1#! /usr/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License, Version 1.0 only 7# (the "License"). You may not use this file except in compliance 8# with the License. 9# 10# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11# or http://www.opensolaris.org/os/licensing. 12# See the License for the specific language governing permissions 13# and limitations under the License. 14# 15# When distributing Covered Code, include this CDDL HEADER in each 16# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17# If applicable, add the following below this CDDL HEADER, with the 18# fields enclosed by brackets "[]" replaced with your own identifying 19# information: Portions Copyright [yyyy] [name of copyright owner] 20# 21# CDDL HEADER END 22# 23# 24# ident "%Z%%M% %I% %E% SMI" 25# 26# Copyright 2004 Sun Microsystems, Inc. All rights reserved. 27# Use is subject to license terms. 28# 29# inityp2l -- Utility to generate YP (NIS) to LDAP 30# configuration file (/etc/default/ypserv) 31# and mapping file (/var/yp/NISLDAPmapping) 32# 33 34 35 36# 37# Displays message corresponding to the argument tag passed. 38# 39display_msg() 40{ 41 case "$1" in 42 usage) cat <<EOF 43 44 $PROG: [ -m mapping_file ] [ -c config_file ] 45 m <mapping_file> Name of the generated NISLDAP mapping file 46 Default is /var/yp/NISLDAPmapping 47 c <config_file> Name of the generated ypserv configuration file 48 Default is /etc/default/ypserv 49 50EOF 51 ;; 52 no_config_file_name_specified) cat <<EOF 53 54You have not specified the config file name. You still have the 55option to skip creating this file, specify a config file name, or 56continue creating it with the default file name (${CONFIG_FILE}). 57 58EOF 59 ;; 60 no_mapping_file_name_specified) cat <<EOF 61 62You have not specified the mapping file name. You still have the 63option to skip creating this file, specify a mapping file name, or 64continue creating it with the default file name (${MAP_FILE}). 65 66EOF 67 ;; 68 new_config_file_name_help) cat <<EOF 69 70You can either specify a new file name, or accept the default 71config file name (${CONFIG_FILE}). 72 73It is recommended not to use the default file name since this 74script just helps with rapid creation of a config file. You 75should examine it's content before using it. 76 77EOF 78 ;; 79 new_mapping_file_name_help) cat <<EOF 80 81You can either specify a new file name, or accept the default 82mapping file name (${MAP_FILE}). 83 84It is recommended not to use the default file name since this 85script just helps with rapid creation of a mapping file. You 86should examine it's content before using it. And if there are 87custom maps, then their entries in the mapping file need to be 88customized too. 89 90Also, creation of default mapping file would cause NIS components 91to work in NIS to LDAP (N2L), rather than traditional NIS, mode 92when next restarted. 93 94EOF 95 ;; 96 backup_config_file) cat <<EOF 97 98The config file "${CONFIG_FILE}" already exists. It is strongly 99recommended that you BACKUP this file before running $PROG. 100 101However, even if you continue, you would be given the option to 102back up this file before it gets overwritten. 103 104EOF 105 ;; 106 backup_mapping_file) cat <<EOF 107 108The mapping file "${MAP_FILE}" already exists. It is strongly 109recommended that you BACKUP this file before running $PROG. 110 111However, even if you continue, you would be given the option to 112back up this file before it gets overwritten. 113 114EOF 115 ;; 116 warn_n2l_mode) cat <<EOF 117 118Warning : Creation of default mapping file (`basename $MAP_FILE`) 119 at default location (`dirname $MAP_FILE`) would cause NIS 120 components to work in NIS to LDAP (N2L) mode, rather than 121 traditional NIS mode, when next restarted. 122 123 "$PROG" assists with rapid creation of a simple N2L mapping 124 file. The user should examine it's content before using it. 125 For custom maps, this file needs to be customized which can 126 be done using standard text editors. 127 128EOF 129 ;; 130 config_auth_method_menu) cat <<EOF 131 The following are the supported Authentication Methods - 132 1 none 133 2 simple 134 3 sasl/cram-md5 135 4 sasl/digest-md5 136EOF 137 ;; 138 auth_method_menu) cat <<EOF 139 The following are the supported Authentication Methods - 140 1 simple 141 2 sasl/cram-md5 142 3 sasl/digest-md5 143EOF 144 ;; 145 tls_method_menu) cat <<EOF 146 The following are the supported TLS Methods - 147 1 none 148 2 ssl 149EOF 150 ;; 151 retrieve_error_action_menu) cat <<EOF 152 The following are the supported actions - 153 1 use_cached 154 2 fail 155EOF 156 ;; 157 store_error_action_menu) cat <<EOF 158 The following are the supported actions - 159 1 retry 160 2 fail 161EOF 162 ;; 163 sorry) cat <<EOF 164 165HELP - No help is available for this topic. 166 167EOF 168 ;; 169 backup_config_file_cont_help) cat <<EOF 170 171HELP - Since $PROG will overwrite the existing config file, it is 172 strongly recommended that you backup this file prior to 173 running this utility. 174 175 However, even if you continue, you would be given the option 176 to back up this file before it gets overwritten. 177 178EOF 179 ;; 180 backup_config_file_help) cat <<EOF 181 182HELP - If you choose to backup the existing config file, it would be 183 saved with current date and time suffix in yymmdd.HH.MM.SS format. 184 185EOF 186 ;; 187 backup_mapping_file_cont_help) cat <<EOF 188 189HELP - Since $PROG will overwrite the existing mapping file, it is 190 strongly recommended that you backup this file prior to running 191 this utility. 192 193 However, even if you continue, you would be given the option to 194 back up this file before it gets overwritten. 195 196EOF 197 ;; 198 backup_mapping_file_help) cat <<EOF 199 200HELP - If you choose to backup the existing mapping file, it would be 201 saved with current date and time suffix in yymmdd.HH.MM.SS format. 202 203EOF 204 ;; 205 warn_n2l_mode_help) cat <<EOF 206 207HELP - It is strongly recommended that the mapping file is created at 208 non-default location (other than `dirname $MAP_FILE`). After this, 209 it's content should be verified, custom maps should be handled, 210 and if NIS components are desired to run in NIS to LDAP (N2L), 211 then only it should be copied at the default location. 212 213EOF 214 ;; 215 nisLDAPconfigDN_help) cat <<EOF 216 217HELP - The DN which stores the configuration information in LDAP. 218 There is no default value for this field. Leave empty or 219 undefined to get this information from config file (ypserv). 220 221EOF 222 ;; 223 nisLDAPconfigPreferredServerList_help) cat <<EOF 224 225HELP - List of directory servers to provide the configuration 226 information. There is no default. The preferred servers 227 must be entered IN THE ORDER you wish to have them contacted. 228 The preferred server list is a space separated list of IP 229 addresses. Providing port numbers is optional, and when not 230 supplied, port 389 is assumed. For an LDAP server running 231 on this machine, at port 389, use "127.0.0.1:389". 232 233EOF 234 ;; 235 auth_help) cat <<EOF 236 237HELP - The authentication method to be used to obtain information 238 from LDAP server. The supported methods are provided in menu. 239 240EOF 241 ;; 242 tls_help) cat <<EOF 243 244HELP - The transport layer security used for connection to the LDAP 245 server. In order to successfully use transport layer security, 246 the server must also support the chosen values. The supported 247 methods are provided in menu. Default is "$DEF_TLS". 248 249EOF 250 ;; 251 TLSCertificateDBPath_help) cat <<EOF 252 253HELP - The absolute path name of the file containing the certificate 254 database. The default value is "$DEF_TLSCertificateDBPath" 255 256EOF 257 ;; 258 nisLDAPconfigProxyUser_help) cat <<EOF 259 260HELP - The bind DN of the proxy user used to obtain configuration 261 information. There is no default value. If the value ends 262 with a comma, the value of the nisLDAPconfigDN attribute 263 is appended. 264 265EOF 266 ;; 267 ProxyPassword_warn) cat <<EOF 268 269Warning : In order to avoid having this password publicly visible 270 on the machine, the password should appear only in the 271 configuration file, and the file should have an appropriate 272 owner, group, and file mode. 273 274 So, once this file is ready, please modify appropriately 275 to make sure this file is well protected. 276 277EOF 278 ;; 279 preferredServerList_help) cat <<EOF 280 281HELP - List of directory servers for mapping data to/from LDAP. 282 There is no default. The preferred servers must be entered 283 IN THE ORDER you wish to have them contacted. The preferred 284 server list is a space separated list of IP addresses. 285 Providing port numbers is optional, and when not supplied, 286 port 389 is assumed. For an LDAP server running on this 287 machine, at port 389, use "127.0.0.1:389". 288 289EOF 290 ;; 291 nisLDAPproxyUser_help) cat <<EOF 292 293HELP - The bind DN of the proxy user the ypserv to read or write 294 from or to LDAP. Assumed to have the appropriate permission 295 to read and modify LDAP data. There is no default value. If 296 the value ends with a comma, the value of the context for 297 the current domain (as defined by a nisLDAPdomainContext 298 attribute (NISLDAPmapping(4))) is appended. 299 300EOF 301 ;; 302 nisLDAPbindTimeout_help) cat <<EOF 303 304HELP - The amount of time in seconds after which an LDAP bind operation 305 will timeout. Default is $DEF_nisLDAPbindTimeout seconds. 306 Decimal values are allowed. 307 308EOF 309 ;; 310 nisLDAPsearchTimeout_help) cat <<EOF 311 312HELP - The amount of time in seconds after which an LDAP search operation 313 will timeout. Default is $DEF_nisLDAPsearchTimeout seconds. 314 Decimal values are allowed. 315 316EOF 317 ;; 318 nisLDAPmodifyTimeout_help) cat <<EOF 319 320HELP - The amount of time in seconds after which an LDAP modify operation 321 will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds. 322 Decimal values are allowed. 323 324EOF 325 ;; 326 nisLDAPaddTimeout_help) cat <<EOF 327 328HELP - The amount of time in seconds after which an LDAP add operation 329 will timeout. Default is $DEF_nisLDAPaddTimeout seconds. 330 Decimal values are allowed. 331 332EOF 333 ;; 334 nisLDAPdeleteTimeout_help) cat <<EOF 335 336HELP - The amount of time in seconds after which an LDAP delete operation 337 will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds. 338 Decimal values are allowed. 339 340EOF 341 ;; 342 nisLDAPsearchTimeLimit_help) cat <<EOF 343 344HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which 345 suggests a time limit for the search operation on the LDAP 346 server. The server may impose its own constraints on possible 347 values. See your LDAP server documentation. The default is the 348 nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value. 349 Only integer values are allowed. 350 351 Since the nisLDAPsearchTimeout limits the amount of time the 352 client ypserv will wait for completion of a search operation, 353 setting the nisLDAPsearchTimeLimit larger than the 354 nisLDAPsearchTimeout is not recommended. 355 356EOF 357 ;; 358 nisLDAPsearchSizeLimit_help) cat <<EOF 359 360HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which 361 suggests a size limit, in bytes, for the search results on 362 the LDAP server. The server may impose its own constraints 363 on possible values. See your LDAP server documentation. The 364 default is $DEF_nisLDAPsearchSizeLimit, which means unlimited. 365 Only integer values are allowed. 366 367EOF 368 ;; 369 nisLDAPfollowReferral_help) cat <<EOF 370 371HELP - Determines if the ypserv should follow referrals or not. 372 Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral. 373 374EOF 375 ;; 376 nisLDAPretrieveErrorAction_help) cat <<EOF 377 378HELP - If an error occurs while trying to retrieve an entry from 379 LDAP, one of the following actions can be selected: 380 381 use_cached : Retry the retrieval the number of time specified 382 by nisLDAPretrieveErrorAttempts, with the 383 nisLDAPretrieveErrorTimeout value controlling 384 the wait between each attempt. 385 386 If all attempts fail then log a warning and 387 return the value currently in the cache to the 388 client. This is the default value. 389 390 fail : Proceed as for 'use_cached' but if all attempts 391 fail return a YPERR_YPERR error to the client. 392 393EOF 394 ;; 395 nisLDAPretrieveErrorAttempts_help) cat <<EOF 396 397HELP - The number of times a failed retrieval should be retried. 398 The default is unlimited. Note while retries are made, the 399 NIS daemon will be prevented from servicing further requests. 400 Hence, values other than 1 should be used with caution. 401 402EOF 403 ;; 404 nisLDAPretrieveErrorTimeout_help) cat <<EOF 405 406HELP - The timeout (in seconds) between each new attempt to retrieve 407 LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds. 408 409EOF 410 ;; 411 nisLDAPstoreErrorAction_help) cat <<EOF 412 413HELP - If an error occurs while trying to store data to the LDAP 414 repository, one of the following actions can be selected : 415 416 retry : Retry operation nisLDAPstoreErrorAttempts times with 417 nisLDAPstoreErrorTimeout seconds between each attempt. 418 Note while retries are made the NIS daemon will be 419 prevented from servicing further requests. Use with 420 caution. This is the default value. 421 422 fail : Return YPERR_YPERR error to the client. 423 424EOF 425 ;; 426 nisLDAPstoreErrorAttempts_help) cat <<EOF 427 428HELP - The number of times a failed attempt to store data to the 429 LDAP repository should be retried. The default is unlimited. 430 431 The value for nisLDAPstoreErrorAttempts is ignored unless 432 nisLDAPstoreErrorAction=retry. 433 434EOF 435 ;; 436 nisLDAPstoreErrorTimeout_help) cat <<EOF 437 438HELP - The timeout (in seconds) between each new attempt to store 439 LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds. 440 441 The value for nisLDAPstoreErrorTimeout is ignored unless 442 nisLDAPstoreErrorAction=retry. 443 444EOF 445 ;; 446 selectDomain4N2L_help) cat <<EOF 447 448HELP - Whether this domain needs to be served by YP to LDAP transition 449 solution. The default is no in which case the data in this 450 domain would not be taken care for transitioning to LDAP. 451 452EOF 453 ;; 454 generate_comment_info_for_cust_map_help) cat <<EOF 455 456HELP - If selected, this script will try to add relevant comments 457 in the mapping file which might help in customizing the 458 mapping information for custom maps. 459 460EOF 461 ;; 462 generate_mapping_info_for_cust_map_help) cat <<EOF 463 464HELP - If selected, this script will try to generate mapping 465 information for this map assuming it is a "simple" map. 466 467 A map is assumed to be "simple" if each entry of this map 468 has only one "key value" entry in YP, and if each map entry 469 can be represented as a single DIT string in the LDAP server. 470 471 If this map is not a simple map and you do want to store it 472 in LDAP, you have two options : 473 474 1 - Answer yes, and this script would generate the mapping 475 information for this map assuming it is a simple map. 476 And once the execution of the script is over, you can 477 customize the mapping information by hand editing the 478 mapping file. 479 480 2 - Answer no, and this script would not generate mapping 481 info for this map. And once the execution of the script 482 is over, you can include the customized mapping 483 information by hand editing the mapping file. 484 485EOF 486 ;; 487 nisLDAPdomainContext_help) cat <<EOF 488 489HELP - This parameter defines the context (default location) in 490 the directory tree at which all the name service entries 491 for this particular domain would be stored. 492 493EOF 494 ;; 495 nisLDAPyppasswddDomains_help) cat <<EOF 496 497HELP - Lists the domains for which password changes should be 498 made. If this is not present then the value returned by 499 'domainname' will be used. 500 501 NIS password change requests do not specify the domains in 502 which any given password should be changed. (In traditional 503 NIS this information is effectively hard coded in the NIS 504 makefile.) 505 506EOF 507 ;; 508 custom_map_comment_char_help) cat <<EOF 509 510HELP - If selected, it will allow you to specify a character which 511 would represent the start of the special 'comment' field in 512 a given NIS map. If this attribute is not present then the 513 default comment character '#' is used. 514 515 If a map cannot contain comments then the blank comment 516 character ('') should be specified (just hit the return key). 517 518EOF 519 ;; 520 same_comment_char_help) cat <<EOF 521 522HELP - If selected, for a given map, it will allow you to specify 523 a common comment character for all the domains. 524 525 Or else by selecting NO, for the same map, you would be 526 given the option to specify different comment character 527 for different domains. 528 529EOF 530 ;; 531 secure_flag_on_help) cat <<EOF 532 533HELP - Secure flag is set on maps which are generated with 534 "makedbm -s". When converting data from LDAP to YP, 535 it adds YP_SECURE entries. 536 537EOF 538 ;; 539 secure_flag_all_domains_help) cat <<EOF 540 541HELP - If selected, it will allow you to set the secure flag on 542 for this map for all the domains. 543 544 Or else by selecting NO, you would be given the option to 545 set this flag, for the same map, on per domain basis. 546 547EOF 548 ;; 549 interdomain_flag_on_help) cat <<EOF 550 551HELP - Interdomain flag is set on a set of maps which are generated 552 with "makedbm -b". It signals NIS servers to use the domain 553 name resolver for host name and address lookups for hosts 554 not found in the maps. 555 556 If selected, it adds YP_INTERDOMAIN entries in these maps 557 when converting data from LDAP to YP. 558 559EOF 560 ;; 561 interdomain_flag_all_domains_help) cat <<EOF 562 563HELP - If selected, it will allow you to set the interdomain flag 564 on for all the domains. 565 566 Or else by selecting NO, you would be given the option to 567 set this flag on per domain basis. 568 569EOF 570 ;; 571 initialTTLlo_help) cat <<EOF 572 573HELP - The lower limit for the initial TTL (in seconds) for data 574 read from disk when the ypserv starts. If initialTTLhi also 575 is specified, the actual initialTTL will be randomly selected 576 from the interval initialTTLlo to initialTTLhi (inclusive). 577 578 Leaving the field empty yields the default value of $DEF_iTTLlo. 579 580EOF 581 ;; 582 initialTTLhi_help) cat <<EOF 583 584HELP - The upper limit for the initial TTL (in seconds). 585 If left empty, defaults to "$DEF_iTTLhi". 586 587EOF 588 ;; 589 runningTTL_help) cat <<EOF 590 591HELP - The TTL (in seconds) for data retrieved from LDAP while the 592 ypserv is running. If left empty, defaults to "$DEF_runTTL". 593 594EOF 595 ;; 596 default_ttl_help) cat <<EOF 597 598HELP - The default TTL value for each map is set to : 599 ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL} 600 601 Select yes if you want to change the current TTL value. 602 603EOF 604 ;; 605 non_default_same_ttl_help) cat <<EOF 606 607HELP - Select yes if you want to set a new TTL value, but want 608 to keep it same for all the maps. 609 610EOF 611 ;; 612 non_default_different_ttl_help) cat <<EOF 613 614HELP - Select yes if you want to set TTL value for each map, but 615 want to keep it same for all the domains. 616 617EOF 618 ;; 619 default_different_ttl_help) cat <<EOF 620 621HELP - Select yes if you want to accept the default TTL 622 value for this map. 623 624EOF 625 ;; 626 same_ttl_across_domains_help) cat <<EOF 627 628HELP - Select yes if you want to set TTL value for the map, 629 but want to keep it same for all the domains. 630 631EOF 632 ;; 633 634 esac 635} 636 637# 638# Echo the message passed only if DEBUG is set. 639# Reduces the line width significantly. 640# 641d_echo() 642{ 643[ DEBUG -eq 1 ] && echo $@ 644} 645 646 647# 648# get_ans(): gets an answer from the user. 649# $1 instruction/comment/description/question 650# $2 default value 651# 652get_ans() 653{ 654 if [ -z "$2" ] 655 then 656 echo "$1 \c" 657 else 658 echo "$1 [$2] \c" 659 fi 660 661 read ANS 662 if [ -z "$ANS" ] 663 then 664 ANS=$2 665 fi 666} 667 668 669# 670# get_ans_req(): gets an answer (required) from the user, NULL value not allowed. 671# $@ instruction/comment/description/question 672# 673get_ans_req() 674{ 675 ANS="" # Set ANS to NULL. 676 while [ "$ANS" = "" ] 677 do 678 get_ans "$@" 679 [ "$ANS" = "" ] && echo "NULL value not allowed!" 680 done 681} 682 683 684# 685# get_integer(): Querys and verifies that number entered is integer. 686# Function will repeat prompt user for integer value. 687# $1 Message text. 688# $2 default value. 689# $3 Help argument. 690# 691get_integer() 692{ 693 ANS="" # Set ANS to NULL. 694 NUM="" 695 696 get_ans "$1" "$2" 697 698 # Verify that value is integer. 699 while not_integer $ANS 700 do 701 case "$ANS" in 702 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 703 * ) echo "Invalid value: \"${ANS}\". \c" 704 ;; 705 esac 706 707 # Get a new value. 708 get_ans "Enter an integer value:" "$2" 709 done 710 NUM=$ANS 711} 712 713 714# 715# get_number(): Querys and verifies that number entered is numeric. 716# Function will repeat prompt user for numeric value. 717# $1 Message text. 718# $2 default value. 719# $3 Help argument. 720# 721get_number() 722{ 723 ANS="" # Set ANS to NULL. 724 NUM="" 725 726 get_ans "$1" "$2" 727 728 # Verify that value is numeric. 729 while not_numeric $ANS 730 do 731 case "$ANS" in 732 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 733 * ) echo "Invalid value: \"${ANS}\". \c" 734 ;; 735 esac 736 737 # Get a new value. 738 get_ans "Enter a numeric value:" "$2" 739 done 740 NUM=$ANS 741} 742 743 744# 745# get_pos_int(): Only allows positive integer. 746# 747# $1 - Prompt message. 748# $2 - Default value (require). 749# $3 - Optional help argument. 750get_pos_int() 751{ 752 while : 753 do 754 get_integer "$1" "$2" "$3" 755 756 if [ $ANS -lt 0 ]; then 757 echo "Invalid number: please enter a positive integer." 758 else 759 break # Positive integer 760 fi 761 done 762} 763 764 765# 766# get_pos_num(): Only allows positive number. 767# 768# $1 - Prompt message. 769# $2 - Default value (require). 770# $3 - Optional help argument. 771get_pos_num() 772{ 773 while : 774 do 775 get_number "$1" "$2" "$3" 776 777 if [ $ANS -lt 0 ]; then 778 echo "Invalid number: please enter a positive number." 779 else 780 break # Positive number 781 fi 782 done 783} 784 785 786# 787# 788# get_passwd(): Reads a password from the user and verify with second. 789# $@ instruction/comment/description/question 790# 791get_passwd() 792{ 793 [ $DEBUG -eq 1 ] && echo "In get_passwd()" 794 795 # Temporary PASSWD variables 796 _PASS1="" 797 _PASS2="" 798 799 # Handle signals, so that echo can be turned back on if Ctrl-C. 800 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 801 802 /usr/bin/stty -echo # Turn echo OFF 803 804 # Endless loop that continues until passwd and re-entered passwd 805 # match. 806 while : 807 do 808 ANS="" # Set ANS to NULL. 809 810 # Don't allow NULL for first try. 811 while [ "$ANS" = "" ] 812 do 813 get_ans "$@" 814 [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!" 815 done 816 _PASS1=$ANS # Store first try. 817 818 # Get second try. 819 echo "" 820 get_ans "Re-enter passwd:" 821 _PASS2=$ANS 822 823 # Test if passwords are identical. 824 if [ "$_PASS1" = "$_PASS2" ]; then 825 break 826 fi 827 828 # Move cursor down to next line and print ERROR message. 829 echo "" 830 echo "ERROR: passwords don't match; try again." 831 done 832 833 /usr/bin/stty echo # Turn echo ON 834 835 # Removed signal handler 836 trap 1 2 3 6 15 837 838 echo "" 839} 840 841 842# 843# get_passwd_nochk(): Reads a password from the user w/o check. 844# $@ instruction/comment/description/question 845# 846get_passwd_nochk() 847{ 848 [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()" 849 850 # Handle signals, so that echo can be turned back on if Ctrl-C. 851 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 852 853 /usr/bin/stty -echo # Turn echo OFF 854 855 get_ans "$@" 856 857 /usr/bin/stty echo # Turn echo ON 858 859 # Removed signal handler 860 trap 1 2 3 6 15 861 862 echo "" 863} 864 865 866# 867# get_confirm(): Get confirmation from the user. (Y/Yes or N/No) 868# $1 - Message 869# $2 - default value. 870# 871get_confirm() 872{ 873 _ANSWER= 874 875 while : 876 do 877 # Display Internal ERROR if $2 not set. 878 if [ -z "$2" ]; then 879 echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional." 880 exit 2 881 fi 882 883 # Display prompt. 884 echo "$1 [$2] \c" 885 886 # Get the ANSWER. 887 read _ANSWER 888 if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then 889 _ANSWER=$2 890 fi 891 case "$_ANSWER" in 892 [Yy] | yes | Yes | YES) return 1 ;; 893 [Nn] | no | No | NO) return 0 ;; 894 [Hh] | help | Help | \?) display_msg ${3:-sorry};; 895 * ) echo "Please enter y or n." ;; 896 esac 897 done 898} 899 900 901# 902# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No) 903# No default value supported. Returns 1 for yes. 904# 905get_confirm_nodef() 906{ 907 _ANSWER= 908 909 while : 910 do 911 echo "$@ \c" 912 read _ANSWER 913 case "$_ANSWER" in 914 [Yy] | yes | Yes | YES) return 1 ;; 915 [Nn] | no | No | NO) return 0 ;; 916 * ) echo "Please enter y or n." ;; 917 esac 918 done 919} 920 921 922# 923# is_integer(): Tells if a string is numeric integer. 924# 0 = Integer 925# 1 = NOT Integer 926# 927is_integer() 928{ 929 # Check for parameter. 930 if [ $# -ne 1 ]; then 931 return 1 932 fi 933 934 # Determine if integer. 935 expr "$1" + 1 > /dev/null 2>&1 936 937 if [ $? -ge 2 ]; then 938 return 1 939 fi 940 941 # Made it here, it's Numeric. 942 return 0 943} 944 945 946# 947# not_integer(): Reverses the return values of is_integer. Useful 948# for if and while statements that want to test for 949# non-integer data. 950# 0 = NOT Integer 951# 1 = Integer 952# 953not_integer() 954{ 955 is_integer $1 956 if [ $? -eq 0 ]; then 957 return 1 958 else 959 return 0 960 fi 961} 962 963 964# 965# is_numeric(): Tells if a string is numeric. 966# 0 = Numeric 967# 1 = NOT Numeric 968# 969is_numeric() 970{ 971 # Check for parameter. 972 if [ $# -ne 1 ]; then 973 return 1 974 fi 975 976 # Determine if numeric. 977 let _NUM="$1 + 1" > /dev/null 2>&1 978 979 if [ $? -eq 0 ]; then 980 return 0 981 fi 982 983} 984 985 986# 987# not_numeric(): Reverses the return values of is_numeric. Useful 988# for if and while statements that want to test for 989# non-numeric data. 990# 0 = NOT Numeric 991# 1 = Numeric 992# 993not_numeric() 994{ 995 is_numeric $1 996 if [ $? -eq 0 ]; then 997 return 1 998 else 999 return 0 1000 fi 1001} 1002 1003 1004# 1005# domain_2_dc(): Convert a domain name into dc string. 1006# $1 .. Domain name. 1007# 1008domain_2_dc() 1009{ 1010 _DOM=$1 # Domain parameter. 1011 _DOM_2_DC="" # Return value from function. 1012 _FIRST=1 # Flag for first time. 1013 1014 export _DOM_2_DC # Make visible for others. 1015 1016 # Convert "."'s to spaces for "for" loop. 1017 domtmp="`echo ${_DOM} | tr '.' ' '`" 1018 for i in $domtmp; do 1019 if [ $_FIRST -eq 1 ]; then 1020 _DOM_2_DC="dc=${i}" 1021 _FIRST=0 1022 else 1023 _DOM_2_DC="${_DOM_2_DC},dc=${i}" 1024 fi 1025 done 1026} 1027 1028 1029# 1030# is_root_user(): Check to see if logged in as super user. 1031# 1032is_root_user() 1033{ 1034 case `id` in 1035 uid=0\(root\)*) return 0 ;; 1036 * ) return 1 ;; 1037 esac 1038} 1039 1040 1041# 1042# parse_arg(): Parses the command line arguments and sets the 1043# appropriate variables. 1044# 1045parse_arg() 1046{ 1047 while getopts ":dm:c:" ARG 1048 do 1049 case $ARG in 1050 d) DEBUG=1;; 1051 1052 m) MAP_FILE=$OPTARG 1053 MAPPING_FILE_SPECIFIED=1;; 1054 1055 c) CONFIG_FILE=$OPTARG 1056 CONFIG_FILE_SPECIFIED=1;; 1057 1058 \?) echo "**ERROR: Invalid option '$OPTARG'" 1059 display_msg usage 1060 exit 1;; 1061 esac 1062 done 1063 1064 shift `expr $OPTIND - 1` 1065 if [ $# -gt 0 ]; then 1066 echo "**ERROR: wrong usage " 1067 display_msg usage 1068 exit 1 1069 fi 1070} 1071 1072 1073# 1074# present() : Checks if the first argument exists in the 1075# argument list. Returns 0 if found, else 1. 1076# 1077present () 1078{ 1079_ELEMENT=$1 1080 1081shift 1082ARG_LIST=$@ 1083 1084for item in $ARG_LIST 1085do 1086 [ "$_ELEMENT" = "$item" ] && return 0 1087done 1088 1089# If reached here, then the clement does not exist 1090return 1 1091} 1092 1093 1094# 1095# remove() : Returns a new string after removing the first 1096# argument in the argument list. 1097# 1098remove () 1099{ 1100_ELEMENT=$1 1101 1102shift 1103ARG_LIST=$@ 1104 1105NEW_LIST="" 1106 1107for item in $ARG_LIST 1108do 1109 [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item" 1110done 1111 1112echo $NEW_LIST 1113return 0 1114} 1115 1116 1117# 1118# merge_lists() : Returns a list after merging elements 1119# (uniquely) supplied in the argument list. 1120# 1121merge_lists() 1122{ 1123MERGED_LIST="" 1124 1125for _VAR in "$@" 1126do 1127 if ! present $_VAR $MERGED_LIST; then 1128 MERGED_LIST="$MERGED_LIST $_VAR" 1129 fi 1130done 1131 1132echo $MERGED_LIST 1133return 0 1134} 1135 1136 1137# 1138# init(): initializes variables and options 1139# 1140init() 1141{ 1142# General variables. 1143DEBUG=0 # Set Debug OFF 1144 1145MAPPING_FILE_SPECIFIED=0 # No file name passed 1146CONFIG_FILE_SPECIFIED=0 # No file name passed 1147 1148# Prevent others from snooping 1149umask 077 1150 1151# Set default config and mapping files. 1152DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping" 1153DEFAULT_CONFIG_FILE="/etc/default/ypserv" 1154 1155MAP_FILE="$DEFAULT_MAP_FILE" 1156CONFIG_FILE="$DEFAULT_CONFIG_FILE" 1157 1158# Set and create TMPDIR. Use a safe place to discourage hackers. 1159TMPDIR="/var/yp/inityp2l" 1160 1161# Temporary file names to be used to prevent system starting in 1162# N2L mode in case something goes wrong during file creation. 1163TMPCONF="ypserv-tmp" 1164TMPMAP="NISLDAPmapping-tmp" 1165 1166# Remove if the temp directory has been leftover 1167[ -d "$TMPDIR" ] && rm -rf $TMPDIR 1168mkdir $TMPDIR 1169if [ $? -ne 0 ]; then 1170 echo ERROR : Failed to create temp directory $TMPDIR 1171 exit 1 1172fi 1173 1174# Initialize the default NIS maps. 1175DEFAULT_NIS_MAPS="passwd.byname 1176 passwd.byuid 1177 group.byname 1178 group.bygid 1179 hosts.byaddr 1180 hosts.byname 1181 ipnodes.byaddr 1182 ipnodes.byname 1183 ethers.byaddr 1184 ethers.byname 1185 networks.byaddr 1186 networks.byname 1187 rpc.bynumber 1188 services.byname 1189 services.byservicename 1190 printers.conf.byname 1191 project.byname 1192 project.byprojid 1193 protocols.byname 1194 protocols.bynumber 1195 netgroup 1196 netgroup.byuser 1197 netgroup.byhost 1198 bootparams 1199 mail.aliases 1200 mail.byaddr 1201 publickey.byname 1202 netid.byname 1203 netmasks.byaddr 1204 passwd.adjunct.byname 1205 group.adjunct.byname 1206 timezone.byname 1207 auth_attr 1208 exec_attr 1209 prof_attr 1210 user_attr 1211 audit_user 1212 auto.master 1213 auto.home 1214 ypservers" 1215 1216set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS 1217 1218# The default TTL maps in database ID format. 1219DEF_TTL_MAPLIST="audit_user 1220 auto.home 1221 auto.master 1222 auth_attr 1223 bootparams 1224 ethers 1225 exec_attr 1226 group 1227 group.adjunct.byname 1228 keys.host 1229 keys.pass 1230 keys.nobody 1231 hosts 1232 multihosts 1233 ipnodes 1234 multiipnodes 1235 netgroup 1236 networks 1237 passwd 1238 passwd.adjunct.byname 1239 printers.conf.byname 1240 prof_attr 1241 project 1242 protocols 1243 services 1244 mail.aliases 1245 mail.mapping 1246 netid.host 1247 netid.pass 1248 netmasks.byaddr 1249 rpc.bynumber 1250 ageing.byname 1251 timezone.byname 1252 user_attr 1253 ypservers" 1254 1255 1256# Initialize default values for config parameters. 1257 1258configDN_flag=0 1259DEF_nisLDAPconfigDN="" 1260DEF_TLS=none 1261DEF_TLSCertificateDBPath=/var/yp/cert7.db 1262DEF_nisLDAPbindTimeout=15 1263DEF_nisLDAPsearchTimeout=180 1264DEF_nisLDAPmodifyTimeout=15 1265DEF_nisLDAPaddTimeout=15 1266DEF_nisLDAPdeleteTimeout=15 1267DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout} 1268DEF_nisLDAPsearchSizeLimit=0 1269DEF_nisLDAPfollowReferral=no 1270DEF_nisLDAPretrieveErrorAction=use_cached 1271 1272# The default is unlimited, but since it prevents the NIS daemon, 1273# from servicing further requests, set 1 as the suggested value. 1274SUG_nisLDAPretrieveErrorAttempts=1 1275DEF_nisLDAPretrieveErrorTimeout=15 1276DEF_nisLDAPstoreErrorAction=retry 1277 1278# The default is unlimited, but set 1 as the suggested value. 1279SUG_nisLDAPstoreErrorAttempts=1 1280DEF_nisLDAPstoreErrorTimeout=15 1281 1282# Default TTL values (in seconds) for NIS MAPS for mapping file. 1283DEF_iTTLlo=1800 1284DEF_iTTLhi=5400 1285DEF_runTTL=3600 1286 1287} 1288 1289 1290# 1291# config_auth_menu_handler(): Enter the authentication method 1292# for config server. 1293# 1294config_auth_menu_handler() 1295{ 1296 # Display Auth menu 1297 display_msg config_auth_method_menu 1298 1299 # Get a Valid choice. 1300 while : 1301 do 1302 # Display appropriate prompt and get answer. 1303 get_ans_req " Choose one Authentication Method (h=help):" 1304 1305 # Determine choice. 1306 _MENU_CHOICE=$ANS 1307 case "$_MENU_CHOICE" in 1308 1) _AUTHMETHOD="none" 1309 break ;; 1310 2) _AUTHMETHOD="simple" 1311 break ;; 1312 3) _AUTHMETHOD="sasl/cram-md5" 1313 break ;; 1314 4) _AUTHMETHOD="sasl/digest-md5" 1315 break ;; 1316 h) display_msg auth_help ;; 1317 *) echo "Please enter 1-4, or h=help." ;; 1318 esac 1319 done 1320} 1321 1322 1323# 1324# auth_menu_handler(): Enter the Authentication method for LDAP server. 1325# 1326auth_menu_handler() 1327{ 1328 # Display Auth menu 1329 display_msg auth_method_menu 1330 1331 # Get a Valid choice. 1332 while : 1333 do 1334 # Display appropriate prompt and get answer. 1335 get_ans_req " Choose one Authentication Method (h=help):" 1336 1337 # Determine choice. 1338 _MENU_CHOICE=$ANS 1339 case "$_MENU_CHOICE" in 1340 1) _AUTHMETHOD="simple" 1341 break ;; 1342 2) _AUTHMETHOD="sasl/cram-md5" 1343 break ;; 1344 3) _AUTHMETHOD="sasl/digest-md5" 1345 break ;; 1346 h) display_msg auth_help ;; 1347 *) echo "Please enter 1-3, or h=help." ;; 1348 esac 1349 done 1350} 1351 1352 1353# 1354# tls_menu_handler(): Enter the transport layer security 1355# 1356tls_menu_handler() 1357{ 1358 # Display TLS menu 1359 display_msg tls_method_menu 1360 1361 # Get a Valid choice. 1362 while : 1363 do 1364 # Display appropriate prompt and get answer. 1365 # Default value is "none". 1366 1367 get_ans " Choose one Transport Layer Security Method (h=help):" "1" 1368 1369 # Determine choice. 1370 _MENU_CHOICE=$ANS 1371 case "$_MENU_CHOICE" in 1372 1) _TLSMETHOD="none" 1373 break ;; 1374 2) _TLSMETHOD="ssl" 1375 break ;; 1376 h) display_msg tls_help ;; 1377 *) echo "Please enter 1, 2, or h=help." ;; 1378 esac 1379 done 1380} 1381 1382 1383# 1384# retrieve_error_action_menu_handler(): Enter the retrieve error action 1385# 1386retrieve_error_action_menu_handler() 1387{ 1388 # Display retrieve error action menu 1389 display_msg retrieve_error_action_menu 1390 1391 # Get a Valid choice. 1392 while : 1393 do 1394 # Display appropriate prompt and get answer. use_cached is default 1395 get_ans " Choose one retrieval error action (h=help):" "1" 1396 1397 # Determine choice. 1398 _MENU_CHOICE=$ANS 1399 case "$_MENU_CHOICE" in 1400 1) _RET_ERR_ACT="use_cached" 1401 break ;; 1402 2) _RET_ERR_ACT="fail" 1403 break ;; 1404 h) display_msg nisLDAPretrieveErrorAction_help ;; 1405 *) echo "Please enter 1, 2, or h=help." ;; 1406 esac 1407 done 1408} 1409 1410 1411# 1412# store_error_action_menu_handler(): Enter the store error action 1413# 1414store_error_action_menu_handler() 1415{ 1416 # Display store error action menu 1417 display_msg store_error_action_menu 1418 1419 # Get a Valid choice. 1420 while : 1421 do 1422 # Display appropriate prompt and get answer. retry is default 1423 get_ans " Choose one store error action (h=help):" "1" 1424 1425 # Determine choice. 1426 _MENU_CHOICE=$ANS 1427 case "$_MENU_CHOICE" in 1428 1) _STOR_ERR_ACT="retry" 1429 break ;; 1430 2) _STOR_ERR_ACT="fail" 1431 break ;; 1432 h) display_msg nisLDAPstoreErrorAction_help ;; 1433 *) echo "Please enter 1, 2, or h=help." ;; 1434 esac 1435 done 1436} 1437 1438 1439# 1440# cleanup(): Remove the TMPDIR and all files in it. 1441# 1442cleanup() 1443{ 1444[ $DEBUG -eq 1 ] && echo "In cleanup()" 1445 1446# Leave the temp directory if debug is set 1447[ $DEBUG -eq 0 ] && rm -rf $TMPDIR 1448} 1449 1450 1451# Save existing config file if elected 1452check_back_config_file() 1453{ 1454if [ -f $CONFIG_FILE ]; then 1455 display_msg backup_config_file 1456 1457 get_confirm "Do you wish to continue (y/n/h)?" \ 1458 "n" "backup_config_file_cont_help" 1459 1460 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1461 cleanup ; exit 1 1462 fi 1463 1464 get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \ 1465 "y" "backup_config_file_help" 1466 1467 if [ $? -eq 1 ]; then # Save the old config file with timestamp 1468 1469 # SCCS converts '% H %' (without spaces) in current date during putback. 1470 # So use some other combination. 1471 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1472 1473 cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX} 1474 echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}" 1475 fi 1476fi 1477} 1478 1479 1480# Save existing mapping file if elected 1481check_back_mapping_file() 1482{ 1483if [ -f $MAP_FILE ]; then 1484 display_msg backup_mapping_file 1485 1486 get_confirm "Do you wish to continue (y/n/h)?" \ 1487 "n" "backup_mapping_file_cont_help" 1488 1489 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1490 cleanup ; exit 1 1491 fi 1492 1493 get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \ 1494 "y" "backup_mapping_file_help" 1495 1496 if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp 1497 1498 # SCCS converts '% H %' (without spaces) in current date during putback. 1499 # So use some other combination. 1500 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1501 1502 cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX} 1503 echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}" 1504 fi 1505 1506else 1507 if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then 1508 display_msg warn_n2l_mode 1509 1510 get_confirm "Do you wish to continue (y/n/h)?" \ 1511 "n" "warn_n2l_mode_help" 1512 1513 if [ $? -eq 0 ]; then 1514 cleanup ; exit 1 1515 fi 1516 fi 1517fi 1518} 1519 1520 1521put_config_file_copyright_info() 1522{ 1523 1524# Start with an emptty file, so don't append, but overwrite here. 1525# Just change the name, but keep the same date and version number 1526# as in the ident string of this script. 1527 1528grep "ident \"@(#)$PROG" $ABS_PROG | \ 1529 sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE 1530 1531echo "\ 1532# 1533# Copyright 2003 Sun Microsystems, Inc. All rights reserved. 1534# Use is subject to license terms. 1535#\ 1536" >> $MAP_FILE 1537} 1538 1539 1540get_nisLDAPconfigDN() 1541{ 1542while : 1543do 1544 1545get_ans "DN for configuration information (h=help):" 1546 1547# If help continue, otherwise break. 1548case "$ANS" in 1549 [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;; 1550 * ) break ;; 1551esac 1552done 1553 1554nisLDAPconfigDN="${ANS}" 1555 1556# Store in config file only if a non-default value is specified. 1557if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then 1558 echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE 1559fi 1560 1561# Ask remaining config server related questions only if this 1562# DN is set. So, if a value is specified, set a flag. 1563 1564[ "$ANS" != "" ] && configDN_flag=1 1565} 1566 1567 1568get_nisLDAPconfigPreferredServerList() 1569{ 1570while : 1571do 1572 1573get_ans_req "Preferred server list for configuration information (h=help):" 1574 1575# If help continue, otherwise break. 1576case "$ANS" in 1577 [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;; 1578 * ) break ;; 1579esac 1580done 1581 1582nisLDAPconfigPreferredServerList=${ANS} 1583echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE 1584} 1585 1586 1587get_nisLDAPconfigAuthenticationMethod() 1588{ 1589_AUTHMETHOD="" 1590 1591echo "Select the Authentication Method for configuration server :" 1592config_auth_menu_handler 1593 1594nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD} 1595echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1596} 1597 1598 1599get_nisLDAPconfigTLS() 1600{ 1601_TLSMETHOD="" 1602 1603echo "Select the Transport Layer Security (TLS) for configuration server :" 1604tls_menu_handler 1605 1606nisLDAPconfigTLS=${_TLSMETHOD} 1607 1608# Store in config file only if a non-default value is specified. 1609if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1610 echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1611fi 1612} 1613 1614 1615get_nisLDAPconfigTLSCertificateDBPath() 1616{ 1617while : 1618do 1619 1620get_ans "TLS Certificate DB for configuration server (h=help):"\ 1621 "${DEF_TLSCertificateDBPath}" 1622 1623# If help continue, otherwise break. 1624case "$ANS" in 1625 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1626 * ) break ;; 1627esac 1628done 1629 1630nisLDAPconfigTLSCertificateDBPath=${ANS} 1631 1632# Store in config file only if a non-default value is specified. 1633if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1634 echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1635fi 1636} 1637 1638 1639get_nisLDAPconfigProxyUser() 1640{ 1641while : 1642do 1643 1644get_ans_req "Proxy user bind DN to obtain configuration information (h=help):" 1645# If help continue, otherwise break. 1646case "$ANS" in 1647 [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;; 1648 * ) break ;; 1649esac 1650done 1651 1652nisLDAPconfigProxyUser=${ANS} 1653echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE 1654} 1655 1656 1657get_nisLDAPconfigProxyPassword() 1658{ 1659get_passwd "Proxy user password to obtain configuration information :" 1660nisLDAPconfigProxyPassword=${ANS} 1661 1662echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE 1663 1664display_msg ProxyPassword_warn 1665} 1666 1667 1668get_preferredServerList() 1669{ 1670while : 1671do 1672 1673get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):" 1674 1675# If help continue, otherwise break. 1676case "$ANS" in 1677 [Hh] | help | Help | \?) display_msg preferredServerList_help ;; 1678 * ) break ;; 1679esac 1680done 1681 1682preferredServerList=${ANS} 1683echo "preferredServerList=${ANS}" >> $CONFIG_FILE 1684} 1685 1686 1687get_authenticationMethod() 1688{ 1689_AUTHMETHOD="" 1690 1691echo "Select the Authentication Method for mapping data to/from LDAP :" 1692auth_menu_handler 1693 1694authenticationMethod=${_AUTHMETHOD} 1695echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1696} 1697 1698 1699get_nisLDAPTLS() 1700{ 1701_TLSMETHOD="" 1702 1703echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :" 1704tls_menu_handler 1705 1706nisLDAPTLS=${_TLSMETHOD} 1707 1708# Store in config file only if a non-default value is specified. 1709if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1710 echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1711fi 1712} 1713 1714 1715get_nisLDAPTLSCertificateDBPath() 1716{ 1717while : 1718do 1719 1720get_ans "TLS Certificate DB for LDAP data server (h=help):"\ 1721 "${DEF_nisLDAPTLSCertificateDBPath}" 1722 1723# If help continue, otherwise break. 1724case "$ANS" in 1725 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1726 * ) break ;; 1727esac 1728done 1729 1730nisLDAPTLSCertificateDBPath=${ANS} 1731 1732# Store in config file only if a non-default value is specified. 1733if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1734 echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1735fi 1736} 1737 1738 1739get_nisLDAPproxyUser() 1740{ 1741while : 1742do 1743 1744get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):" 1745 1746# If help continue, otherwise break. 1747case "$ANS" in 1748 [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;; 1749 * ) break ;; 1750esac 1751done 1752 1753nisLDAPproxyUser=${ANS} 1754echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE 1755} 1756 1757 1758get_nisLDAPproxyPassword() 1759{ 1760get_passwd "Proxy user password to read/write data from/to LDAP :" 1761nisLDAPproxyPassword=${ANS} 1762 1763echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE 1764 1765display_msg ProxyPassword_warn 1766} 1767 1768 1769get_nisLDAPbindTimeout() 1770{ 1771get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \ 1772 "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help" 1773 1774nisLDAPbindTimeout=${NUM} 1775 1776# Store in config file only if a non-default value is specified. 1777if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then 1778 echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE 1779fi 1780} 1781 1782 1783get_nisLDAPsearchTimeout() 1784{ 1785get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \ 1786 "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help" 1787 1788nisLDAPsearchTimeout=${NUM} 1789 1790# Store in config file only if a non-default value is specified. 1791if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then 1792 echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE 1793fi 1794} 1795 1796 1797get_nisLDAPmodifyTimeout() 1798{ 1799get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \ 1800 "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help" 1801 1802nisLDAPmodifyTimeout=${NUM} 1803 1804# Store in config file only if a non-default value is specified. 1805if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then 1806 echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE 1807fi 1808} 1809 1810 1811get_nisLDAPaddTimeout() 1812{ 1813get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \ 1814 "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help" 1815 1816nisLDAPaddTimeout=${NUM} 1817 1818# Store in config file only if a non-default value is specified. 1819if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then 1820 echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE 1821fi 1822} 1823 1824 1825get_nisLDAPdeleteTimeout() 1826{ 1827get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \ 1828 "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help" 1829 1830nisLDAPdeleteTimeout=${NUM} 1831 1832# Store in config file only if a non-default value is specified. 1833if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then 1834 echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE 1835fi 1836} 1837 1838 1839get_nisLDAPsearchTimeLimit() 1840{ 1841get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \ 1842 "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help" 1843 1844nisLDAPsearchTimeLimit=${NUM} 1845 1846# Store in config file only if a non-default value is specified. 1847if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then 1848 echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE 1849fi 1850} 1851 1852 1853get_nisLDAPsearchSizeLimit() 1854{ 1855get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \ 1856 "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help" 1857 1858nisLDAPsearchSizeLimit=${NUM} 1859 1860# Store in config file only if a non-default value is specified. 1861if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then 1862 echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE 1863fi 1864} 1865 1866 1867get_nisLDAPfollowReferral() 1868{ 1869get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \ 1870 "n" "nisLDAPfollowReferral_help" 1871 1872if [ $? -eq 1 ]; then 1873 _ANS="yes" 1874else 1875 _ANS="no" 1876fi 1877 1878# Store in config file only if a non-default value is specified. 1879if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then 1880 echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE 1881fi 1882} 1883 1884 1885get_nisLDAPretrieveErrorAction() 1886{ 1887_RET_ERR_ACT="" 1888 1889echo "Select the action to be taken in case of LDAP retrieval error :" 1890retrieve_error_action_menu_handler 1891 1892nisLDAPretrieveErrorAction=${_RET_ERR_ACT} 1893 1894# Store in config file only if a non-default value is specified. 1895if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then 1896 echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE 1897fi 1898} 1899 1900 1901get_nisLDAPretrieveErrorAttempts() 1902{ 1903 1904get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \ 1905 "$SUG_nisLDAPretrieveErrorAttempts" \ 1906 "nisLDAPretrieveErrorAttempts_help" 1907 1908nisLDAPretrieveErrorAttempts=${NUM} 1909 1910echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE 1911} 1912 1913 1914get_nisLDAPretrieveErrorTimeout() 1915{ 1916# if nisLDAPretrieveErrorAttempts=0, then no point in asking 1917# for timeout vales as it is ignored anyway. 1918 1919[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0 1920 1921get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\ 1922 "${DEF_nisLDAPretrieveErrorTimeout}" \ 1923 "nisLDAPretrieveErrorTimeout_help" 1924 1925nisLDAPretrieveErrorTimeout=${NUM} 1926 1927# Store in config file only if a non-default value is specified. 1928if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then 1929 echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE 1930fi 1931} 1932 1933 1934get_nisLDAPstoreErrorAction() 1935{ 1936_STOR_ERR_ACT="" 1937 1938echo "Select the action to be taken in case of LDAP store error :" 1939store_error_action_menu_handler 1940 1941nisLDAPstoreErrorAction=${_STOR_ERR_ACT} 1942 1943# Store in config file only if a non-default value is specified. 1944if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then 1945 echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE 1946fi 1947} 1948 1949 1950get_nisLDAPstoreErrorAttempts() 1951{ 1952 1953# if nisLDAPstoreErrorAction="fail", then no point in asking 1954# for no. of attempts or timeout vales as they are ignored. 1955 1956[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1957 1958get_pos_int "Number of attempts in case of LDAP store error (h=help):" \ 1959 "$SUG_nisLDAPstoreErrorAttempts" \ 1960 "nisLDAPstoreErrorAttempts_help" 1961 1962nisLDAPstoreErrorAttempts=${NUM} 1963 1964echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE 1965} 1966 1967 1968get_nisLDAPstoreErrorTimeout() 1969{ 1970 1971# if nisLDAPstoreErrorAction="fail", then no point in asking 1972# for no. of attempts or timeout vales as they are ignored. 1973 1974[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1975 1976# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question. 1977 1978[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0 1979 1980get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\ 1981 "${DEF_nisLDAPstoreErrorTimeout}" \ 1982 "nisLDAPstoreErrorTimeout_help" 1983 1984nisLDAPstoreErrorTimeout=${NUM} 1985 1986# Store in config file only if a non-default value is specified. 1987if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then 1988 echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE 1989fi 1990} 1991 1992 1993 1994create_config_file() 1995{ 1996 1997# To prevent from leaving a partial config file in case some error or 1998# signal takes place, store the output being generated in a temporary 1999# file first, and move it at the final destination only at the end if 2000# everything goes fine. 2001 2002_CONFIG_FILE=$CONFIG_FILE 2003CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$ 2004 2005echo "Generating config file temporarily as \"${CONFIG_FILE}\"" 2006 2007# Truncate the file before we append anything. 2008# Place copyright information 2009put_config_file_copyright_info 2010 2011# Filter out all the YP domains in /var/yp 2012# The list of domains is stored in list "VARYP_DMN_LIST" 2013 2014echo "\ 2015# 2016# Configuration file for ypserv(1M); see ypserv(4) for more information, 2017# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping. 2018 2019# Unless otherwise noted, commented lines show default values. 2020" >> $CONFIG_FILE 2021 2022echo "\ 2023# Where to look for configuration information in LDAP. Leave empty or 2024# undefined to use this file, in which case the values of the other 2025# 'nisLdapConfig*' attributes are ignored. 2026# 2027#nisLDAPconfigDN=\ 2028" >> $CONFIG_FILE 2029 2030get_nisLDAPconfigDN 2031 2032echo " 2033 2034# Server(s) for configuration information. There is no default; 2035# use the value on the line below for an LDAP server running on 2036# this machine, at port 389. 2037#nisLDAPconfigPreferredServerList=127.0.0.1:389\ 2038" >> $CONFIG_FILE 2039 2040[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList 2041 2042echo " 2043 2044# Authentication method(s) to obtain configuration information. 2045#\ 2046" >> $CONFIG_FILE 2047 2048[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod 2049 2050echo " 2051 2052# Transport layer security for configuration information 2053# 2054#nisLDAPconfigTLS=${DEF_TLS}\ 2055" >> $CONFIG_FILE 2056 2057[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS 2058 2059echo " 2060 2061# Certificate DB for transport layer security 2062# 2063#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2064" >> $CONFIG_FILE 2065 2066# ask for Certificate DB only if SSL is set 2067if [ "${nisLDAPconfigTLS}" = "ssl" ]; then 2068 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath 2069fi 2070 2071echo " 2072 2073# Proxy user(s) to obtain configuration information. The line below 2074# is an example of the format. 2075# 2076#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\ 2077" >> $CONFIG_FILE 2078 2079# Ask proxy user bind DN only if needed. 2080if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2081 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser 2082fi 2083 2084echo " 2085 2086# Password for proxy user. Must be supplied if the authentication method 2087# requires a password. If a password appears in this file, it should be 2088# protected appropriately against access by unauthorized users. 2089# 2090#nisLDAPconfigProxyPassword=\ 2091" >> $CONFIG_FILE 2092 2093if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2094 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword 2095fi 2096 2097echo " 2098 2099# Server list for mapping data to/from LDAP. There is no default; 2100# use the value on the line below for an LDAP server running on 2101# this machine, at port 389. 2102#preferredServerList=127.0.0.1:389\ 2103" >> $CONFIG_FILE 2104 2105get_preferredServerList 2106 2107echo " 2108 2109# Authentication method for mapping data to/from LDAP 2110#\ 2111" >> $CONFIG_FILE 2112 2113get_authenticationMethod 2114 2115echo " 2116 2117# Transport layer security for mapping data to/from LDAP. 2118# 2119#nisLDAPTLS=${DEF_TLS}\ 2120" >> $CONFIG_FILE 2121 2122get_nisLDAPTLS 2123 2124echo " 2125 2126# Certificate DB for transport layer security 2127# 2128#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2129" >> $CONFIG_FILE 2130 2131# ask for Certificate DB only if SSL is set 2132if [ "${nisLDAPTLS}" = "ssl" ]; then 2133 get_nisLDAPTLSCertificateDBPath 2134fi 2135 2136echo " 2137 2138# Proxy user for ypserv. Assumed to have appropriate permission to read 2139# and/or create or modify LDAP data. The line below is an example of the 2140# format. 2141# 2142#nisLDAPproxyUser=cn=nisAdmin,ou=People,\ 2143" >> $CONFIG_FILE 2144 2145# Ask proxy user bind DN only if needed. 2146if [ "${authenticationMethod}" != "none" ]; then 2147 get_nisLDAPproxyUser 2148fi 2149 2150echo " 2151 2152# Password for proxy user. Must be supplied if the authentication method 2153# requires a password. If a password appears in this file, it should be 2154# protected appropriately against unauthorized access. 2155# 2156#nisLDAPproxyPassword=\ 2157" >> $CONFIG_FILE 2158 2159if [ "${authenticationMethod}" != "none" ]; then 2160 get_nisLDAPproxyPassword 2161fi 2162 2163echo " 2164 2165# Timeouts and time/size limits for LDAP operations. 2166# 2167#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\ 2168" >> $CONFIG_FILE 2169 2170get_nisLDAPbindTimeout 2171 2172echo " 2173#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\ 2174" >> $CONFIG_FILE 2175 2176get_nisLDAPsearchTimeout 2177 2178echo " 2179#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\ 2180" >> $CONFIG_FILE 2181 2182get_nisLDAPmodifyTimeout 2183 2184echo " 2185#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\ 2186" >> $CONFIG_FILE 2187 2188get_nisLDAPaddTimeout 2189 2190echo " 2191#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\ 2192" >> $CONFIG_FILE 2193 2194get_nisLDAPdeleteTimeout 2195 2196echo " 2197#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\ 2198" >> $CONFIG_FILE 2199 2200get_nisLDAPsearchTimeLimit 2201 2202echo " 2203#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\ 2204" >> $CONFIG_FILE 2205 2206get_nisLDAPsearchSizeLimit 2207 2208echo " 2209 2210# Should the ypserv follow LDAP referrals ? 2211# 2212#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\ 2213" >> $CONFIG_FILE 2214 2215get_nisLDAPfollowReferral 2216 2217echo " 2218 2219# Action, number of attempts, and timeout following an LDAP retrieval error 2220# 2221#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\ 2222" >> $CONFIG_FILE 2223 2224get_nisLDAPretrieveErrorAction 2225 2226echo " 2227#nisLDAPretrieveErrorAttempts=\ 2228" >> $CONFIG_FILE 2229 2230get_nisLDAPretrieveErrorAttempts 2231 2232echo " 2233#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\ 2234" >> $CONFIG_FILE 2235 2236get_nisLDAPretrieveErrorTimeout 2237 2238echo " 2239 2240# Action, number of attempts, and timeout following an LDAP store error 2241# 2242#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\ 2243" >> $CONFIG_FILE 2244 2245get_nisLDAPstoreErrorAction 2246 2247echo " 2248#nisLDAPstoreErrorAttempts=\ 2249" >> $CONFIG_FILE 2250 2251get_nisLDAPstoreErrorAttempts 2252 2253echo " 2254#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\ 2255" >> $CONFIG_FILE 2256 2257get_nisLDAPstoreErrorTimeout 2258 2259 2260# We are done, so move back the config file from temp. location 2261# to actual location. 2262# In case the config file name has a directory component which does 2263# not exist, then create it now, otherwise 'mv' will return error. 2264 2265DIR_TO_CREATE=`dirname ${_CONFIG_FILE}` 2266mkdir -p ${DIR_TO_CREATE} 2267 2268echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)" 2269mv $CONFIG_FILE $_CONFIG_FILE 2270 2271# Revert back the config file name in case needed. 2272CONFIG_FILE=$_CONFIG_FILE 2273echo "Finished creation of config file ( $_CONFIG_FILE )" 2274 2275} 2276 2277 2278put_mapping_file_copyright_info() 2279{ 2280 2281# Start with an emptty file, so don't append, but overwrite here. 2282# Just change the name and add the word pragma, but keep the same 2283# date and version number as in the ident string of this script. 2284 2285grep "ident \"@(#)$PROG" $ABS_PROG | \ 2286 sed "s/ ident/pragma ident/g" | \ 2287 sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE 2288 2289echo "\ 2290# 2291# Copyright 2003 Sun Microsystems, Inc. All rights reserved. 2292# Use is subject to license terms. 2293# 2294#------------------------------------------------------------------- 2295#\ 2296" >> $MAP_FILE 2297} 2298 2299 2300# 2301# Filter out all the YP domains in /var/yp 2302# The list of domains is stored in list "VARYP_DMN_LIST" 2303# 2304create_all_var_yp_domain_list() 2305{ 2306VARYP_DMN_LIST="" 2307 2308for entry in /var/yp/* 2309do 2310 DMN=`basename $entry` 2311 if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ] 2312 then 2313 VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN" 2314 fi 2315done 2316 2317# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2318[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2319} 2320 2321 2322# 2323# Ask user which domains would be served by N2L 2324# The list of N2L domains is stored in global array 2325# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT 2326# 2327create_n2l_domain_list() 2328{ 2329# First make a list of all the domains in /var/yp 2330create_all_var_yp_domain_list 2331 2332# Now identify those to be served by N2L 2333let count=0 2334 2335for DMN in $VARYP_DMN_LIST 2336do 2337 get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \ 2338 "n" "selectDomain4N2L_help" 2339 2340 if [ $? -eq 1 ]; then 2341 N2L_DMN_LIST[count]=$DMN 2342 let count="count + 1" 2343 fi 2344 2345done 2346N2L_DMN_CNT=$count 2347 2348[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]} 2349[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT 2350} 2351 2352 2353# 2354# Make various lists for different types of maps for each N2L domain 2355# and ask user if mapping information and comments need to be generated 2356# for custom maps. 2357# 2358# This function looks big, but since KSH does not support 2-D arrays, or 2359# two level of dereferencing, it forced to have so many lists and arrays. 2360# Lists are better for adding or removing elements, and arrays are better 2361# for accessing with index and in knowing the no. of elements. 2362# 2363create_map_lists() 2364{ 2365# Initialize them with no maps. 2366ALL_DMN_ALL_MAPLIST="" 2367ALL_DMN_DEF_MAPLIST="" 2368ALL_DMN_CUST_MAPLIST="" 2369ALL_DMN_AUTO_CUST_MAPLIST="" 2370 2371# Default to don't generate custom mapping info or comment info. 2372CUST_MAP_NEEDED=0 2373CUST_CMT_NEEDED=0 2374 2375let count=0 2376 2377while (( $count < $N2L_DMN_CNT )) 2378do 2379 DMN=${N2L_DMN_LIST[count]} 2380 MAPDIR=/var/yp/${DMN} 2381 2382 # Initialize per domain lists to NULL. 2383 ALL_MAPLIST="" 2384 DEF_MAPLIST="" 2385 CUST_MAPLIST="" 2386 AUTO_CUST_MAPLIST="" 2387 2388 for dbmfile in $MAPDIR/*.dir 2389 do 2390 MAP=`basename $dbmfile .dir` 2391 2392 # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname) 2393 if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \ 2394 [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]] 2395 then 2396 ALL_MAPLIST="$ALL_MAPLIST $MAP" 2397 2398 if present $MAP $DEFAULT_NIS_MAPS 2399 then 2400 DEF_MAPLIST="$DEF_MAPLIST $MAP" 2401 2402 elif [[ $MAP = auto.* ]] 2403 then 2404 AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP" 2405 2406 else 2407 # If we reached here, means it is custom map. 2408 get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \ 2409 "n" "generate_mapping_info_for_cust_map_help" 2410 2411 if [ $? -eq 1 ] 2412 then 2413 CUST_MAPLIST="$CUST_MAPLIST $MAP" 2414 else 2415 # If a customer map is not desired, then delete it from 2416 # all maplist too. 2417 ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST) 2418 fi 2419 2420 fi 2421 2422 fi 2423 2424 done 2425 2426 # Make ALL_DMN lists as they are very helpful in checking if a map exists. 2427 ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST) 2428 ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST) 2429 ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST) 2430 ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \ 2431 $AUTO_CUST_MAPLIST) 2432 2433 # Store per domain lists in arrays. 2434 ALL_MAPS[$count]="$ALL_MAPLIST" 2435 DEF_MAPS[$count]="$DEF_MAPLIST" 2436 CUST_MAPS[$count]="$CUST_MAPLIST" 2437 AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST" 2438 2439 [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]} 2440 [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]} 2441 [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]} 2442 [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]} 2443 2444 let count="count + 1" 2445done 2446 2447[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST 2448[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST 2449[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST 2450[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST 2451 2452# Store all domain lists in array too. 2453set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST 2454set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST 2455set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST 2456set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST 2457 2458# A positive customer map count implies custom mapping information 2459# is required. Set this flag. 2460[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1 2461 2462# Give bit of info, and ask if comments need to be placed in mapping file 2463echo " 2464 This script can place relevant information regarding custom 2465 maps at appropriate places in the mapping file which can be 2466 helpful in customizing this file. 2467" 2468 2469get_confirm "Do you want such information to be generated (y/n/h)?" \ 2470 "n" "generate_comment_info_for_cust_map_help" 2471 2472[ $? -eq 1 ] && CUST_CMT_NEEDED=1 2473 2474[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED 2475[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED 2476 2477} 2478 2479 2480# 2481# Ask user the context for each (N2l) domain 2482# 2483get_nisLDAPdomainContext() 2484{ 2485echo " 2486# List domains and contexts 2487" >> $MAP_FILE 2488 2489for DMN in ${N2L_DMN_LIST[*]} 2490do 2491 while : 2492 do 2493 # Convert to domain in dc format for default choice 2494 domain_2_dc $DMN 2495 2496 get_ans "Enter the naming context for $DMN domain (h=help):"\ 2497 "$_DOM_2_DC" 2498 2499 # If help continue, otherwise break. 2500 case "$ANS" in 2501 [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;; 2502 * ) break ;; 2503 esac 2504 done 2505 2506 # If a value is specified, set it, and save in mapping file too. 2507 if [ "$ANS" != "" ]; then 2508 echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE 2509 fi 2510 2511 [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}" 2512done 2513} 2514 2515 2516# 2517# Ask user the domains for which passwords should be changed 2518# 2519get_nisLDAPyppasswddDomains() 2520{ 2521 2522echo " 2523# List domains for which passwords should be changed. If this is not 2524# present then the value returned by 'domainname' will be used. 2525" >> $MAP_FILE 2526 2527for DMN in ${N2L_DMN_LIST[*]} 2528do 2529 get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \ 2530 "n" "nisLDAPyppasswddDomains_help" 2531 2532 if [ $? -eq 1 ]; then 2533 echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE 2534 fi 2535done 2536 2537echo " 2538# 2539#------------------------------------------------------------------- 2540#\ 2541" >> $MAP_FILE 2542} 2543 2544 2545# 2546# Create NIS databaseId mappings (aliases) 2547# 2548create_nisLDAPdatabaseIdMapping() 2549{ 2550echo ' 2551# Associate map names with databaseIds (aliases) 2552 2553# Standard maps 2554nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname 2555nisLDAPdatabaseIdMapping group: group.bygid group.byname 2556nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \ 2557 hosts.byaddr hosts.byname 2558# Special mapping to handle the YP_MULTI cases 2559nisLDAPdatabaseIdMapping multihosts: \ 2560 [addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \ 2561 hosts.byname 2562nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname 2563nisLDAPdatabaseIdMapping project: project.byname project.byprojid 2564nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber 2565nisLDAPdatabaseIdMapping services: services.byname services.byservicename 2566 2567# netid.byname is built up from the hosts and passwd files using different 2568# mappings. It thus has two associated nisLDAPdatabaseIdMappings. 2569nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname 2570nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname 2571 2572# The next two are special databaseIds. They associate maps with databaseIds 2573# but additionally identify which maps contain password and password adjunct 2574# information for yppasswdd. 2575nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid 2576 2577# mail.byaddr needs to select entries of the form x@y or x!y 2578nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \ 2579 mail.byaddr 2580 2581# publickey.byname 2582# Each entry in publickey map consists of a network user name which 2583# may refer to a host or a user. It also contains a default entry for nobody. 2584# Hence, we need three nisLDAPdatabaseIdmappings to support the three 2585# different types of keys. 2586nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \ 2587 publickey.byname 2588nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \ 2589 publickey.byname 2590nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname 2591 2592# Single standard maps. No point aliasing. 2593# mail.aliases 2594# netmasks.byaddr 2595# rpc.bynumber 2596# ypservers 2597 2598# Other maps 2599# ipnodes looks identical to hosts but maps to a different context. 2600nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \ 2601 ipnodes.byaddr ipnodes.byname 2602# Special mapping to handle the YP_MULTI cases 2603nisLDAPdatabaseIdMapping multiipnodes: \ 2604 [addr="*:*,*"] \ 2605 ipnodes.byname 2606 2607# Other single maps. No point aliasing 2608# audit_user 2609# auth_attr 2610# exec_attr 2611# prof_attr 2612# user_attr 2613# auto.home 2614# auto.master 2615# bootparams 2616# timezone.byname 2617# printers.conf.byname 2618# passwd.adjunct.byname 2619# group.adjunct.byname 2620' >> $MAP_FILE 2621 2622[ CUST_CMT_NEEDED -eq 1 ] && \ 2623echo " 2624# If any custom map needs to be aliased, then it should be listed 2625# here in the following format : 2626# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...] 2627" >> $MAP_FILE 2628 2629[ CUST_MAP_NEEDED -eq 1 ] && \ 2630echo "\ 2631# Not aliasing non-default/custom maps as they are assumed to be 2632# simple, single maps.\ 2633" >> $MAP_FILE 2634 2635for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 2636do 2637 echo "# $MAP" >> $MAP_FILE 2638done 2639 2640echo "\ 2641# 2642#------------------------------------------------------------------------------ 2643# 2644" >> $MAP_FILE 2645} 2646 2647 2648# 2649# Finds the domains in which the given map exists in the supplied list. 2650# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are 2651# set globally, so they can be accessed from any where. 2652# Input : $1 - map, $2 - list name (just name, not the value) 2653# 2654find_domains() 2655{ 2656_MAP=$1 2657_ARRAY=$2 2658 2659let PRESENT_COUNT=0 2660PRESENT_IN_DOMAINS="" 2661 2662let count=0 2663 2664while (( $count < $N2L_DMN_CNT )) 2665do 2666 2667 # Quick and dirty way to get around unavailability of 2D array 2668 case "$_ARRAY" in 2669 ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;; 2670 DEF_MAPS ) _LIST=${DEF_MAPS[$count]} ;; 2671 CUST_MAPS ) _LIST=${CUST_MAPS[$count]} ;; 2672 AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;; 2673 * ) echo "Invalid value: \"${_ARRAY}\". \c" 2674 ;; 2675 esac 2676 2677 if present $_MAP $_LIST 2678 then 2679 let PRESENT_COUNT="$PRESENT_COUNT + 1" 2680 PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}" 2681 fi 2682 let count="count + 1" 2683done 2684 2685[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT" 2686[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS" 2687 2688return 0 2689} 2690 2691 2692# 2693# For a given map, find out which list it belongs to (PRESENT_IN_LIST), 2694# and in how many domains this map shows up (PRESENT_COUNT), and in 2695# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so 2696# they can be accessed from any where. 2697# 2698find_map_presence_details() 2699{ 2700_MAP=$1 2701 2702let PRESENT_COUNT=0 2703PRESENT_IN_LIST="" 2704PRESENT_IN_DOMAINS="" 2705 2706# If the map does not exist, return right away, else 2707# find which list it belongs to. 2708# If a map exists in def or auto or cust lists, then 2709# it also exists in "all" list. 2710 2711if ! present $_MAP $ALL_DMN_ALL_MAPLIST 2712then 2713 return 1 2714 2715elif present $_MAP $ALL_DMN_DEF_MAPLIST 2716then 2717 PRESENT_IN_LIST="DEF_MAPS" 2718 2719elif present $_MAP $ALL_DMN_CUST_MAPLIST 2720then 2721 PRESENT_IN_LIST="CUST_MAPS" 2722 2723else 2724 # If map exists, and not in previous two lists, 2725 # then it has to be here only. 2726 PRESENT_IN_LIST="AUTO_CUST_MAPS" 2727fi 2728 2729# Now we know which list the map belongs to. So, we need to 2730# find which are the domains in which this map exists. 2731 2732find_domains $_MAP $PRESENT_IN_LIST 2733 2734# Since the above function sets the values of PRESENT_COUNT and 2735# PRESENT_IN_DOMAINS fields, we don't need to do anything else. 2736 2737[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST" 2738 2739return 0 2740} 2741 2742 2743# 2744# Check if the comment char is a single character, return 0 on success. 2745# Input is passed via global variable "COMMENT_CHAR" 2746# 2747valid_comment_char() 2748{ 2749COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c` 2750 2751# echo adds new line character, so adjust length appropriately 2752if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then 2753 echo " Comment character has to be a blank or single character; try again." 2754 return 1 2755else 2756 return 0 2757fi 2758} 2759 2760 2761# 2762# Read the comment character for a MAP. Append in mapping file if valid. 2763# Input - $1 : MAP name 2764# 2765get_comment_char() 2766{ 2767_MAP=$1 2768 2769while : 2770do 2771 get_ans "Specify the comment character for $_MAP :" 2772 COMMENT_CHAR=$ANS 2773 2774 if valid_comment_char; then 2775 break 2776 fi 2777done 2778 2779echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE 2780} 2781 2782 2783# 2784# Read a seperate comment character for a MAP for each domain and 2785# update this information in mapping file. 2786# Input - $1 : MAP name, $@ : list of domains 2787# 2788get_comment_char_per_domain() 2789{ 2790_MAP=$1 2791shift 2792_DOMAIN_LIST="$@" 2793 2794for _DMN in $_DOMAIN_LIST 2795do 2796 2797 while : 2798 do 2799 2800 get_ans "Specify the comment character for $_MAP,${_DMN} :" 2801 COMMENT_CHAR=$ANS 2802 2803 if valid_comment_char; then 2804 break 2805 fi 2806 2807 done 2808 echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE 2809 2810done 2811} 2812 2813 2814# 2815# This function generates custom comment entries. The output is 2816# appended in the mapping file. 2817# 2818get_custom_nisLDAPcommentChar() 2819{ 2820 2821# All the auto mounter maps are assumed to have '#' as the default comment 2822# char. But still list the non-default auto map entries here anyway. This 2823# will make it very easy in case these entries need to be changed. 2824 2825for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 2826do 2827 echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE 2828done 2829 2830if [ CUST_MAP_NEEDED -eq 1 ]; then 2831 get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \ 2832 "n" "custom_map_comment_char_help" 2833 2834 if [ $? -eq 1 ]; then 2835 for MAP in ${ALL_DMN_CUST_MAPS[*]} 2836 do 2837 2838 get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \ 2839 "n" "custom_map_comment_char_help" 2840 2841 if [ $? -eq 1 ]; then 2842 find_domains $MAP CUST_MAPS 2843 if [ $PRESENT_COUNT -gt 1 ]; then 2844 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 2845 2846 get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \ 2847 "y" "same_comment_char_help" 2848 2849 if [ $? -eq 1 ]; then 2850 get_comment_char $MAP 2851 else 2852 get_comment_char_per_domain $MAP "$PRESENT_IN_DOMAINS" 2853 fi 2854 2855 else 2856 get_comment_char $MAP 2857 fi 2858 2859 fi 2860 done 2861 fi 2862fi 2863 2864} 2865 2866 2867# List comment character (if any) for maps 2868create_nisLDAPcommentChar() 2869{ 2870 2871echo "\ 2872# Specify the character representing the start of comments. 2873" >> $MAP_FILE 2874 2875[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2876# The comment character represents the start of the special 'comment' 2877# field in a given NIS map. If this attribute is not present then the 2878# default comment character '#' is used. If a map cannot contain comments 2879# then the NULL ('') comment character should be specified. The format to 2880# specify the comment character is : 2881# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char' 2882" >> $MAP_FILE 2883 2884echo "\ 2885nisLDAPcommentChar group : '' 2886nisLDAPcommentChar passwd : '' 2887nisLDAPcommentChar ageing.byname : '' 2888nisLDAPcommentChar audit_user : '' 2889nisLDAPcommentChar auth_attr : '' 2890nisLDAPcommentChar exec_attr : '' 2891nisLDAPcommentChar user_attr : '' 2892nisLDAPcommentChar bootparams : '' 2893" >> $MAP_FILE 2894 2895# Need to handle passwd.adjunct.byname map for multiple domain. 2896_MAP=passwd.adjunct.byname 2897if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2898then 2899 # Just put the syntax in comment form 2900 echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2901else 2902 # Find the domains in which this map exists. 2903 find_domains $_MAP DEF_MAPS 2904 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2905 then 2906 # Don't put domain info as the map is present in all of them. 2907 echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2908 else 2909 # Not every domain has this map. So, list for the ones which do. 2910 for _DMN in $PRESENT_IN_DOMAINS 2911 do 2912 echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2913 done 2914 fi 2915fi 2916# passwd.adjunct.byname done 2917 2918 2919# Need to handle group.adjunct.byname map for multiple domain. 2920_MAP=group.adjunct.byname 2921if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2922then 2923 # Just put the syntax in comment form 2924 echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2925else 2926 # Find the domains in which this map exists. 2927 find_domains $_MAP DEF_MAPS 2928 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2929 then 2930 # Don't put domain info as the map is present in all of them. 2931 echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2932 else 2933 # Not every domain has this map. So, list for the ones which do. 2934 for _DMN in $PRESENT_IN_DOMAINS 2935 do 2936 echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2937 done 2938 fi 2939fi 2940# group.adjunct.byname done 2941 2942echo "" >> $MAP_FILE 2943 2944# Ask user for comment char for custom maps 2945get_custom_nisLDAPcommentChar 2946 2947echo " 2948# 2949#------------------------------------------------------------------------------ 2950# 2951" >> $MAP_FILE 2952} 2953 2954 2955# 2956# Generate secure flag entries 2957# 2958create_secure_flag_entries() 2959{ 2960echo "\ 2961# Specify YP_SECURE flags 2962" >> $MAP_FILE 2963 2964[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2965# If a map is secure, then it needs to be mentioned here 2966# in the following format : 2967# nisLDAPmapFlags mapname : s 2968">> $MAP_FILE 2969 2970echo "\ 2971# nisLDAPmapFlags audit_user : s 2972" >> $MAP_FILE 2973 2974# Need to handle passwd.adjunct.byname map for multiple domain. 2975_MAP=passwd.adjunct.byname 2976if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2977then 2978 # Just put the syntax in comment form 2979 echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 2980else 2981 # Find the domains in which this map exists. 2982 find_domains $_MAP DEF_MAPS 2983 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2984 then 2985 # Don't put domain info as the map is present in all of them. 2986 echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 2987 else 2988 # Not every domain has this map. So, list for the ones which do. 2989 for _DMN in $PRESENT_IN_DOMAINS 2990 do 2991 echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE 2992 done 2993 fi 2994fi 2995 2996# Need to handle group.adjunct.byname map for multiple domain. 2997_MAP=group.adjunct.byname 2998if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2999then 3000 # Just put the syntax in comment form 3001 echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 3002else 3003 # Find the domains in which this map exists. 3004 find_domains $_MAP DEF_MAPS 3005 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3006 then 3007 # Don't put domain info as the map is present in all of them. 3008 echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 3009 else 3010 # Not every domain has this map. So, list for the ones which do. 3011 for _DMN in $PRESENT_IN_DOMAINS 3012 do 3013 echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE 3014 done 3015 fi 3016fi 3017 3018echo "" >> $MAP_FILE 3019 3020STR="any" # Just to make the question look better. 3021while : 3022do 3023 get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \ 3024 "n" "secure_flag_on_help" 3025 3026 if [ $? -eq 0 ]; then 3027 return 0 3028 3029 else 3030 get_ans "Enter the MAP name :" 3031 MAP=$ANS 3032 3033 if [[ $MAP = "" ]]; then 3034 echo " Error : BLANK map name not allowed; try again" 3035 continue 3036 fi 3037 3038 # Check if the supplied map name exists, and if yes, then 3039 # set the PRESENT attributes for further processing 3040 3041 find_map_presence_details $MAP 3042 3043 case $PRESENT_COUNT in 3044 3045 0 ) echo " Error : $MAP not found in any domain; try again" 3046 ;; 3047 3048 1 ) # The map exists in only one domain. 3049 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3050 STR="another" # Just to make the question look better. 3051 ;; 3052 3053 * ) # The map exists in multiple domain. Ask if this flag needs 3054 # to be set for all domains, or some specific ones. 3055 3056 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 3057 get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \ 3058 "y" "secure_flag_all_domains_help" 3059 3060 if [ $? -eq 1 ]; then 3061 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3062 else 3063 3064 for _DMN in $PRESENT_IN_DOMAINS 3065 do 3066 3067 get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?" 3068 3069 if [ $? -eq 1 ]; then 3070 echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE 3071 fi 3072 3073 done 3074 fi 3075 STR="another" # Just to make the question look better. 3076 ;; 3077 3078 esac 3079 3080 fi 3081done 3082} 3083 3084 3085# 3086# Generate interdomain flag entries 3087# 3088create_interdomain_flag_entries() 3089{ 3090 3091INTERDOMAIN_MAP_LIST="ipnodes 3092 multiipnodes 3093 hosts 3094 multihosts 3095 services.byservicename" 3096 3097# 3098# Simple function to avoid duplication of code 3099# 3100print_interdomain_entries() 3101{ 3102for _MAP in $INTERDOMAIN_MAP_LIST 3103do 3104 echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3105done 3106} 3107 3108echo " 3109# Specify YP_INTERDOMAIN flags 3110" >> $MAP_FILE 3111 3112[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3113# It is used to indicate NIS servers to use the domain name resolver for 3114# host name and address lookups for hosts not found in the maps. 3115# If set, it adds YP_INTERDOMAIN entries in these maps when converting 3116# data from LDAP to YP. It needs to be set in the following format : 3117# nisLDAPmapFlags mapname : b 3118" >> $MAP_FILE 3119 3120# List one set of entries in commented form anyway as it might help 3121# user understand what it means. 3122 3123echo "\ 3124# If \$B is set in /var/yp/Makefile, then this flag should be 3125# set for following maps :\ 3126" >> $MAP_FILE 3127 3128for _MAP in $INTERDOMAIN_MAP_LIST 3129do 3130 echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3131done 3132 3133# Put a blank line for indentation purpose 3134echo >> $MAP_FILE 3135 3136get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \ 3137 "n" "interdomain_flag_on_help" 3138 3139if [ $? -eq 1 ]; then 3140 3141 if [ $N2L_DMN_CNT -gt 1 ]; then 3142 3143 get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \ 3144 "y" "interdomain_flag_all_domains_help" 3145 3146 if [ $? -eq 1 ]; then 3147 print_interdomain_entries 3148 else 3149 3150 for _DMN in ${N2L_DMN_LIST[*]} 3151 do 3152 get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?" 3153 3154 if [ $? -eq 1 ]; then 3155 for _MAP in $INTERDOMAIN_MAP_LIST 3156 do 3157 echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE 3158 done 3159 fi 3160 3161 done 3162 fi 3163 3164 else 3165 print_interdomain_entries 3166 fi 3167fi 3168 3169echo " 3170# 3171#------------------------------------------------------------------------------ 3172# 3173" >> $MAP_FILE 3174 3175return 0 3176} 3177 3178 3179# 3180# List SECURE and INTERDOMAIN flags 3181# 3182create_nisLDAPmapFlags() 3183{ 3184create_secure_flag_entries 3185create_interdomain_flag_entries 3186} 3187 3188 3189# 3190# Print one Map TTL entry in mapping file using supplied TTL. 3191# 3192print_one_map_ttl_entry() 3193{ 3194_Map=$1 3195_iTtlLo=$2 3196_iTtlHi=$3 3197_runTtl=$4 3198 3199echo "\ 3200nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\ 3201" >> $MAP_FILE 3202 3203return 0 3204} 3205 3206 3207# 3208# Print all the maps TTL entries of same TTL 3209# values using the supplied TTL triplet. 3210# 3211print_all_same_ttl_entries() 3212{ 3213_iTTLlo=$1 3214_iTTLhi=$2 3215_runTTL=$3 3216 3217for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3218 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3219do 3220 3221 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3222 [ "$_MAP" != "group.adjunct.byname" ] 3223 then 3224 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3225 3226 else 3227 3228 # adjunct maps might not exist in all the domains. 3229 find_domains $_MAP DEF_MAPS 3230 3231 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3232 then 3233 3234 # Don't put domain info as the map is present in all of them. 3235 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3236 3237 else 3238 3239 for _DMN_ in $PRESENT_IN_DOMAINS 3240 do 3241 _STR="${_MAP},${_DMN_}" 3242 print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL 3243 done 3244 3245 fi 3246 fi 3247done 3248 3249return 0 3250} 3251 3252# 3253# Read the initialTTLlo. Set the value in global variable. 3254# 3255get_ittl_lo() 3256{ 3257get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \ 3258 "$DEF_iTTLlo" "initialTTLlo_help" 3259 3260iTTLlo=${NUM} 3261} 3262 3263 3264# 3265# Read the initialTTLhi. Set the value in global variable. 3266# 3267get_ittl_hi() 3268{ 3269get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \ 3270 "$DEF_iTTLhi" "initialTTLhi_help" 3271 3272iTTLhi=${NUM} 3273} 3274 3275 3276# 3277# Read the initialTTLhi. Set the value in global variable. 3278# 3279get_run_ttl() 3280{ 3281get_pos_int "Runtime TTL (in seconds) (h=help):" \ 3282 "$DEF_runTTL" "runningTTL_help" 3283 3284runTTL=${NUM} 3285} 3286 3287 3288# 3289# Read one TTL triplet. Set the result in global variables. 3290# 3291read_one_ttl_triplet() 3292{ 3293# Just call the individual functions for each TTL. 3294 3295 get_ittl_lo 3296 get_ittl_hi 3297 get_run_ttl 3298 3299[ $DEBUG -eq 1 ] && \ 3300 echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}" 3301 3302return 0 3303} 3304 3305# 3306# Takes MAP name (with or without domain name) as argument, asks 3307# user for TTL values, and appends the entry in the mapping file. 3308# 3309process_one_map_ttl_value() 3310{ 3311 3312_Map_="$1" 3313 3314get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \ 3315 "y" "default_different_ttl_help" 3316 3317if [ $? -eq 1 ]; then 3318 print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3319else 3320 3321 echo "Reading TTL values for $_Map_ :" 3322 read_one_ttl_triplet 3323 print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL 3324 3325fi 3326return 0 3327} 3328 3329 3330# 3331# Read only one TTL triplet for each existing MAP without asking 3332# different values for each domain and update the mapping file. 3333# 3334read_all_maps_ttl_values_no_multiple_domain_issue() 3335{ 3336 3337# Need to read only one TTL triplet for each existing MAP. 3338 3339for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3340 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3341do 3342 3343 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3344 [ "$_MAP" != "group.adjunct.byname" ] 3345 then 3346 process_one_map_ttl_value $_MAP 3347 3348 else 3349 3350 # adjunct maps might not exist in all the domains. 3351 find_domains $_MAP DEF_MAPS 3352 3353 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3354 then 3355 3356 # Don't put domain info as the map is present in all of them. 3357 process_one_map_ttl_value $_MAP 3358 3359 else 3360 3361 for _DMN_ in $PRESENT_IN_DOMAINS 3362 do 3363 _STR="${_MAP},${_DMN_}" 3364 process_one_map_ttl_value $_STR 3365 done 3366 3367 fi 3368 fi 3369done 3370 3371return 0 3372} 3373 3374 3375# 3376# Read TTL triplet for each default MAP (in database ID form) while 3377# taking care of multiple domains issue and update the mapping file. 3378# 3379read_default_maps_ttl_values_with_multi_domain_issue() 3380{ 3381 3382for _MAP_ in ${DEF_TTL_MAPLIST} 3383do 3384 if [ "$_MAP_" != "passwd.adjunct.byname" ] && \ 3385 [ "$_MAP_" != "group.adjunct.byname" ] 3386 then 3387 3388 for _DMN_ in ${N2L_DMN_LIST[*]} 3389 do 3390 _STR_="${_MAP_},${_DMN_}" 3391 # Now process each combination one at a time. 3392 process_one_map_ttl_value "$_STR_" 3393 done 3394 3395 else 3396 # List only those domains in which adjunct.byname exists. 3397 find_domains $_MAP_ DEF_MAPS 3398 for _DMN_ in $PRESENT_IN_DOMAINS 3399 do 3400 _STR_="${_MAP_},${_DMN_}" 3401 process_one_map_ttl_value "$_STR_" 3402 done 3403 fi 3404done 3405 3406return 0 3407} 3408 3409 3410# 3411# Read TTL triplet for each existing custom MAP while taking 3412# care of multiple domains issue and update the mapping file. 3413# 3414read_custom_maps_ttl_values_with_multi_domain_issue() 3415{ 3416 3417for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]} 3418do 3419 3420 find_map_presence_details $_MAP_ 3421 3422 if [ $PRESENT_COUNT -eq 1 ]; then 3423 3424 # This map exists in only one domain. 3425 # So, no need to ask for multiple domains. 3426 3427 process_one_map_ttl_value $_MAP_ 3428 3429 else 3430 3431 # Handle multiple domains. 3432 3433 echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS" 3434 3435 get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3436 "y" "same_ttl_across_domains_help" 3437 3438 if [ $? -eq 1 ]; then 3439 3440 # Need to read only one TTL triplet for this MAP. 3441 process_one_map_ttl_value $_MAP_ 3442 3443 else 3444 3445 # Need to ask for each domain 3446 3447 for _DMN_ in $PRESENT_IN_DOMAINS 3448 do 3449 _STR="${_MAP_},${_DMN_}" 3450 3451 # Now process each combination one at a time. 3452 process_one_map_ttl_value "$_STR" 3453 3454 done 3455 fi 3456 fi 3457done 3458 3459return 0 3460} 3461 3462 3463# 3464# List the TTL values for various MAPs 3465# 3466create_nisLDAPentryTtl() 3467{ 3468 3469echo "\ 3470# Associate TTLs with NIS entries derived from LDAP 3471" >> $MAP_FILE 3472 3473[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3474# Each map has three TTL values which are specified in seconds. 3475# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial 3476# TTL (in seconds) for data read from disk when the ypserv starts. 3477# 3478# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL. 3479# 3480# 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data 3481# retrieved from LDAP while the ypserv is running. 3482# 3483# If any value is not specified, then default value is used. 3484# The format of TTL entry is : 3485# nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL 3486" >> $MAP_FILE 3487 3488# If no maps are present, just return. 3489[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0 3490 3491echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}" 3492get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \ 3493 "n" "default_ttl_help" 3494 3495if [ $? -eq 0 ]; then 3496 # Default values accepted for all the maps. 3497 # So, just print all the maps with default TTL values. 3498 3499 print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3500 3501else 3502 echo "You would be allowed to enter the new TTL values." 3503 get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \ 3504 "y" "non_default_same_ttl_help" 3505 3506 if [ $? -eq 1 ]; then 3507 # Need to read only one TTL triplet. 3508 # Print all the maps with new TTL triplet. 3509 3510 # read one ttl triplet 3511 echo "Enter the new TTL values :" 3512 3513 read_one_ttl_triplet 3514 3515 print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL 3516 3517 else 3518 if [ $N2L_DMN_CNT -eq 1 ]; then 3519 3520 # TTL values are different now. But we haev only one domain. 3521 # So, no need to worry about multiple domains. Need to read 3522 # only one TTL triplet for each existing MAP. 3523 3524 read_all_maps_ttl_values_no_multiple_domain_issue 3525 3526 else 3527 3528 # TTL values are different now. And we have multiple domains 3529 # too. Check if MAPS are going to have same TTL across domains. 3530 # This is just to avoid asking too many TTL triplet inputs 3531 3532 echo "You would be allowed to enter different TTL values for each map." 3533 3534 get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3535 "y" "non_default_different_ttl_help" 3536 3537 if [ $? -eq 1 ]; then 3538 3539 # Need to read only one TTL triplet for each existing MAP. 3540 read_all_maps_ttl_values_no_multiple_domain_issue 3541 3542 else 3543 3544 # We have hit the worst case scenario. TTLs could be 3545 # different per map and per domain. 3546 3547 read_default_maps_ttl_values_with_multi_domain_issue 3548 read_custom_maps_ttl_values_with_multi_domain_issue 3549 fi 3550 fi 3551 fi 3552fi 3553 3554echo " 3555# 3556#------------------------------------------------------------------------------ 3557# 3558" >> $MAP_FILE 3559 3560return 0 3561} 3562 3563 3564# 3565# The custom maps for which we do not have enough 3566# information to be able to generate specific entries, 3567# we just log the message that the user needs to take 3568# care of those entries manually. 3569# 3570ask_user_to_update_the_custom_map_entries_too() 3571{ 3572 3573if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then 3574 3575 echo " 3576# Similar entries need to be created 3577# for following custom maps too :\ 3578" >> $MAP_FILE 3579 3580 for _MAP in ${ALL_DMN_CUST_MAPS[*]} 3581 do 3582 echo "# $_MAP" >> $MAP_FILE 3583 done 3584fi 3585} 3586 3587 3588put_default_nisLDAPnameFields() 3589{ 3590echo ' 3591# Associate names with fields in the maps. Must be same for all domains. 3592nisLDAPnameFields audit_user: \ 3593 ("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags) 3594 3595nisLDAPnameFields auto.home: \ 3596 ("%s",value) 3597 3598nisLDAPnameFields auto.master: \ 3599 ("%s",value) 3600 3601nisLDAPnameFields auth_attr: \ 3602 ("%s:%s:%s:%s:%s:%s", \ 3603 name, res1, res2, short_desc, long_desc, attrs ) 3604 3605nisLDAPnameFields bootparams: \ 3606 ("%s", params) 3607 3608nisLDAPnameFields ethers: \ 3609 ("%s %s", addr, name) 3610 3611nisLDAPnameFields exec_attr: \ 3612 ("%s:%s:%s:%s:%s:%s:%s", \ 3613 name, policy, type, res1, res2, id, attrs) 3614 3615nisLDAPnameFields group: \ 3616 ("%s:%s:%s:%s", name, passwd, gid, users) 3617' >> $MAP_FILE 3618 3619# Need to handle group.adjunct.byname map for multiple domain. 3620 3621_MAP=group.adjunct.byname 3622if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3623then 3624 # Just put the syntax in comment form 3625 echo '#nisLDAPnameFields group.adjunct.byname: \ 3626# ("%s:%s", name, passwd) 3627' >> $MAP_FILE 3628else 3629 # Find the domains in which this map exists. 3630 find_domains $_MAP DEF_MAPS 3631 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3632 then 3633 3634 # Don't put domain info as the map is present in all of them. 3635 echo 'nisLDAPnameFields group.adjunct.byname: \ 3636 ("%s:%s", name, passwd) 3637' >> $MAP_FILE 3638 else 3639 # Not every domain has this map. So, list for the ones which do. 3640 for _DMN in $PRESENT_IN_DOMAINS 3641 do 3642 echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\ 3643 (\"%s:%s\", name, passwd) 3644" >> $MAP_FILE 3645 done 3646 fi 3647fi 3648 3649echo 'nisLDAPnameFields keys.host: \ 3650 ("%s:%s", publicKey ,secretKey) 3651 3652nisLDAPnameFields keys.pass: \ 3653 ("%s:%s", publicKey ,secretKey) 3654 3655nisLDAPnameFields keys.nobody: \ 3656 ("%s:%s", publicKey ,secretKey) 3657 3658nisLDAPnameFields hosts: \ 3659 ("%a %s %s", addr, canonicalName, aliases) 3660 3661nisLDAPnameFields multihosts: \ 3662 ("%a %s %s", addr, canonicalName, aliases) 3663 3664nisLDAPnameFields ipnodes: \ 3665 ("%a %s %s", addr, canonicalName, aliases) 3666 3667nisLDAPnameFields multiipnodes: \ 3668 ("%a %s %s", addr, canonicalName, aliases) 3669 3670nisLDAPnameFields mail.aliases: \ 3671 ("%s", addresses) 3672 3673nisLDAPnameFields mail.mapping: \ 3674 ("%s", address) 3675 3676# memberTriples is split into sub-fields by a latter nisLDAPsplitField 3677# attribute. 3678nisLDAPnameFields netgroup: \ 3679 ("%s", memberTriples) 3680 3681nisLDAPnameFields netid.host: \ 3682 ("%s:%s", number, data) 3683 3684nisLDAPnameFields netid.pass: \ 3685 ("%s:%s", number, data) 3686 3687nisLDAPnameFields netmasks.byaddr: \ 3688 ("%a", mask) 3689 3690nisLDAPnameFields networks: \ 3691 ("%s %s %s", name, number, aliases) 3692 3693nisLDAPnameFields project: \ 3694 ("%s:%s:%s:%s:%s:%s", \ 3695 name, projID, comment, users, groups, attrs) 3696 3697nisLDAPnameFields protocols: \ 3698 ("%s %s %s", name, number, aliases) 3699 3700nisLDAPnameFields rpc.bynumber: \ 3701 ("%s %s %s", name, number, aliases) 3702 3703nisLDAPnameFields passwd: \ 3704 ("%s:%s:%s:%s:%s:%s:%s", \ 3705 name, passwd, uid, gid, gecos, home, shell) 3706 3707# It is not obvious what the fields in passwd.adjunct are for. They are not 3708# the same as the shadow map. The following is based on information in:- 3709# 3710# lib/libbc/inc/include/pwdadj.h. 3711# 3712# This file implies that these are documented in getpwaent(3) but this man page 3713# does not seem to exist. 3714# 3715# It is believed that 'min','max' and 'def' labels were reserved fields in 3716# SunOS 4.x and are now unused. 'always' and 'never' audit information is 3717# now contained in audit_user(4) so is now unused. 3718# 3719' >> $MAP_FILE 3720 3721# Need to handle passwd.adjunct.byname map for multiple domain. 3722 3723_MAP=passwd.adjunct.byname 3724if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3725then 3726 # Just put the syntax in comment form 3727 echo '#nisLDAPnameFields passwd.adjunct.byname: \ 3728# ("%s:%s:%s:%s:%s:%s:%s", \ 3729# name, passwd, min, max, def, always, \ 3730# never) 3731' >> $MAP_FILE 3732else 3733 # Find the domains in which this map exists. 3734 find_domains $_MAP DEF_MAPS 3735 3736 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3737 then 3738 3739 # Don't put domain info as the map is present in all of them. 3740 echo 'nisLDAPnameFields passwd.adjunct.byname: \ 3741 ("%s:%s:%s:%s:%s:%s:%s", \ 3742 name, passwd, min, max, def, always, \ 3743 never) 3744' >> $MAP_FILE 3745 else 3746 # Not every domain has this map. So, list for the ones which do. 3747 for _DMN in $PRESENT_IN_DOMAINS 3748 do 3749 echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\ 3750 (\"%s:%s:%s:%s:%s:%s:%s\", \\ 3751 name, passwd, min, max, def, always, \\ 3752 never) 3753" >> $MAP_FILE 3754 done 3755 fi 3756fi 3757 3758echo ' 3759nisLDAPnameFields printers.conf.byname: \ 3760 ("%s:%s", names, values) 3761 3762nisLDAPnameFields prof_attr: \ 3763 ("%s:%s:%s:%s:%s", \ 3764 name, res1, res2, desc, attrs) 3765 3766nisLDAPnameFields services: \ 3767 ("%s %s/%s %s", name, port, protocol, aliases) 3768 3769# This map is never created but yppasswd uses the mapping to extract password 3770# ageing information from the DIT. The password itself is not required by this 3771# mechanism so is not included in the ageing mapping. 3772nisLDAPnameFields ageing.byname: \ 3773 ("%s:%s:%s:%s:%s:%s:%s:%s", \ 3774 name, lastchg, min, max, warn, inactive, \ 3775 expire, flag) 3776 3777nisLDAPnameFields timezone.byname: \ 3778 ("%s %s", zoneName, hostName) 3779 3780nisLDAPnameFields user_attr: \ 3781 ("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs) 3782' >> $MAP_FILE 3783} 3784 3785# 3786# List namefields for non-default auto maps and custom maps. 3787# 3788put_auto_and_custom_map_nisLDAPnameFields() 3789{ 3790for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 3791do 3792 3793 echo "\ 3794nisLDAPnameFields ${_MAP}: \\ 3795 (\"%s\",value) 3796" >> $MAP_FILE 3797 3798done 3799} 3800 3801 3802create_nisLDAPnameFields() 3803{ 3804# Put format information of "nisLDAPnameFields" 3805[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3806# "nisLDAPnameFields" specifies the content of entries in a NIS map 3807# and how they should be broken into named fields. It is required as, 3808# unlike NIS+, NIS maps do not store information in named fields. 3809# 3810# Following is the syntax for nisLDAPnameFields : 3811# 3812# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")" 3813# fieldName = nameOrArrayName[","...] 3814# nameOrArrayName = Name of field or 'array' of repeated fields. 3815# matchspec = \" formatString \" 3816' >> $MAP_FILE 3817 3818# List the default nameField values 3819put_default_nisLDAPnameFields 3820 3821# List the underlying assumption 3822echo "\ 3823# With the assumption that all the custom maps are simple, single 3824# map (single key-value pair type), below is the nisLDAPnameFields 3825# information for all the custom and non-default auto.* maps. If 3826# this assumption is not valid, then refer to the NISLDAPmapping 3827# man page for information on how to customize this section. 3828" >> $MAP_FILE 3829 3830# List namefields for non-default auto maps and custom maps. 3831put_auto_and_custom_map_nisLDAPnameFields 3832 3833 3834echo " 3835# 3836#------------------------------------------------------------------------------ 3837# 3838" >> $MAP_FILE 3839 3840return 0 3841} 3842 3843 3844# 3845# List repeated field seperators 3846# 3847create_nisLDAPrepeatedFieldSeparators() 3848{ 3849 3850[ CUST_CMT_NEEDED -eq 1 ] && echo " 3851# nisLDAPrepeatedFieldSeparators : It is a character which separates 3852# the repeatable instnaces of splitable fields. It's format is : 3853# 3854# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\" 3855# sepChar = A separator character. 3856# Default value is space or tab. 3857" >> $MAP_FILE 3858 3859echo "\ 3860#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\" 3861" >> $MAP_FILE 3862 3863} 3864 3865 3866# 3867# List split fields 3868# 3869create_nisLDAPsplitField() 3870{ 3871# List the default split fields 3872 3873[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3874# nisLDAPsplitFields : It defines how a field, or list of fields, 3875# named by nisLDAPnameFields is split into sub fields. The original 3876# field is compared with each line of this attribute until one matches. 3877# When a match is found named sub-fields are generated. In latter 3878# operations sub-field names can be used in the same way as other 3879# field names. The format of nisLDAPsplitFields is : 3880# 3881# "nisLDAPsplitFields" fieldName ":" splitSpec[","...] 3882# splitSpec = "(" matchspec "," subFieldNames ")" 3883# fieldName = Name of a field from nisLDAPnameFields 3884# subFieldNames = subFieldname[","...] 3885# matchspec = \" formatString \" 3886' >> $MAP_FILE 3887 3888echo ' 3889nisLDAPsplitField memberTriples: \ 3890 ("(%s,%s,%s)", host, user, domain), \ 3891 ("%s", group) 3892' >> $MAP_FILE 3893 3894} 3895 3896# 3897# List split fields and repeated field separators. 3898# 3899create_split_field_and_repeatedfield_seperators() 3900{ 3901 3902echo "\ 3903# Specify how to break fields up into sub fields. 3904" >> $MAP_FILE 3905 3906create_nisLDAPrepeatedFieldSeparators 3907 3908create_nisLDAPsplitField 3909 3910echo " 3911# 3912#------------------------------------------------------------------------------ 3913# 3914" >> $MAP_FILE 3915} 3916 3917list_default_nisLDAPobjectDN() 3918{ 3919echo ' 3920# Associate maps with RDNs and object classes. Base DN comes from the 3921# nisLDAPdomainContext. 3922# 3923# As supplied this file gives only the most derived objectClass for each map. 3924# For some servers it may be necessary to add "objectClass=" statements for 3925# all the superclasses. This should be done here. 3926 3927nisLDAPobjectDN auto.home: \ 3928 automountmapname=auto_home,?one? \ 3929 objectClass=automount: 3930 3931nisLDAPobjectDN auto.master: \ 3932 automountmapname=auto_master,?one? \ 3933 objectClass=automount: 3934 3935nisLDAPobjectDN auth_attr: \ 3936 ou=SolarisAuthAttr,?one? \ 3937 objectClass=SolarisAuthAttr: 3938 3939nisLDAPobjectDN bootparams: \ 3940 ou=ethers,?one? \ 3941 objectClass=bootableDevice, \ 3942 bootParameter=*:\ 3943 ou=ethers,?one? \ 3944 objectClass=device, \ 3945 objectClass=bootableDevice 3946 3947 3948nisLDAPobjectDN exec_attr:\ 3949 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3950 SolarisKernelSecurityPolicy=*:\ 3951 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3952 objectClass=SolarisProfAttr,\ 3953 objectClass=top 3954 3955nisLDAPobjectDN ethers: \ 3956 ou=ethers,?one? \ 3957 objectClass=ieee802Device, \ 3958 macAddress=*:\ 3959 ou=ethers,?one? \ 3960 objectClass=device, \ 3961 objectClass=ieee802Device 3962 3963nisLDAPobjectDN group: \ 3964 ou=group,?one? \ 3965 objectClass=posixGroup: 3966' >> $MAP_FILE 3967 3968 3969# Need to handle group.adjunct.byname map for multiple domain. 3970 3971_MAP=group.adjunct.byname 3972if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3973then 3974 # Just put the syntax in comment form 3975 echo '#nisLDAPobjectDN group.adjunct.byname: \ 3976# ou=group,?one? \ 3977# objectClass=posixGroup: 3978' >> $MAP_FILE 3979else 3980 # Find the domains in which this map exists. 3981 find_domains $_MAP DEF_MAPS 3982 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3983 then 3984 # Don't put domain info as the map is present in all of them. 3985 echo 'nisLDAPobjectDN group.adjunct.byname: \ 3986 ou=group,?one? \ 3987 objectClass=posixGroup: 3988' >> $MAP_FILE 3989 else 3990 # Not every domain has this map. So, list for the ones which do. 3991 for _DMN in $PRESENT_IN_DOMAINS 3992 do 3993 echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\ 3994 ou=group,?one? \\ 3995 objectClass=posixGroup: 3996" >> $MAP_FILE 3997 done 3998 fi 3999fi 4000 4001 4002echo 'nisLDAPobjectDN hosts: \ 4003 ou=hosts,?one? \ 4004 objectClass=ipHost:\ 4005 ou=hosts,?one? \ 4006 objectClass=device, \ 4007 objectClass=ipHost 4008 4009nisLDAPobjectDN multihosts: \ 4010 ou=hosts,?one? \ 4011 objectClass=ipHost, \ 4012 ipHostNumber=*.* 4013 4014nisLDAPobjectDN ipnodes: \ 4015 ou=hosts,?one? \ 4016 objectClass=ipHost:\ 4017 ou=hosts,?one? \ 4018 objectClass=device, \ 4019 objectClass=ipHost 4020 4021nisLDAPobjectDN multiipnodes: \ 4022 ou=hosts,?one? \ 4023 objectClass=ipHost, \ 4024 ipHostNumber=*\:* 4025 4026nisLDAPobjectDN mail.aliases: \ 4027 ou=aliases,?one? \ 4028 objectClass=mailGroup: 4029 4030nisLDAPobjectDN mail.mapping: \ 4031 ou=aliases,?one? \ 4032 objectClass=mailGroup 4033 4034nisLDAPobjectDN netgroup: \ 4035 ou=netgroup,?one? \ 4036 objectClass=nisNetgroup: 4037 4038nisLDAPobjectDN networks: \ 4039 ou=networks,?one? \ 4040 objectClass=ipNetwork, \ 4041 cn=*: 4042 4043# Must come after networks (or equivalent) that creates ipNetworks 4044nisLDAPobjectDN netmasks.byaddr: \ 4045 ou=networks,?one? \ 4046 objectClass=ipNetwork, \ 4047 ipNetMaskNumber=*: 4048 4049nisLDAPobjectDN passwd: \ 4050 ou=people,?one? \ 4051 objectClass=posixAccount:\ 4052 ou=people,?one? \ 4053 objectClass=account, \ 4054 objectClass=shadowAccount, \ 4055 objectClass=posixAccount 4056' >> $MAP_FILE 4057 4058 4059# Need to handle passwd.adjunct.byname map for multiple domain. 4060 4061_MAP=passwd.adjunct.byname 4062if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4063then 4064 # Just put the syntax in comment form 4065 echo '#nisLDAPobjectDN passwd.adjunct.byname: \ 4066# ou=people,?one? \ 4067# objectClass=posixAccount:\ 4068# ou=people,?one? \ 4069# objectClass=account, \ 4070# objectClass=shadowAccount, \ 4071# objectClass=posixAccount 4072' >> $MAP_FILE 4073else 4074 # Find the domains in which this map exists. 4075 find_domains $_MAP DEF_MAPS 4076 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4077 then 4078 # Don't put domain info as the map is present in all of them. 4079 echo 'nisLDAPobjectDN passwd.adjunct.byname: \ 4080 ou=people,?one? \ 4081 objectClass=posixAccount:\ 4082 ou=people,?one? \ 4083 objectClass=account, \ 4084 objectClass=shadowAccount, \ 4085 objectClass=posixAccount 4086' >> $MAP_FILE 4087 else 4088 # Not every domain has this map. So, list for the ones which do. 4089 for _DMN in $PRESENT_IN_DOMAINS 4090 do 4091 echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\ 4092 ou=people,?one? \\ 4093 objectClass=posixAccount:\\ 4094 ou=people,?one? \\ 4095 objectClass=account, \\ 4096 objectClass=shadowAccount, \\ 4097 objectClass=posixAccount 4098" >> $MAP_FILE 4099 done 4100 fi 4101fi 4102 4103 4104echo '# Must follow passwd 4105nisLDAPobjectDN netid.pass: \ 4106 ou=people,?one? \ 4107 objectClass=posixAccount 4108 4109# Must follow hosts 4110nisLDAPobjectDN netid.host: \ 4111 ou=hosts,?one? \ 4112 objectClass=ipHost 4113 4114nisLDAPobjectDN printers.conf.byname: \ 4115 ou=printers,?one? \ 4116 objectClass=printerService:\ 4117 ou=printers,?one? \ 4118 objectClass=sunPrinter, \ 4119 objectClass=printerService, \ 4120 objectClass=printerLPR, \ 4121 objectClass=printerAbstract 4122 4123nisLDAPobjectDN prof_attr:\ 4124 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4125 SolarisAttrLongDesc=*:\ 4126 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4127 objectClass=SolarisExecAttr,\ 4128 objectClass=top 4129nisLDAPobjectDN project: \ 4130 ou=project,?one? \ 4131 objectClass=SolarisProject: 4132 4133nisLDAPobjectDN protocols: \ 4134 ou=protocols,?one? \ 4135 objectClass=ipProtocol: 4136 4137nisLDAPobjectDN rpc.bynumber: \ 4138 ou=rpc,?one? \ 4139 objectClass=oncRpc: 4140 4141nisLDAPobjectDN services.byname: \ 4142 ou=services,?one? \ 4143 objectClass=ipService: 4144 4145# Because services.byservicename contains keys of form both 'name' 4146# and 'name/protocol' we generate the DIT just from services.byname. 4147# Hence, write-disabled for services.byservicename 4148nisLDAPobjectDN services.byservicename: \ 4149 ou=services,?one? \ 4150 objectClass=ipService 4151 4152# This map is never created but yppasswd uses the mapping to extract password 4153# aging information from the DIT. 4154nisLDAPobjectDN ageing.byname: \ 4155 ou=people,?one? \ 4156 objectClass=shadowAccount: 4157 4158# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap 4159nisLDAPobjectDN timezone.byname: \ 4160 ou=Timezone,?one? \ 4161 objectClass=nisplusTimeZoneData: 4162 4163nisLDAPobjectDN user_attr: \ 4164 ou=people,?one? \ 4165 objectClass=SolarisUserAttr: 4166 4167# Must come after passwd (or equivalent) that creates posixAccounts 4168nisLDAPobjectDN audit_user: \ 4169 ou=people,?one? \ 4170 objectClass=SolarisAuditUser: 4171 4172# Must come after hosts + passwd. 4173nisLDAPobjectDN keys.host: \ 4174 ou=hosts,?one? \ 4175 objectClass=NisKeyObject: 4176 4177nisLDAPobjectDN keys.pass: \ 4178 ou=people,?one? \ 4179 objectClass=NisKeyObject: 4180 4181nisLDAPobjectDN keys.nobody: \ 4182 ou=people,?one? \ 4183 objectClass=NisKeyObject:\ 4184 ou=people,?one? \ 4185 objectClass=account, \ 4186 objectClass=NisKeyObject 4187 4188nisLDAPobjectDN ypservers: \ 4189 ou=ypservers,?one? \ 4190 objectClass=device: 4191' >> $MAP_FILE 4192} 4193 4194# List all the non-default auto.* and custom maps. 4195list_auto_custom_nisLDAPobjectDN() 4196{ 4197 4198# auto.* entries are easy. 4199if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4200 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4201 4202 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4203 do 4204 4205 # We need to find one container for each auto.* map. 4206 # Assume that each auto.* maps's container is auto_*. 4207 4208 _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"` 4209 4210 echo "\ 4211nisLDAPobjectDN ${_MAP}: \\ 4212 automountmapname=${_MAP_UNDERSCORE},?one? \\ 4213 objectClass=automount: 4214" >> $MAP_FILE 4215 done 4216fi 4217 4218# Since we do not have enough information to generate 4219# entries for other custom maps, best we can do is to 4220# log this map names and ask user to take care of them. 4221 4222ask_user_to_update_the_custom_map_entries_too 4223 4224} 4225 4226 4227# 4228# List association of maps with RDNs and object classes. 4229# 4230create_nisLDAPobjectDN() 4231{ 4232 4233[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4234# nisLDAPobjectDN : It specifies the connection between group of NIS 4235# maps and the LDAP directory. This attribute also defines the 'order' 4236# of the NIS maps. When NIS maps are bulk copied to or from the DIT 4237# they are processed in the same order as related nisLDAPobjectDN 4238# attributes appear in /var/yp/NISLDAPmapping. 4239# The format of "nisLDAPobjectDN" is : 4240# 4241# mapName[" "...] ":" objectDN *( ";" objectDN ) 4242# 4243# where: 4244# 4245# objectDN = readObjectSpec [":"[writeObjectSpec]] 4246# readObjectSpec = [baseAndScope [filterAttrValList]] 4247# writeObjectSpec = [baseAndScope [attrValList]] 4248# baseAndScope = [baseDN] ["?" [scope]] 4249# filterAttrValList = ["?" [filter | attrValList]]] 4250# scope = "base" | "one" | "sub" 4251# attrValList = attribute "=" value 4252# *("," attribute "=" value) 4253' >> $MAP_FILE 4254 4255# List all the default entries anyway. 4256list_default_nisLDAPobjectDN 4257 4258# List all the non-default auto.* and custom maps. 4259list_auto_custom_nisLDAPobjectDN 4260 4261} 4262 4263# 4264# List all the default nisLDAPattributeFromField entries 4265# 4266list_default_nisLDAPattributeFromField() 4267{ 4268echo ' 4269# Describe how named fields are mapped to DIT entries. 4270 4271# audit_user 4272nisLDAPattributeFromField audit_user: \ 4273 dn=("uid=%s,", rf_key ), \ 4274 SolarisAuditAlways=alwaysAuditFlags, \ 4275 SolarisAuditNever=neverAuditFlags 4276 4277# auto.home 4278nisLDAPattributeFromField auto.home: \ 4279 dn=("automountKey=%s,", rf_key ), \ 4280 automountKey=rf_key, \ 4281 automountInformation=value 4282 4283# auto.master 4284nisLDAPattributeFromField auto.master: \ 4285 dn=("automountKey=%s,", rf_key ), \ 4286 automountKey=rf_key, \ 4287 automountInformation=value 4288 4289# auth_attr 4290nisLDAPattributeFromField auth_attr: \ 4291 dn=("cn=%s,", rf_key ), \ 4292 cn=name, \ 4293 SolarisAttrReserved1=res1, \ 4294 SolarisAttrReserved2=res2, \ 4295 SolarisAttrShortDesc=short_desc, \ 4296 SolarisAttrLongDesc=long_desc, \ 4297 SolarisAttrKeyValue=attrs 4298 4299# exec_attr. Because of the messy NIS keys special handling is required here 4300nisLDAPattributeFromField exec_attr: \ 4301 dn=("cn=%s+SolarisKernelSecurityPolicy=%s\ 4302 +SolarisProfileType=%s+SolarisProfileID=%s,", \ 4303 name, policy,type,id), \ 4304 ("%s:*", cn)=rf_key, \ 4305 ("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \ 4306 ("*:*:%s", SolarisProfileId)=rf_key, \ 4307 solarisProfileType=type, \ 4308 solarisAttrReserved1=res1, \ 4309 SolarisAttrReserved2=res2, \ 4310 solarisAttrKeyValue=attrs 4311 4312# ethers 4313nisLDAPattributeFromField ethers.byname: \ 4314 dn=("cn=%s,", rf_key ), \ 4315 macAddress=addr 4316nisLDAPattributeFromField ethers.byaddr: \ 4317 dn=("cn=%s,", name ), \ 4318 macAddress=rf_key 4319nisLDAPattributeFromField ethers: \ 4320 cn=name, \ 4321 description=rf_comment 4322 4323# bootparams. Must be done after ethers 4324nisLDAPattributeFromField bootparams: \ 4325 dn=("cn=%s,", rf_key ), \ 4326 cn=rf_key, \ 4327 (bootParameter)=(params, " ") 4328' >> $MAP_FILE 4329 4330# group syntax is different when group.adjunct map is present. 4331# So, need to handle the various possibilities 4332 4333_MAP=group.adjunct.byname 4334 4335if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4336then 4337 4338 # Just put the group.adjunct syntax in comment form 4339 4340 echo '# group 4341nisLDAPattributeFromField group.byname: \ 4342 dn=("cn=%s,", rf_key ), \ 4343 gidNumber=gid 4344nisLDAPattributeFromField group.bygid: \ 4345 dn=("cn=%s,", name ), \ 4346 gidNumber=rf_key 4347nisLDAPattributeFromField group: \ 4348 cn=name, \ 4349 userPassword=("{crypt}%s",passwd), \ 4350 (memberUid)=(users, ",") 4351 4352# 4353# If you are using group.adjunct, comment the group section above 4354# and uncomment the following group and group.adjunct sections 4355# 4356# group 4357#nisLDAPattributeFromField group.byname: \ 4358# dn=("cn=%s,", rf_key ), \ 4359# gidNumber=gid 4360#nisLDAPattributeFromField group.bygid: \ 4361# dn=("cn=%s,", name ), \ 4362# gidNumber=rf_key 4363#nisLDAPattributeFromField group: \ 4364# cn=name, \ 4365# (memberUid)=(users, ",") 4366 4367# group.adjunct 4368#nisLDAPattributeFromField group.adjunct.byname: \ 4369# dn=("cn=%s,", rf_key ), \ 4370# cn=name, \ 4371# userPassword=("{crypt}%s",passwd) 4372' >> $MAP_FILE 4373 4374else 4375 4376 # Find the domains in which group.adjunct map exists. 4377 find_domains $_MAP DEF_MAPS 4378 4379 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4380 then 4381 4382 # All the domains have group.adjunct map. 4383 4384 echo '# group 4385#nisLDAPattributeFromField group.byname: \ 4386# dn=("cn=%s,", rf_key ), \ 4387# gidNumber=gid 4388#nisLDAPattributeFromField group.bygid: \ 4389# dn=("cn=%s,", name ), \ 4390# gidNumber=rf_key 4391#nisLDAPattributeFromField group: \ 4392# cn=name, \ 4393# userPassword=("{crypt}%s",passwd), \ 4394# (memberUid)=(users, ",") 4395 4396# If you are not using group.adjunct, uncomment the group section above 4397# and comment the following group and group.adjunct sections 4398# 4399# group 4400nisLDAPattributeFromField group.byname: \ 4401 dn=("cn=%s,", rf_key ), \ 4402 gidNumber=gid 4403nisLDAPattributeFromField group.bygid: \ 4404 dn=("cn=%s,", name ), \ 4405 gidNumber=rf_key 4406nisLDAPattributeFromField group: \ 4407 cn=name, \ 4408 (memberUid)=(users, ",") 4409 4410# group.adjunct 4411nisLDAPattributeFromField group.adjunct.byname: \ 4412 dn=("cn=%s,", rf_key ), \ 4413 cn=name, \ 4414 userPassword=("{crypt}%s",passwd) 4415' >> $MAP_FILE 4416 4417 else 4418 # Not every domain has group.adjunct map. 4419 4420 # First put the password syntax with domain name for domains 4421 # in which group.adjunct exists. 4422 4423 echo "# group" >> $MAP_FILE 4424 4425 for _DMN in $PRESENT_IN_DOMAINS 4426 do 4427 4428 echo "\ 4429# domain-specific group 4430nisLDAPattributeFromField group.byname,${_DMN}: \\ 4431 dn=(\"cn=%s,\", rf_key ), \\ 4432 gidNumber=gid 4433nisLDAPattributeFromField group.bygid,${_DMN}: \\ 4434 dn=(\"cn=%s,\", name ), \\ 4435 gidNumber=rf_key 4436nisLDAPattributeFromField group,${_DMN}: \\ 4437 cn=name, \\ 4438 (memberUid)=(users, \",\") 4439" >> $MAP_FILE 4440 done 4441 4442 # Now put the other group syntax. We do not need to 4443 # append the domain name here. 4444 4445 echo ' 4446nisLDAPattributeFromField group.byname: \ 4447 dn=("cn=%s,", rf_key ), \ 4448 gidNumber=gid 4449nisLDAPattributeFromField group.bygid: \ 4450 dn=("cn=%s,", name ), \ 4451 gidNumber=rf_key 4452nisLDAPattributeFromField group: \ 4453 cn=name, \ 4454 userPassword=("{crypt}%s",passwd), \ 4455 (memberUid)=(users, ",") 4456' >> $MAP_FILE 4457 4458 # Now we need to put the group.adjunct syntax for domains 4459 # in which this map exists. 4460 4461 echo "# group.adjunct" >> $MAP_FILE 4462 4463 for _DMN in $PRESENT_IN_DOMAINS 4464 do 4465 4466 echo "\ 4467nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\ 4468 dn=(\"cn=%s,\", rf_key ), \\ 4469 cn=name, \\ 4470 userPassword=(\"{crypt}%s\",passwd) 4471" >> $MAP_FILE 4472 done 4473 4474 fi 4475 4476fi 4477 4478 4479echo ' 4480# hosts 4481# Cannot forward map hosts.byname key as the YP_MULTI entries will not work. 4482nisLDAPattributeFromField hosts.byname: \ 4483 cn=rf_searchkey 4484nisLDAPattributeFromField hosts.byaddr: \ 4485 ipHostNumber=rf_searchipkey 4486nisLDAPattributeFromField hosts: \ 4487 ipHostNumber=addr, \ 4488 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4489 cn=canonicalName, \ 4490 (cn)=(aliases, " "), \ 4491 description=rf_comment 4492 4493nisLDAPattributeFromField multihosts: \ 4494 ("YP_MULTI_%s", cn)=rf_searchkey 4495 4496# ipnodes 4497# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work. 4498nisLDAPattributeFromField ipnodes.byname: \ 4499 cn=rf_searchkey 4500nisLDAPattributeFromField ipnodes.byaddr: \ 4501 ipHostNumber=rf_searchipkey 4502nisLDAPattributeFromField ipnodes: \ 4503 ipHostNumber=addr, \ 4504 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4505 cn=canonicalName, \ 4506 (cn)=(aliases, " "), \ 4507 description=rf_comment 4508 4509nisLDAPattributeFromField multiipnodes: \ 4510 ("YP_MULTI_%s", cn)=rf_searchkey 4511 4512#mail.aliases 4513nisLDAPattributeFromField mail.aliases: \ 4514 dn=("mail=%s,", rf_key), \ 4515 mail=rf_key, \ 4516 (mgrprfc822mailmember)=(addresses, ",") 4517 4518#mail.mapping 4519#Commented out because all NIS->LDAP mappings are done by mail.aliases 4520#nisLDAPattributeFromField mail.mapping: \ 4521# dn=("mail=%s,", address), \ 4522# mail=address, \ 4523# mgrprfc822mailmember=rf_key 4524nisLDAPattributeFromField mail.mapping: \ 4525 mgrprfc822mailmember=rf_searchkey 4526 4527# netgroup. 4528# 4529# Only need to create DIT entries for netgroup. This contains a superset of 4530# the information in netgroup.byhost and netgroup.byuser 4531nisLDAPattributeFromField netgroup: \ 4532 dn=("cn=%s,", rf_key ), \ 4533 (memberNisNetgroup)=group, \ 4534 (nisNetgroupTriple)= \ 4535 ("(%s,%s,%s)", host, user, domain), \ 4536 cn=rf_key, \ 4537 description=rf_comment 4538 4539# netid.pass 4540# 4541# Commented out because, unless remote domains (and thus /etc/netid) is 4542# supported, all NIS->LDAP mappings are set up from passwd. 4543#nisLDAPattributeFromField netid.pass: \ 4544# ("unix.%s@*", uidNumber)=rf_key, \ 4545# (gidNumber)=("%s", (data), " "), \ 4546# description=rf_comment 4547nisLDAPattributeFromField netid.pass: \ 4548 ("unix.%s@*", uidNumber)=rf_searchkey 4549 4550# netid.host 4551# 4552# Commented out because, unless remote domains (and thus /etc/netid) is 4553# supported, all NIS->LDAP mappings are set up from hosts. 4554#nisLDAPattributeFromField netid.host: \ 4555# dn=("cn=%s+ipHostNumber=%s,", data, \ 4556# ldap:ipHostNumber:?one?("cn=%s", data)), \ 4557# ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \ 4558# ("unix.%s@*", cn)=rf_key, \ 4559# description=rf_comment 4560nisLDAPattributeFromField netid.host: \ 4561 ("unix.%s@*", cn)=rf_searchkey 4562 4563# netmasks.byaddr 4564nisLDAPattributeFromField netmasks.byaddr: \ 4565 dn=("ipNetworkNumber=%s,", rf_ipkey ), \ 4566 ipNetworkNumber=rf_ipkey, \ 4567 ipNetmaskNumber=mask, \ 4568 description=rf_comment 4569 4570# networks. 4571nisLDAPattributeFromField networks.byname: \ 4572 dn=("ipNetworkNumber=%s,", number ), \ 4573 cn=name, \ 4574 cn=rf_key 4575nisLDAPattributeFromField networks.byaddr: \ 4576 dn=("ipNetworkNumber=%s,", rf_key ), \ 4577 cn=name 4578nisLDAPattributeFromField networks: \ 4579 (cn)=(aliases, " "), \ 4580 ipNetworkNumber=number, \ 4581 description=rf_comment 4582' >> $MAP_FILE 4583 4584 4585# passwd syntax is different when passwd.adjunct map is present. 4586# So, need to handle the various possibilities 4587 4588_MAP=passwd.adjunct.byname 4589 4590if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4591then 4592 4593 # Just put the passwd.adjunct syntax in comment form 4594 4595 echo '# passwd 4596nisLDAPattributeFromField passwd.byname: \ 4597 dn=("uid=%s,", rf_key ), \ 4598 uid=rf_key, \ 4599 uidNumber=uid 4600nisLDAPattributeFromField passwd.byuid: \ 4601 dn=("uid=%s,", name ), \ 4602 uidNumber=rf_key, \ 4603 uid=name 4604nisLDAPattributeFromField passwd: \ 4605 cn=name, \ 4606 userPassword=("{crypt}%s",passwd), \ 4607 gidNumber=gid, \ 4608 gecos=gecos, \ 4609 homeDirectory=home, \ 4610 loginShell=shell 4611 4612# 4613# If you are using passwd.adjunct, comment the passwd section above 4614# and uncomment the following passwd and passwd.adjunct sections 4615# 4616# passwd 4617#nisLDAPattributeFromField passwd.byname: \ 4618# dn=("uid=%s,", rf_key ), \ 4619# uid=rf_key, \ 4620# uidNumber=uid 4621#nisLDAPattributeFromField passwd.byuid: \ 4622# dn=("uid=%s,", name ), \ 4623# uidNumber=rf_key, \ 4624# uid=name 4625#nisLDAPattributeFromField passwd: \ 4626# cn=name, \ 4627# gidNumber=gid, \ 4628# gecos=gecos, \ 4629# homeDirectory=home, \ 4630# loginShell=shell 4631 4632# passwd.adjunct 4633#nisLDAPattributeFromField passwd.adjunct.byname: \ 4634# dn=("uid=%s,", rf_key ), \ 4635# uid=name, \ 4636# userPassword=("{crypt}%s",passwd) 4637' >> $MAP_FILE 4638 4639else 4640 4641 # Find the domains in which passwd.adjunct map exists. 4642 find_domains $_MAP DEF_MAPS 4643 4644 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4645 then 4646 4647 # All the domains have passwd.adjunct map. So, put the right 4648 # passwd syntax and comment-in the passwd.adjunct syntax. 4649 4650 4651 echo '# passwd 4652#nisLDAPattributeFromField passwd.byname: \ 4653# dn=("uid=%s,", rf_key ), \ 4654# uid=rf_key, \ 4655# uidNumber=uid 4656#nisLDAPattributeFromField passwd.byuid: \ 4657# dn=("uid=%s,", name ), \ 4658# uidNumber=rf_key, \ 4659# uid=name 4660#nisLDAPattributeFromField passwd: \ 4661# cn=name, \ 4662# userPassword=("{crypt}%s",passwd), \ 4663# gidNumber=gid, \ 4664# gecos=gecos, \ 4665# homeDirectory=home, \ 4666# loginShell=shell 4667 4668# If you are not using passwd.adjunct, uncomment the passwd section above 4669# and comment the following passwd and passwd.adjunct sections 4670# 4671# passwd 4672nisLDAPattributeFromField passwd.byname: \ 4673 dn=("uid=%s,", rf_key ), \ 4674 uid=rf_key, \ 4675 uidNumber=uid 4676nisLDAPattributeFromField passwd.byuid: \ 4677 dn=("uid=%s,", name ), \ 4678 uidNumber=rf_key, \ 4679 uid=name 4680nisLDAPattributeFromField passwd: \ 4681 cn=name, \ 4682 gidNumber=gid, \ 4683 gecos=gecos, \ 4684 homeDirectory=home, \ 4685 loginShell=shell 4686 4687# passwd.adjunct 4688nisLDAPattributeFromField passwd.adjunct.byname: \ 4689 dn=("uid=%s,", rf_key ), \ 4690 uid=name, \ 4691 userPassword=("{crypt}%s",passwd) 4692' >> $MAP_FILE 4693 4694 else 4695 # Not every domain has passwd.adjunct map. 4696 4697 # First put the password syntax with domain name for domains 4698 # in which passwd.adjunct exists. 4699 4700 echo "# passwd" >> $MAP_FILE 4701 4702 for _DMN in $PRESENT_IN_DOMAINS 4703 do 4704 4705 echo "\ 4706nisLDAPattributeFromField passwd.byname,${_DMN}: \\ 4707 dn=(\"uid=%s,\", rf_key ), \\ 4708 uid=rf_key, \\ 4709 uidNumber=uid 4710nisLDAPattributeFromField passwd.byuid,${_DMN}: \\ 4711 dn=(\"uid=%s,\", name ), \\ 4712 uidNumber=rf_key, \\ 4713 uid=name 4714nisLDAPattributeFromField passwd,${_DMN}: \\ 4715 cn=name, \\ 4716 gidNumber=gid, \\ 4717 gecos=gecos, \\ 4718 homeDirectory=home, \\ 4719 loginShell=shell 4720" >> $MAP_FILE 4721 done 4722 4723 # Now put the other passwd syntax. We do not need to 4724 # append the domain name here. 4725 4726 echo ' 4727nisLDAPattributeFromField passwd.byname: \ 4728 dn=("uid=%s,", rf_key ), \ 4729 uid=rf_key, \ 4730 uidNumber=uid 4731nisLDAPattributeFromField passwd.byuid: \ 4732 dn=("uid=%s,", name ), \ 4733 uidNumber=rf_key, \ 4734 uid=name 4735nisLDAPattributeFromField passwd: \ 4736 cn=name, \ 4737 userPassword=("{crypt}%s",passwd), \ 4738 gidNumber=gid, \ 4739 gecos=gecos, \ 4740 homeDirectory=home, \ 4741 loginShell=shell 4742' >> $MAP_FILE 4743 4744 # Now we need to put the passwd.adjunct syntax for domains 4745 # in which this map exists. 4746 4747 echo "# passwd.adjunct" >> $MAP_FILE 4748 4749 for _DMN in $PRESENT_IN_DOMAINS 4750 do 4751 4752 echo "\ 4753nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\ 4754 dn=(\"uid=%s,\", rf_key ), \\ 4755 uid=name, \\ 4756 userPassword=(\"{crypt}%s\",passwd) 4757" >> $MAP_FILE 4758 done 4759 4760 fi 4761 4762fi 4763 4764echo ' 4765# This map is never created but yppasswd uses the mapping to extract password 4766# aging information from the DIT. 4767nisLDAPattributeFromField ageing.byname: \ 4768 dn=("uid=%s,", rf_key ), \ 4769 uid=name, \ 4770 shadowLastChange=lastchg, \ 4771 shadowMin=min, \ 4772 shadowMax=max, \ 4773 shadowWarning=warn, \ 4774 shadowInactive=inactive, \ 4775 shadowExpire=expire, \ 4776 shadowFlag=flag 4777 4778# printers.conf.byname 4779nisLDAPattributeFromField printers.conf.byname: \ 4780 dn=("printer-uri=%s,", rf_key ), \ 4781 printer-name=rf_key, \ 4782 (printer-aliases)=(names, "|"), \ 4783 sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \ 4784 (sun-printer-kvp)=(values,":"), \ 4785 description=rf_comment 4786 4787# prof_attr 4788nisLDAPattributeFromField prof_attr: \ 4789 dn=("cn=%s,", rf_key ), \ 4790 cn=name, \ 4791 SolarisAttrReserved1=res1, \ 4792 SolarisAttrReserved2=res2, \ 4793 SolarisAttrLongDesc=desc, \ 4794 SolarisAttrKeyValue=attrs 4795 4796# project 4797nisLDAPattributeFromField project.byname: \ 4798 dn=("SolarisProjectName=%s,", rf_key ) 4799nisLDAPattributeFromField project.byprojid: \ 4800 dn=("SolarisProjectName=%s,", name ), \ 4801 SolarisProjectID=rf_searchkey 4802nisLDAPattributeFromField project: \ 4803 SolarisProjectName=name, \ 4804 SolarisProjectID=projID, \ 4805 (memberUid)=(users, ","), \ 4806 (memberGid)=(groups, ","), \ 4807 (SolarisProjectAttr)=(attrs, ";"), \ 4808 description=comment 4809 4810# protocols 4811nisLDAPattributeFromField protocols.byname: \ 4812 ipProtocolNumber=number, \ 4813 cn=rf_searchkey 4814nisLDAPattributeFromField protocols.bynumber: \ 4815 ipProtocolNumber=rf_key, \ 4816 description=rf_comment 4817nisLDAPattributeFromField protocols: \ 4818 dn=("cn=%s,", name ), \ 4819 (cn)=(aliases, " "), \ 4820 cn=name 4821 4822# rpc.bynumber 4823nisLDAPattributeFromField rpc.bynumber: \ 4824 dn=("cn=%s,", name ), \ 4825 oncRpcNumber=rf_key, \ 4826 (cn)=(aliases, " "), \ 4827 cn=name, \ 4828 description=rf_comment 4829 4830# services 4831# services.byservicename rule is only used to speed single search 4832nisLDAPattributeFromField services.byservicename: \ 4833 ("%s/%s", cn, ipServiceProtocol) = rf_searchkey 4834 4835nisLDAPattributeFromField services.byname: \ 4836 dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \ 4837 ("*/%s", ipServiceProtocol)=rf_key, \ 4838 ("%s/*", ipServicePort)=rf_key, \ 4839 (cn)=(aliases, " "), \ 4840 cn=name, \ 4841 description=rf_comment 4842 4843# timezone.byname 4844nisLDAPattributeFromField timezone.byname: \ 4845 dn=("cn=%s,", rf_key ), \ 4846 cn=hostName, \ 4847 nisplusTimeZone=zoneName, \ 4848 description=comment 4849 4850# user_attr 4851nisLDAPattributeFromField user_attr: \ 4852 dn=("uid=%s,", rf_key ), \ 4853 uid=rf_key, \ 4854 SolarisUserAttr=qualifier, \ 4855 SolarisUserReserved1=res1, \ 4856 SolarisUserReserved2=res2, \ 4857 SolarisAttrKeyValue=attrs 4858 4859# publickey.byname 4860nisLDAPattributeFromField keys.host: \ 4861 dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \ 4862 nisPublicKey=publicKey, \ 4863 nisSecretKey=secretKey 4864 4865nisLDAPattributeFromField keys.pass: \ 4866 dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \ 4867 nisPublicKey=publicKey, \ 4868 nisSecretKey=secretKey 4869 4870nisLDAPattributeFromField keys.nobody: \ 4871 dn=("uid=%s,",yp:rf_key), \ 4872 cn=rf_key, \ 4873 nisPublicKey=publicKey, \ 4874 nisSecretKey=secretKey 4875 4876# ypservers. This derived from IPlanet implementation not RFC. 4877nisLDAPattributeFromField ypservers: \ 4878 dn=("cn=%s,", rf_key), \ 4879 cn=rf_key 4880' >> $MAP_FILE 4881} 4882 4883# 4884# List all the non-default auto.* and custom maps. 4885# 4886list_auto_and_custom_nisLDAPattributeFromField() 4887{ 4888 4889# auto.* entries are easy. 4890if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4891 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4892fi 4893 4894for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4895do 4896 echo "\ 4897# ${_MAP} 4898nisLDAPattributeFromField ${_MAP}: \\ 4899 dn=(\"automountKey=%s,\", rf_key ), \\ 4900 automountKey=rf_key, \\ 4901 automountInformation=value 4902" >> $MAP_FILE 4903done 4904 4905# Since we do not have enough information to generate 4906# entries for other custom maps, best we can do is to 4907# log this map names and ask user to take care of them. 4908 4909ask_user_to_update_the_custom_map_entries_too 4910 4911} 4912 4913 4914# 4915# List mapping of named fields to DIT entries 4916# 4917create_nisLDAPattributeFromField() 4918{ 4919 4920[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4921# nisLDAPattributeFromField : It specifies how an LDAP attribute 4922# value is derived from a NIS entries field values. 4923# 4924# The format of nisLDAPattributeFromField entry is : 4925# mapName ":" fieldattrspec *("," fieldattrspec ) 4926' >> $MAP_FILE 4927 4928# List all the default entries anyway. 4929list_default_nisLDAPattributeFromField 4930 4931# List all the non-default auto.* and custom maps. 4932list_auto_and_custom_nisLDAPattributeFromField 4933 4934echo " 4935# 4936#------------------------------------------------------------------------------ 4937# 4938" >> $MAP_FILE 4939} 4940 4941 4942# 4943# List all the default nisLDAPattributeFromField entries 4944# 4945list_default_nisLDAPfieldFromAttribute() 4946{ 4947echo ' 4948# Describe how named fields are mapped from DIT entries. 4949 4950# audit_user 4951nisLDAPfieldFromAttribute audit_user: \ 4952 ("uid=%s,*", rf_key)=dn, \ 4953 ("uid=%s,*", name)=dn, \ 4954 alwaysAuditFlags=SolarisAuditAlways, \ 4955 neverAuditFlags=SolarisAuditNever 4956 4957# auto.home 4958nisLDAPfieldFromAttribute auto.home: \ 4959 rf_key=automountKey, \ 4960 value=automountInformation 4961 4962# auto.master 4963nisLDAPfieldFromAttribute auto.master: \ 4964 rf_key=automountKey, \ 4965 value=automountInformation 4966 4967# auth_attr 4968nisLDAPfieldFromAttribute auth_attr: \ 4969 rf_key=cn, \ 4970 name=cn, \ 4971 res1=SolarisAttrReserved1, \ 4972 res2=SolarisAttrReserved2, \ 4973 short_desc=SolarisAttrShortDesc, \ 4974 long_desc=SolarisAttrLongDesc, \ 4975 attrs=SolarisAttrKeyValue 4976 4977# Exec_attr. Because of messy NIS keys special handlind is required here 4978nisLDAPfieldFromAttribute exec_attr: \ 4979 rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \ 4980 solarisProfileId), \ 4981 name=cn, \ 4982 policy=SolarisKernelSecurityPolicy, \ 4983 type=SolarisProfileType, \ 4984 res1=SolarisAttrReserved1, \ 4985 res2=SolarisAttrReserved2, \ 4986 id=SolarisProfileId, \ 4987 attrs=SolarisAttrKeyValue 4988 4989 4990# ethers 4991nisLDAPfieldFromAttribute ethers.byname: \ 4992 rf_key=cn 4993nisLDAPfieldFromAttribute ethers.byaddr: \ 4994 rf_key=macAddress 4995nisLDAPfieldFromAttribute ethers: \ 4996 name=cn, \ 4997 addr=macAddress, \ 4998 rf_comment=description 4999 5000# bootparams. Must be done after ethers 5001nisLDAPfieldFromAttribute bootparams: \ 5002 rf_key=cn, \ 5003 params=("%s ", (bootParameter), " ") 5004' >> $MAP_FILE 5005 5006# group syntax is different when group.adjunct map is present. 5007# So, need to handle the various possibilities 5008 5009_MAP=group.adjunct.byname 5010 5011if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5012then 5013 5014 # Just put the group.adjunct syntax in comment form 5015 5016 echo '# group 5017nisLDAPfieldFromAttribute group.byname: \ 5018 rf_key=cn 5019nisLDAPfieldFromAttribute group.bygid: \ 5020 rf_key=gidNumber 5021nisLDAPfieldFromAttribute group: \ 5022 gid=gidNumber, \ 5023 name=cn, \ 5024 ("{crypt}%s", passwd)=userPassword, \ 5025 users=("%s,", (memberUid), ",") 5026 5027# 5028# If you are using group.adjunct, comment the group section above 5029# and uncomment the following group and group.adjunct section 5030# 5031# group 5032#nisLDAPfieldFromAttribute group.byname: \ 5033# rf_key=cn 5034#nisLDAPfieldFromAttribute group.bygid: \ 5035# rf_key=gidNumber 5036#nisLDAPfieldFromAttribute group: \ 5037# gid=gidNumber, \ 5038# name=cn, \ 5039# passwd=("#$%s", cn), \ 5040# users=("%s,", (memberUid), ",") 5041 5042# group.adjunct 5043#nisLDAPfieldFromAttribute group.adjunct.byname: \ 5044# rf_key=cn, \ 5045# name=cn, \ 5046# ("{crypt}%s", passwd)=userPassword 5047' >> $MAP_FILE 5048 5049else 5050 5051 # Find the domains in which group.adjunct map exists. 5052 find_domains $_MAP DEF_MAPS 5053 5054 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5055 then 5056 5057 # All the domains have group.adjunct map. 5058 5059 5060 echo '# group 5061#nisLDAPfieldFromAttribute group.byname: \ 5062# rf_key=cn 5063#nisLDAPfieldFromAttribute group.bygid: \ 5064# rf_key=gidNumber 5065#nisLDAPfieldFromAttribute group: \ 5066# gid=gidNumber, \ 5067# name=cn, \ 5068# ("{crypt}%s", passwd)=userPassword, \ 5069# users=("%s,", (memberUid), ",") 5070 5071# 5072# If you are not using group.adjunct, comment the group section above 5073# and uncomment the following group and group.adjunct sections 5074# 5075# group 5076nisLDAPfieldFromAttribute group.byname: \ 5077 rf_key=cn 5078nisLDAPfieldFromAttribute group.bygid: \ 5079 rf_key=gidNumber 5080nisLDAPfieldFromAttribute group: \ 5081 gid=gidNumber, \ 5082 name=cn, \ 5083 passwd=("#$%s", cn), \ 5084 users=("%s,", (memberUid), ",") 5085 5086# 5087# group.adjunct 5088nisLDAPfieldFromAttribute group.adjunct.byname: \ 5089 rf_key=cn, \ 5090 name=cn, \ 5091 ("{crypt}%s", passwd)=userPassword 5092' >> $MAP_FILE 5093 5094 else 5095 # Not every domain has group.adjunct map. 5096 5097 echo "# group" >> $MAP_FILE 5098 5099 for _DMN in $PRESENT_IN_DOMAINS 5100 do 5101 5102 echo "\ 5103nisLDAPfieldFromAttribute group.byname,${_DMN}: \\ 5104 rf_key=cn 5105nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\ 5106 rf_key=gidNumber 5107nisLDAPfieldFromAttribute group,${_DMN}: \\ 5108 gid=gidNumber, \\ 5109 name=cn, \\ 5110 passwd=(\"#$%s\", cn), \\ 5111 users=(\"%s,\", (memberUid), \",\") 5112" >> $MAP_FILE 5113 done 5114 5115 # Now put the generic group syntax. We do not need to 5116 # append the domain name here. 5117 5118 echo ' 5119nisLDAPfieldFromAttribute group.byname: \ 5120 rf_key=cn 5121nisLDAPfieldFromAttribute group.bygid: \ 5122 rf_key=gidNumber 5123nisLDAPfieldFromAttribute group: \ 5124 gid=gidNumber, \ 5125 name=cn, \ 5126 ("{crypt}%s", passwd)=userPassword, \ 5127 users=("%s,", (memberUid), ",") 5128' >> $MAP_FILE 5129 5130 # Now we need to put the group.adjunct syntax for domains 5131 # in which this map exists. 5132 5133 echo "# 5134# group.adjunct 5135# " >> $MAP_FILE 5136 5137 for _DMN in $PRESENT_IN_DOMAINS 5138 do 5139 5140 echo "\ 5141nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\ 5142 rf_key=cn, \\ 5143 name=cn, \\ 5144 (\"{crypt}%s\", passwd)=userPassword 5145" >> $MAP_FILE 5146 5147 done 5148 5149 fi 5150 5151fi 5152 5153echo ' 5154# hosts 5155nisLDAPfieldFromAttribute hosts.byaddr: \ 5156 rf_ipkey=ipHostNumber 5157nisLDAPfieldFromAttribute hosts.byname: \ 5158 (rf_key)=(cn) 5159nisLDAPfieldFromAttribute hosts: \ 5160 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5161 addr=ipHostNumber, \ 5162 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5163 rf_comment=description 5164 5165nisLDAPfieldFromAttribute multihosts: \ 5166 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5167 (rf_key)=("YP_MULTI_%s", cn), \ 5168 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5169 rf_comment=description, \ 5170 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5171 (ipHostNumber=*.*))", yp:canonicalName)), \ 5172 addr=("%s,", (yp:tmp), ",") 5173 5174# ipnodes 5175nisLDAPfieldFromAttribute ipnodes.byaddr: \ 5176 rf_ipkey=ipHostNumber 5177nisLDAPfieldFromAttribute ipnodes.byname: \ 5178 ("cn=%s+ipHostNumber=*", rf_key)=dn 5179nisLDAPfieldFromAttribute ipnodes: \ 5180 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5181 addr=ipHostNumber, \ 5182 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5183 rf_comment=description 5184 5185nisLDAPfieldFromAttribute multiipnodes: \ 5186 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5187 (rf_key)=("YP_MULTI_%s", cn), \ 5188 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5189 rf_comment=description, \ 5190 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5191 (ipHostNumber=*:*))", yp:canonicalName)), \ 5192 addr=("%s,", (yp:tmp), ",") 5193 5194#mail.aliases 5195nisLDAPfieldFromAttribute mail.aliases: \ 5196 rf_key=mail, \ 5197 addresses= ("%s,", (mgrprfc822mailmember), ","), \ 5198 rf_comment=description 5199 5200#mail.mapping 5201nisLDAPfieldFromAttribute mail.mapping: \ 5202 rf_key=mgrprfc822mailmember, \ 5203 address=mail, \ 5204 rf_comment=description 5205 5206# netgroup. 5207nisLDAPfieldFromAttribute netgroup: \ 5208 rf_key=cn, \ 5209 (group)=(memberNisNetgroup), \ 5210 ("(%s,%s,%s)", host, user, domain)= \ 5211 (nisNetgroupTriple), \ 5212 rf_comment=description 5213 5214# netid.pass 5215nisLDAPfieldFromAttribute netid.pass: \ 5216 number=uidNumber, \ 5217 (tmp)=("%s", gidNumber:ou=group,?one?\ 5218 ("memberUid=%s", ldap:uid)), \ 5219 sgid=("%s,", (yp:tmp) - gidNumber, ","), \ 5220 data=("%s,%s", gidNumber, yp:sgid), \ 5221 data=gidNumber, \ 5222 (rf_key)=("unix.%s@%s", yp:number, yp:rf_domain) 5223 5224# netid.host 5225nisLDAPfieldFromAttribute netid.host: \ 5226 ("cn=%s+ipHostNumber=*", data)=dn, \ 5227 number=("0"), \ 5228 (rf_key)=("unix.%s@%s", yp:data, yp:rf_domain) 5229 5230# netmasks.byaddr 5231nisLDAPfieldFromAttribute netmasks.byaddr: \ 5232 ("ipNetworkNumber=%s,*", rf_ipkey)=dn, \ 5233 mask=ipNetmaskNumber, \ 5234 rf_comment=description 5235 5236# networks. 5237nisLDAPfieldFromAttribute networks.byname: \ 5238 (rf_key)=(cn) 5239nisLDAPfieldFromAttribute networks.byaddr: \ 5240 ("ipNetworkNumber=%s,*", rf_key)=dn 5241nisLDAPfieldFromAttribute networks: \ 5242 name=cn, \ 5243 aliases=("%s ", (cn) - yp:name, " "), \ 5244 number=ipNetworkNumber, \ 5245 rf_comment=description 5246' >> $MAP_FILE 5247 5248# passwd syntax is different when passwd.adjunct map is present. 5249# So, need to handle the various possibilities 5250 5251_MAP=passwd.adjunct.byname 5252 5253if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5254then 5255 5256 # Just put the passwd.adjunct syntax in comment form 5257 5258 echo '# passwd 5259nisLDAPfieldFromAttribute passwd.byname: \ 5260 rf_key=uid 5261nisLDAPfieldFromAttribute passwd.byuid: \ 5262 rf_key=uidNumber 5263nisLDAPfieldFromAttribute passwd: \ 5264 name=uid, \ 5265 uid=uidNumber, \ 5266 ("{crypt}%s", passwd)=userPassword, \ 5267 gid=gidNumber, \ 5268 gecos=gecos, \ 5269 home=homeDirectory, \ 5270 shell=loginShell 5271 5272# 5273# If you are using passwd.adjunct, comment the passwd section above 5274# and uncomment the following passwd and passwd.adjunct sections 5275# 5276# passwd 5277#nisLDAPfieldFromAttribute passwd.byname: \ 5278# rf_key=uid 5279#nisLDAPfieldFromAttribute passwd.byuid: \ 5280# rf_key=uidNumber 5281#nisLDAPfieldFromAttribute passwd: \ 5282# name=uid, \ 5283# uid=uidNumber, \ 5284# passwd=("##%s", uid), \ 5285# gid=gidNumber, \ 5286# gecos=gecos, \ 5287# home=homeDirectory, \ 5288# shell=loginShell 5289 5290# passwd.adjunct 5291#nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5292# rf_key=uid, \ 5293# name=uid, \ 5294# ("{crypt}%s", passwd)=userPassword 5295' >> $MAP_FILE 5296 5297else 5298 5299 # Find the domains in which passwd.adjunct map exists. 5300 find_domains $_MAP DEF_MAPS 5301 5302 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5303 then 5304 5305 # All the domains have passwd.adjunct map. So, put the right 5306 # passwd syntax and comment-in the passwd.adjunct syntax. 5307 5308 5309 echo '# passwd 5310#nisLDAPfieldFromAttribute passwd.byname: \ 5311# rf_key=uid 5312#nisLDAPfieldFromAttribute passwd.byuid: \ 5313# rf_key=uidNumber 5314#nisLDAPfieldFromAttribute passwd: \ 5315# name=uid, \ 5316# uid=uidNumber, \ 5317# ("{crypt}%s", passwd)=userPassword, \ 5318# gid=gidNumber, \ 5319# gecos=gecos, \ 5320# home=homeDirectory, \ 5321# shell=loginShell 5322 5323# 5324# If you are not using passwd.adjunct, uncomment the passwd section 5325# above and comment the following passwd and passwd.adjunct sections 5326# 5327# passwd 5328nisLDAPfieldFromAttribute passwd.byname: \ 5329 rf_key=uid 5330nisLDAPfieldFromAttribute passwd.byuid: \ 5331 rf_key=uidNumber 5332nisLDAPfieldFromAttribute passwd: \ 5333 name=uid, \ 5334 uid=uidNumber, \ 5335 passwd=("##%s", uid), \ 5336 gid=gidNumber, \ 5337 gecos=gecos, \ 5338 home=homeDirectory, \ 5339 shell=loginShell 5340 5341# 5342# passwd.adjunct Must follow passwd 5343# 5344nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5345 rf_key=uid, \ 5346 name=uid, \ 5347 ("{crypt}%s", passwd)=userPassword 5348' >> $MAP_FILE 5349 5350 else 5351 # Not every domain has passwd.adjunct map. 5352 5353 # First put the password syntax with domain name for domains 5354 # in which passwd.adjunct exists. 5355 5356 echo "# passwd" >> $MAP_FILE 5357 5358 for _DMN in $PRESENT_IN_DOMAINS 5359 do 5360 5361 echo "\ 5362nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\ 5363 rf_key=uid 5364nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\ 5365 rf_key=uidNumber 5366nisLDAPfieldFromAttribute passwd,${_DMN}: \\ 5367 name=uid, \\ 5368 uid=uidNumber, \\ 5369 passwd=(\"##%s\", uid), \\ 5370 gid=gidNumber, \\ 5371 gecos=gecos, \\ 5372 home=homeDirectory, \\ 5373 shell=loginShell 5374" >> $MAP_FILE 5375 done 5376 5377 # Now put the other passwd syntax. We do not need to 5378 # append the domain name here. 5379 5380 echo ' 5381nisLDAPfieldFromAttribute passwd.byname: \ 5382 rf_key=uid 5383nisLDAPfieldFromAttribute passwd.byuid: \ 5384 rf_key=uidNumber 5385nisLDAPfieldFromAttribute passwd: \ 5386 name=uid, \ 5387 uid=uidNumber, \ 5388 ("{crypt}%s", passwd)=userPassword, \ 5389 gid=gidNumber, \ 5390 gecos=gecos, \ 5391 home=homeDirectory, \ 5392 shell=loginShell 5393' >> $MAP_FILE 5394 5395 # Now we need to put the passwd.adjunct syntax for domains 5396 # in which this map exists. 5397 5398 echo "# 5399# passwd.adjunct Must follow passwd 5400# " >> $MAP_FILE 5401 5402 for _DMN in $PRESENT_IN_DOMAINS 5403 do 5404 5405 echo "\ 5406nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\ 5407 rf_key=uid, \\ 5408 name=uid, \\ 5409 (\"{crypt}%s\", passwd)=userPassword 5410" >> $MAP_FILE 5411 5412 done 5413 5414 fi 5415 5416fi 5417 5418echo ' 5419# This map is never created but yppasswd uses the mapping to extract password 5420# ageing information from the DIT. 5421nisLDAPfieldFromAttribute ageing.byname: \ 5422 rf_key=uid, \ 5423 name=uid, \ 5424 lastchg=shadowLastChange, \ 5425 min=shadowMin, \ 5426 max=shadowMax, \ 5427 warn=shadowWarning, \ 5428 inactive=shadowInactive, \ 5429 expire=shadowExpire, \ 5430 flag=shadowFlag 5431 5432# printers.conf.byname 5433nisLDAPfieldFromAttribute printers.conf.byname: \ 5434 rf_key=printer-uri, \ 5435 names=("%s|", (printer-aliases), "|"), \ 5436 bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \ 5437 kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \ 5438 values=("%s:%s", yp:bsdaddr, yp:kvps), \ 5439 values=("%s:", yp:bsdaddr), \ 5440 values=yp:kvps, \ 5441 rf_comment=description 5442 5443# prof_attr 5444nisLDAPfieldFromAttribute prof_attr: \ 5445 rf_key=cn, \ 5446 name=cn, \ 5447 res1=SolarisAttrReserved1, \ 5448 res2=SolarisAttrReserved2, \ 5449 desc=SolarisAttrLongDesc, \ 5450 attrs=SolarisAttrKeyValue 5451 5452# project 5453nisLDAPfieldFromAttribute project.byname: \ 5454 rf_key=SolarisProjectName 5455nisLDAPfieldFromAttribute project.byprojid: \ 5456 rf_key=SolarisProjectID 5457nisLDAPfieldFromAttribute project: \ 5458 name=SolarisProjectName, \ 5459 projID=SolarisProjectID, \ 5460 comment=description, \ 5461 users=("%s,", (memberUid), ","), \ 5462 groups=("%s,", (memberGid), ","), \ 5463 attrs=("%s;", (SolarisProjectAttr), ";") 5464 5465# protocols 5466nisLDAPfieldFromAttribute protocols.byname: \ 5467 ("cn=%s,*", rf_key)=dn, \ 5468 (rf_key)=(cn) 5469nisLDAPfieldFromAttribute protocols.bynumber: \ 5470 rf_key=ipProtocolNumber, \ 5471 rf_comment=description 5472nisLDAPfieldFromAttribute protocols: \ 5473 ("cn=%s,*", name)=dn, \ 5474 number=ipProtocolNumber, \ 5475 aliases=("%s ", (cn) - yp:name, " ") 5476 5477# rpc.bynumber 5478nisLDAPfieldFromAttribute rpc.bynumber: \ 5479 rf_key=oncRpcNumber, \ 5480 number=oncRpcNumber, \ 5481 ("cn=%s,*", name)=dn, \ 5482 aliases=("%s ", (cn) - yp:name, " "), \ 5483 rf_comment=description 5484 5485# services 5486nisLDAPfieldFromAttribute services.byname: \ 5487 rf_key = ("%s/%s", ipServicePort, ipServiceProtocol) 5488nisLDAPfieldFromAttribute services.byservicename: \ 5489 (rf_key)=("%s/%s", cn, ipServiceProtocol), \ 5490 (rf_key)=(cn) 5491nisLDAPfieldFromAttribute services: \ 5492 ("cn=%s+ipServiceProtocol=*", name)=dn, \ 5493 protocol=ipServiceProtocol, \ 5494 port=ipServicePort, \ 5495 aliases=("%s ", (cn) - yp:name, " "), \ 5496 rf_comment=description 5497 5498# timezone.byname 5499nisLDAPfieldFromAttribute timezone.byname: \ 5500 rf_key=cn, \ 5501 hostName=cn, \ 5502 zoneName=nisplusTimeZone, \ 5503 rf_comment=description 5504 5505# user_attr 5506nisLDAPfieldFromAttribute user_attr: \ 5507 ("uid=%s,*", rf_key)=dn, \ 5508 ("uid=%s,*", user)=dn, \ 5509 qualifier=SolarisUserAttr, \ 5510 res1=SolarisUserReserved1, \ 5511 res2=SolarisUserReserved2, \ 5512 attrs=SolarisAttrKeyValue 5513 5514# publickey.byname 5515nisLDAPfieldFromAttribute keys.host: \ 5516 ("cn=%s+ipHostNumber=*", cname)=dn, \ 5517 rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \ 5518 publicKey=nisPublicKey, \ 5519 secretKey=nisSecretKey 5520 5521nisLDAPfieldFromAttribute keys.pass: \ 5522 rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \ 5523 publicKey=nisPublicKey, \ 5524 secretKey=nisSecretKey 5525 5526nisLDAPfieldFromAttribute keys.nobody: \ 5527 rf_key=uid, \ 5528 publicKey=nisPublicKey, \ 5529 secretKey=nisSecretKey 5530 5531# ypservers. This derived from IPlanet implementation not RFC. 5532nisLDAPfieldFromAttribute ypservers: \ 5533 rf_key=cn 5534' >> $MAP_FILE 5535} 5536 5537 5538# 5539# List all the non-default auto.* and custom maps. 5540# 5541list_auto_and_custom_nisLDAPfieldFromAttribute() 5542{ 5543 5544# auto.* entries are easy. 5545if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 5546 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 5547fi 5548 5549for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 5550do 5551 echo "\ 5552# ${_MAP} 5553nisLDAPfieldFromAttribute ${_MAP}: \\ 5554 rf_key=automountKey, \\ 5555 value=automountInformation 5556" >> $MAP_FILE 5557done 5558 5559# Since we do not have enough information to generate 5560# entries for other custom maps, best we can do is to 5561# log this map names and ask user to take care of them. 5562 5563ask_user_to_update_the_custom_map_entries_too 5564 5565} 5566 5567 5568# 5569# List mapping of named fields from DIT entries 5570# 5571create_nisLDAPfieldFromAttribute() 5572{ 5573 5574[ CUST_CMT_NEEDED -eq 1 ] && echo ' 5575# nisLDAPfieldFromAttribute : It specifies how a NIS entries 5576# field values are derived from LDAP attribute values. 5577# 5578# The format of nisLDAPfieldFromAttribute is : 5579# mapName ":" fieldattrspec *("," fieldattrspec) 5580' >> $MAP_FILE 5581 5582# List all the default entries anyway. 5583list_default_nisLDAPfieldFromAttribute 5584 5585# List all the non-default auto.* and custom maps. 5586list_auto_and_custom_nisLDAPfieldFromAttribute 5587 5588echo " 5589# 5590#------------------------------------------------------------------------------ 5591# 5592" >> $MAP_FILE 5593} 5594 5595 5596 5597# Main function for creating the mapping file 5598create_mapping_file() 5599{ 5600# Ask user the list of domains to be served by N2L 5601create_n2l_domain_list 5602 5603# If there are no N2L domains or none selected, then exit 5604if [ $N2L_DMN_CNT -eq 0 ]; then 5605 echo "There are no domains to serve. No mapping file generated." 5606 return 1 5607fi 5608 5609while : 5610do 5611 get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}" 5612 5613 # If help continue, otherwise break. 5614 case "$ANS" in 5615 [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;; 5616 * ) break ;; 5617 esac 5618done 5619 5620MAP_FILE=${ANS} 5621[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE 5622 5623# Backup existing mapping file if selected 5624check_back_mapping_file 5625 5626# To prevent from leaving a partial mapping file in case some error 5627# or signal takes place which might result in machine starting in N2L 5628# mode at next reboot, store the output being generated in a temporary 5629# file first, and move it at the final destination only at the end if 5630# everything goes fine. 5631 5632_MAP_FILE=$MAP_FILE 5633MAP_FILE=${TMPDIR}/${TMPMAP}.$$ 5634 5635echo "Generating mapping file temporarily as \"${MAP_FILE}\"" 5636 5637# Place copyright information 5638put_mapping_file_copyright_info 5639 5640 5641# Prepare various map lists for each domain 5642create_map_lists 5643 5644# List domains and contexts 5645get_nisLDAPdomainContext 5646 5647# List domains for which passwords should be changed 5648get_nisLDAPyppasswddDomains 5649 5650# List databaseId mappings (aliases) 5651create_nisLDAPdatabaseIdMapping 5652 5653# List comment character for maps 5654create_nisLDAPcommentChar 5655 5656# List SECURE and INTERDOMAIN flags 5657create_nisLDAPmapFlags 5658 5659# List TTL values 5660 create_nisLDAPentryTtl 5661 5662# List name fields 5663create_nisLDAPnameFields 5664 5665# List split fields and repeated fields seperators. 5666create_split_field_and_repeatedfield_seperators 5667 5668# List association of maps with RDNs and object classes. 5669create_nisLDAPobjectDN 5670 5671# List mapping of named fields to DIT entries 5672create_nisLDAPattributeFromField 5673 5674# List mapping of named fields from DIT entries 5675create_nisLDAPfieldFromAttribute 5676 5677 5678# We are done, so move back the mapping file from temp. location 5679# to actual location. 5680# In case the mapping file name has a directory component which does 5681# not exist, then create it now, otherwise 'mv' will return error. 5682 5683DIR_TO_CREATE=`dirname ${_MAP_FILE}` 5684mkdir -p ${DIR_TO_CREATE} 5685 5686echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)" 5687mv $MAP_FILE $_MAP_FILE 5688 5689# Revert back the mapping file name in case needed. 5690MAP_FILE=$_MAP_FILE 5691echo "Finished creation of mapping file ( $MAP_FILE )" 5692 5693} 5694 5695 5696# 5697# Main function for creating config file (ypserv) 5698# 5699process_config_file() 5700{ 5701# Ask for confirmation if the file name is not specified. 5702 5703if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then 5704 display_msg no_config_file_name_specified 5705 5706 get_confirm_nodef "Do you want to create the config file (y/n) ?" 5707 5708 [ $? -eq 0 ] && return 0 5709 5710 while : 5711 do 5712 get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}" 5713 5714 # If help continue, otherwise break. 5715 case "$ANS" in 5716 [Hh] | help | Help | \?) display_msg new_config_file_name_help ;; 5717 * ) break ;; 5718 esac 5719 done 5720 5721 CONFIG_FILE=${ANS} 5722 [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE 5723 5724fi 5725 5726# Backup existing config file if selected 5727check_back_config_file 5728 5729# Create config file 5730create_config_file 5731} 5732 5733 5734# 5735# Main function for creating mapping file (NISLDAPmapping) 5736# 5737process_mapping_file() 5738{ 5739# Ask for confirmation if the file name is not specified. 5740 5741if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then 5742 display_msg no_mapping_file_name_specified 5743 5744 get_confirm_nodef "Do you want to create the mapping file (y/n) ?" 5745 5746 [ $? -eq 0 ] && return 0 5747 5748 5749fi 5750 5751# Create mapping file 5752create_mapping_file 5753} 5754 5755########################################### 5756########### MAIN ########### 5757########################################### 5758 5759PROG=`basename $0` # Program name 5760ABS_PROG=$0 # absolute path needed 5761 5762# Only superuser should be able to run this script. 5763is_root_user 5764if [ $? -ne 0 ]; then 5765 echo "ERROR : Only root can run $PROG" 5766 exit 1 5767fi 5768 5769# Initialize things 5770init 5771 5772# Parse command line arguments. 5773parse_arg $* 5774 5775# Create config file (ypserv) 5776process_config_file 5777 5778# Create mapping file (NISLDAPmapping). 5779process_mapping_file 5780 5781# Cleanup temp files and directories unless debug. 5782[ $DEBUG -eq 0 ] && cleanup 5783 5784exit 0 5785