 SolarisUserAttr=qualifier, \ 4887 SolarisUserReserved1=res1, \ 4888 SolarisUserReserved2=res2, \ 4889 SolarisAttrKeyValue=attrs 4890 4891# publickey.byname 4892nisLDAPattributeFromField keys.host: \ 4893 dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \ 4894 nisPublicKey=publicKey, \ 4895 nisSecretKey=secretKey 4896 4897nisLDAPattributeFromField keys.pass: \ 4898 dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \ 4899 nisPublicKey=publicKey, \ 4900 nisSecretKey=secretKey 4901 4902nisLDAPattributeFromField keys.nobody: \ 4903 dn=("uid=%s,",yp:rf_key), \ 4904 cn=rf_key, \ 4905 nisPublicKey=publicKey, \ 4906 nisSecretKey=secretKey 4907 4908# ypservers. This derived from IPlanet implementation not RFC. 4909nisLDAPattributeFromField ypservers: \ 4910 dn=("cn=%s,", rf_key), \ 4911 cn=rf_key 4912' >> $MAP_FILE 4913} 4914 4915# 4916# List all the non-default auto.* and custom maps. 4917# 4918list_auto_and_custom_nisLDAPattributeFromField() 4919{ 4920 4921# auto.* entries are easy. 4922if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4923 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4924fi 4925 4926for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4927do 4928 echo "\ 4929# ${_MAP} 4930nisLDAPattributeFromField ${_MAP}: \\ 4931 dn=(\"automountKey=%s,\", rf_key ), \\ 4932 automountKey=rf_key, \\ 4933 automountInformation=value 4934" >> $MAP_FILE 4935done 4936 4937# Since we do not have enough information to generate 4938# entries for other custom maps, best we can do is to 4939# log this map names and ask user to take care of them. 4940 4941ask_user_to_update_the_custom_map_entries_too 4942 4943} 4944 4945 4946# 4947# List mapping of named fields to DIT entries 4948# 4949create_nisLDAPattributeFromField() 4950{ 4951 4952[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4953# nisLDAPattributeFromField : It specifies how an LDAP attribute 4954# value is derived from a NIS entries field values. 4955# 4956# The format of nisLDAPattributeFromField entry is : 4957# mapName ":" fieldattrspec *("," fieldattrspec ) 4958' >> $MAP_FILE 4959 4960# List all the default entries anyway. 4961list_default_nisLDAPattributeFromField 4962 4963# List all the non-default auto.* and custom maps. 4964list_auto_and_custom_nisLDAPattributeFromField 4965 4966echo " 4967# 4968#------------------------------------------------------------------------------ 4969# 4970" >> $MAP_FILE 4971} 4972 4973 4974# 4975# List all the default nisLDAPattributeFromField entries 4976# 4977list_default_nisLDAPfieldFromAttribute() 4978{ 4979echo ' 4980# Describe how named fields are mapped from DIT entries. 4981 4982# audit_user 4983nisLDAPfieldFromAttribute audit_user: \ 4984 ("uid=%s,*", rf_key)=dn, \ 4985 ("uid=%s,*", name)=dn, \ 4986 alwaysAuditFlags=SolarisAuditAlways, \ 4987 neverAuditFlags=SolarisAuditNever 4988 4989# auto.home 4990nisLDAPfieldFromAttribute auto.home: \ 4991 rf_key=automountKey, \ 4992 value=automountInformation 4993 4994# auto.master 4995nisLDAPfieldFromAttribute auto.master: \ 4996 rf_key=automountKey, \ 4997 value=automountInformation 4998 4999# auth_attr 5000nisLDAPfieldFromAttribute auth_attr: \ 5001 rf_key=cn, \ 5002 name=cn, \ 5003 res1=SolarisAttrReserved1, \ 5004 res2=SolarisAttrReserved2, \ 5005 short_desc=SolarisAttrShortDesc, \ 5006 long_desc=SolarisAttrLongDesc, \ 5007 attrs=SolarisAttrKeyValue 5008 5009# Exec_attr. Because of messy NIS keys special handlind is required here 5010nisLDAPfieldFromAttribute exec_attr: \ 5011 rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \ 5012 solarisProfileId), \ 5013 name=cn, \ 5014 policy=SolarisKernelSecurityPolicy, \ 5015 type=SolarisProfileType, \ 5016 res1=SolarisAttrReserved1, \ 5017 res2=SolarisAttrReserved2, \ 5018 id=SolarisProfileId, \ 5019 attrs=SolarisAttrKeyValue 5020 5021 5022# ethers 5023nisLDAPfieldFromAttribute ethers.byname: \ 5024 rf_key=cn 5025nisLDAPfieldFromAttribute ethers.byaddr: \ 5026 rf_key=macAddress 5027nisLDAPfieldFromAttribute ethers: \ 5028 name=cn, \ 5029 addr=macAddress, \ 5030 rf_comment=description 5031 5032# bootparams. Must be done after ethers 5033nisLDAPfieldFromAttribute bootparams: \ 5034 rf_key=cn, \ 5035 params=("%s ", (bootParameter), " ") 5036' >> $MAP_FILE 5037 5038# group syntax is different when group.adjunct map is present. 5039# So, need to handle the various possibilities 5040 5041_MAP=group.adjunct.byname 5042 5043if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5044then 5045 5046 # Just put the group.adjunct syntax in comment form 5047 5048 echo '# group 5049nisLDAPfieldFromAttribute group.byname: \ 5050 rf_key=cn 5051nisLDAPfieldFromAttribute group.bygid: \ 5052 rf_key=gidNumber 5053nisLDAPfieldFromAttribute group: \ 5054 gid=gidNumber, \ 5055 name=cn, \ 5056 ("{crypt}%s", passwd)=userPassword, \ 5057 users=("%s,", (memberUid), ",") 5058 5059# 5060# If you are using group.adjunct, comment the group section above 5061# and uncomment the following group and group.adjunct section 5062# 5063# group 5064#nisLDAPfieldFromAttribute group.byname: \ 5065# rf_key=cn 5066#nisLDAPfieldFromAttribute group.bygid: \ 5067# rf_key=gidNumber 5068#nisLDAPfieldFromAttribute group: \ 5069# gid=gidNumber, \ 5070# name=cn, \ 5071# passwd=("#$%s", cn), \ 5072# users=("%s,", (memberUid), ",") 5073 5074# group.adjunct 5075#nisLDAPfieldFromAttribute group.adjunct.byname: \ 5076# rf_key=cn, \ 5077# name=cn, \ 5078# ("{crypt}%s", passwd)=userPassword 5079' >> $MAP_FILE 5080 5081else 5082 5083 # Find the domains in which group.adjunct map exists. 5084 find_domains $_MAP DEF_MAPS 5085 5086 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5087 then 5088 5089 # All the domains have group.adjunct map. 5090 5091 5092 echo '# group 5093#nisLDAPfieldFromAttribute group.byname: \ 5094# rf_key=cn 5095#nisLDAPfieldFromAttribute group.bygid: \ 5096# rf_key=gidNumber 5097#nisLDAPfieldFromAttribute group: \ 5098# gid=gidNumber, \ 5099# name=cn, \ 5100# ("{crypt}%s", passwd)=userPassword, \ 5101# users=("%s,", (memberUid), ",") 5102 5103# 5104# If you are not using group.adjunct, comment the group section above 5105# and uncomment the following group and group.adjunct sections 5106# 5107# group 5108nisLDAPfieldFromAttribute group.byname: \ 5109 rf_key=cn 5110nisLDAPfieldFromAttribute group.bygid: \ 5111 rf_key=gidNumber 5112nisLDAPfieldFromAttribute group: \ 5113 gid=gidNumber, \ 5114 name=cn, \ 5115 passwd=("#$%s", cn), \ 5116 users=("%s,", (memberUid), ",") 5117 5118# 5119# group.adjunct 5120nisLDAPfieldFromAttribute group.adjunct.byname: \ 5121 rf_key=cn, \ 5122 name=cn, \ 5123 ("{crypt}%s", passwd)=userPassword 5124' >> $MAP_FILE 5125 5126 else 5127 # Not every domain has group.adjunct map. 5128 5129 echo "# group" >> $MAP_FILE 5130 5131 for _DMN in $PRESENT_IN_DOMAINS 5132 do 5133 5134 echo "\ 5135nisLDAPfieldFromAttribute group.byname,${_DMN}: \\ 5136 rf_key=cn 5137nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\ 5138 rf_key=gidNumber 5139nisLDAPfieldFromAttribute group,${_DMN}: \\ 5140 gid=gidNumber, \\ 5141 name=cn, \\ 5142 passwd=(\"#$%s\", cn), \\ 5143 users=(\"%s,\", (memberUid), \",\") 5144" >> $MAP_FILE 5145 done 5146 5147 # Now put the generic group syntax. We do not need to 5148 # append the domain name here. 5149 5150 echo ' 5151nisLDAPfieldFromAttribute group.byname: \ 5152 rf_key=cn 5153nisLDAPfieldFromAttribute group.bygid: \ 5154 rf_key=gidNumber 5155nisLDAPfieldFromAttribute group: \ 5156 gid=gidNumber, \ 5157 name=cn, \ 5158 ("{crypt}%s", passwd)=userPassword, \ 5159 users=("%s,", (memberUid), ",") 5160' >> $MAP_FILE 5161 5162 # Now we need to put the group.adjunct syntax for domains 5163 # in which this map exists. 5164 5165 echo "# 5166# group.adjunct 5167# " >> $MAP_FILE 5168 5169 for _DMN in $PRESENT_IN_DOMAINS 5170 do 5171 5172 echo "\ 5173nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\ 5174 rf_key=cn, \\ 5175 name=cn, \\ 5176 (\"{crypt}%s\", passwd)=userPassword 5177" >> $MAP_FILE 5178 5179 done 5180 5181 fi 5182 5183fi 5184 5185echo ' 5186# hosts 5187nisLDAPfieldFromAttribute hosts.byaddr: \ 5188 rf_ipkey=ipHostNumber 5189nisLDAPfieldFromAttribute hosts.byname: \ 5190 (rf_key)=(cn) 5191nisLDAPfieldFromAttribute hosts: \ 5192 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5193 addr=ipHostNumber, \ 5194 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5195 rf_comment=description 5196 5197nisLDAPfieldFromAttribute multihosts: \ 5198 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5199 (rf_key)=("YP_MULTI_%s", cn), \ 5200 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5201 rf_comment=description, \ 5202 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5203 (ipHostNumber=*.*))", yp:canonicalName)), \ 5204 addr=("%s,", (yp:tmp), ",") 5205 5206# ipnodes 5207nisLDAPfieldFromAttribute ipnodes.byaddr: \ 5208 rf_ipkey=ipHostNumber 5209nisLDAPfieldFromAttribute ipnodes.byname: \ 5210 (rf_key)=(cn) 5211nisLDAPfieldFromAttribute ipnodes: \ 5212 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5213 addr=ipHostNumber, \ 5214 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5215 rf_comment=description 5216 5217nisLDAPfieldFromAttribute multiipnodes: \ 5218 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5219 (rf_key)=("YP_MULTI_%s", cn), \ 5220 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5221 rf_comment=description, \ 5222 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5223 (ipHostNumber=*:*))", yp:canonicalName)), \ 5224 addr=("%s,", (yp:tmp), ",") 5225 5226#mail.aliases 5227nisLDAPfieldFromAttribute mail.aliases: \ 5228 rf_key=mail, \ 5229 addresses= ("%s,", (mgrprfc822mailmember), ","), \ 5230 rf_comment=description 5231 5232#mail.mapping 5233nisLDAPfieldFromAttribute mail.mapping: \ 5234 rf_key=mgrprfc822mailmember, \ 5235 address=mail, \ 5236 rf_comment=description 5237 5238# netgroup. 5239nisLDAPfieldFromAttribute netgroup: \ 5240 rf_key=cn, \ 5241 (group)=(memberNisNetgroup), \ 5242 ("(%s,%s,%s)", host, user, domain)= \ 5243 (nisNetgroupTriple), \ 5244 rf_comment=description 5245 5246# netid.pass 5247nisLDAPfieldFromAttribute netid.pass: \ 5248 number=uidNumber, \ 5249 (tmp)=("%s", gidNumber:ou=group,?one?\ 5250 ("memberUid=%s", ldap:uid)), \ 5251 sgid=("%s,", (yp:tmp) - gidNumber, ","), \ 5252 data=("%s,%s", gidNumber, yp:sgid), \ 5253 data=gidNumber, \ 5254 (rf_key)=("unix.%s@%s", yp:number, yp:rf_domain) 5255 5256# netid.host 5257nisLDAPfieldFromAttribute netid.host: \ 5258 ("cn=%s+ipHostNumber=*", data)=dn, \ 5259 number=("0"), \ 5260 (rf_key)=("unix.%s@%s", yp:data, yp:rf_domain) 5261 5262# netmasks.byaddr 5263nisLDAPfieldFromAttribute netmasks.byaddr: \ 5264 ("ipNetworkNumber=%s,*", rf_ipkey)=dn, \ 5265 mask=ipNetmaskNumber, \ 5266 rf_comment=description 5267 5268# networks. 5269nisLDAPfieldFromAttribute networks.byname: \ 5270 (rf_key)=(cn) 5271nisLDAPfieldFromAttribute networks.byaddr: \ 5272 ("ipNetworkNumber=%s,*", rf_key)=dn 5273nisLDAPfieldFromAttribute networks: \ 5274 name=cn, \ 5275 aliases=("%s ", (cn) - yp:name, " "), \ 5276 number=ipNetworkNumber, \ 5277 rf_comment=description 5278' >> $MAP_FILE 5279 5280# passwd syntax is different when passwd.adjunct map is present. 5281# So, need to handle the various possibilities 5282 5283_MAP=passwd.adjunct.byname 5284 5285if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5286then 5287 5288 # Just put the passwd.adjunct syntax in comment form 5289 5290 echo '# passwd 5291nisLDAPfieldFromAttribute passwd.byname: \ 5292 rf_key=uid 5293nisLDAPfieldFromAttribute passwd.byuid: \ 5294 rf_key=uidNumber 5295nisLDAPfieldFromAttribute passwd: \ 5296 name=uid, \ 5297 uid=uidNumber, \ 5298 ("{crypt}%s", passwd)=userPassword, \ 5299 gid=gidNumber, \ 5300 gecos=gecos, \ 5301 home=homeDirectory, \ 5302 shell=loginShell 5303 5304# 5305# If you are using passwd.adjunct, comment the passwd section above 5306# and uncomment the following passwd and passwd.adjunct sections 5307# 5308# passwd 5309#nisLDAPfieldFromAttribute passwd.byname: \ 5310# rf_key=uid 5311#nisLDAPfieldFromAttribute passwd.byuid: \ 5312# rf_key=uidNumber 5313#nisLDAPfieldFromAttribute passwd: \ 5314# name=uid, \ 5315# uid=uidNumber, \ 5316# passwd=("##%s", uid), \ 5317# gid=gidNumber, \ 5318# gecos=gecos, \ 5319# home=homeDirectory, \ 5320# shell=loginShell 5321 5322# passwd.adjunct 5323#nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5324# rf_key=uid, \ 5325# name=uid, \ 5326# ("{crypt}%s", passwd)=userPassword 5327' >> $MAP_FILE 5328 5329else 5330 5331 # Find the domains in which passwd.adjunct map exists. 5332 find_domains $_MAP DEF_MAPS 5333 5334 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5335 then 5336 5337 # All the domains have passwd.adjunct map. So, put the right 5338 # passwd syntax and comment-in the passwd.adjunct syntax. 5339 5340 5341 echo '# passwd 5342#nisLDAPfieldFromAttribute passwd.byname: \ 5343# rf_key=uid 5344#nisLDAPfieldFromAttribute passwd.byuid: \ 5345# rf_key=uidNumber 5346#nisLDAPfieldFromAttribute passwd: \ 5347# name=uid, \ 5348# uid=uidNumber, \ 5349# ("{crypt}%s", passwd)=userPassword, \ 5350# gid=gidNumber, \ 5351# gecos=gecos, \ 5352# home=homeDirectory, \ 5353# shell=loginShell 5354 5355# 5356# If you are not using passwd.adjunct, uncomment the passwd section 5357# above and comment the following passwd and passwd.adjunct sections 5358# 5359# passwd 5360nisLDAPfieldFromAttribute passwd.byname: \ 5361 rf_key=uid 5362nisLDAPfieldFromAttribute passwd.byuid: \ 5363 rf_key=uidNumber 5364nisLDAPfieldFromAttribute passwd: \ 5365 name=uid, \ 5366 uid=uidNumber, \ 5367 passwd=("##%s", uid), \ 5368 gid=gidNumber, \ 5369 gecos=gecos, \ 5370 home=homeDirectory, \ 5371 shell=loginShell 5372 5373# 5374# passwd.adjunct Must follow passwd 5375# 5376nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5377 rf_key=uid, \ 5378 name=uid, \ 5379 ("{crypt}%s", passwd)=userPassword 5380' >> $MAP_FILE 5381 5382 else 5383 # Not every domain has passwd.adjunct map. 5384 5385 # First put the password syntax with domain name for domains 5386 # in which passwd.adjunct exists. 5387 5388 echo "# passwd" >> $MAP_FILE 5389 5390 for _DMN in $PRESENT_IN_DOMAINS 5391 do 5392 5393 echo "\ 5394nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\ 5395 rf_key=uid 5396nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\ 5397 rf_key=uidNumber 5398nisLDAPfieldFromAttribute passwd,${_DMN}: \\ 5399 name=uid, \\ 5400 uid=uidNumber, \\ 5401 passwd=(\"##%s\", uid), \\ 5402 gid=gidNumber, \\ 5403 gecos=gecos, \\ 5404 home=homeDirectory, \\ 5405 shell=loginShell 5406" >> $MAP_FILE 5407 done 5408 5409 # Now put the other passwd syntax. We do not need to 5410 # append the domain name here. 5411 5412 echo ' 5413nisLDAPfieldFromAttribute passwd.byname: \ 5414 rf_key=uid 5415nisLDAPfieldFromAttribute passwd.byuid: \ 5416 rf_key=uidNumber 5417nisLDAPfieldFromAttribute passwd: \ 5418 name=uid, \ 5419 uid=uidNumber, \ 5420 ("{crypt}%s", passwd)=userPassword, \ 5421 gid=gidNumber, \ 5422 gecos=gecos, \ 5423 home=homeDirectory, \ 5424 shell=loginShell 5425' >> $MAP_FILE 5426 5427 # Now we need to put the passwd.adjunct syntax for domains 5428 # in which this map exists. 5429 5430 echo "# 5431# passwd.adjunct Must follow passwd 5432# " >> $MAP_FILE 5433 5434 for _DMN in $PRESENT_IN_DOMAINS 5435 do 5436 5437 echo "\ 5438nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\ 5439 rf_key=uid, \\ 5440 name=uid, \\ 5441 (\"{crypt}%s\", passwd)=userPassword 5442" >> $MAP_FILE 5443 5444 done 5445 5446 fi 5447 5448fi 5449 5450echo ' 5451# This map is never created but yppasswd uses the mapping to extract password 5452# ageing information from the DIT. 5453nisLDAPfieldFromAttribute ageing.byname: \ 5454 rf_key=uid, \ 5455 name=uid, \ 5456 lastchg=shadowLastChange, \ 5457 min=shadowMin, \ 5458 max=shadowMax, \ 5459 warn=shadowWarning, \ 5460 inactive=shadowInactive, \ 5461 expire=shadowExpire, \ 5462 flag=shadowFlag 5463 5464# printers.conf.byname 5465nisLDAPfieldFromAttribute printers.conf.byname: \ 5466 rf_key=printer-uri, \ 5467 names=("%s|", (printer-aliases), "|"), \ 5468 bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \ 5469 kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \ 5470 values=("%s:%s", yp:bsdaddr, yp:kvps), \ 5471 values=("%s:", yp:bsdaddr), \ 5472 values=yp:kvps, \ 5473 rf_comment=description 5474 5475# prof_attr 5476nisLDAPfieldFromAttribute prof_attr: \ 5477 rf_key=cn, \ 5478 name=cn, \ 5479 res1=SolarisAttrReserved1, \ 5480 res2=SolarisAttrReserved2, \ 5481 desc=SolarisAttrLongDesc, \ 5482 attrs=SolarisAttrKeyValue 5483 5484# project 5485nisLDAPfieldFromAttribute project.byname: \ 5486 rf_key=SolarisProjectName 5487nisLDAPfieldFromAttribute project.byprojid: \ 5488 rf_key=SolarisProjectID 5489nisLDAPfieldFromAttribute project: \ 5490 name=SolarisProjectName, \ 5491 projID=SolarisProjectID, \ 5492 comment=description, \ 5493 users=("%s,", (memberUid), ","), \ 5494 groups=("%s,", (memberGid), ","), \ 5495 attrs=("%s;", (SolarisProjectAttr), ";") 5496 5497# protocols 5498nisLDAPfieldFromAttribute protocols.byname: \ 5499 ("cn=%s,*", rf_key)=dn, \ 5500 (rf_key)=(cn) 5501nisLDAPfieldFromAttribute protocols.bynumber: \ 5502 rf_key=ipProtocolNumber, \ 5503 rf_comment=description 5504nisLDAPfieldFromAttribute protocols: \ 5505 ("cn=%s,*", name)=dn, \ 5506 number=ipProtocolNumber, \ 5507 aliases=("%s ", (cn) - yp:name, " ") 5508 5509# rpc.bynumber 5510nisLDAPfieldFromAttribute rpc.bynumber: \ 5511 rf_key=oncRpcNumber, \ 5512 number=oncRpcNumber, \ 5513 ("cn=%s,*", name)=dn, \ 5514 aliases=("%s ", (cn) - yp:name, " "), \ 5515 rf_comment=description 5516 5517# services 5518nisLDAPfieldFromAttribute services.byname: \ 5519 rf_key = ("%s/%s", ipServicePort, ipServiceProtocol) 5520nisLDAPfieldFromAttribute services.byservicename: \ 5521 (rf_key)=("%s/%s", cn, ipServiceProtocol), \ 5522 (rf_key)=(cn) 5523nisLDAPfieldFromAttribute services: \ 5524 ("cn=%s+ipServiceProtocol=*", name)=dn, \ 5525 protocol=ipServiceProtocol, \ 5526 port=ipServicePort, \ 5527 aliases=("%s ", (cn) - yp:name, " "), \ 5528 rf_comment=description 5529 5530# timezone.byname 5531nisLDAPfieldFromAttribute timezone.byname: \ 5532 rf_key=cn, \ 5533 hostName=cn, \ 5534 zoneName=nisplusTimeZone, \ 5535 rf_comment=description 5536 5537# user_attr 5538nisLDAPfieldFromAttribute user_attr: \ 5539 ("uid=%s,*", rf_key)=dn, \ 5540 ("uid=%s,*", user)=dn, \ 5541 qualifier=SolarisUserAttr, \ 5542 res1=SolarisUserReserved1, \ 5543 res2=SolarisUserReserved2, \ 5544 attrs=SolarisAttrKeyValue 5545 5546# publickey.byname 5547nisLDAPfieldFromAttribute keys.host: \ 5548 ("cn=%s+ipHostNumber=*", cname)=dn, \ 5549 rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \ 5550 publicKey=nisPublicKey, \ 5551 secretKey=nisSecretKey 5552 5553nisLDAPfieldFromAttribute keys.pass: \ 5554 rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \ 5555 publicKey=nisPublicKey, \ 5556 secretKey=nisSecretKey 5557 5558nisLDAPfieldFromAttribute keys.nobody: \ 5559 rf_key=uid, \ 5560 publicKey=nisPublicKey, \ 5561 secretKey=nisSecretKey 5562 5563# ypservers. This derived from IPlanet implementation not RFC. 5564nisLDAPfieldFromAttribute ypservers: \ 5565 rf_key=cn 5566' >> $MAP_FILE 5567} 5568 5569 5570# 5571# List all the non-default auto.* and custom maps. 5572# 5573list_auto_and_custom_nisLDAPfieldFromAttribute() 5574{ 5575 5576# auto.* entries are easy. 5577if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 5578 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 5579fi 5580 5581for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 5582do 5583 echo "\ 5584# ${_MAP} 5585nisLDAPfieldFromAttribute ${_MAP}: \\ 5586 rf_key=automountKey, \\ 5587 value=automountInformation 5588" >> $MAP_FILE 5589done 5590 5591# Since we do not have enough information to generate 5592# entries for other custom maps, best we can do is to 5593# log this map names and ask user to take care of them. 5594 5595ask_user_to_update_the_custom_map_entries_too 5596 5597} 5598 5599 5600# 5601# List mapping of named fields from DIT entries 5602# 5603create_nisLDAPfieldFromAttribute() 5604{ 5605 5606[ CUST_CMT_NEEDED -eq 1 ] && echo ' 5607# nisLDAPfieldFromAttribute : It specifies how a NIS entries 5608# field values are derived from LDAP attribute values. 5609# 5610# The format of nisLDAPfieldFromAttribute is : 5611# mapName ":" fieldattrspec *("," fieldattrspec) 5612' >> $MAP_FILE 5613 5614# List all the default entries anyway. 5615list_default_nisLDAPfieldFromAttribute 5616 5617# List all the non-default auto.* and custom maps. 5618list_auto_and_custom_nisLDAPfieldFromAttribute 5619 5620echo " 5621# 5622#------------------------------------------------------------------------------ 5623# 5624" >> $MAP_FILE 5625} 5626 5627 5628 5629# Main function for creating the mapping file 5630create_mapping_file() 5631{ 5632# Ask user the list of domains to be served by N2L 5633create_n2l_domain_list 5634 5635# If there are no N2L domains or none selected, then exit 5636if [ $N2L_DMN_CNT -eq 0 ]; then 5637 echo "There are no domains to serve. No mapping file generated." 5638 return 1 5639fi 5640 5641while : 5642do 5643 get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}" 5644 5645 # If help continue, otherwise break. 5646 case "$ANS" in 5647 [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;; 5648 * ) break ;; 5649 esac 5650done 5651 5652MAP_FILE=${ANS} 5653[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE 5654 5655# Backup existing mapping file if selected 5656check_back_mapping_file 5657 5658# To prevent from leaving a partial mapping file in case some error 5659# or signal takes place which might result in machine starting in N2L 5660# mode at next reboot, store the output being generated in a temporary 5661# file first, and move it at the final destination only at the end if 5662# everything goes fine. 5663 5664_MAP_FILE=$MAP_FILE 5665MAP_FILE=${TMPDIR}/${TMPMAP}.$$ 5666 5667echo "Generating mapping file temporarily as \"${MAP_FILE}\"" 5668 5669# Place copyright information 5670put_mapping_file_copyright_info 5671 5672 5673# Prepare various map lists for each domain 5674create_map_lists 5675 5676# List domains and contexts 5677get_nisLDAPdomainContext 5678 5679# List domains for which passwords should be changed 5680get_nisLDAPyppasswddDomains 5681 5682# List databaseId mappings (aliases) 5683create_nisLDAPdatabaseIdMapping 5684 5685# List comment character for maps 5686create_nisLDAPcommentChar 5687 5688# List SECURE and INTERDOMAIN flags 5689create_nisLDAPmapFlags 5690 5691# List TTL values 5692 create_nisLDAPentryTtl 5693 5694# List name fields 5695create_nisLDAPnameFields 5696 5697# List split fields and repeated fields seperators. 5698create_split_field_and_repeatedfield_seperators 5699 5700# List association of maps with RDNs and object classes. 5701create_nisLDAPobjectDN 5702 5703# List mapping of named fields to DIT entries 5704create_nisLDAPattributeFromField 5705 5706# List mapping of named fields from DIT entries 5707create_nisLDAPfieldFromAttribute 5708 5709 5710# We are done, so move back the mapping file from temp. location 5711# to actual location. 5712# In case the mapping file name has a directory component which does 5713# not exist, then create it now, otherwise 'mv' will return error. 5714 5715DIR_TO_CREATE=`dirname ${_MAP_FILE}` 5716mkdir -p ${DIR_TO_CREATE} 5717 5718echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)" 5719mv $MAP_FILE $_MAP_FILE 5720 5721# Revert back the mapping file name in case needed. 5722MAP_FILE=$_MAP_FILE 5723echo "Finished creation of mapping file ( $MAP_FILE )" 5724 5725} 5726 5727 5728# 5729# Main function for creating config file (ypserv) 5730# 5731process_config_file() 5732{ 5733# Ask for confirmation if the file name is not specified. 5734 5735if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then 5736 display_msg no_config_file_name_specified 5737 5738 get_confirm_nodef "Do you want to create the config file (y/n) ?" 5739 5740 [ $? -eq 0 ] && return 0 5741 5742 while : 5743 do 5744 get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}" 5745 5746 # If help continue, otherwise break. 5747 case "$ANS" in 5748 [Hh] | help | Help | \?) display_msg new_config_file_name_help ;; 5749 * ) break ;; 5750 esac 5751 done 5752 5753 CONFIG_FILE=${ANS} 5754 [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE 5755 5756fi 5757 5758# Backup existing config file if selected 5759check_back_config_file 5760 5761# Create config file 5762create_config_file 5763} 5764 5765 5766# 5767# Main function for creating mapping file (NISLDAPmapping) 5768# 5769process_mapping_file() 5770{ 5771# Ask for confirmation if the file name is not specified. 5772 5773if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then 5774 display_msg no_mapping_file_name_specified 5775 5776 get_confirm_nodef "Do you want to create the mapping file (y/n) ?" 5777 5778 [ $? -eq 0 ] && return 0 5779 5780 5781fi 5782 5783# Create mapping file 5784create_mapping_file 5785} 5786 5787########################################### 5788########### MAIN ########### 5789########################################### 5790 5791PROG=`basename $0` # Program name 5792ABS_PROG=$0 # absolute path needed 5793 5794# Only superuser should be able to run this script. 5795is_root_user 5796if [ $? -ne 0 ]; then 5797 echo "ERROR : Only root can run $PROG" 5798 exit 1 5799fi 5800 5801# Initialize things 5802init 5803 5804# Parse command line arguments. 5805parse_arg $* 5806 5807# Create config file (ypserv) 5808process_config_file 5809 5810# Create mapping file (NISLDAPmapping). 5811process_mapping_file 5812 5813# Cleanup temp files and directories unless debug. 5814[ $DEBUG -eq 0 ] && cleanup 5815 5816exit 0 5817