1#! /usr/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26# inityp2l -- Utility to generate YP (NIS) to LDAP 27# configuration file (/etc/default/ypserv) 28# and mapping file (/var/yp/NISLDAPmapping) 29# 30 31 32 33# 34# Displays message corresponding to the argument tag passed. 35# 36display_msg() 37{ 38 case "$1" in 39 usage) cat <<EOF 40 41 $PROG: [ -m mapping_file ] [ -c config_file ] 42 m <mapping_file> Name of the generated NISLDAP mapping file 43 Default is /var/yp/NISLDAPmapping 44 c <config_file> Name of the generated ypserv configuration file 45 Default is /etc/default/ypserv 46 47EOF 48 ;; 49 no_config_file_name_specified) cat <<EOF 50 51You have not specified the config file name. You still have the 52option to skip creating this file, specify a config file name, or 53continue creating it with the default file name (${CONFIG_FILE}). 54 55EOF 56 ;; 57 no_mapping_file_name_specified) cat <<EOF 58 59You have not specified the mapping file name. You still have the 60option to skip creating this file, specify a mapping file name, or 61continue creating it with the default file name (${MAP_FILE}). 62 63EOF 64 ;; 65 new_config_file_name_help) cat <<EOF 66 67You can either specify a new file name, or accept the default 68config file name (${CONFIG_FILE}). 69 70It is recommended not to use the default file name since this 71script just helps with rapid creation of a config file. You 72should examine it's content before using it. 73 74EOF 75 ;; 76 new_mapping_file_name_help) cat <<EOF 77 78You can either specify a new file name, or accept the default 79mapping file name (${MAP_FILE}). 80 81It is recommended not to use the default file name since this 82script just helps with rapid creation of a mapping file. You 83should examine it's content before using it. And if there are 84custom maps, then their entries in the mapping file need to be 85customized too. 86 87Also, creation of default mapping file would cause NIS components 88to work in NIS to LDAP (N2L), rather than traditional NIS, mode 89when next restarted. 90 91EOF 92 ;; 93 backup_config_file) cat <<EOF 94 95The config file "${CONFIG_FILE}" already exists. It is strongly 96recommended that you BACKUP this file before running $PROG. 97 98However, even if you continue, you would be given the option to 99back up this file before it gets overwritten. 100 101EOF 102 ;; 103 backup_mapping_file) cat <<EOF 104 105The mapping file "${MAP_FILE}" already exists. It is strongly 106recommended that you BACKUP this file before running $PROG. 107 108However, even if you continue, you would be given the option to 109back up this file before it gets overwritten. 110 111EOF 112 ;; 113 warn_n2l_mode) cat <<EOF 114 115Warning : Creation of default mapping file (`basename $MAP_FILE`) 116 at default location (`dirname $MAP_FILE`) would cause NIS 117 components to work in NIS to LDAP (N2L) mode, rather than 118 traditional NIS mode, when next restarted. 119 120 "$PROG" assists with rapid creation of a simple N2L mapping 121 file. The user should examine it's content before using it. 122 For custom maps, this file needs to be customized which can 123 be done using standard text editors. 124 125EOF 126 ;; 127 config_auth_method_menu) cat <<EOF 128 The following are the supported Authentication Methods - 129 1 none 130 2 simple 131 3 sasl/cram-md5 132 4 sasl/digest-md5 133EOF 134 ;; 135 auth_method_menu) cat <<EOF 136 The following are the supported Authentication Methods - 137 1 simple 138 2 sasl/cram-md5 139 3 sasl/digest-md5 140EOF 141 ;; 142 tls_method_menu) cat <<EOF 143 The following are the supported TLS Methods - 144 1 none 145 2 ssl 146EOF 147 ;; 148 retrieve_error_action_menu) cat <<EOF 149 The following are the supported actions - 150 1 use_cached 151 2 fail 152EOF 153 ;; 154 store_error_action_menu) cat <<EOF 155 The following are the supported actions - 156 1 retry 157 2 fail 158EOF 159 ;; 160 sorry) cat <<EOF 161 162HELP - No help is available for this topic. 163 164EOF 165 ;; 166 backup_config_file_cont_help) cat <<EOF 167 168HELP - Since $PROG will overwrite the existing config file, it is 169 strongly recommended that you backup this file prior to 170 running this utility. 171 172 However, even if you continue, you would be given the option 173 to back up this file before it gets overwritten. 174 175EOF 176 ;; 177 backup_config_file_help) cat <<EOF 178 179HELP - If you choose to backup the existing config file, it would be 180 saved with current date and time suffix in yymmdd.HH.MM.SS format. 181 182EOF 183 ;; 184 backup_mapping_file_cont_help) cat <<EOF 185 186HELP - Since $PROG will overwrite the existing mapping file, it is 187 strongly recommended that you backup this file prior to running 188 this utility. 189 190 However, even if you continue, you would be given the option to 191 back up this file before it gets overwritten. 192 193EOF 194 ;; 195 backup_mapping_file_help) cat <<EOF 196 197HELP - If you choose to backup the existing mapping file, it would be 198 saved with current date and time suffix in yymmdd.HH.MM.SS format. 199 200EOF 201 ;; 202 warn_n2l_mode_help) cat <<EOF 203 204HELP - It is strongly recommended that the mapping file is created at 205 non-default location (other than `dirname $MAP_FILE`). After this, 206 it's content should be verified, custom maps should be handled, 207 and if NIS components are desired to run in NIS to LDAP (N2L), 208 then only it should be copied at the default location. 209 210EOF 211 ;; 212 nisLDAPconfigDN_help) cat <<EOF 213 214HELP - The DN which stores the configuration information in LDAP. 215 There is no default value for this field. Leave empty or 216 undefined to get this information from config file (ypserv). 217 218EOF 219 ;; 220 nisLDAPconfigPreferredServerList_help) cat <<EOF 221 222HELP - List of directory servers to provide the configuration 223 information. There is no default. The preferred servers 224 must be entered IN THE ORDER you wish to have them contacted. 225 The preferred server list is a space separated list of IP 226 addresses. Providing port numbers is optional, and when not 227 supplied, port 389 is assumed. For an LDAP server running 228 on this machine, at port 389, use "127.0.0.1:389". 229 230EOF 231 ;; 232 auth_help) cat <<EOF 233 234HELP - The authentication method to be used to obtain information 235 from LDAP server. The supported methods are provided in menu. 236 237EOF 238 ;; 239 tls_help) cat <<EOF 240 241HELP - The transport layer security used for connection to the LDAP 242 server. In order to successfully use transport layer security, 243 the server must also support the chosen values. The supported 244 methods are provided in menu. Default is "$DEF_TLS". 245 246EOF 247 ;; 248 TLSCertificateDBPath_help) cat <<EOF 249 250HELP - The absolute path name of the directory containing the certificate 251 database. The default value is "$DEF_TLSCertificateDBPath" 252 253EOF 254 ;; 255 nisLDAPconfigProxyUser_help) cat <<EOF 256 257HELP - The bind DN of the proxy user used to obtain configuration 258 information. There is no default value. If the value ends 259 with a comma, the value of the nisLDAPconfigDN attribute 260 is appended. 261 262EOF 263 ;; 264 ProxyPassword_warn) cat <<EOF 265 266Warning : In order to avoid having this password publicly visible 267 on the machine, the password should appear only in the 268 configuration file, and the file should have an appropriate 269 owner, group, and file mode. 270 271 So, once this file is ready, please modify appropriately 272 to make sure this file is well protected. 273 274EOF 275 ;; 276 preferredServerList_help) cat <<EOF 277 278HELP - List of directory servers for mapping data to/from LDAP. 279 There is no default. The preferred servers must be entered 280 IN THE ORDER you wish to have them contacted. The preferred 281 server list is a space separated list of IP addresses. 282 Providing port numbers is optional, and when not supplied, 283 port 389 is assumed. For an LDAP server running on this 284 machine, at port 389, use "127.0.0.1:389". 285 286EOF 287 ;; 288 nisLDAPproxyUser_help) cat <<EOF 289 290HELP - The bind DN of the proxy user the ypserv to read or write 291 from or to LDAP. Assumed to have the appropriate permission 292 to read and modify LDAP data. There is no default value. If 293 the value ends with a comma, the value of the context for 294 the current domain (as defined by a nisLDAPdomainContext 295 attribute (NISLDAPmapping(4))) is appended. 296 297EOF 298 ;; 299 nisLDAPbindTimeout_help) cat <<EOF 300 301HELP - The amount of time in seconds after which an LDAP bind operation 302 will timeout. Default is $DEF_nisLDAPbindTimeout seconds. 303 Decimal values are allowed. 304 305EOF 306 ;; 307 nisLDAPsearchTimeout_help) cat <<EOF 308 309HELP - The amount of time in seconds after which an LDAP search operation 310 will timeout. Default is $DEF_nisLDAPsearchTimeout seconds. 311 Decimal values are allowed. 312 313EOF 314 ;; 315 nisLDAPmodifyTimeout_help) cat <<EOF 316 317HELP - The amount of time in seconds after which an LDAP modify operation 318 will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds. 319 Decimal values are allowed. 320 321EOF 322 ;; 323 nisLDAPaddTimeout_help) cat <<EOF 324 325HELP - The amount of time in seconds after which an LDAP add operation 326 will timeout. Default is $DEF_nisLDAPaddTimeout seconds. 327 Decimal values are allowed. 328 329EOF 330 ;; 331 nisLDAPdeleteTimeout_help) cat <<EOF 332 333HELP - The amount of time in seconds after which an LDAP delete operation 334 will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds. 335 Decimal values are allowed. 336 337EOF 338 ;; 339 nisLDAPsearchTimeLimit_help) cat <<EOF 340 341HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which 342 suggests a time limit for the search operation on the LDAP 343 server. The server may impose its own constraints on possible 344 values. See your LDAP server documentation. The default is the 345 nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value. 346 Only integer values are allowed. 347 348 Since the nisLDAPsearchTimeout limits the amount of time the 349 client ypserv will wait for completion of a search operation, 350 setting the nisLDAPsearchTimeLimit larger than the 351 nisLDAPsearchTimeout is not recommended. 352 353EOF 354 ;; 355 nisLDAPsearchSizeLimit_help) cat <<EOF 356 357HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which 358 suggests a size limit, in bytes, for the search results on 359 the LDAP server. The server may impose its own constraints 360 on possible values. See your LDAP server documentation. The 361 default is $DEF_nisLDAPsearchSizeLimit, which means unlimited. 362 Only integer values are allowed. 363 364EOF 365 ;; 366 nisLDAPfollowReferral_help) cat <<EOF 367 368HELP - Determines if the ypserv should follow referrals or not. 369 Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral. 370 371EOF 372 ;; 373 nisLDAPretrieveErrorAction_help) cat <<EOF 374 375HELP - If an error occurs while trying to retrieve an entry from 376 LDAP, one of the following actions can be selected: 377 378 use_cached : Retry the retrieval the number of time specified 379 by nisLDAPretrieveErrorAttempts, with the 380 nisLDAPretrieveErrorTimeout value controlling 381 the wait between each attempt. 382 383 If all attempts fail then log a warning and 384 return the value currently in the cache to the 385 client. This is the default value. 386 387 fail : Proceed as for 'use_cached' but if all attempts 388 fail return a YPERR_YPERR error to the client. 389 390EOF 391 ;; 392 nisLDAPretrieveErrorAttempts_help) cat <<EOF 393 394HELP - The number of times a failed retrieval should be retried. 395 The default is unlimited. Note while retries are made, the 396 NIS daemon will be prevented from servicing further requests. 397 Hence, values other than 1 should be used with caution. 398 399EOF 400 ;; 401 nisLDAPretrieveErrorTimeout_help) cat <<EOF 402 403HELP - The timeout (in seconds) between each new attempt to retrieve 404 LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds. 405 406EOF 407 ;; 408 nisLDAPstoreErrorAction_help) cat <<EOF 409 410HELP - If an error occurs while trying to store data to the LDAP 411 repository, one of the following actions can be selected : 412 413 retry : Retry operation nisLDAPstoreErrorAttempts times with 414 nisLDAPstoreErrorTimeout seconds between each attempt. 415 Note while retries are made the NIS daemon will be 416 prevented from servicing further requests. Use with 417 caution. This is the default value. 418 419 fail : Return YPERR_YPERR error to the client. 420 421EOF 422 ;; 423 nisLDAPstoreErrorAttempts_help) cat <<EOF 424 425HELP - The number of times a failed attempt to store data to the 426 LDAP repository should be retried. The default is unlimited. 427 428 The value for nisLDAPstoreErrorAttempts is ignored unless 429 nisLDAPstoreErrorAction=retry. 430 431EOF 432 ;; 433 nisLDAPstoreErrorTimeout_help) cat <<EOF 434 435HELP - The timeout (in seconds) between each new attempt to store 436 LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds. 437 438 The value for nisLDAPstoreErrorTimeout is ignored unless 439 nisLDAPstoreErrorAction=retry. 440 441EOF 442 ;; 443 selectDomain4N2L_help) cat <<EOF 444 445HELP - Whether this domain needs to be served by YP to LDAP transition 446 solution. The default is no in which case the data in this 447 domain would not be taken care for transitioning to LDAP. 448 449EOF 450 ;; 451 generate_comment_info_for_cust_map_help) cat <<EOF 452 453HELP - If selected, this script will try to add relevant comments 454 in the mapping file which might help in customizing the 455 mapping information for custom maps. 456 457EOF 458 ;; 459 generate_mapping_info_for_cust_map_help) cat <<EOF 460 461HELP - If selected, this script will try to generate mapping 462 information for this map assuming it is a "simple" map. 463 464 A map is assumed to be "simple" if each entry of this map 465 has only one "key value" entry in YP, and if each map entry 466 can be represented as a single DIT string in the LDAP server. 467 468 If this map is not a simple map and you do want to store it 469 in LDAP, you have two options : 470 471 1 - Answer yes, and this script would generate the mapping 472 information for this map assuming it is a simple map. 473 And once the execution of the script is over, you can 474 customize the mapping information by hand editing the 475 mapping file. 476 477 2 - Answer no, and this script would not generate mapping 478 info for this map. And once the execution of the script 479 is over, you can include the customized mapping 480 information by hand editing the mapping file. 481 482EOF 483 ;; 484 nisLDAPdomainContext_help) cat <<EOF 485 486HELP - This parameter defines the context (default location) in 487 the directory tree at which all the name service entries 488 for this particular domain would be stored. 489 490EOF 491 ;; 492 nisLDAPyppasswddDomains_help) cat <<EOF 493 494HELP - Lists the domains for which password changes should be 495 made. If this is not present then the value returned by 496 'domainname' will be used. 497 498 NIS password change requests do not specify the domains in 499 which any given password should be changed. (In traditional 500 NIS this information is effectively hard coded in the NIS 501 makefile.) 502 503EOF 504 ;; 505 custom_map_comment_char_help) cat <<EOF 506 507HELP - If selected, it will allow you to specify a character which 508 would represent the start of the special 'comment' field in 509 a given NIS map. If this attribute is not present then the 510 default comment character '#' is used. 511 512 If a map cannot contain comments then the blank comment 513 character ('') should be specified (just hit the return key). 514 515EOF 516 ;; 517 same_comment_char_help) cat <<EOF 518 519HELP - If selected, for a given map, it will allow you to specify 520 a common comment character for all the domains. 521 522 Or else by selecting NO, for the same map, you would be 523 given the option to specify different comment character 524 for different domains. 525 526EOF 527 ;; 528 secure_flag_on_help) cat <<EOF 529 530HELP - Secure flag is set on maps which are generated with 531 "makedbm -s". When converting data from LDAP to YP, 532 it adds YP_SECURE entries. 533 534EOF 535 ;; 536 secure_flag_all_domains_help) cat <<EOF 537 538HELP - If selected, it will allow you to set the secure flag on 539 for this map for all the domains. 540 541 Or else by selecting NO, you would be given the option to 542 set this flag, for the same map, on per domain basis. 543 544EOF 545 ;; 546 interdomain_flag_on_help) cat <<EOF 547 548HELP - Interdomain flag is set on a set of maps which are generated 549 with "makedbm -b". It signals NIS servers to use the domain 550 name resolver for host name and address lookups for hosts 551 not found in the maps. 552 553 If selected, it adds YP_INTERDOMAIN entries in these maps 554 when converting data from LDAP to YP. 555 556EOF 557 ;; 558 interdomain_flag_all_domains_help) cat <<EOF 559 560HELP - If selected, it will allow you to set the interdomain flag 561 on for all the domains. 562 563 Or else by selecting NO, you would be given the option to 564 set this flag on per domain basis. 565 566EOF 567 ;; 568 initialTTLlo_help) cat <<EOF 569 570HELP - The lower limit for the initial TTL (in seconds) for data 571 read from disk when the ypserv starts. If initialTTLhi also 572 is specified, the actual initialTTL will be randomly selected 573 from the interval initialTTLlo to initialTTLhi (inclusive). 574 575 Leaving the field empty yields the default value of $DEF_iTTLlo. 576 577EOF 578 ;; 579 initialTTLhi_help) cat <<EOF 580 581HELP - The upper limit for the initial TTL (in seconds). 582 If left empty, defaults to "$DEF_iTTLhi". 583 584EOF 585 ;; 586 runningTTL_help) cat <<EOF 587 588HELP - The TTL (in seconds) for data retrieved from LDAP while the 589 ypserv is running. If left empty, defaults to "$DEF_runTTL". 590 591EOF 592 ;; 593 default_ttl_help) cat <<EOF 594 595HELP - The default TTL value for each map is set to : 596 ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL} 597 598 Select yes if you want to change the current TTL value. 599 600EOF 601 ;; 602 non_default_same_ttl_help) cat <<EOF 603 604HELP - Select yes if you want to set a new TTL value, but want 605 to keep it same for all the maps. 606 607EOF 608 ;; 609 non_default_different_ttl_help) cat <<EOF 610 611HELP - Select yes if you want to set TTL value for each map, but 612 want to keep it same for all the domains. 613 614EOF 615 ;; 616 default_different_ttl_help) cat <<EOF 617 618HELP - Select yes if you want to accept the default TTL 619 value for this map. 620 621EOF 622 ;; 623 same_ttl_across_domains_help) cat <<EOF 624 625HELP - Select yes if you want to set TTL value for the map, 626 but want to keep it same for all the domains. 627 628EOF 629 ;; 630 631 esac 632} 633 634# 635# Echo the message passed only if DEBUG is set. 636# Reduces the line width significantly. 637# 638d_echo() 639{ 640[ DEBUG -eq 1 ] && echo $@ 641} 642 643 644# 645# get_ans(): gets an answer from the user. 646# $1 instruction/comment/description/question 647# $2 default value 648# 649get_ans() 650{ 651 if [ -z "$2" ] 652 then 653 echo "$1 \c" 654 else 655 echo "$1 [$2] \c" 656 fi 657 658 read ANS 659 if [ -z "$ANS" ] 660 then 661 ANS=$2 662 fi 663} 664 665 666# 667# get_ans_req(): gets an answer (required) from the user, NULL value not allowed. 668# $@ instruction/comment/description/question 669# 670get_ans_req() 671{ 672 ANS="" # Set ANS to NULL. 673 while [ "$ANS" = "" ] 674 do 675 get_ans "$@" 676 [ "$ANS" = "" ] && echo "NULL value not allowed!" 677 done 678} 679 680 681# 682# get_integer(): Querys and verifies that number entered is integer. 683# Function will repeat prompt user for integer value. 684# $1 Message text. 685# $2 default value. 686# $3 Help argument. 687# 688get_integer() 689{ 690 ANS="" # Set ANS to NULL. 691 NUM="" 692 693 get_ans "$1" "$2" 694 695 # Verify that value is integer. 696 while not_integer $ANS 697 do 698 case "$ANS" in 699 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 700 * ) echo "Invalid value: \"${ANS}\". \c" 701 ;; 702 esac 703 704 # Get a new value. 705 get_ans "Enter an integer value:" "$2" 706 done 707 NUM=$ANS 708} 709 710 711# 712# get_number(): Querys and verifies that number entered is numeric. 713# Function will repeat prompt user for numeric value. 714# $1 Message text. 715# $2 default value. 716# $3 Help argument. 717# 718get_number() 719{ 720 ANS="" # Set ANS to NULL. 721 NUM="" 722 723 get_ans "$1" "$2" 724 725 # Verify that value is numeric. 726 while not_numeric $ANS 727 do 728 case "$ANS" in 729 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 730 * ) echo "Invalid value: \"${ANS}\". \c" 731 ;; 732 esac 733 734 # Get a new value. 735 get_ans "Enter a numeric value:" "$2" 736 done 737 NUM=$ANS 738} 739 740 741# 742# get_pos_int(): Only allows positive integer. 743# 744# $1 - Prompt message. 745# $2 - Default value (require). 746# $3 - Optional help argument. 747get_pos_int() 748{ 749 while : 750 do 751 get_integer "$1" "$2" "$3" 752 753 if [ $ANS -lt 0 ]; then 754 echo "Invalid number: please enter a positive integer." 755 else 756 break # Positive integer 757 fi 758 done 759} 760 761 762# 763# get_pos_num(): Only allows positive number. 764# 765# $1 - Prompt message. 766# $2 - Default value (require). 767# $3 - Optional help argument. 768get_pos_num() 769{ 770 while : 771 do 772 get_number "$1" "$2" "$3" 773 774 if [ $ANS -lt 0 ]; then 775 echo "Invalid number: please enter a positive number." 776 else 777 break # Positive number 778 fi 779 done 780} 781 782 783# 784# 785# get_passwd(): Reads a password from the user and verify with second. 786# $@ instruction/comment/description/question 787# 788get_passwd() 789{ 790 [ $DEBUG -eq 1 ] && echo "In get_passwd()" 791 792 # Temporary PASSWD variables 793 _PASS1="" 794 _PASS2="" 795 796 # Handle signals, so that echo can be turned back on if Ctrl-C. 797 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 798 799 /usr/bin/stty -echo # Turn echo OFF 800 801 # Endless loop that continues until passwd and re-entered passwd 802 # match. 803 while : 804 do 805 ANS="" # Set ANS to NULL. 806 807 # Don't allow NULL for first try. 808 while [ "$ANS" = "" ] 809 do 810 get_ans "$@" 811 [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!" 812 done 813 _PASS1=$ANS # Store first try. 814 815 # Get second try. 816 echo "" 817 get_ans "Re-enter passwd:" 818 _PASS2=$ANS 819 820 # Test if passwords are identical. 821 if [ "$_PASS1" = "$_PASS2" ]; then 822 break 823 fi 824 825 # Move cursor down to next line and print ERROR message. 826 echo "" 827 echo "ERROR: passwords don't match; try again." 828 done 829 830 /usr/bin/stty echo # Turn echo ON 831 832 # Removed signal handler 833 trap 1 2 3 6 15 834 835 echo "" 836} 837 838 839# 840# get_passwd_nochk(): Reads a password from the user w/o check. 841# $@ instruction/comment/description/question 842# 843get_passwd_nochk() 844{ 845 [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()" 846 847 # Handle signals, so that echo can be turned back on if Ctrl-C. 848 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 849 850 /usr/bin/stty -echo # Turn echo OFF 851 852 get_ans "$@" 853 854 /usr/bin/stty echo # Turn echo ON 855 856 # Removed signal handler 857 trap 1 2 3 6 15 858 859 echo "" 860} 861 862 863# 864# get_confirm(): Get confirmation from the user. (Y/Yes or N/No) 865# $1 - Message 866# $2 - default value. 867# 868get_confirm() 869{ 870 _ANSWER= 871 872 while : 873 do 874 # Display Internal ERROR if $2 not set. 875 if [ -z "$2" ]; then 876 echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional." 877 exit 2 878 fi 879 880 # Display prompt. 881 echo "$1 [$2] \c" 882 883 # Get the ANSWER. 884 read _ANSWER 885 if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then 886 _ANSWER=$2 887 fi 888 case "$_ANSWER" in 889 [Yy] | yes | Yes | YES) return 1 ;; 890 [Nn] | no | No | NO) return 0 ;; 891 [Hh] | help | Help | \?) display_msg ${3:-sorry};; 892 * ) echo "Please enter y or n." ;; 893 esac 894 done 895} 896 897 898# 899# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No) 900# No default value supported. Returns 1 for yes. 901# 902get_confirm_nodef() 903{ 904 _ANSWER= 905 906 while : 907 do 908 echo "$@ \c" 909 read _ANSWER 910 case "$_ANSWER" in 911 [Yy] | yes | Yes | YES) return 1 ;; 912 [Nn] | no | No | NO) return 0 ;; 913 * ) echo "Please enter y or n." ;; 914 esac 915 done 916} 917 918 919# 920# is_integer(): Tells if a string is numeric integer. 921# 0 = Integer 922# 1 = NOT Integer 923# 924is_integer() 925{ 926 # Check for parameter. 927 if [ $# -ne 1 ]; then 928 return 1 929 fi 930 931 # Determine if integer. 932 expr "$1" + 1 > /dev/null 2>&1 933 934 if [ $? -ge 2 ]; then 935 return 1 936 fi 937 938 # Made it here, it's Numeric. 939 return 0 940} 941 942 943# 944# not_integer(): Reverses the return values of is_integer. Useful 945# for if and while statements that want to test for 946# non-integer data. 947# 0 = NOT Integer 948# 1 = Integer 949# 950not_integer() 951{ 952 is_integer $1 953 if [ $? -eq 0 ]; then 954 return 1 955 else 956 return 0 957 fi 958} 959 960 961# 962# is_numeric(): Tells if a string is numeric. 963# 0 = Numeric 964# 1 = NOT Numeric 965# 966is_numeric() 967{ 968 # Check for parameter. 969 if [ $# -ne 1 ]; then 970 return 1 971 fi 972 973 # Determine if numeric. 974 let _NUM="$1 + 1" > /dev/null 2>&1 975 976 if [ $? -eq 0 ]; then 977 return 0 978 fi 979 980} 981 982 983# 984# not_numeric(): Reverses the return values of is_numeric. Useful 985# for if and while statements that want to test for 986# non-numeric data. 987# 0 = NOT Numeric 988# 1 = Numeric 989# 990not_numeric() 991{ 992 is_numeric $1 993 if [ $? -eq 0 ]; then 994 return 1 995 else 996 return 0 997 fi 998} 999 1000 1001# 1002# domain_2_dc(): Convert a domain name into dc string. 1003# $1 .. Domain name. 1004# 1005domain_2_dc() 1006{ 1007 _DOM=$1 # Domain parameter. 1008 _DOM_2_DC="" # Return value from function. 1009 _FIRST=1 # Flag for first time. 1010 1011 export _DOM_2_DC # Make visible for others. 1012 1013 # Convert "."'s to spaces for "for" loop. 1014 domtmp="`echo ${_DOM} | tr '.' ' '`" 1015 for i in $domtmp; do 1016 if [ $_FIRST -eq 1 ]; then 1017 _DOM_2_DC="dc=${i}" 1018 _FIRST=0 1019 else 1020 _DOM_2_DC="${_DOM_2_DC},dc=${i}" 1021 fi 1022 done 1023} 1024 1025 1026# 1027# is_root_user(): Check to see if logged in as super user. 1028# 1029is_root_user() 1030{ 1031 case `id` in 1032 uid=0\(root\)*) return 0 ;; 1033 * ) return 1 ;; 1034 esac 1035} 1036 1037 1038# 1039# parse_arg(): Parses the command line arguments and sets the 1040# appropriate variables. 1041# 1042parse_arg() 1043{ 1044 while getopts ":dm:c:" ARG 1045 do 1046 case $ARG in 1047 d) DEBUG=1;; 1048 1049 m) MAP_FILE=$OPTARG 1050 MAPPING_FILE_SPECIFIED=1;; 1051 1052 c) CONFIG_FILE=$OPTARG 1053 CONFIG_FILE_SPECIFIED=1;; 1054 1055 \?) echo "**ERROR: Invalid option '$OPTARG'" 1056 display_msg usage 1057 exit 1;; 1058 esac 1059 done 1060 1061 shift `expr $OPTIND - 1` 1062 if [ $# -gt 0 ]; then 1063 echo "**ERROR: wrong usage " 1064 display_msg usage 1065 exit 1 1066 fi 1067} 1068 1069 1070# 1071# present() : Checks if the first argument exists in the 1072# argument list. Returns 0 if found, else 1. 1073# 1074present () 1075{ 1076_ELEMENT=$1 1077 1078shift 1079ARG_LIST=$@ 1080 1081for item in $ARG_LIST 1082do 1083 [ "$_ELEMENT" = "$item" ] && return 0 1084done 1085 1086# If reached here, then the clement does not exist 1087return 1 1088} 1089 1090 1091# 1092# remove() : Returns a new string after removing the first 1093# argument in the argument list. 1094# 1095remove () 1096{ 1097_ELEMENT=$1 1098 1099shift 1100ARG_LIST=$@ 1101 1102NEW_LIST="" 1103 1104for item in $ARG_LIST 1105do 1106 [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item" 1107done 1108 1109echo $NEW_LIST 1110return 0 1111} 1112 1113 1114# 1115# merge_lists() : Returns a list after merging elements 1116# (uniquely) supplied in the argument list. 1117# 1118merge_lists() 1119{ 1120MERGED_LIST="" 1121 1122for _VAR in "$@" 1123do 1124 if ! present $_VAR $MERGED_LIST; then 1125 MERGED_LIST="$MERGED_LIST $_VAR" 1126 fi 1127done 1128 1129echo $MERGED_LIST 1130return 0 1131} 1132 1133 1134# 1135# init(): initializes variables and options 1136# 1137init() 1138{ 1139# General variables. 1140DEBUG=0 # Set Debug OFF 1141 1142MAPPING_FILE_SPECIFIED=0 # No file name passed 1143CONFIG_FILE_SPECIFIED=0 # No file name passed 1144 1145# Prevent others from snooping 1146umask 077 1147 1148# Set default config and mapping files. 1149DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping" 1150DEFAULT_CONFIG_FILE="/etc/default/ypserv" 1151 1152MAP_FILE="$DEFAULT_MAP_FILE" 1153CONFIG_FILE="$DEFAULT_CONFIG_FILE" 1154 1155# Set and create TMPDIR. Use a safe place to discourage hackers. 1156TMPDIR="/var/yp/inityp2l" 1157 1158# Temporary file names to be used to prevent system starting in 1159# N2L mode in case something goes wrong during file creation. 1160TMPCONF="ypserv-tmp" 1161TMPMAP="NISLDAPmapping-tmp" 1162 1163# Remove if the temp directory has been leftover 1164[ -d "$TMPDIR" ] && rm -rf $TMPDIR 1165mkdir $TMPDIR 1166if [ $? -ne 0 ]; then 1167 echo ERROR : Failed to create temp directory $TMPDIR 1168 exit 1 1169fi 1170 1171# Initialize the default NIS maps. 1172DEFAULT_NIS_MAPS="passwd.byname 1173 passwd.byuid 1174 group.byname 1175 group.bygid 1176 hosts.byaddr 1177 hosts.byname 1178 ipnodes.byaddr 1179 ipnodes.byname 1180 ethers.byaddr 1181 ethers.byname 1182 networks.byaddr 1183 networks.byname 1184 rpc.bynumber 1185 services.byname 1186 services.byservicename 1187 printers.conf.byname 1188 project.byname 1189 project.byprojid 1190 protocols.byname 1191 protocols.bynumber 1192 netgroup 1193 netgroup.byuser 1194 netgroup.byhost 1195 bootparams 1196 mail.aliases 1197 mail.byaddr 1198 publickey.byname 1199 netid.byname 1200 netmasks.byaddr 1201 passwd.adjunct.byname 1202 group.adjunct.byname 1203 timezone.byname 1204 auth_attr 1205 exec_attr 1206 prof_attr 1207 user_attr 1208 audit_user 1209 auto.master 1210 auto.home 1211 ypservers" 1212 1213set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS 1214 1215# The default TTL maps in database ID format. 1216DEF_TTL_MAPLIST="audit_user 1217 auto.home 1218 auto.master 1219 auth_attr 1220 bootparams 1221 ethers 1222 exec_attr 1223 group 1224 group.adjunct.byname 1225 keys.host 1226 keys.pass 1227 keys.nobody 1228 hosts 1229 multihosts 1230 ipnodes 1231 multiipnodes 1232 netgroup 1233 networks 1234 passwd 1235 passwd.adjunct.byname 1236 printers.conf.byname 1237 prof_attr 1238 project 1239 protocols 1240 services 1241 mail.aliases 1242 mail.mapping 1243 netid.host 1244 netid.pass 1245 netmasks.byaddr 1246 rpc.bynumber 1247 ageing.byname 1248 timezone.byname 1249 user_attr 1250 ypservers" 1251 1252 1253# Initialize default values for config parameters. 1254 1255configDN_flag=0 1256DEF_nisLDAPconfigDN="" 1257DEF_TLS=none 1258DEF_TLSCertificateDBPath=/var/yp/ 1259DEF_nisLDAPbindTimeout=15 1260DEF_nisLDAPsearchTimeout=180 1261DEF_nisLDAPmodifyTimeout=15 1262DEF_nisLDAPaddTimeout=15 1263DEF_nisLDAPdeleteTimeout=15 1264DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout} 1265DEF_nisLDAPsearchSizeLimit=0 1266DEF_nisLDAPfollowReferral=no 1267DEF_nisLDAPretrieveErrorAction=use_cached 1268 1269# The default is unlimited, but since it prevents the NIS daemon, 1270# from servicing further requests, set 1 as the suggested value. 1271SUG_nisLDAPretrieveErrorAttempts=1 1272DEF_nisLDAPretrieveErrorTimeout=15 1273DEF_nisLDAPstoreErrorAction=retry 1274 1275# The default is unlimited, but set 1 as the suggested value. 1276SUG_nisLDAPstoreErrorAttempts=1 1277DEF_nisLDAPstoreErrorTimeout=15 1278 1279# Default TTL values (in seconds) for NIS MAPS for mapping file. 1280DEF_iTTLlo=1800 1281DEF_iTTLhi=5400 1282DEF_runTTL=3600 1283 1284} 1285 1286 1287# 1288# config_auth_menu_handler(): Enter the authentication method 1289# for config server. 1290# 1291config_auth_menu_handler() 1292{ 1293 # Display Auth menu 1294 display_msg config_auth_method_menu 1295 1296 # Get a Valid choice. 1297 while : 1298 do 1299 # Display appropriate prompt and get answer. 1300 get_ans_req " Choose one Authentication Method (h=help):" 1301 1302 # Determine choice. 1303 _MENU_CHOICE=$ANS 1304 case "$_MENU_CHOICE" in 1305 1) _AUTHMETHOD="none" 1306 break ;; 1307 2) _AUTHMETHOD="simple" 1308 break ;; 1309 3) _AUTHMETHOD="sasl/cram-md5" 1310 break ;; 1311 4) _AUTHMETHOD="sasl/digest-md5" 1312 break ;; 1313 h) display_msg auth_help ;; 1314 *) echo "Please enter 1-4, or h=help." ;; 1315 esac 1316 done 1317} 1318 1319 1320# 1321# auth_menu_handler(): Enter the Authentication method for LDAP server. 1322# 1323auth_menu_handler() 1324{ 1325 # Display Auth menu 1326 display_msg auth_method_menu 1327 1328 # Get a Valid choice. 1329 while : 1330 do 1331 # Display appropriate prompt and get answer. 1332 get_ans_req " Choose one Authentication Method (h=help):" 1333 1334 # Determine choice. 1335 _MENU_CHOICE=$ANS 1336 case "$_MENU_CHOICE" in 1337 1) _AUTHMETHOD="simple" 1338 break ;; 1339 2) _AUTHMETHOD="sasl/cram-md5" 1340 break ;; 1341 3) _AUTHMETHOD="sasl/digest-md5" 1342 break ;; 1343 h) display_msg auth_help ;; 1344 *) echo "Please enter 1-3, or h=help." ;; 1345 esac 1346 done 1347} 1348 1349 1350# 1351# tls_menu_handler(): Enter the transport layer security 1352# 1353tls_menu_handler() 1354{ 1355 # Display TLS menu 1356 display_msg tls_method_menu 1357 1358 # Get a Valid choice. 1359 while : 1360 do 1361 # Display appropriate prompt and get answer. 1362 # Default value is "none". 1363 1364 get_ans " Choose one Transport Layer Security Method (h=help):" "1" 1365 1366 # Determine choice. 1367 _MENU_CHOICE=$ANS 1368 case "$_MENU_CHOICE" in 1369 1) _TLSMETHOD="none" 1370 break ;; 1371 2) _TLSMETHOD="ssl" 1372 break ;; 1373 h) display_msg tls_help ;; 1374 *) echo "Please enter 1, 2, or h=help." ;; 1375 esac 1376 done 1377} 1378 1379 1380# 1381# retrieve_error_action_menu_handler(): Enter the retrieve error action 1382# 1383retrieve_error_action_menu_handler() 1384{ 1385 # Display retrieve error action menu 1386 display_msg retrieve_error_action_menu 1387 1388 # Get a Valid choice. 1389 while : 1390 do 1391 # Display appropriate prompt and get answer. use_cached is default 1392 get_ans " Choose one retrieval error action (h=help):" "1" 1393 1394 # Determine choice. 1395 _MENU_CHOICE=$ANS 1396 case "$_MENU_CHOICE" in 1397 1) _RET_ERR_ACT="use_cached" 1398 break ;; 1399 2) _RET_ERR_ACT="fail" 1400 break ;; 1401 h) display_msg nisLDAPretrieveErrorAction_help ;; 1402 *) echo "Please enter 1, 2, or h=help." ;; 1403 esac 1404 done 1405} 1406 1407 1408# 1409# store_error_action_menu_handler(): Enter the store error action 1410# 1411store_error_action_menu_handler() 1412{ 1413 # Display store error action menu 1414 display_msg store_error_action_menu 1415 1416 # Get a Valid choice. 1417 while : 1418 do 1419 # Display appropriate prompt and get answer. retry is default 1420 get_ans " Choose one store error action (h=help):" "1" 1421 1422 # Determine choice. 1423 _MENU_CHOICE=$ANS 1424 case "$_MENU_CHOICE" in 1425 1) _STOR_ERR_ACT="retry" 1426 break ;; 1427 2) _STOR_ERR_ACT="fail" 1428 break ;; 1429 h) display_msg nisLDAPstoreErrorAction_help ;; 1430 *) echo "Please enter 1, 2, or h=help." ;; 1431 esac 1432 done 1433} 1434 1435 1436# 1437# cleanup(): Remove the TMPDIR and all files in it. 1438# 1439cleanup() 1440{ 1441[ $DEBUG -eq 1 ] && echo "In cleanup()" 1442 1443# Leave the temp directory if debug is set 1444[ $DEBUG -eq 0 ] && rm -rf $TMPDIR 1445} 1446 1447 1448# Save existing config file if elected 1449check_back_config_file() 1450{ 1451if [ -f $CONFIG_FILE ]; then 1452 display_msg backup_config_file 1453 1454 get_confirm "Do you wish to continue (y/n/h)?" \ 1455 "n" "backup_config_file_cont_help" 1456 1457 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1458 cleanup ; exit 1 1459 fi 1460 1461 get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \ 1462 "y" "backup_config_file_help" 1463 1464 if [ $? -eq 1 ]; then # Save the old config file with timestamp 1465 1466 # SCCS converts '% H %' (without spaces) in current date during putback. 1467 # So use some other combination. 1468 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1469 1470 cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX} 1471 echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}" 1472 fi 1473fi 1474} 1475 1476 1477# Save existing mapping file if elected 1478check_back_mapping_file() 1479{ 1480if [ -f $MAP_FILE ]; then 1481 display_msg backup_mapping_file 1482 1483 get_confirm "Do you wish to continue (y/n/h)?" \ 1484 "n" "backup_mapping_file_cont_help" 1485 1486 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1487 cleanup ; exit 1 1488 fi 1489 1490 get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \ 1491 "y" "backup_mapping_file_help" 1492 1493 if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp 1494 1495 # SCCS converts '% H %' (without spaces) in current date during putback. 1496 # So use some other combination. 1497 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1498 1499 cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX} 1500 echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}" 1501 fi 1502 1503else 1504 if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then 1505 display_msg warn_n2l_mode 1506 1507 get_confirm "Do you wish to continue (y/n/h)?" \ 1508 "n" "warn_n2l_mode_help" 1509 1510 if [ $? -eq 0 ]; then 1511 cleanup ; exit 1 1512 fi 1513 fi 1514fi 1515} 1516 1517 1518put_config_file_copyright_info() 1519{ 1520 1521# Start with an emptty file, so don't append, but overwrite here. 1522# Just change the name, but keep the same date and version number 1523# as in the ident string of this script. 1524 1525grep "ident \"@(#)$PROG" $ABS_PROG | \ 1526 sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE 1527 1528echo "\ 1529# 1530# Copyright 2003 Sun Microsystems, Inc. All rights reserved. 1531# Use is subject to license terms. 1532#\ 1533" >> $MAP_FILE 1534} 1535 1536 1537get_nisLDAPconfigDN() 1538{ 1539while : 1540do 1541 1542get_ans "DN for configuration information (h=help):" 1543 1544# If help continue, otherwise break. 1545case "$ANS" in 1546 [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;; 1547 * ) break ;; 1548esac 1549done 1550 1551nisLDAPconfigDN="${ANS}" 1552 1553# Store in config file only if a non-default value is specified. 1554if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then 1555 echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE 1556fi 1557 1558# Ask remaining config server related questions only if this 1559# DN is set. So, if a value is specified, set a flag. 1560 1561[ "$ANS" != "" ] && configDN_flag=1 1562} 1563 1564 1565get_nisLDAPconfigPreferredServerList() 1566{ 1567while : 1568do 1569 1570get_ans_req "Preferred server list for configuration information (h=help):" 1571 1572# If help continue, otherwise break. 1573case "$ANS" in 1574 [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;; 1575 * ) break ;; 1576esac 1577done 1578 1579nisLDAPconfigPreferredServerList=${ANS} 1580echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE 1581} 1582 1583 1584get_nisLDAPconfigAuthenticationMethod() 1585{ 1586_AUTHMETHOD="" 1587 1588echo "Select the Authentication Method for configuration server :" 1589config_auth_menu_handler 1590 1591nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD} 1592echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1593} 1594 1595 1596get_nisLDAPconfigTLS() 1597{ 1598_TLSMETHOD="" 1599 1600echo "Select the Transport Layer Security (TLS) for configuration server :" 1601tls_menu_handler 1602 1603nisLDAPconfigTLS=${_TLSMETHOD} 1604 1605# Store in config file only if a non-default value is specified. 1606if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1607 echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1608fi 1609} 1610 1611 1612get_nisLDAPconfigTLSCertificateDBPath() 1613{ 1614while : 1615do 1616 1617get_ans "Path with TLS Certificate DB for configuration server (h=help):"\ 1618 "${DEF_TLSCertificateDBPath}" 1619 1620# If help continue, otherwise break. 1621case "$ANS" in 1622 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1623 * ) break ;; 1624esac 1625done 1626 1627nisLDAPconfigTLSCertificateDBPath=${ANS} 1628 1629# Store in config file only if a non-default value is specified. 1630if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1631 echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1632fi 1633} 1634 1635 1636get_nisLDAPconfigProxyUser() 1637{ 1638while : 1639do 1640 1641get_ans_req "Proxy user bind DN to obtain configuration information (h=help):" 1642# If help continue, otherwise break. 1643case "$ANS" in 1644 [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;; 1645 * ) break ;; 1646esac 1647done 1648 1649nisLDAPconfigProxyUser=${ANS} 1650echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE 1651} 1652 1653 1654get_nisLDAPconfigProxyPassword() 1655{ 1656get_passwd "Proxy user password to obtain configuration information :" 1657nisLDAPconfigProxyPassword=${ANS} 1658 1659echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE 1660 1661display_msg ProxyPassword_warn 1662} 1663 1664 1665get_preferredServerList() 1666{ 1667while : 1668do 1669 1670get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):" 1671 1672# If help continue, otherwise break. 1673case "$ANS" in 1674 [Hh] | help | Help | \?) display_msg preferredServerList_help ;; 1675 * ) break ;; 1676esac 1677done 1678 1679preferredServerList=${ANS} 1680echo "preferredServerList=${ANS}" >> $CONFIG_FILE 1681} 1682 1683 1684get_authenticationMethod() 1685{ 1686_AUTHMETHOD="" 1687 1688echo "Select the Authentication Method for mapping data to/from LDAP :" 1689auth_menu_handler 1690 1691authenticationMethod=${_AUTHMETHOD} 1692echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1693} 1694 1695 1696get_nisLDAPTLS() 1697{ 1698_TLSMETHOD="" 1699 1700echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :" 1701tls_menu_handler 1702 1703nisLDAPTLS=${_TLSMETHOD} 1704 1705# Store in config file only if a non-default value is specified. 1706if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1707 echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1708fi 1709} 1710 1711 1712get_nisLDAPTLSCertificateDBPath() 1713{ 1714while : 1715do 1716 1717get_ans "Path with TLS Certificate DB for LDAP data server (h=help):"\ 1718 "${DEF_nisLDAPTLSCertificateDBPath}" 1719 1720# If help continue, otherwise break. 1721case "$ANS" in 1722 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1723 * ) break ;; 1724esac 1725done 1726 1727nisLDAPTLSCertificateDBPath=${ANS} 1728 1729# Store in config file only if a non-default value is specified. 1730if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1731 echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1732fi 1733} 1734 1735 1736get_nisLDAPproxyUser() 1737{ 1738while : 1739do 1740 1741get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):" 1742 1743# If help continue, otherwise break. 1744case "$ANS" in 1745 [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;; 1746 * ) break ;; 1747esac 1748done 1749 1750nisLDAPproxyUser=${ANS} 1751echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE 1752} 1753 1754 1755get_nisLDAPproxyPassword() 1756{ 1757get_passwd "Proxy user password to read/write data from/to LDAP :" 1758nisLDAPproxyPassword=${ANS} 1759 1760echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE 1761 1762display_msg ProxyPassword_warn 1763} 1764 1765 1766get_nisLDAPbindTimeout() 1767{ 1768get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \ 1769 "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help" 1770 1771nisLDAPbindTimeout=${NUM} 1772 1773# Store in config file only if a non-default value is specified. 1774if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then 1775 echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE 1776fi 1777} 1778 1779 1780get_nisLDAPsearchTimeout() 1781{ 1782get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \ 1783 "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help" 1784 1785nisLDAPsearchTimeout=${NUM} 1786 1787# Store in config file only if a non-default value is specified. 1788if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then 1789 echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE 1790fi 1791} 1792 1793 1794get_nisLDAPmodifyTimeout() 1795{ 1796get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \ 1797 "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help" 1798 1799nisLDAPmodifyTimeout=${NUM} 1800 1801# Store in config file only if a non-default value is specified. 1802if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then 1803 echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE 1804fi 1805} 1806 1807 1808get_nisLDAPaddTimeout() 1809{ 1810get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \ 1811 "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help" 1812 1813nisLDAPaddTimeout=${NUM} 1814 1815# Store in config file only if a non-default value is specified. 1816if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then 1817 echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE 1818fi 1819} 1820 1821 1822get_nisLDAPdeleteTimeout() 1823{ 1824get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \ 1825 "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help" 1826 1827nisLDAPdeleteTimeout=${NUM} 1828 1829# Store in config file only if a non-default value is specified. 1830if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then 1831 echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE 1832fi 1833} 1834 1835 1836get_nisLDAPsearchTimeLimit() 1837{ 1838get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \ 1839 "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help" 1840 1841nisLDAPsearchTimeLimit=${NUM} 1842 1843# Store in config file only if a non-default value is specified. 1844if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then 1845 echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE 1846fi 1847} 1848 1849 1850get_nisLDAPsearchSizeLimit() 1851{ 1852get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \ 1853 "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help" 1854 1855nisLDAPsearchSizeLimit=${NUM} 1856 1857# Store in config file only if a non-default value is specified. 1858if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then 1859 echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE 1860fi 1861} 1862 1863 1864get_nisLDAPfollowReferral() 1865{ 1866get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \ 1867 "n" "nisLDAPfollowReferral_help" 1868 1869if [ $? -eq 1 ]; then 1870 _ANS="yes" 1871else 1872 _ANS="no" 1873fi 1874 1875# Store in config file only if a non-default value is specified. 1876if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then 1877 echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE 1878fi 1879} 1880 1881 1882get_nisLDAPretrieveErrorAction() 1883{ 1884_RET_ERR_ACT="" 1885 1886echo "Select the action to be taken in case of LDAP retrieval error :" 1887retrieve_error_action_menu_handler 1888 1889nisLDAPretrieveErrorAction=${_RET_ERR_ACT} 1890 1891# Store in config file only if a non-default value is specified. 1892if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then 1893 echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE 1894fi 1895} 1896 1897 1898get_nisLDAPretrieveErrorAttempts() 1899{ 1900 1901get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \ 1902 "$SUG_nisLDAPretrieveErrorAttempts" \ 1903 "nisLDAPretrieveErrorAttempts_help" 1904 1905nisLDAPretrieveErrorAttempts=${NUM} 1906 1907echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE 1908} 1909 1910 1911get_nisLDAPretrieveErrorTimeout() 1912{ 1913# if nisLDAPretrieveErrorAttempts=0, then no point in asking 1914# for timeout vales as it is ignored anyway. 1915 1916[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0 1917 1918get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\ 1919 "${DEF_nisLDAPretrieveErrorTimeout}" \ 1920 "nisLDAPretrieveErrorTimeout_help" 1921 1922nisLDAPretrieveErrorTimeout=${NUM} 1923 1924# Store in config file only if a non-default value is specified. 1925if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then 1926 echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE 1927fi 1928} 1929 1930 1931get_nisLDAPstoreErrorAction() 1932{ 1933_STOR_ERR_ACT="" 1934 1935echo "Select the action to be taken in case of LDAP store error :" 1936store_error_action_menu_handler 1937 1938nisLDAPstoreErrorAction=${_STOR_ERR_ACT} 1939 1940# Store in config file only if a non-default value is specified. 1941if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then 1942 echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE 1943fi 1944} 1945 1946 1947get_nisLDAPstoreErrorAttempts() 1948{ 1949 1950# if nisLDAPstoreErrorAction="fail", then no point in asking 1951# for no. of attempts or timeout vales as they are ignored. 1952 1953[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1954 1955get_pos_int "Number of attempts in case of LDAP store error (h=help):" \ 1956 "$SUG_nisLDAPstoreErrorAttempts" \ 1957 "nisLDAPstoreErrorAttempts_help" 1958 1959nisLDAPstoreErrorAttempts=${NUM} 1960 1961echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE 1962} 1963 1964 1965get_nisLDAPstoreErrorTimeout() 1966{ 1967 1968# if nisLDAPstoreErrorAction="fail", then no point in asking 1969# for no. of attempts or timeout vales as they are ignored. 1970 1971[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1972 1973# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question. 1974 1975[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0 1976 1977get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\ 1978 "${DEF_nisLDAPstoreErrorTimeout}" \ 1979 "nisLDAPstoreErrorTimeout_help" 1980 1981nisLDAPstoreErrorTimeout=${NUM} 1982 1983# Store in config file only if a non-default value is specified. 1984if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then 1985 echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE 1986fi 1987} 1988 1989 1990 1991create_config_file() 1992{ 1993 1994# To prevent from leaving a partial config file in case some error or 1995# signal takes place, store the output being generated in a temporary 1996# file first, and move it at the final destination only at the end if 1997# everything goes fine. 1998 1999_CONFIG_FILE=$CONFIG_FILE 2000CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$ 2001 2002echo "Generating config file temporarily as \"${CONFIG_FILE}\"" 2003 2004# Truncate the file before we append anything. 2005# Place copyright information 2006put_config_file_copyright_info 2007 2008# Filter out all the YP domains in /var/yp 2009# The list of domains is stored in list "VARYP_DMN_LIST" 2010 2011echo "\ 2012# 2013# Configuration file for ypserv(1M); see ypserv(4) for more information, 2014# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping. 2015 2016# Unless otherwise noted, commented lines show default values. 2017" >> $CONFIG_FILE 2018 2019echo "\ 2020# Where to look for configuration information in LDAP. Leave empty or 2021# undefined to use this file, in which case the values of the other 2022# 'nisLdapConfig*' attributes are ignored. 2023# 2024#nisLDAPconfigDN=\ 2025" >> $CONFIG_FILE 2026 2027get_nisLDAPconfigDN 2028 2029echo " 2030 2031# Server(s) for configuration information. There is no default; 2032# use the value on the line below for an LDAP server running on 2033# this machine, at port 389. 2034#nisLDAPconfigPreferredServerList=127.0.0.1:389\ 2035" >> $CONFIG_FILE 2036 2037[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList 2038 2039echo " 2040 2041# Authentication method(s) to obtain configuration information. 2042#\ 2043" >> $CONFIG_FILE 2044 2045[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod 2046 2047echo " 2048 2049# Transport layer security for configuration information 2050# 2051#nisLDAPconfigTLS=${DEF_TLS}\ 2052" >> $CONFIG_FILE 2053 2054[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS 2055 2056echo " 2057 2058# Certificate DB for transport layer security 2059# 2060#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2061" >> $CONFIG_FILE 2062 2063# ask for Certificate DB only if SSL is set 2064if [ "${nisLDAPconfigTLS}" = "ssl" ]; then 2065 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath 2066fi 2067 2068echo " 2069 2070# Proxy user(s) to obtain configuration information. The line below 2071# is an example of the format. 2072# 2073#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\ 2074" >> $CONFIG_FILE 2075 2076# Ask proxy user bind DN only if needed. 2077if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2078 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser 2079fi 2080 2081echo " 2082 2083# Password for proxy user. Must be supplied if the authentication method 2084# requires a password. If a password appears in this file, it should be 2085# protected appropriately against access by unauthorized users. 2086# 2087#nisLDAPconfigProxyPassword=\ 2088" >> $CONFIG_FILE 2089 2090if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2091 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword 2092fi 2093 2094echo " 2095 2096# Server list for mapping data to/from LDAP. There is no default; 2097# use the value on the line below for an LDAP server running on 2098# this machine, at port 389. 2099#preferredServerList=127.0.0.1:389\ 2100" >> $CONFIG_FILE 2101 2102get_preferredServerList 2103 2104echo " 2105 2106# Authentication method for mapping data to/from LDAP 2107#\ 2108" >> $CONFIG_FILE 2109 2110get_authenticationMethod 2111 2112echo " 2113 2114# Transport layer security for mapping data to/from LDAP. 2115# 2116#nisLDAPTLS=${DEF_TLS}\ 2117" >> $CONFIG_FILE 2118 2119get_nisLDAPTLS 2120 2121echo " 2122 2123# Certificate DB for transport layer security 2124# 2125#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2126" >> $CONFIG_FILE 2127 2128# ask for Certificate DB only if SSL is set 2129if [ "${nisLDAPTLS}" = "ssl" ]; then 2130 get_nisLDAPTLSCertificateDBPath 2131fi 2132 2133echo " 2134 2135# Proxy user for ypserv. Assumed to have appropriate permission to read 2136# and/or create or modify LDAP data. The line below is an example of the 2137# format. 2138# 2139#nisLDAPproxyUser=cn=nisAdmin,ou=People,\ 2140" >> $CONFIG_FILE 2141 2142# Ask proxy user bind DN only if needed. 2143if [ "${authenticationMethod}" != "none" ]; then 2144 get_nisLDAPproxyUser 2145fi 2146 2147echo " 2148 2149# Password for proxy user. Must be supplied if the authentication method 2150# requires a password. If a password appears in this file, it should be 2151# protected appropriately against unauthorized access. 2152# 2153#nisLDAPproxyPassword=\ 2154" >> $CONFIG_FILE 2155 2156if [ "${authenticationMethod}" != "none" ]; then 2157 get_nisLDAPproxyPassword 2158fi 2159 2160echo " 2161 2162# Timeouts and time/size limits for LDAP operations. 2163# 2164#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\ 2165" >> $CONFIG_FILE 2166 2167get_nisLDAPbindTimeout 2168 2169echo " 2170#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\ 2171" >> $CONFIG_FILE 2172 2173get_nisLDAPsearchTimeout 2174 2175echo " 2176#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\ 2177" >> $CONFIG_FILE 2178 2179get_nisLDAPmodifyTimeout 2180 2181echo " 2182#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\ 2183" >> $CONFIG_FILE 2184 2185get_nisLDAPaddTimeout 2186 2187echo " 2188#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\ 2189" >> $CONFIG_FILE 2190 2191get_nisLDAPdeleteTimeout 2192 2193echo " 2194#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\ 2195" >> $CONFIG_FILE 2196 2197get_nisLDAPsearchTimeLimit 2198 2199echo " 2200#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\ 2201" >> $CONFIG_FILE 2202 2203get_nisLDAPsearchSizeLimit 2204 2205echo " 2206 2207# Should the ypserv follow LDAP referrals ? 2208# 2209#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\ 2210" >> $CONFIG_FILE 2211 2212get_nisLDAPfollowReferral 2213 2214echo " 2215 2216# Action, number of attempts, and timeout following an LDAP retrieval error 2217# 2218#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\ 2219" >> $CONFIG_FILE 2220 2221get_nisLDAPretrieveErrorAction 2222 2223echo " 2224#nisLDAPretrieveErrorAttempts=\ 2225" >> $CONFIG_FILE 2226 2227get_nisLDAPretrieveErrorAttempts 2228 2229echo " 2230#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\ 2231" >> $CONFIG_FILE 2232 2233get_nisLDAPretrieveErrorTimeout 2234 2235echo " 2236 2237# Action, number of attempts, and timeout following an LDAP store error 2238# 2239#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\ 2240" >> $CONFIG_FILE 2241 2242get_nisLDAPstoreErrorAction 2243 2244echo " 2245#nisLDAPstoreErrorAttempts=\ 2246" >> $CONFIG_FILE 2247 2248get_nisLDAPstoreErrorAttempts 2249 2250echo " 2251#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\ 2252" >> $CONFIG_FILE 2253 2254get_nisLDAPstoreErrorTimeout 2255 2256 2257# We are done, so move back the config file from temp. location 2258# to actual location. 2259# In case the config file name has a directory component which does 2260# not exist, then create it now, otherwise 'mv' will return error. 2261 2262DIR_TO_CREATE=`dirname ${_CONFIG_FILE}` 2263mkdir -p ${DIR_TO_CREATE} 2264 2265echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)" 2266mv $CONFIG_FILE $_CONFIG_FILE 2267 2268# Revert back the config file name in case needed. 2269CONFIG_FILE=$_CONFIG_FILE 2270echo "Finished creation of config file ( $_CONFIG_FILE )" 2271 2272} 2273 2274 2275put_mapping_file_copyright_info() 2276{ 2277 2278# Start with an emptty file, so don't append, but overwrite here. 2279# Just change the name and add the word pragma, but keep the same 2280# date and version number as in the ident string of this script. 2281 2282grep "ident \"@(#)$PROG" $ABS_PROG | \ 2283 sed "s/ ident/pragma ident/g" | \ 2284 sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE 2285 2286echo "\ 2287# 2288# Copyright 2003 Sun Microsystems, Inc. All rights reserved. 2289# Use is subject to license terms. 2290# 2291#------------------------------------------------------------------- 2292#\ 2293" >> $MAP_FILE 2294} 2295 2296 2297# 2298# Filter out all the YP domains in /var/yp 2299# The list of domains is stored in list "VARYP_DMN_LIST" 2300# 2301create_all_var_yp_domain_list() 2302{ 2303VARYP_DMN_LIST="" 2304 2305for entry in /var/yp/* 2306do 2307 DMN=`basename $entry` 2308 if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ] 2309 then 2310 VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN" 2311 fi 2312done 2313 2314# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2315[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2316} 2317 2318 2319# 2320# Ask user which domains would be served by N2L 2321# The list of N2L domains is stored in global array 2322# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT 2323# 2324create_n2l_domain_list() 2325{ 2326# First make a list of all the domains in /var/yp 2327create_all_var_yp_domain_list 2328 2329# Now identify those to be served by N2L 2330let count=0 2331 2332for DMN in $VARYP_DMN_LIST 2333do 2334 get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \ 2335 "n" "selectDomain4N2L_help" 2336 2337 if [ $? -eq 1 ]; then 2338 N2L_DMN_LIST[count]=$DMN 2339 let count="count + 1" 2340 fi 2341 2342done 2343N2L_DMN_CNT=$count 2344 2345[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]} 2346[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT 2347} 2348 2349 2350# 2351# Make various lists for different types of maps for each N2L domain 2352# and ask user if mapping information and comments need to be generated 2353# for custom maps. 2354# 2355# This function looks big, but since KSH does not support 2-D arrays, or 2356# two level of dereferencing, it forced to have so many lists and arrays. 2357# Lists are better for adding or removing elements, and arrays are better 2358# for accessing with index and in knowing the no. of elements. 2359# 2360create_map_lists() 2361{ 2362# Initialize them with no maps. 2363ALL_DMN_ALL_MAPLIST="" 2364ALL_DMN_DEF_MAPLIST="" 2365ALL_DMN_CUST_MAPLIST="" 2366ALL_DMN_AUTO_CUST_MAPLIST="" 2367 2368# Default to don't generate custom mapping info or comment info. 2369CUST_MAP_NEEDED=0 2370CUST_CMT_NEEDED=0 2371 2372let count=0 2373 2374while (( $count < $N2L_DMN_CNT )) 2375do 2376 DMN=${N2L_DMN_LIST[count]} 2377 MAPDIR=/var/yp/${DMN} 2378 2379 # Initialize per domain lists to NULL. 2380 ALL_MAPLIST="" 2381 DEF_MAPLIST="" 2382 CUST_MAPLIST="" 2383 AUTO_CUST_MAPLIST="" 2384 2385 for dbmfile in $MAPDIR/*.dir 2386 do 2387 MAP=`basename $dbmfile .dir` 2388 2389 # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname) 2390 if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \ 2391 [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]] 2392 then 2393 ALL_MAPLIST="$ALL_MAPLIST $MAP" 2394 2395 if present $MAP $DEFAULT_NIS_MAPS 2396 then 2397 DEF_MAPLIST="$DEF_MAPLIST $MAP" 2398 2399 elif [[ $MAP = auto.* ]] 2400 then 2401 AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP" 2402 2403 else 2404 # If we reached here, means it is custom map. 2405 get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \ 2406 "n" "generate_mapping_info_for_cust_map_help" 2407 2408 if [ $? -eq 1 ] 2409 then 2410 CUST_MAPLIST="$CUST_MAPLIST $MAP" 2411 else 2412 # If a customer map is not desired, then delete it from 2413 # all maplist too. 2414 ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST) 2415 fi 2416 2417 fi 2418 2419 fi 2420 2421 done 2422 2423 # Make ALL_DMN lists as they are very helpful in checking if a map exists. 2424 ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST) 2425 ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST) 2426 ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST) 2427 ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \ 2428 $AUTO_CUST_MAPLIST) 2429 2430 # Store per domain lists in arrays. 2431 ALL_MAPS[$count]="$ALL_MAPLIST" 2432 DEF_MAPS[$count]="$DEF_MAPLIST" 2433 CUST_MAPS[$count]="$CUST_MAPLIST" 2434 AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST" 2435 2436 [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]} 2437 [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]} 2438 [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]} 2439 [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]} 2440 2441 let count="count + 1" 2442done 2443 2444[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST 2445[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST 2446[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST 2447[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST 2448 2449# Store all domain lists in array too. 2450set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST 2451set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST 2452set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST 2453set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST 2454 2455# A positive customer map count implies custom mapping information 2456# is required. Set this flag. 2457[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1 2458 2459# Give bit of info, and ask if comments need to be placed in mapping file 2460echo " 2461 This script can place relevant information regarding custom 2462 maps at appropriate places in the mapping file which can be 2463 helpful in customizing this file. 2464" 2465 2466get_confirm "Do you want such information to be generated (y/n/h)?" \ 2467 "n" "generate_comment_info_for_cust_map_help" 2468 2469[ $? -eq 1 ] && CUST_CMT_NEEDED=1 2470 2471[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED 2472[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED 2473 2474} 2475 2476 2477# 2478# Ask user the context for each (N2l) domain 2479# 2480get_nisLDAPdomainContext() 2481{ 2482echo " 2483# List domains and contexts 2484" >> $MAP_FILE 2485 2486for DMN in ${N2L_DMN_LIST[*]} 2487do 2488 while : 2489 do 2490 # Convert to domain in dc format for default choice 2491 domain_2_dc $DMN 2492 2493 get_ans "Enter the naming context for $DMN domain (h=help):"\ 2494 "$_DOM_2_DC" 2495 2496 # If help continue, otherwise break. 2497 case "$ANS" in 2498 [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;; 2499 * ) break ;; 2500 esac 2501 done 2502 2503 # If a value is specified, set it, and save in mapping file too. 2504 if [ "$ANS" != "" ]; then 2505 echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE 2506 fi 2507 2508 [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}" 2509done 2510} 2511 2512 2513# 2514# Ask user the domains for which passwords should be changed 2515# 2516get_nisLDAPyppasswddDomains() 2517{ 2518 2519echo " 2520# List domains for which passwords should be changed. If this is not 2521# present then the value returned by 'domainname' will be used. 2522" >> $MAP_FILE 2523 2524for DMN in ${N2L_DMN_LIST[*]} 2525do 2526 get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \ 2527 "n" "nisLDAPyppasswddDomains_help" 2528 2529 if [ $? -eq 1 ]; then 2530 echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE 2531 fi 2532done 2533 2534echo " 2535# 2536#------------------------------------------------------------------- 2537#\ 2538" >> $MAP_FILE 2539} 2540 2541 2542# 2543# Create NIS databaseId mappings (aliases) 2544# 2545create_nisLDAPdatabaseIdMapping() 2546{ 2547echo ' 2548# Associate map names with databaseIds (aliases) 2549 2550# Standard maps 2551nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname 2552nisLDAPdatabaseIdMapping group: group.bygid group.byname 2553nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \ 2554 hosts.byaddr hosts.byname 2555# Special mapping to handle the YP_MULTI cases 2556nisLDAPdatabaseIdMapping multihosts: \ 2557 [addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \ 2558 hosts.byname 2559nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname 2560nisLDAPdatabaseIdMapping project: project.byname project.byprojid 2561nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber 2562nisLDAPdatabaseIdMapping services: services.byname services.byservicename 2563 2564# netid.byname is built up from the hosts and passwd files using different 2565# mappings. It thus has two associated nisLDAPdatabaseIdMappings. 2566nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname 2567nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname 2568 2569# The next two are special databaseIds. They associate maps with databaseIds 2570# but additionally identify which maps contain password and password adjunct 2571# information for yppasswdd. 2572nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid 2573 2574# mail.byaddr needs to select entries of the form x@y or x!y 2575nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \ 2576 mail.byaddr 2577 2578# publickey.byname 2579# Each entry in publickey map consists of a network user name which 2580# may refer to a host or a user. It also contains a default entry for nobody. 2581# Hence, we need three nisLDAPdatabaseIdmappings to support the three 2582# different types of keys. 2583nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \ 2584 publickey.byname 2585nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \ 2586 publickey.byname 2587nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname 2588 2589# Single standard maps. No point aliasing. 2590# mail.aliases 2591# netmasks.byaddr 2592# rpc.bynumber 2593# ypservers 2594 2595# Other maps 2596# ipnodes looks identical to hosts but maps to a different context. 2597nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \ 2598 ipnodes.byaddr ipnodes.byname 2599# Special mapping to handle the YP_MULTI cases 2600nisLDAPdatabaseIdMapping multiipnodes: \ 2601 [addr="*:*,*"] \ 2602 ipnodes.byname 2603 2604# Other single maps. No point aliasing 2605# audit_user 2606# auth_attr 2607# exec_attr 2608# prof_attr 2609# user_attr 2610# auto.home 2611# auto.master 2612# bootparams 2613# timezone.byname 2614# printers.conf.byname 2615# passwd.adjunct.byname 2616# group.adjunct.byname 2617' >> $MAP_FILE 2618 2619[ CUST_CMT_NEEDED -eq 1 ] && \ 2620echo " 2621# If any custom map needs to be aliased, then it should be listed 2622# here in the following format : 2623# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...] 2624" >> $MAP_FILE 2625 2626[ CUST_MAP_NEEDED -eq 1 ] && \ 2627echo "\ 2628# Not aliasing non-default/custom maps as they are assumed to be 2629# simple, single maps.\ 2630" >> $MAP_FILE 2631 2632for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 2633do 2634 echo "# $MAP" >> $MAP_FILE 2635done 2636 2637echo "\ 2638# 2639#------------------------------------------------------------------------------ 2640# 2641" >> $MAP_FILE 2642} 2643 2644 2645# 2646# Finds the domains in which the given map exists in the supplied list. 2647# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are 2648# set globally, so they can be accessed from any where. 2649# Input : $1 - map, $2 - list name (just name, not the value) 2650# 2651find_domains() 2652{ 2653_MAP=$1 2654_ARRAY=$2 2655 2656let PRESENT_COUNT=0 2657PRESENT_IN_DOMAINS="" 2658 2659let count=0 2660 2661while (( $count < $N2L_DMN_CNT )) 2662do 2663 2664 # Quick and dirty way to get around unavailability of 2D array 2665 case "$_ARRAY" in 2666 ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;; 2667 DEF_MAPS ) _LIST=${DEF_MAPS[$count]} ;; 2668 CUST_MAPS ) _LIST=${CUST_MAPS[$count]} ;; 2669 AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;; 2670 * ) echo "Invalid value: \"${_ARRAY}\". \c" 2671 ;; 2672 esac 2673 2674 if present $_MAP $_LIST 2675 then 2676 let PRESENT_COUNT="$PRESENT_COUNT + 1" 2677 PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}" 2678 fi 2679 let count="count + 1" 2680done 2681 2682[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT" 2683[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS" 2684 2685return 0 2686} 2687 2688 2689# 2690# For a given map, find out which list it belongs to (PRESENT_IN_LIST), 2691# and in how many domains this map shows up (PRESENT_COUNT), and in 2692# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so 2693# they can be accessed from any where. 2694# 2695find_map_presence_details() 2696{ 2697_MAP=$1 2698 2699let PRESENT_COUNT=0 2700PRESENT_IN_LIST="" 2701PRESENT_IN_DOMAINS="" 2702 2703# If the map does not exist, return right away, else 2704# find which list it belongs to. 2705# If a map exists in def or auto or cust lists, then 2706# it also exists in "all" list. 2707 2708if ! present $_MAP $ALL_DMN_ALL_MAPLIST 2709then 2710 return 1 2711 2712elif present $_MAP $ALL_DMN_DEF_MAPLIST 2713then 2714 PRESENT_IN_LIST="DEF_MAPS" 2715 2716elif present $_MAP $ALL_DMN_CUST_MAPLIST 2717then 2718 PRESENT_IN_LIST="CUST_MAPS" 2719 2720else 2721 # If map exists, and not in previous two lists, 2722 # then it has to be here only. 2723 PRESENT_IN_LIST="AUTO_CUST_MAPS" 2724fi 2725 2726# Now we know which list the map belongs to. So, we need to 2727# find which are the domains in which this map exists. 2728 2729find_domains $_MAP $PRESENT_IN_LIST 2730 2731# Since the above function sets the values of PRESENT_COUNT and 2732# PRESENT_IN_DOMAINS fields, we don't need to do anything else. 2733 2734[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST" 2735 2736return 0 2737} 2738 2739 2740# 2741# Check if the comment char is a single character, return 0 on success. 2742# Input is passed via global variable "COMMENT_CHAR" 2743# 2744valid_comment_char() 2745{ 2746COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c` 2747 2748# echo adds new line character, so adjust length appropriately 2749if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then 2750 echo " Comment character has to be a blank or single character; try again." 2751 return 1 2752else 2753 return 0 2754fi 2755} 2756 2757 2758# 2759# Read the comment character for a MAP. Append in mapping file if valid. 2760# Input - $1 : MAP name 2761# 2762get_comment_char() 2763{ 2764_MAP=$1 2765 2766while : 2767do 2768 get_ans "Specify the comment character for $_MAP :" 2769 COMMENT_CHAR=$ANS 2770 2771 if valid_comment_char; then 2772 break 2773 fi 2774done 2775 2776echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE 2777} 2778 2779 2780# 2781# Read a seperate comment character for a MAP for each domain and 2782# update this information in mapping file. 2783# Input - $1 : MAP name, $@ : list of domains 2784# 2785get_comment_char_per_domain() 2786{ 2787_MAP=$1 2788shift 2789_DOMAIN_LIST="$@" 2790 2791for _DMN in $_DOMAIN_LIST 2792do 2793 2794 while : 2795 do 2796 2797 get_ans "Specify the comment character for $_MAP,${_DMN} :" 2798 COMMENT_CHAR=$ANS 2799 2800 if valid_comment_char; then 2801 break 2802 fi 2803 2804 done 2805 echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE 2806 2807done 2808} 2809 2810 2811# 2812# This function generates custom comment entries. The output is 2813# appended in the mapping file. 2814# 2815get_custom_nisLDAPcommentChar() 2816{ 2817 2818# All the auto mounter maps are assumed to have '#' as the default comment 2819# char. But still list the non-default auto map entries here anyway. This 2820# will make it very easy in case these entries need to be changed. 2821 2822for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 2823do 2824 echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE 2825done 2826 2827if [ CUST_MAP_NEEDED -eq 1 ]; then 2828 get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \ 2829 "n" "custom_map_comment_char_help" 2830 2831 if [ $? -eq 1 ]; then 2832 for MAP in ${ALL_DMN_CUST_MAPS[*]} 2833 do 2834 2835 get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \ 2836 "n" "custom_map_comment_char_help" 2837 2838 if [ $? -eq 1 ]; then 2839 find_domains $MAP CUST_MAPS 2840 if [ $PRESENT_COUNT -gt 1 ]; then 2841 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 2842 2843 get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \ 2844 "y" "same_comment_char_help" 2845 2846 if [ $? -eq 1 ]; then 2847 get_comment_char $MAP 2848 else 2849 get_comment_char_per_domain $MAP "$PRESENT_IN_DOMAINS" 2850 fi 2851 2852 else 2853 get_comment_char $MAP 2854 fi 2855 2856 fi 2857 done 2858 fi 2859fi 2860 2861} 2862 2863 2864# List comment character (if any) for maps 2865create_nisLDAPcommentChar() 2866{ 2867 2868echo "\ 2869# Specify the character representing the start of comments. 2870" >> $MAP_FILE 2871 2872[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2873# The comment character represents the start of the special 'comment' 2874# field in a given NIS map. If this attribute is not present then the 2875# default comment character '#' is used. If a map cannot contain comments 2876# then the NULL ('') comment character should be specified. The format to 2877# specify the comment character is : 2878# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char' 2879" >> $MAP_FILE 2880 2881echo "\ 2882nisLDAPcommentChar group : '' 2883nisLDAPcommentChar passwd : '' 2884nisLDAPcommentChar ageing.byname : '' 2885nisLDAPcommentChar audit_user : '' 2886nisLDAPcommentChar auth_attr : '' 2887nisLDAPcommentChar exec_attr : '' 2888nisLDAPcommentChar user_attr : '' 2889nisLDAPcommentChar bootparams : '' 2890" >> $MAP_FILE 2891 2892# Need to handle passwd.adjunct.byname map for multiple domain. 2893_MAP=passwd.adjunct.byname 2894if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2895then 2896 # Just put the syntax in comment form 2897 echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2898else 2899 # Find the domains in which this map exists. 2900 find_domains $_MAP DEF_MAPS 2901 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2902 then 2903 # Don't put domain info as the map is present in all of them. 2904 echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2905 else 2906 # Not every domain has this map. So, list for the ones which do. 2907 for _DMN in $PRESENT_IN_DOMAINS 2908 do 2909 echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2910 done 2911 fi 2912fi 2913# passwd.adjunct.byname done 2914 2915 2916# Need to handle group.adjunct.byname map for multiple domain. 2917_MAP=group.adjunct.byname 2918if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2919then 2920 # Just put the syntax in comment form 2921 echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2922else 2923 # Find the domains in which this map exists. 2924 find_domains $_MAP DEF_MAPS 2925 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2926 then 2927 # Don't put domain info as the map is present in all of them. 2928 echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2929 else 2930 # Not every domain has this map. So, list for the ones which do. 2931 for _DMN in $PRESENT_IN_DOMAINS 2932 do 2933 echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2934 done 2935 fi 2936fi 2937# group.adjunct.byname done 2938 2939echo "" >> $MAP_FILE 2940 2941# Ask user for comment char for custom maps 2942get_custom_nisLDAPcommentChar 2943 2944echo " 2945# 2946#------------------------------------------------------------------------------ 2947# 2948" >> $MAP_FILE 2949} 2950 2951 2952# 2953# Generate secure flag entries 2954# 2955create_secure_flag_entries() 2956{ 2957echo "\ 2958# Specify YP_SECURE flags 2959" >> $MAP_FILE 2960 2961[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2962# If a map is secure, then it needs to be mentioned here 2963# in the following format : 2964# nisLDAPmapFlags mapname : s 2965">> $MAP_FILE 2966 2967# Need to handle passwd.adjunct.byname map for multiple domain. 2968_MAP=passwd.adjunct.byname 2969if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2970then 2971 # Just put the syntax in comment form 2972 echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 2973else 2974 # Find the domains in which this map exists. 2975 find_domains $_MAP DEF_MAPS 2976 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2977 then 2978 # Don't put domain info as the map is present in all of them. 2979 echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 2980 else 2981 # Not every domain has this map. So, list for the ones which do. 2982 for _DMN in $PRESENT_IN_DOMAINS 2983 do 2984 echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE 2985 done 2986 fi 2987fi 2988 2989# Need to handle group.adjunct.byname map for multiple domain. 2990_MAP=group.adjunct.byname 2991if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2992then 2993 # Just put the syntax in comment form 2994 echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 2995else 2996 # Find the domains in which this map exists. 2997 find_domains $_MAP DEF_MAPS 2998 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2999 then 3000 # Don't put domain info as the map is present in all of them. 3001 echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 3002 else 3003 # Not every domain has this map. So, list for the ones which do. 3004 for _DMN in $PRESENT_IN_DOMAINS 3005 do 3006 echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE 3007 done 3008 fi 3009fi 3010 3011echo "" >> $MAP_FILE 3012 3013STR="any" # Just to make the question look better. 3014while : 3015do 3016 get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \ 3017 "n" "secure_flag_on_help" 3018 3019 if [ $? -eq 0 ]; then 3020 return 0 3021 3022 else 3023 get_ans "Enter the MAP name :" 3024 MAP=$ANS 3025 3026 if [[ $MAP = "" ]]; then 3027 echo " Error : BLANK map name not allowed; try again" 3028 continue 3029 fi 3030 3031 # Check if the supplied map name exists, and if yes, then 3032 # set the PRESENT attributes for further processing 3033 3034 find_map_presence_details $MAP 3035 3036 case $PRESENT_COUNT in 3037 3038 0 ) echo " Error : $MAP not found in any domain; try again" 3039 ;; 3040 3041 1 ) # The map exists in only one domain. 3042 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3043 STR="another" # Just to make the question look better. 3044 ;; 3045 3046 * ) # The map exists in multiple domain. Ask if this flag needs 3047 # to be set for all domains, or some specific ones. 3048 3049 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 3050 get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \ 3051 "y" "secure_flag_all_domains_help" 3052 3053 if [ $? -eq 1 ]; then 3054 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3055 else 3056 3057 for _DMN in $PRESENT_IN_DOMAINS 3058 do 3059 3060 get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?" 3061 3062 if [ $? -eq 1 ]; then 3063 echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE 3064 fi 3065 3066 done 3067 fi 3068 STR="another" # Just to make the question look better. 3069 ;; 3070 3071 esac 3072 3073 fi 3074done 3075} 3076 3077 3078# 3079# Generate interdomain flag entries 3080# 3081create_interdomain_flag_entries() 3082{ 3083 3084INTERDOMAIN_MAP_LIST="ipnodes 3085 multiipnodes 3086 hosts 3087 multihosts 3088 services.byservicename" 3089 3090# 3091# Simple function to avoid duplication of code 3092# 3093print_interdomain_entries() 3094{ 3095for _MAP in $INTERDOMAIN_MAP_LIST 3096do 3097 echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3098done 3099} 3100 3101echo " 3102# Specify YP_INTERDOMAIN flags 3103" >> $MAP_FILE 3104 3105[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3106# It is used to indicate NIS servers to use the domain name resolver for 3107# host name and address lookups for hosts not found in the maps. 3108# If set, it adds YP_INTERDOMAIN entries in these maps when converting 3109# data from LDAP to YP. It needs to be set in the following format : 3110# nisLDAPmapFlags mapname : b 3111" >> $MAP_FILE 3112 3113# List one set of entries in commented form anyway as it might help 3114# user understand what it means. 3115 3116echo "\ 3117# If \$B is set in /var/yp/Makefile, then this flag should be 3118# set for following maps :\ 3119" >> $MAP_FILE 3120 3121for _MAP in $INTERDOMAIN_MAP_LIST 3122do 3123 echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3124done 3125 3126# Put a blank line for indentation purpose 3127echo >> $MAP_FILE 3128 3129get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \ 3130 "n" "interdomain_flag_on_help" 3131 3132if [ $? -eq 1 ]; then 3133 3134 if [ $N2L_DMN_CNT -gt 1 ]; then 3135 3136 get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \ 3137 "y" "interdomain_flag_all_domains_help" 3138 3139 if [ $? -eq 1 ]; then 3140 print_interdomain_entries 3141 else 3142 3143 for _DMN in ${N2L_DMN_LIST[*]} 3144 do 3145 get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?" 3146 3147 if [ $? -eq 1 ]; then 3148 for _MAP in $INTERDOMAIN_MAP_LIST 3149 do 3150 echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE 3151 done 3152 fi 3153 3154 done 3155 fi 3156 3157 else 3158 print_interdomain_entries 3159 fi 3160fi 3161 3162echo " 3163# 3164#------------------------------------------------------------------------------ 3165# 3166" >> $MAP_FILE 3167 3168return 0 3169} 3170 3171 3172# 3173# List SECURE and INTERDOMAIN flags 3174# 3175create_nisLDAPmapFlags() 3176{ 3177create_secure_flag_entries 3178create_interdomain_flag_entries 3179} 3180 3181 3182# 3183# Print one Map TTL entry in mapping file using supplied TTL. 3184# 3185print_one_map_ttl_entry() 3186{ 3187_Map=$1 3188_iTtlLo=$2 3189_iTtlHi=$3 3190_runTtl=$4 3191 3192echo "\ 3193nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\ 3194" >> $MAP_FILE 3195 3196return 0 3197} 3198 3199 3200# 3201# Print all the maps TTL entries of same TTL 3202# values using the supplied TTL triplet. 3203# 3204print_all_same_ttl_entries() 3205{ 3206_iTTLlo=$1 3207_iTTLhi=$2 3208_runTTL=$3 3209 3210for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3211 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3212do 3213 3214 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3215 [ "$_MAP" != "group.adjunct.byname" ] 3216 then 3217 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3218 3219 else 3220 3221 # adjunct maps might not exist in all the domains. 3222 find_domains $_MAP DEF_MAPS 3223 3224 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3225 then 3226 3227 # Don't put domain info as the map is present in all of them. 3228 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3229 3230 else 3231 3232 for _DMN_ in $PRESENT_IN_DOMAINS 3233 do 3234 _STR="${_MAP},${_DMN_}" 3235 print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL 3236 done 3237 3238 fi 3239 fi 3240done 3241 3242return 0 3243} 3244 3245# 3246# Read the initialTTLlo. Set the value in global variable. 3247# 3248get_ittl_lo() 3249{ 3250get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \ 3251 "$DEF_iTTLlo" "initialTTLlo_help" 3252 3253iTTLlo=${NUM} 3254} 3255 3256 3257# 3258# Read the initialTTLhi. Set the value in global variable. 3259# 3260get_ittl_hi() 3261{ 3262get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \ 3263 "$DEF_iTTLhi" "initialTTLhi_help" 3264 3265iTTLhi=${NUM} 3266} 3267 3268 3269# 3270# Read the initialTTLhi. Set the value in global variable. 3271# 3272get_run_ttl() 3273{ 3274get_pos_int "Runtime TTL (in seconds) (h=help):" \ 3275 "$DEF_runTTL" "runningTTL_help" 3276 3277runTTL=${NUM} 3278} 3279 3280 3281# 3282# Read one TTL triplet. Set the result in global variables. 3283# 3284read_one_ttl_triplet() 3285{ 3286# Just call the individual functions for each TTL. 3287 3288 get_ittl_lo 3289 get_ittl_hi 3290 get_run_ttl 3291 3292[ $DEBUG -eq 1 ] && \ 3293 echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}" 3294 3295return 0 3296} 3297 3298# 3299# Takes MAP name (with or without domain name) as argument, asks 3300# user for TTL values, and appends the entry in the mapping file. 3301# 3302process_one_map_ttl_value() 3303{ 3304 3305_Map_="$1" 3306 3307get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \ 3308 "y" "default_different_ttl_help" 3309 3310if [ $? -eq 1 ]; then 3311 print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3312else 3313 3314 echo "Reading TTL values for $_Map_ :" 3315 read_one_ttl_triplet 3316 print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL 3317 3318fi 3319return 0 3320} 3321 3322 3323# 3324# Read only one TTL triplet for each existing MAP without asking 3325# different values for each domain and update the mapping file. 3326# 3327read_all_maps_ttl_values_no_multiple_domain_issue() 3328{ 3329 3330# Need to read only one TTL triplet for each existing MAP. 3331 3332for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3333 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3334do 3335 3336 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3337 [ "$_MAP" != "group.adjunct.byname" ] 3338 then 3339 process_one_map_ttl_value $_MAP 3340 3341 else 3342 3343 # adjunct maps might not exist in all the domains. 3344 find_domains $_MAP DEF_MAPS 3345 3346 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3347 then 3348 3349 # Don't put domain info as the map is present in all of them. 3350 process_one_map_ttl_value $_MAP 3351 3352 else 3353 3354 for _DMN_ in $PRESENT_IN_DOMAINS 3355 do 3356 _STR="${_MAP},${_DMN_}" 3357 process_one_map_ttl_value $_STR 3358 done 3359 3360 fi 3361 fi 3362done 3363 3364return 0 3365} 3366 3367 3368# 3369# Read TTL triplet for each default MAP (in database ID form) while 3370# taking care of multiple domains issue and update the mapping file. 3371# 3372read_default_maps_ttl_values_with_multi_domain_issue() 3373{ 3374 3375for _MAP_ in ${DEF_TTL_MAPLIST} 3376do 3377 if [ "$_MAP_" != "passwd.adjunct.byname" ] && \ 3378 [ "$_MAP_" != "group.adjunct.byname" ] 3379 then 3380 3381 for _DMN_ in ${N2L_DMN_LIST[*]} 3382 do 3383 _STR_="${_MAP_},${_DMN_}" 3384 # Now process each combination one at a time. 3385 process_one_map_ttl_value "$_STR_" 3386 done 3387 3388 else 3389 # List only those domains in which adjunct.byname exists. 3390 find_domains $_MAP_ DEF_MAPS 3391 for _DMN_ in $PRESENT_IN_DOMAINS 3392 do 3393 _STR_="${_MAP_},${_DMN_}" 3394 process_one_map_ttl_value "$_STR_" 3395 done 3396 fi 3397done 3398 3399return 0 3400} 3401 3402 3403# 3404# Read TTL triplet for each existing custom MAP while taking 3405# care of multiple domains issue and update the mapping file. 3406# 3407read_custom_maps_ttl_values_with_multi_domain_issue() 3408{ 3409 3410for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]} 3411do 3412 3413 find_map_presence_details $_MAP_ 3414 3415 if [ $PRESENT_COUNT -eq 1 ]; then 3416 3417 # This map exists in only one domain. 3418 # So, no need to ask for multiple domains. 3419 3420 process_one_map_ttl_value $_MAP_ 3421 3422 else 3423 3424 # Handle multiple domains. 3425 3426 echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS" 3427 3428 get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3429 "y" "same_ttl_across_domains_help" 3430 3431 if [ $? -eq 1 ]; then 3432 3433 # Need to read only one TTL triplet for this MAP. 3434 process_one_map_ttl_value $_MAP_ 3435 3436 else 3437 3438 # Need to ask for each domain 3439 3440 for _DMN_ in $PRESENT_IN_DOMAINS 3441 do 3442 _STR="${_MAP_},${_DMN_}" 3443 3444 # Now process each combination one at a time. 3445 process_one_map_ttl_value "$_STR" 3446 3447 done 3448 fi 3449 fi 3450done 3451 3452return 0 3453} 3454 3455 3456# 3457# List the TTL values for various MAPs 3458# 3459create_nisLDAPentryTtl() 3460{ 3461 3462echo "\ 3463# Associate TTLs with NIS entries derived from LDAP 3464" >> $MAP_FILE 3465 3466[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3467# Each map has three TTL values which are specified in seconds. 3468# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial 3469# TTL (in seconds) for data read from disk when the ypserv starts. 3470# 3471# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL. 3472# 3473# 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data 3474# retrieved from LDAP while the ypserv is running. 3475# 3476# If any value is not specified, then default value is used. 3477# The format of TTL entry is : 3478# nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL 3479" >> $MAP_FILE 3480 3481# If no maps are present, just return. 3482[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0 3483 3484echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}" 3485get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \ 3486 "n" "default_ttl_help" 3487 3488if [ $? -eq 0 ]; then 3489 # Default values accepted for all the maps. 3490 # So, just print all the maps with default TTL values. 3491 3492 print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3493 3494else 3495 echo "You would be allowed to enter the new TTL values." 3496 get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \ 3497 "y" "non_default_same_ttl_help" 3498 3499 if [ $? -eq 1 ]; then 3500 # Need to read only one TTL triplet. 3501 # Print all the maps with new TTL triplet. 3502 3503 # read one ttl triplet 3504 echo "Enter the new TTL values :" 3505 3506 read_one_ttl_triplet 3507 3508 print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL 3509 3510 else 3511 if [ $N2L_DMN_CNT -eq 1 ]; then 3512 3513 # TTL values are different now. But we haev only one domain. 3514 # So, no need to worry about multiple domains. Need to read 3515 # only one TTL triplet for each existing MAP. 3516 3517 read_all_maps_ttl_values_no_multiple_domain_issue 3518 3519 else 3520 3521 # TTL values are different now. And we have multiple domains 3522 # too. Check if MAPS are going to have same TTL across domains. 3523 # This is just to avoid asking too many TTL triplet inputs 3524 3525 echo "You would be allowed to enter different TTL values for each map." 3526 3527 get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3528 "y" "non_default_different_ttl_help" 3529 3530 if [ $? -eq 1 ]; then 3531 3532 # Need to read only one TTL triplet for each existing MAP. 3533 read_all_maps_ttl_values_no_multiple_domain_issue 3534 3535 else 3536 3537 # We have hit the worst case scenario. TTLs could be 3538 # different per map and per domain. 3539 3540 read_default_maps_ttl_values_with_multi_domain_issue 3541 read_custom_maps_ttl_values_with_multi_domain_issue 3542 fi 3543 fi 3544 fi 3545fi 3546 3547echo " 3548# 3549#------------------------------------------------------------------------------ 3550# 3551" >> $MAP_FILE 3552 3553return 0 3554} 3555 3556 3557# 3558# The custom maps for which we do not have enough 3559# information to be able to generate specific entries, 3560# we just log the message that the user needs to take 3561# care of those entries manually. 3562# 3563ask_user_to_update_the_custom_map_entries_too() 3564{ 3565 3566if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then 3567 3568 echo " 3569# Similar entries need to be created 3570# for following custom maps too :\ 3571" >> $MAP_FILE 3572 3573 for _MAP in ${ALL_DMN_CUST_MAPS[*]} 3574 do 3575 echo "# $_MAP" >> $MAP_FILE 3576 done 3577fi 3578} 3579 3580 3581put_default_nisLDAPnameFields() 3582{ 3583echo ' 3584# Associate names with fields in the maps. Must be same for all domains. 3585nisLDAPnameFields audit_user: \ 3586 ("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags) 3587 3588nisLDAPnameFields auto.home: \ 3589 ("%s",value) 3590 3591nisLDAPnameFields auto.master: \ 3592 ("%s",value) 3593 3594nisLDAPnameFields auth_attr: \ 3595 ("%s:%s:%s:%s:%s:%s", \ 3596 name, res1, res2, short_desc, long_desc, attrs ) 3597 3598nisLDAPnameFields bootparams: \ 3599 ("%s", params) 3600 3601nisLDAPnameFields ethers: \ 3602 ("%s %s", addr, name) 3603 3604nisLDAPnameFields exec_attr: \ 3605 ("%s:%s:%s:%s:%s:%s:%s", \ 3606 name, policy, type, res1, res2, id, attrs) 3607 3608nisLDAPnameFields group: \ 3609 ("%s:%s:%s:%s", name, passwd, gid, users) 3610' >> $MAP_FILE 3611 3612# Need to handle group.adjunct.byname map for multiple domain. 3613 3614_MAP=group.adjunct.byname 3615if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3616then 3617 # Just put the syntax in comment form 3618 echo '#nisLDAPnameFields group.adjunct.byname: \ 3619# ("%s:%s", name, passwd) 3620' >> $MAP_FILE 3621else 3622 # Find the domains in which this map exists. 3623 find_domains $_MAP DEF_MAPS 3624 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3625 then 3626 3627 # Don't put domain info as the map is present in all of them. 3628 echo 'nisLDAPnameFields group.adjunct.byname: \ 3629 ("%s:%s", name, passwd) 3630' >> $MAP_FILE 3631 else 3632 # Not every domain has this map. So, list for the ones which do. 3633 for _DMN in $PRESENT_IN_DOMAINS 3634 do 3635 echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\ 3636 (\"%s:%s\", name, passwd) 3637" >> $MAP_FILE 3638 done 3639 fi 3640fi 3641 3642echo 'nisLDAPnameFields keys.host: \ 3643 ("%s:%s", publicKey ,secretKey) 3644 3645nisLDAPnameFields keys.pass: \ 3646 ("%s:%s", publicKey ,secretKey) 3647 3648nisLDAPnameFields keys.nobody: \ 3649 ("%s:%s", publicKey ,secretKey) 3650 3651nisLDAPnameFields hosts: \ 3652 ("%a %s %s", addr, canonicalName, aliases) 3653 3654nisLDAPnameFields multihosts: \ 3655 ("%a %s %s", addr, canonicalName, aliases) 3656 3657nisLDAPnameFields ipnodes: \ 3658 ("%a %s %s", addr, canonicalName, aliases) 3659 3660nisLDAPnameFields multiipnodes: \ 3661 ("%a %s %s", addr, canonicalName, aliases) 3662 3663nisLDAPnameFields mail.aliases: \ 3664 ("%s", addresses) 3665 3666nisLDAPnameFields mail.mapping: \ 3667 ("%s", address) 3668 3669# memberTriples is split into sub-fields by a latter nisLDAPsplitField 3670# attribute. 3671nisLDAPnameFields netgroup: \ 3672 ("%s", memberTriples) 3673 3674nisLDAPnameFields netid.host: \ 3675 ("%s:%s", number, data) 3676 3677nisLDAPnameFields netid.pass: \ 3678 ("%s:%s", number, data) 3679 3680nisLDAPnameFields netmasks.byaddr: \ 3681 ("%a", mask) 3682 3683nisLDAPnameFields networks: \ 3684 ("%s %s %s", name, number, aliases) 3685 3686nisLDAPnameFields project: \ 3687 ("%s:%s:%s:%s:%s:%s", \ 3688 name, projID, comment, users, groups, attrs) 3689 3690nisLDAPnameFields protocols: \ 3691 ("%s %s %s", name, number, aliases) 3692 3693nisLDAPnameFields rpc.bynumber: \ 3694 ("%s %s %s", name, number, aliases) 3695 3696nisLDAPnameFields passwd: \ 3697 ("%s:%s:%s:%s:%s:%s:%s", \ 3698 name, passwd, uid, gid, gecos, home, shell) 3699 3700# It is not obvious what the fields in passwd.adjunct are for. They are not 3701# the same as the shadow map. The following is based on information in:- 3702# 3703# lib/libbc/inc/include/pwdadj.h. 3704# 3705# This file implies that these are documented in getpwaent(3) but this man page 3706# does not seem to exist. 3707# 3708# It is believed that 'min','max' and 'def' labels were reserved fields in 3709# SunOS 4.x and are now unused. 'always' and 'never' audit information is 3710# now contained in audit_user(4) so is now unused. 3711# 3712' >> $MAP_FILE 3713 3714# Need to handle passwd.adjunct.byname map for multiple domain. 3715 3716_MAP=passwd.adjunct.byname 3717if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3718then 3719 # Just put the syntax in comment form 3720 echo '#nisLDAPnameFields passwd.adjunct.byname: \ 3721# ("%s:%s:%s:%s:%s:%s:%s", \ 3722# name, passwd, min, max, def, always, \ 3723# never) 3724' >> $MAP_FILE 3725else 3726 # Find the domains in which this map exists. 3727 find_domains $_MAP DEF_MAPS 3728 3729 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3730 then 3731 3732 # Don't put domain info as the map is present in all of them. 3733 echo 'nisLDAPnameFields passwd.adjunct.byname: \ 3734 ("%s:%s:%s:%s:%s:%s:%s", \ 3735 name, passwd, min, max, def, always, \ 3736 never) 3737' >> $MAP_FILE 3738 else 3739 # Not every domain has this map. So, list for the ones which do. 3740 for _DMN in $PRESENT_IN_DOMAINS 3741 do 3742 echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\ 3743 (\"%s:%s:%s:%s:%s:%s:%s\", \\ 3744 name, passwd, min, max, def, always, \\ 3745 never) 3746" >> $MAP_FILE 3747 done 3748 fi 3749fi 3750 3751echo ' 3752nisLDAPnameFields printers.conf.byname: \ 3753 ("%s:%s", names, values) 3754 3755nisLDAPnameFields prof_attr: \ 3756 ("%s:%s:%s:%s:%s", \ 3757 name, res1, res2, desc, attrs) 3758 3759nisLDAPnameFields services: \ 3760 ("%s %s/%s %s", name, port, protocol, aliases) 3761 3762# This map is never created but yppasswd uses the mapping to extract password 3763# ageing information from the DIT. The password itself is not required by this 3764# mechanism so is not included in the ageing mapping. 3765nisLDAPnameFields ageing.byname: \ 3766 ("%s:%s:%s:%s:%s:%s:%s:%s", \ 3767 name, lastchg, min, max, warn, inactive, \ 3768 expire, flag) 3769 3770nisLDAPnameFields timezone.byname: \ 3771 ("%s %s", zoneName, hostName) 3772 3773nisLDAPnameFields user_attr: \ 3774 ("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs) 3775' >> $MAP_FILE 3776} 3777 3778# 3779# List namefields for non-default auto maps and custom maps. 3780# 3781put_auto_and_custom_map_nisLDAPnameFields() 3782{ 3783for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 3784do 3785 3786 echo "\ 3787nisLDAPnameFields ${_MAP}: \\ 3788 (\"%s\",value) 3789" >> $MAP_FILE 3790 3791done 3792} 3793 3794 3795create_nisLDAPnameFields() 3796{ 3797# Put format information of "nisLDAPnameFields" 3798[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3799# "nisLDAPnameFields" specifies the content of entries in a NIS map 3800# and how they should be broken into named fields. It is required as, 3801# unlike NIS+, NIS maps do not store information in named fields. 3802# 3803# Following is the syntax for nisLDAPnameFields : 3804# 3805# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")" 3806# fieldName = nameOrArrayName[","...] 3807# nameOrArrayName = Name of field or 'array' of repeated fields. 3808# matchspec = \" formatString \" 3809' >> $MAP_FILE 3810 3811# List the default nameField values 3812put_default_nisLDAPnameFields 3813 3814# List the underlying assumption 3815echo "\ 3816# With the assumption that all the custom maps are simple, single 3817# map (single key-value pair type), below is the nisLDAPnameFields 3818# information for all the custom and non-default auto.* maps. If 3819# this assumption is not valid, then refer to the NISLDAPmapping 3820# man page for information on how to customize this section. 3821" >> $MAP_FILE 3822 3823# List namefields for non-default auto maps and custom maps. 3824put_auto_and_custom_map_nisLDAPnameFields 3825 3826 3827echo " 3828# 3829#------------------------------------------------------------------------------ 3830# 3831" >> $MAP_FILE 3832 3833return 0 3834} 3835 3836 3837# 3838# List repeated field seperators 3839# 3840create_nisLDAPrepeatedFieldSeparators() 3841{ 3842 3843[ CUST_CMT_NEEDED -eq 1 ] && echo " 3844# nisLDAPrepeatedFieldSeparators : It is a character which separates 3845# the repeatable instnaces of splitable fields. It's format is : 3846# 3847# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\" 3848# sepChar = A separator character. 3849# Default value is space or tab. 3850" >> $MAP_FILE 3851 3852echo "\ 3853#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\" 3854" >> $MAP_FILE 3855 3856} 3857 3858 3859# 3860# List split fields 3861# 3862create_nisLDAPsplitField() 3863{ 3864# List the default split fields 3865 3866[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3867# nisLDAPsplitFields : It defines how a field, or list of fields, 3868# named by nisLDAPnameFields is split into sub fields. The original 3869# field is compared with each line of this attribute until one matches. 3870# When a match is found named sub-fields are generated. In latter 3871# operations sub-field names can be used in the same way as other 3872# field names. The format of nisLDAPsplitFields is : 3873# 3874# "nisLDAPsplitFields" fieldName ":" splitSpec[","...] 3875# splitSpec = "(" matchspec "," subFieldNames ")" 3876# fieldName = Name of a field from nisLDAPnameFields 3877# subFieldNames = subFieldname[","...] 3878# matchspec = \" formatString \" 3879' >> $MAP_FILE 3880 3881echo ' 3882nisLDAPsplitField memberTriples: \ 3883 ("(%s,%s,%s)", host, user, domain), \ 3884 ("%s", group) 3885' >> $MAP_FILE 3886 3887} 3888 3889# 3890# List split fields and repeated field separators. 3891# 3892create_split_field_and_repeatedfield_seperators() 3893{ 3894 3895echo "\ 3896# Specify how to break fields up into sub fields. 3897" >> $MAP_FILE 3898 3899create_nisLDAPrepeatedFieldSeparators 3900 3901create_nisLDAPsplitField 3902 3903echo " 3904# 3905#------------------------------------------------------------------------------ 3906# 3907" >> $MAP_FILE 3908} 3909 3910list_default_nisLDAPobjectDN() 3911{ 3912echo ' 3913# Associate maps with RDNs and object classes. Base DN comes from the 3914# nisLDAPdomainContext. 3915# 3916# As supplied this file gives only the most derived objectClass for each map. 3917# For some servers it may be necessary to add "objectClass=" statements for 3918# all the superclasses. This should be done here. 3919 3920nisLDAPobjectDN auto.home: \ 3921 automountmapname=auto_home,?one? \ 3922 objectClass=automount: 3923 3924nisLDAPobjectDN auto.master: \ 3925 automountmapname=auto_master,?one? \ 3926 objectClass=automount: 3927 3928nisLDAPobjectDN auth_attr: \ 3929 ou=SolarisAuthAttr,?one? \ 3930 objectClass=SolarisAuthAttr: 3931 3932nisLDAPobjectDN bootparams: \ 3933 ou=ethers,?one? \ 3934 objectClass=bootableDevice, \ 3935 bootParameter=*:\ 3936 ou=ethers,?one? \ 3937 objectClass=device, \ 3938 objectClass=bootableDevice 3939 3940 3941nisLDAPobjectDN exec_attr:\ 3942 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3943 SolarisKernelSecurityPolicy=*:\ 3944 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3945 objectClass=SolarisProfAttr,\ 3946 objectClass=top 3947 3948nisLDAPobjectDN ethers: \ 3949 ou=ethers,?one? \ 3950 objectClass=ieee802Device, \ 3951 macAddress=*:\ 3952 ou=ethers,?one? \ 3953 objectClass=device, \ 3954 objectClass=ieee802Device 3955 3956nisLDAPobjectDN group: \ 3957 ou=group,?one? \ 3958 objectClass=posixGroup: 3959' >> $MAP_FILE 3960 3961 3962# Need to handle group.adjunct.byname map for multiple domain. 3963 3964_MAP=group.adjunct.byname 3965if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3966then 3967 # Just put the syntax in comment form 3968 echo '#nisLDAPobjectDN group.adjunct.byname: \ 3969# ou=group,?one? \ 3970# objectClass=posixGroup: 3971' >> $MAP_FILE 3972else 3973 # Find the domains in which this map exists. 3974 find_domains $_MAP DEF_MAPS 3975 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3976 then 3977 # Don't put domain info as the map is present in all of them. 3978 echo 'nisLDAPobjectDN group.adjunct.byname: \ 3979 ou=group,?one? \ 3980 objectClass=posixGroup: 3981' >> $MAP_FILE 3982 else 3983 # Not every domain has this map. So, list for the ones which do. 3984 for _DMN in $PRESENT_IN_DOMAINS 3985 do 3986 echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\ 3987 ou=group,?one? \\ 3988 objectClass=posixGroup: 3989" >> $MAP_FILE 3990 done 3991 fi 3992fi 3993 3994 3995echo 'nisLDAPobjectDN hosts: \ 3996 ou=hosts,?one? \ 3997 objectClass=ipHost:\ 3998 ou=hosts,?one? \ 3999 objectClass=device, \ 4000 objectClass=ipHost 4001 4002nisLDAPobjectDN multihosts: \ 4003 ou=hosts,?one? \ 4004 objectClass=ipHost, \ 4005 ipHostNumber=*.* 4006 4007nisLDAPobjectDN ipnodes: \ 4008 ou=hosts,?one? \ 4009 objectClass=ipHost:\ 4010 ou=hosts,?one? \ 4011 objectClass=device, \ 4012 objectClass=ipHost 4013 4014nisLDAPobjectDN multiipnodes: \ 4015 ou=hosts,?one? \ 4016 objectClass=ipHost, \ 4017 ipHostNumber=*\:* 4018 4019nisLDAPobjectDN mail.aliases: \ 4020 ou=aliases,?one? \ 4021 objectClass=mailGroup: 4022 4023nisLDAPobjectDN mail.mapping: \ 4024 ou=aliases,?one? \ 4025 objectClass=mailGroup 4026 4027nisLDAPobjectDN netgroup: \ 4028 ou=netgroup,?one? \ 4029 objectClass=nisNetgroup: 4030 4031nisLDAPobjectDN networks: \ 4032 ou=networks,?one? \ 4033 objectClass=ipNetwork, \ 4034 cn=*: 4035 4036# Must come after networks (or equivalent) that creates ipNetworks 4037nisLDAPobjectDN netmasks.byaddr: \ 4038 ou=networks,?one? \ 4039 objectClass=ipNetwork, \ 4040 ipNetMaskNumber=*: 4041 4042nisLDAPobjectDN passwd: \ 4043 ou=people,?one? \ 4044 objectClass=posixAccount:\ 4045 ou=people,?one? \ 4046 objectClass=account, \ 4047 objectClass=shadowAccount, \ 4048 objectClass=posixAccount 4049' >> $MAP_FILE 4050 4051 4052# Need to handle passwd.adjunct.byname map for multiple domain. 4053 4054_MAP=passwd.adjunct.byname 4055if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4056then 4057 # Just put the syntax in comment form 4058 echo '#nisLDAPobjectDN passwd.adjunct.byname: \ 4059# ou=people,?one? \ 4060# objectClass=posixAccount:\ 4061# ou=people,?one? \ 4062# objectClass=account, \ 4063# objectClass=shadowAccount, \ 4064# objectClass=posixAccount 4065' >> $MAP_FILE 4066else 4067 # Find the domains in which this map exists. 4068 find_domains $_MAP DEF_MAPS 4069 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4070 then 4071 # Don't put domain info as the map is present in all of them. 4072 echo 'nisLDAPobjectDN passwd.adjunct.byname: \ 4073 ou=people,?one? \ 4074 objectClass=posixAccount:\ 4075 ou=people,?one? \ 4076 objectClass=account, \ 4077 objectClass=shadowAccount, \ 4078 objectClass=posixAccount 4079' >> $MAP_FILE 4080 else 4081 # Not every domain has this map. So, list for the ones which do. 4082 for _DMN in $PRESENT_IN_DOMAINS 4083 do 4084 echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\ 4085 ou=people,?one? \\ 4086 objectClass=posixAccount:\\ 4087 ou=people,?one? \\ 4088 objectClass=account, \\ 4089 objectClass=shadowAccount, \\ 4090 objectClass=posixAccount 4091" >> $MAP_FILE 4092 done 4093 fi 4094fi 4095 4096 4097echo '# Must follow passwd 4098nisLDAPobjectDN netid.pass: \ 4099 ou=people,?one? \ 4100 objectClass=posixAccount 4101 4102# Must follow hosts 4103nisLDAPobjectDN netid.host: \ 4104 ou=hosts,?one? \ 4105 objectClass=ipHost 4106 4107nisLDAPobjectDN printers.conf.byname: \ 4108 ou=printers,?one? \ 4109 objectClass=printerService:\ 4110 ou=printers,?one? \ 4111 objectClass=sunPrinter, \ 4112 objectClass=printerService, \ 4113 objectClass=printerLPR, \ 4114 objectClass=printerAbstract 4115 4116nisLDAPobjectDN prof_attr:\ 4117 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4118 SolarisAttrLongDesc=*:\ 4119 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4120 objectClass=SolarisExecAttr,\ 4121 objectClass=top 4122nisLDAPobjectDN project: \ 4123 ou=project,?one? \ 4124 objectClass=SolarisProject: 4125 4126nisLDAPobjectDN protocols: \ 4127 ou=protocols,?one? \ 4128 objectClass=ipProtocol: 4129 4130nisLDAPobjectDN rpc.bynumber: \ 4131 ou=rpc,?one? \ 4132 objectClass=oncRpc: 4133 4134nisLDAPobjectDN services.byname: \ 4135 ou=services,?one? \ 4136 objectClass=ipService: 4137 4138# Because services.byservicename contains keys of form both 'name' 4139# and 'name/protocol' we generate the DIT just from services.byname. 4140# Hence, write-disabled for services.byservicename 4141nisLDAPobjectDN services.byservicename: \ 4142 ou=services,?one? \ 4143 objectClass=ipService 4144 4145# This map is never created but yppasswd uses the mapping to extract password 4146# aging information from the DIT. 4147nisLDAPobjectDN ageing.byname: \ 4148 ou=people,?one? \ 4149 objectClass=shadowAccount: 4150 4151# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap 4152nisLDAPobjectDN timezone.byname: \ 4153 ou=Timezone,?one? \ 4154 objectClass=nisplusTimeZoneData: 4155 4156nisLDAPobjectDN user_attr: \ 4157 ou=people,?one? \ 4158 objectClass=SolarisUserAttr: 4159 4160# Must come after passwd (or equivalent) that creates posixAccounts 4161nisLDAPobjectDN audit_user: \ 4162 ou=people,?one? \ 4163 objectClass=SolarisAuditUser: 4164 4165# Must come after hosts + passwd. 4166nisLDAPobjectDN keys.host: \ 4167 ou=hosts,?one? \ 4168 objectClass=NisKeyObject: 4169 4170nisLDAPobjectDN keys.pass: \ 4171 ou=people,?one? \ 4172 objectClass=NisKeyObject: 4173 4174nisLDAPobjectDN keys.nobody: \ 4175 ou=people,?one? \ 4176 objectClass=NisKeyObject:\ 4177 ou=people,?one? \ 4178 objectClass=account, \ 4179 objectClass=NisKeyObject 4180 4181nisLDAPobjectDN ypservers: \ 4182 ou=ypservers,?one? \ 4183 objectClass=device: 4184' >> $MAP_FILE 4185} 4186 4187# List all the non-default auto.* and custom maps. 4188list_auto_custom_nisLDAPobjectDN() 4189{ 4190 4191# auto.* entries are easy. 4192if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4193 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4194 4195 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4196 do 4197 4198 # We need to find one container for each auto.* map. 4199 # Assume that each auto.* maps's container is auto_*. 4200 4201 _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"` 4202 4203 echo "\ 4204nisLDAPobjectDN ${_MAP}: \\ 4205 automountmapname=${_MAP_UNDERSCORE},?one? \\ 4206 objectClass=automount: 4207" >> $MAP_FILE 4208 done 4209fi 4210 4211# Since we do not have enough information to generate 4212# entries for other custom maps, best we can do is to 4213# log this map names and ask user to take care of them. 4214 4215ask_user_to_update_the_custom_map_entries_too 4216 4217} 4218 4219 4220# 4221# List association of maps with RDNs and object classes. 4222# 4223create_nisLDAPobjectDN() 4224{ 4225 4226[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4227# nisLDAPobjectDN : It specifies the connection between group of NIS 4228# maps and the LDAP directory. This attribute also defines the 'order' 4229# of the NIS maps. When NIS maps are bulk copied to or from the DIT 4230# they are processed in the same order as related nisLDAPobjectDN 4231# attributes appear in /var/yp/NISLDAPmapping. 4232# The format of "nisLDAPobjectDN" is : 4233# 4234# mapName[" "...] ":" objectDN *( ";" objectDN ) 4235# 4236# where: 4237# 4238# objectDN = readObjectSpec [":"[writeObjectSpec]] 4239# readObjectSpec = [baseAndScope [filterAttrValList]] 4240# writeObjectSpec = [baseAndScope [attrValList]] 4241# baseAndScope = [baseDN] ["?" [scope]] 4242# filterAttrValList = ["?" [filter | attrValList]]] 4243# scope = "base" | "one" | "sub" 4244# attrValList = attribute "=" value 4245# *("," attribute "=" value) 4246' >> $MAP_FILE 4247 4248# List all the default entries anyway. 4249list_default_nisLDAPobjectDN 4250 4251# List all the non-default auto.* and custom maps. 4252list_auto_custom_nisLDAPobjectDN 4253 4254} 4255 4256# 4257# List all the default nisLDAPattributeFromField entries 4258# 4259list_default_nisLDAPattributeFromField() 4260{ 4261echo ' 4262# Describe how named fields are mapped to DIT entries. 4263 4264# audit_user 4265nisLDAPattributeFromField audit_user: \ 4266 dn=("uid=%s,", rf_key ), \ 4267 SolarisAuditAlways=alwaysAuditFlags, \ 4268 SolarisAuditNever=neverAuditFlags 4269 4270# auto.home 4271nisLDAPattributeFromField auto.home: \ 4272 dn=("automountKey=%s,", rf_key ), \ 4273 automountKey=rf_key, \ 4274 automountInformation=value 4275 4276# auto.master 4277nisLDAPattributeFromField auto.master: \ 4278 dn=("automountKey=%s,", rf_key ), \ 4279 automountKey=rf_key, \ 4280 automountInformation=value 4281 4282# auth_attr 4283nisLDAPattributeFromField auth_attr: \ 4284 dn=("cn=%s,", rf_key ), \ 4285 cn=name, \ 4286 SolarisAttrReserved1=res1, \ 4287 SolarisAttrReserved2=res2, \ 4288 SolarisAttrShortDesc=short_desc, \ 4289 SolarisAttrLongDesc=long_desc, \ 4290 SolarisAttrKeyValue=attrs 4291 4292# exec_attr. Because of the messy NIS keys special handling is required here 4293nisLDAPattributeFromField exec_attr: \ 4294 dn=("cn=%s+SolarisKernelSecurityPolicy=%s\ 4295 +SolarisProfileType=%s+SolarisProfileID=%s,", \ 4296 name, policy,type,id), \ 4297 ("%s:*", cn)=rf_key, \ 4298 ("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \ 4299 ("*:*:%s", SolarisProfileId)=rf_key, \ 4300 solarisProfileType=type, \ 4301 solarisAttrReserved1=res1, \ 4302 SolarisAttrReserved2=res2, \ 4303 solarisAttrKeyValue=attrs 4304 4305# ethers 4306nisLDAPattributeFromField ethers.byname: \ 4307 dn=("cn=%s,", rf_key ), \ 4308 macAddress=addr 4309nisLDAPattributeFromField ethers.byaddr: \ 4310 dn=("cn=%s,", name ), \ 4311 macAddress=rf_key 4312nisLDAPattributeFromField ethers: \ 4313 cn=name, \ 4314 description=rf_comment 4315 4316# bootparams. Must be done after ethers 4317nisLDAPattributeFromField bootparams: \ 4318 dn=("cn=%s,", rf_key ), \ 4319 cn=rf_key, \ 4320 (bootParameter)=(params, " ") 4321' >> $MAP_FILE 4322 4323# group syntax is different when group.adjunct map is present. 4324# So, need to handle the various possibilities 4325 4326_MAP=group.adjunct.byname 4327 4328if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4329then 4330 4331 # Just put the group.adjunct syntax in comment form 4332 4333 echo '# group 4334nisLDAPattributeFromField group.byname: \ 4335 dn=("cn=%s,", rf_key ), \ 4336 gidNumber=gid 4337nisLDAPattributeFromField group.bygid: \ 4338 dn=("cn=%s,", name ), \ 4339 gidNumber=rf_key 4340nisLDAPattributeFromField group: \ 4341 cn=name, \ 4342 userPassword=("{crypt}%s",passwd), \ 4343 (memberUid)=(users, ",") 4344 4345# 4346# If you are using group.adjunct, comment the group section above 4347# and uncomment the following group and group.adjunct sections 4348# 4349# group 4350#nisLDAPattributeFromField group.byname: \ 4351# dn=("cn=%s,", rf_key ), \ 4352# gidNumber=gid 4353#nisLDAPattributeFromField group.bygid: \ 4354# dn=("cn=%s,", name ), \ 4355# gidNumber=rf_key 4356#nisLDAPattributeFromField group: \ 4357# cn=name, \ 4358# (memberUid)=(users, ",") 4359 4360# group.adjunct 4361#nisLDAPattributeFromField group.adjunct.byname: \ 4362# dn=("cn=%s,", rf_key ), \ 4363# cn=name, \ 4364# userPassword=("{crypt}%s",passwd) 4365' >> $MAP_FILE 4366 4367else 4368 4369 # Find the domains in which group.adjunct map exists. 4370 find_domains $_MAP DEF_MAPS 4371 4372 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4373 then 4374 4375 # All the domains have group.adjunct map. 4376 4377 echo '# group 4378#nisLDAPattributeFromField group.byname: \ 4379# dn=("cn=%s,", rf_key ), \ 4380# gidNumber=gid 4381#nisLDAPattributeFromField group.bygid: \ 4382# dn=("cn=%s,", name ), \ 4383# gidNumber=rf_key 4384#nisLDAPattributeFromField group: \ 4385# cn=name, \ 4386# userPassword=("{crypt}%s",passwd), \ 4387# (memberUid)=(users, ",") 4388 4389# If you are not using group.adjunct, uncomment the group section above 4390# and comment the following group and group.adjunct sections 4391# 4392# group 4393nisLDAPattributeFromField group.byname: \ 4394 dn=("cn=%s,", rf_key ), \ 4395 gidNumber=gid 4396nisLDAPattributeFromField group.bygid: \ 4397 dn=("cn=%s,", name ), \ 4398 gidNumber=rf_key 4399nisLDAPattributeFromField group: \ 4400 cn=name, \ 4401 (memberUid)=(users, ",") 4402 4403# group.adjunct 4404nisLDAPattributeFromField group.adjunct.byname: \ 4405 dn=("cn=%s,", rf_key ), \ 4406 cn=name, \ 4407 userPassword=("{crypt}%s",passwd) 4408' >> $MAP_FILE 4409 4410 else 4411 # Not every domain has group.adjunct map. 4412 4413 # First put the password syntax with domain name for domains 4414 # in which group.adjunct exists. 4415 4416 echo "# group" >> $MAP_FILE 4417 4418 for _DMN in $PRESENT_IN_DOMAINS 4419 do 4420 4421 echo "\ 4422# domain-specific group 4423nisLDAPattributeFromField group.byname,${_DMN}: \\ 4424 dn=(\"cn=%s,\", rf_key ), \\ 4425 gidNumber=gid 4426nisLDAPattributeFromField group.bygid,${_DMN}: \\ 4427 dn=(\"cn=%s,\", name ), \\ 4428 gidNumber=rf_key 4429nisLDAPattributeFromField group,${_DMN}: \\ 4430 cn=name, \\ 4431 (memberUid)=(users, \",\") 4432" >> $MAP_FILE 4433 done 4434 4435 # Now put the other group syntax. We do not need to 4436 # append the domain name here. 4437 4438 echo ' 4439nisLDAPattributeFromField group.byname: \ 4440 dn=("cn=%s,", rf_key ), \ 4441 gidNumber=gid 4442nisLDAPattributeFromField group.bygid: \ 4443 dn=("cn=%s,", name ), \ 4444 gidNumber=rf_key 4445nisLDAPattributeFromField group: \ 4446 cn=name, \ 4447 userPassword=("{crypt}%s",passwd), \ 4448 (memberUid)=(users, ",") 4449' >> $MAP_FILE 4450 4451 # Now we need to put the group.adjunct syntax for domains 4452 # in which this map exists. 4453 4454 echo "# group.adjunct" >> $MAP_FILE 4455 4456 for _DMN in $PRESENT_IN_DOMAINS 4457 do 4458 4459 echo "\ 4460nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\ 4461 dn=(\"cn=%s,\", rf_key ), \\ 4462 cn=name, \\ 4463 userPassword=(\"{crypt}%s\",passwd) 4464" >> $MAP_FILE 4465 done 4466 4467 fi 4468 4469fi 4470 4471 4472echo ' 4473# hosts 4474# Cannot forward map hosts.byname key as the YP_MULTI entries will not work. 4475nisLDAPattributeFromField hosts.byname: \ 4476 cn=rf_searchkey 4477nisLDAPattributeFromField hosts.byaddr: \ 4478 ipHostNumber=rf_searchipkey 4479nisLDAPattributeFromField hosts: \ 4480 ipHostNumber=addr, \ 4481 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4482 cn=canonicalName, \ 4483 (cn)=(aliases, " "), \ 4484 description=rf_comment 4485 4486nisLDAPattributeFromField multihosts: \ 4487 ("YP_MULTI_%s", cn)=rf_searchkey 4488 4489# ipnodes 4490# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work. 4491nisLDAPattributeFromField ipnodes.byname: \ 4492 cn=rf_searchkey 4493nisLDAPattributeFromField ipnodes.byaddr: \ 4494 ipHostNumber=rf_searchipkey 4495nisLDAPattributeFromField ipnodes: \ 4496 ipHostNumber=addr, \ 4497 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4498 cn=canonicalName, \ 4499 (cn)=(aliases, " "), \ 4500 description=rf_comment 4501 4502nisLDAPattributeFromField multiipnodes: \ 4503 ("YP_MULTI_%s", cn)=rf_searchkey 4504 4505#mail.aliases 4506nisLDAPattributeFromField mail.aliases: \ 4507 dn=("mail=%s,", rf_key), \ 4508 mail=rf_key, \ 4509 (mgrprfc822mailmember)=(addresses, ",") 4510 4511#mail.mapping 4512#Commented out because all NIS->LDAP mappings are done by mail.aliases 4513#nisLDAPattributeFromField mail.mapping: \ 4514# dn=("mail=%s,", address), \ 4515# mail=address, \ 4516# mgrprfc822mailmember=rf_key 4517nisLDAPattributeFromField mail.mapping: \ 4518 mgrprfc822mailmember=rf_searchkey 4519 4520# netgroup. 4521# 4522# Only need to create DIT entries for netgroup. This contains a superset of 4523# the information in netgroup.byhost and netgroup.byuser 4524nisLDAPattributeFromField netgroup: \ 4525 dn=("cn=%s,", rf_key ), \ 4526 (memberNisNetgroup)=group, \ 4527 (nisNetgroupTriple)= \ 4528 ("(%s,%s,%s)", host, user, domain), \ 4529 cn=rf_key, \ 4530 description=rf_comment 4531 4532# netid.pass 4533# 4534# Commented out because, unless remote domains (and thus /etc/netid) is 4535# supported, all NIS->LDAP mappings are set up from passwd. 4536#nisLDAPattributeFromField netid.pass: \ 4537# ("unix.%s@*", uidNumber)=rf_key, \ 4538# (gidNumber)=("%s", (data), " "), \ 4539# description=rf_comment 4540nisLDAPattributeFromField netid.pass: \ 4541 ("unix.%s@*", uidNumber)=rf_searchkey 4542 4543# netid.host 4544# 4545# Commented out because, unless remote domains (and thus /etc/netid) is 4546# supported, all NIS->LDAP mappings are set up from hosts. 4547#nisLDAPattributeFromField netid.host: \ 4548# dn=("cn=%s+ipHostNumber=%s,", data, \ 4549# ldap:ipHostNumber:?one?("cn=%s", data)), \ 4550# ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \ 4551# ("unix.%s@*", cn)=rf_key, \ 4552# description=rf_comment 4553nisLDAPattributeFromField netid.host: \ 4554 ("unix.%s@*", cn)=rf_searchkey 4555 4556# netmasks.byaddr 4557nisLDAPattributeFromField netmasks.byaddr: \ 4558 dn=("ipNetworkNumber=%s,", rf_ipkey ), \ 4559 ipNetworkNumber=rf_ipkey, \ 4560 ipNetmaskNumber=mask, \ 4561 description=rf_comment 4562 4563# networks. 4564nisLDAPattributeFromField networks.byname: \ 4565 dn=("ipNetworkNumber=%s,", number ), \ 4566 cn=name, \ 4567 cn=rf_key 4568nisLDAPattributeFromField networks.byaddr: \ 4569 dn=("ipNetworkNumber=%s,", rf_key ), \ 4570 cn=name 4571nisLDAPattributeFromField networks: \ 4572 (cn)=(aliases, " "), \ 4573 ipNetworkNumber=number, \ 4574 description=rf_comment 4575' >> $MAP_FILE 4576 4577 4578# passwd syntax is different when passwd.adjunct map is present. 4579# So, need to handle the various possibilities 4580 4581_MAP=passwd.adjunct.byname 4582 4583if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4584then 4585 4586 # Just put the passwd.adjunct syntax in comment form 4587 4588 echo '# passwd 4589nisLDAPattributeFromField passwd.byname: \ 4590 dn=("uid=%s,", rf_key ), \ 4591 uid=rf_key, \ 4592 uidNumber=uid 4593nisLDAPattributeFromField passwd.byuid: \ 4594 dn=("uid=%s,", name ), \ 4595 uidNumber=rf_key, \ 4596 uid=name 4597nisLDAPattributeFromField passwd: \ 4598 cn=name, \ 4599 userPassword=("{crypt}%s",passwd), \ 4600 gidNumber=gid, \ 4601 gecos=gecos, \ 4602 homeDirectory=home, \ 4603 loginShell=shell 4604 4605# 4606# If you are using passwd.adjunct, comment the passwd section above 4607# and uncomment the following passwd and passwd.adjunct sections 4608# 4609# passwd 4610#nisLDAPattributeFromField passwd.byname: \ 4611# dn=("uid=%s,", rf_key ), \ 4612# uid=rf_key, \ 4613# uidNumber=uid 4614#nisLDAPattributeFromField passwd.byuid: \ 4615# dn=("uid=%s,", name ), \ 4616# uidNumber=rf_key, \ 4617# uid=name 4618#nisLDAPattributeFromField passwd: \ 4619# cn=name, \ 4620# gidNumber=gid, \ 4621# gecos=gecos, \ 4622# homeDirectory=home, \ 4623# loginShell=shell 4624 4625# passwd.adjunct 4626#nisLDAPattributeFromField passwd.adjunct.byname: \ 4627# dn=("uid=%s,", rf_key ), \ 4628# uid=name, \ 4629# userPassword=("{crypt}%s",passwd) 4630' >> $MAP_FILE 4631 4632else 4633 4634 # Find the domains in which passwd.adjunct map exists. 4635 find_domains $_MAP DEF_MAPS 4636 4637 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4638 then 4639 4640 # All the domains have passwd.adjunct map. So, put the right 4641 # passwd syntax and comment-in the passwd.adjunct syntax. 4642 4643 4644 echo '# passwd 4645#nisLDAPattributeFromField passwd.byname: \ 4646# dn=("uid=%s,", rf_key ), \ 4647# uid=rf_key, \ 4648# uidNumber=uid 4649#nisLDAPattributeFromField passwd.byuid: \ 4650# dn=("uid=%s,", name ), \ 4651# uidNumber=rf_key, \ 4652# uid=name 4653#nisLDAPattributeFromField passwd: \ 4654# cn=name, \ 4655# userPassword=("{crypt}%s",passwd), \ 4656# gidNumber=gid, \ 4657# gecos=gecos, \ 4658# homeDirectory=home, \ 4659# loginShell=shell 4660 4661# If you are not using passwd.adjunct, uncomment the passwd section above 4662# and comment the following passwd and passwd.adjunct sections 4663# 4664# passwd 4665nisLDAPattributeFromField passwd.byname: \ 4666 dn=("uid=%s,", rf_key ), \ 4667 uid=rf_key, \ 4668 uidNumber=uid 4669nisLDAPattributeFromField passwd.byuid: \ 4670 dn=("uid=%s,", name ), \ 4671 uidNumber=rf_key, \ 4672 uid=name 4673nisLDAPattributeFromField passwd: \ 4674 cn=name, \ 4675 gidNumber=gid, \ 4676 gecos=gecos, \ 4677 homeDirectory=home, \ 4678 loginShell=shell 4679 4680# passwd.adjunct 4681nisLDAPattributeFromField passwd.adjunct.byname: \ 4682 dn=("uid=%s,", rf_key ), \ 4683 uid=name, \ 4684 userPassword=("{crypt}%s",passwd) 4685' >> $MAP_FILE 4686 4687 else 4688 # Not every domain has passwd.adjunct map. 4689 4690 # First put the password syntax with domain name for domains 4691 # in which passwd.adjunct exists. 4692 4693 echo "# passwd" >> $MAP_FILE 4694 4695 for _DMN in $PRESENT_IN_DOMAINS 4696 do 4697 4698 echo "\ 4699nisLDAPattributeFromField passwd.byname,${_DMN}: \\ 4700 dn=(\"uid=%s,\", rf_key ), \\ 4701 uid=rf_key, \\ 4702 uidNumber=uid 4703nisLDAPattributeFromField passwd.byuid,${_DMN}: \\ 4704 dn=(\"uid=%s,\", name ), \\ 4705 uidNumber=rf_key, \\ 4706 uid=name 4707nisLDAPattributeFromField passwd,${_DMN}: \\ 4708 cn=name, \\ 4709 gidNumber=gid, \\ 4710 gecos=gecos, \\ 4711 homeDirectory=home, \\ 4712 loginShell=shell 4713" >> $MAP_FILE 4714 done 4715 4716 # Now put the other passwd syntax. We do not need to 4717 # append the domain name here. 4718 4719 echo ' 4720nisLDAPattributeFromField passwd.byname: \ 4721 dn=("uid=%s,", rf_key ), \ 4722 uid=rf_key, \ 4723 uidNumber=uid 4724nisLDAPattributeFromField passwd.byuid: \ 4725 dn=("uid=%s,", name ), \ 4726 uidNumber=rf_key, \ 4727 uid=name 4728nisLDAPattributeFromField passwd: \ 4729 cn=name, \ 4730 userPassword=("{crypt}%s",passwd), \ 4731 gidNumber=gid, \ 4732 gecos=gecos, \ 4733 homeDirectory=home, \ 4734 loginShell=shell 4735' >> $MAP_FILE 4736 4737 # Now we need to put the passwd.adjunct syntax for domains 4738 # in which this map exists. 4739 4740 echo "# passwd.adjunct" >> $MAP_FILE 4741 4742 for _DMN in $PRESENT_IN_DOMAINS 4743 do 4744 4745 echo "\ 4746nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\ 4747 dn=(\"uid=%s,\", rf_key ), \\ 4748 uid=name, \\ 4749 userPassword=(\"{crypt}%s\",passwd) 4750" >> $MAP_FILE 4751 done 4752 4753 fi 4754 4755fi 4756 4757echo ' 4758# This map is never created but yppasswd uses the mapping to extract password 4759# aging information from the DIT. 4760nisLDAPattributeFromField ageing.byname: \ 4761 dn=("uid=%s,", rf_key ), \ 4762 uid=name, \ 4763 shadowLastChange=lastchg, \ 4764 shadowMin=min, \ 4765 shadowMax=max, \ 4766 shadowWarning=warn, \ 4767 shadowInactive=inactive, \ 4768 shadowExpire=expire, \ 4769 shadowFlag=flag 4770 4771# printers.conf.byname 4772nisLDAPattributeFromField printers.conf.byname: \ 4773 dn=("printer-uri=%s,", rf_key ), \ 4774 printer-name=rf_key, \ 4775 (printer-aliases)=(names, "|"), \ 4776 sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \ 4777 (sun-printer-kvp)=(values,":"), \ 4778 description=rf_comment 4779 4780# prof_attr 4781nisLDAPattributeFromField prof_attr: \ 4782 dn=("cn=%s,", rf_key ), \ 4783 cn=name, \ 4784 SolarisAttrReserved1=res1, \ 4785 SolarisAttrReserved2=res2, \ 4786 SolarisAttrLongDesc=desc, \ 4787 SolarisAttrKeyValue=attrs 4788 4789# project 4790nisLDAPattributeFromField project.byname: \ 4791 dn=("SolarisProjectName=%s,", rf_key ) 4792nisLDAPattributeFromField project.byprojid: \ 4793 dn=("SolarisProjectName=%s,", name ), \ 4794 SolarisProjectID=rf_searchkey 4795nisLDAPattributeFromField project: \ 4796 SolarisProjectName=name, \ 4797 SolarisProjectID=projID, \ 4798 (memberUid)=(users, ","), \ 4799 (memberGid)=(groups, ","), \ 4800 (SolarisProjectAttr)=(attrs, ";"), \ 4801 description=comment 4802 4803# protocols 4804nisLDAPattributeFromField protocols.byname: \ 4805 ipProtocolNumber=number, \ 4806 cn=rf_searchkey 4807nisLDAPattributeFromField protocols.bynumber: \ 4808 ipProtocolNumber=rf_key, \ 4809 description=rf_comment 4810nisLDAPattributeFromField protocols: \ 4811 dn=("cn=%s,", name ), \ 4812 (cn)=(aliases, " "), \ 4813 cn=name 4814 4815# rpc.bynumber 4816nisLDAPattributeFromField rpc.bynumber: \ 4817 dn=("cn=%s,", name ), \ 4818 oncRpcNumber=rf_key, \ 4819 (cn)=(aliases, " "), \ 4820 cn=name, \ 4821 description=rf_comment 4822 4823# services 4824# services.byservicename rule is only used to speed single search 4825nisLDAPattributeFromField services.byservicename: \ 4826 ("%s/%s", cn, ipServiceProtocol) = rf_searchkey 4827 4828nisLDAPattributeFromField services.byname: \ 4829 dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \ 4830 ("*/%s", ipServiceProtocol)=rf_key, \ 4831 ("%s/*", ipServicePort)=rf_key, \ 4832 (cn)=(aliases, " "), \ 4833 cn=name, \ 4834 description=rf_comment 4835 4836# timezone.byname 4837nisLDAPattributeFromField timezone.byname: \ 4838 dn=("cn=%s,", rf_key ), \ 4839 cn=hostName, \ 4840 nisplusTimeZone=zoneName, \ 4841 description=comment 4842 4843# user_attr 4844nisLDAPattributeFromField user_attr: \ 4845 dn=("uid=%s,", rf_key ), \ 4846 uid=rf_key, \ 4847 SolarisUserAttr=qualifier, \ 4848 SolarisUserReserved1=res1, \ 4849 SolarisUserReserved2=res2, \ 4850 SolarisAttrKeyValue=attrs 4851 4852# publickey.byname 4853nisLDAPattributeFromField keys.host: \ 4854 dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \ 4855 nisPublicKey=publicKey, \ 4856 nisSecretKey=secretKey 4857 4858nisLDAPattributeFromField keys.pass: \ 4859 dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \ 4860 nisPublicKey=publicKey, \ 4861 nisSecretKey=secretKey 4862 4863nisLDAPattributeFromField keys.nobody: \ 4864 dn=("uid=%s,",yp:rf_key), \ 4865 cn=rf_key, \ 4866 nisPublicKey=publicKey, \ 4867 nisSecretKey=secretKey 4868 4869# ypservers. This derived from IPlanet implementation not RFC. 4870nisLDAPattributeFromField ypservers: \ 4871 dn=("cn=%s,", rf_key), \ 4872 cn=rf_key 4873' >> $MAP_FILE 4874} 4875 4876# 4877# List all the non-default auto.* and custom maps. 4878# 4879list_auto_and_custom_nisLDAPattributeFromField() 4880{ 4881 4882# auto.* entries are easy. 4883if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4884 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4885fi 4886 4887for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4888do 4889 echo "\ 4890# ${_MAP} 4891nisLDAPattributeFromField ${_MAP}: \\ 4892 dn=(\"automountKey=%s,\", rf_key ), \\ 4893 automountKey=rf_key, \\ 4894 automountInformation=value 4895" >> $MAP_FILE 4896done 4897 4898# Since we do not have enough information to generate 4899# entries for other custom maps, best we can do is to 4900# log this map names and ask user to take care of them. 4901 4902ask_user_to_update_the_custom_map_entries_too 4903 4904} 4905 4906 4907# 4908# List mapping of named fields to DIT entries 4909# 4910create_nisLDAPattributeFromField() 4911{ 4912 4913[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4914# nisLDAPattributeFromField : It specifies how an LDAP attribute 4915# value is derived from a NIS entries field values. 4916# 4917# The format of nisLDAPattributeFromField entry is : 4918# mapName ":" fieldattrspec *("," fieldattrspec ) 4919' >> $MAP_FILE 4920 4921# List all the default entries anyway. 4922list_default_nisLDAPattributeFromField 4923 4924# List all the non-default auto.* and custom maps. 4925list_auto_and_custom_nisLDAPattributeFromField 4926 4927echo " 4928# 4929#------------------------------------------------------------------------------ 4930# 4931" >> $MAP_FILE 4932} 4933 4934 4935# 4936# List all the default nisLDAPattributeFromField entries 4937# 4938list_default_nisLDAPfieldFromAttribute() 4939{ 4940echo ' 4941# Describe how named fields are mapped from DIT entries. 4942 4943# audit_user 4944nisLDAPfieldFromAttribute audit_user: \ 4945 ("uid=%s,*", rf_key)=dn, \ 4946 ("uid=%s,*", name)=dn, \ 4947 alwaysAuditFlags=SolarisAuditAlways, \ 4948 neverAuditFlags=SolarisAuditNever 4949 4950# auto.home 4951nisLDAPfieldFromAttribute auto.home: \ 4952 rf_key=automountKey, \ 4953 value=automountInformation 4954 4955# auto.master 4956nisLDAPfieldFromAttribute auto.master: \ 4957 rf_key=automountKey, \ 4958 value=automountInformation 4959 4960# auth_attr 4961nisLDAPfieldFromAttribute auth_attr: \ 4962 rf_key=cn, \ 4963 name=cn, \ 4964 res1=SolarisAttrReserved1, \ 4965 res2=SolarisAttrReserved2, \ 4966 short_desc=SolarisAttrShortDesc, \ 4967 long_desc=SolarisAttrLongDesc, \ 4968 attrs=SolarisAttrKeyValue 4969 4970# Exec_attr. Because of messy NIS keys special handlind is required here 4971nisLDAPfieldFromAttribute exec_attr: \ 4972 rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \ 4973 solarisProfileId), \ 4974 name=cn, \ 4975 policy=SolarisKernelSecurityPolicy, \ 4976 type=SolarisProfileType, \ 4977 res1=SolarisAttrReserved1, \ 4978 res2=SolarisAttrReserved2, \ 4979 id=SolarisProfileId, \ 4980 attrs=SolarisAttrKeyValue 4981 4982 4983# ethers 4984nisLDAPfieldFromAttribute ethers.byname: \ 4985 rf_key=cn 4986nisLDAPfieldFromAttribute ethers.byaddr: \ 4987 rf_key=macAddress 4988nisLDAPfieldFromAttribute ethers: \ 4989 name=cn, \ 4990 addr=macAddress, \ 4991 rf_comment=description 4992 4993# bootparams. Must be done after ethers 4994nisLDAPfieldFromAttribute bootparams: \ 4995 rf_key=cn, \ 4996 params=("%s ", (bootParameter), " ") 4997' >> $MAP_FILE 4998 4999# group syntax is different when group.adjunct map is present. 5000# So, need to handle the various possibilities 5001 5002_MAP=group.adjunct.byname 5003 5004if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5005then 5006 5007 # Just put the group.adjunct syntax in comment form 5008 5009 echo '# group 5010nisLDAPfieldFromAttribute group.byname: \ 5011 rf_key=cn 5012nisLDAPfieldFromAttribute group.bygid: \ 5013 rf_key=gidNumber 5014nisLDAPfieldFromAttribute group: \ 5015 gid=gidNumber, \ 5016 name=cn, \ 5017 ("{crypt}%s", passwd)=userPassword, \ 5018 users=("%s,", (memberUid), ",") 5019 5020# 5021# If you are using group.adjunct, comment the group section above 5022# and uncomment the following group and group.adjunct section 5023# 5024# group 5025#nisLDAPfieldFromAttribute group.byname: \ 5026# rf_key=cn 5027#nisLDAPfieldFromAttribute group.bygid: \ 5028# rf_key=gidNumber 5029#nisLDAPfieldFromAttribute group: \ 5030# gid=gidNumber, \ 5031# name=cn, \ 5032# passwd=("#$%s", cn), \ 5033# users=("%s,", (memberUid), ",") 5034 5035# group.adjunct 5036#nisLDAPfieldFromAttribute group.adjunct.byname: \ 5037# rf_key=cn, \ 5038# name=cn, \ 5039# ("{crypt}%s", passwd)=userPassword 5040' >> $MAP_FILE 5041 5042else 5043 5044 # Find the domains in which group.adjunct map exists. 5045 find_domains $_MAP DEF_MAPS 5046 5047 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5048 then 5049 5050 # All the domains have group.adjunct map. 5051 5052 5053 echo '# group 5054#nisLDAPfieldFromAttribute group.byname: \ 5055# rf_key=cn 5056#nisLDAPfieldFromAttribute group.bygid: \ 5057# rf_key=gidNumber 5058#nisLDAPfieldFromAttribute group: \ 5059# gid=gidNumber, \ 5060# name=cn, \ 5061# ("{crypt}%s", passwd)=userPassword, \ 5062# users=("%s,", (memberUid), ",") 5063 5064# 5065# If you are not using group.adjunct, comment the group section above 5066# and uncomment the following group and group.adjunct sections 5067# 5068# group 5069nisLDAPfieldFromAttribute group.byname: \ 5070 rf_key=cn 5071nisLDAPfieldFromAttribute group.bygid: \ 5072 rf_key=gidNumber 5073nisLDAPfieldFromAttribute group: \ 5074 gid=gidNumber, \ 5075 name=cn, \ 5076 passwd=("#$%s", cn), \ 5077 users=("%s,", (memberUid), ",") 5078 5079# 5080# group.adjunct 5081nisLDAPfieldFromAttribute group.adjunct.byname: \ 5082 rf_key=cn, \ 5083 name=cn, \ 5084 ("{crypt}%s", passwd)=userPassword 5085' >> $MAP_FILE 5086 5087 else 5088 # Not every domain has group.adjunct map. 5089 5090 echo "# group" >> $MAP_FILE 5091 5092 for _DMN in $PRESENT_IN_DOMAINS 5093 do 5094 5095 echo "\ 5096nisLDAPfieldFromAttribute group.byname,${_DMN}: \\ 5097 rf_key=cn 5098nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\ 5099 rf_key=gidNumber 5100nisLDAPfieldFromAttribute group,${_DMN}: \\ 5101 gid=gidNumber, \\ 5102 name=cn, \\ 5103 passwd=(\"#$%s\", cn), \\ 5104 users=(\"%s,\", (memberUid), \",\") 5105" >> $MAP_FILE 5106 done 5107 5108 # Now put the generic group syntax. We do not need to 5109 # append the domain name here. 5110 5111 echo ' 5112nisLDAPfieldFromAttribute group.byname: \ 5113 rf_key=cn 5114nisLDAPfieldFromAttribute group.bygid: \ 5115 rf_key=gidNumber 5116nisLDAPfieldFromAttribute group: \ 5117 gid=gidNumber, \ 5118 name=cn, \ 5119 ("{crypt}%s", passwd)=userPassword, \ 5120 users=("%s,", (memberUid), ",") 5121' >> $MAP_FILE 5122 5123 # Now we need to put the group.adjunct syntax for domains 5124 # in which this map exists. 5125 5126 echo "# 5127# group.adjunct 5128# " >> $MAP_FILE 5129 5130 for _DMN in $PRESENT_IN_DOMAINS 5131 do 5132 5133 echo "\ 5134nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\ 5135 rf_key=cn, \\ 5136 name=cn, \\ 5137 (\"{crypt}%s\", passwd)=userPassword 5138" >> $MAP_FILE 5139 5140 done 5141 5142 fi 5143 5144fi 5145 5146echo ' 5147# hosts 5148nisLDAPfieldFromAttribute hosts.byaddr: \ 5149 rf_ipkey=ipHostNumber 5150nisLDAPfieldFromAttribute hosts.byname: \ 5151 (rf_key)=(cn) 5152nisLDAPfieldFromAttribute hosts: \ 5153 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5154 addr=ipHostNumber, \ 5155 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5156 rf_comment=description 5157 5158nisLDAPfieldFromAttribute multihosts: \ 5159 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5160 (rf_key)=("YP_MULTI_%s", cn), \ 5161 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5162 rf_comment=description, \ 5163 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5164 (ipHostNumber=*.*))", yp:canonicalName)), \ 5165 addr=("%s,", (yp:tmp), ",") 5166 5167# ipnodes 5168nisLDAPfieldFromAttribute ipnodes.byaddr: \ 5169 rf_ipkey=ipHostNumber 5170nisLDAPfieldFromAttribute ipnodes.byname: \ 5171 ("cn=%s+ipHostNumber=*", rf_key)=dn 5172nisLDAPfieldFromAttribute ipnodes: \ 5173 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5174 addr=ipHostNumber, \ 5175 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5176 rf_comment=description 5177 5178nisLDAPfieldFromAttribute multiipnodes: \ 5179 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5180 (rf_key)=("YP_MULTI_%s", cn), \ 5181 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5182 rf_comment=description, \ 5183 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5184 (ipHostNumber=*:*))", yp:canonicalName)), \ 5185 addr=("%s,", (yp:tmp), ",") 5186 5187#mail.aliases 5188nisLDAPfieldFromAttribute mail.aliases: \ 5189 rf_key=mail, \ 5190 addresses= ("%s,", (mgrprfc822mailmember), ","), \ 5191 rf_comment=description 5192 5193#mail.mapping 5194nisLDAPfieldFromAttribute mail.mapping: \ 5195 rf_key=mgrprfc822mailmember, \ 5196 address=mail, \ 5197 rf_comment=description 5198 5199# netgroup. 5200nisLDAPfieldFromAttribute netgroup: \ 5201 rf_key=cn, \ 5202 (group)=(memberNisNetgroup), \ 5203 ("(%s,%s,%s)", host, user, domain)= \ 5204 (nisNetgroupTriple), \ 5205 rf_comment=description 5206 5207# netid.pass 5208nisLDAPfieldFromAttribute netid.pass: \ 5209 number=uidNumber, \ 5210 (tmp)=("%s", gidNumber:ou=group,?one?\ 5211 ("memberUid=%s", ldap:uid)), \ 5212 sgid=("%s,", (yp:tmp) - gidNumber, ","), \ 5213 data=("%s,%s", gidNumber, yp:sgid), \ 5214 data=gidNumber, \ 5215 (rf_key)=("unix.%s@%s", yp:number, yp:rf_domain) 5216 5217# netid.host 5218nisLDAPfieldFromAttribute netid.host: \ 5219 ("cn=%s+ipHostNumber=*", data)=dn, \ 5220 number=("0"), \ 5221 (rf_key)=("unix.%s@%s", yp:data, yp:rf_domain) 5222 5223# netmasks.byaddr 5224nisLDAPfieldFromAttribute netmasks.byaddr: \ 5225 ("ipNetworkNumber=%s,*", rf_ipkey)=dn, \ 5226 mask=ipNetmaskNumber, \ 5227 rf_comment=description 5228 5229# networks. 5230nisLDAPfieldFromAttribute networks.byname: \ 5231 (rf_key)=(cn) 5232nisLDAPfieldFromAttribute networks.byaddr: \ 5233 ("ipNetworkNumber=%s,*", rf_key)=dn 5234nisLDAPfieldFromAttribute networks: \ 5235 name=cn, \ 5236 aliases=("%s ", (cn) - yp:name, " "), \ 5237 number=ipNetworkNumber, \ 5238 rf_comment=description 5239' >> $MAP_FILE 5240 5241# passwd syntax is different when passwd.adjunct map is present. 5242# So, need to handle the various possibilities 5243 5244_MAP=passwd.adjunct.byname 5245 5246if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5247then 5248 5249 # Just put the passwd.adjunct syntax in comment form 5250 5251 echo '# passwd 5252nisLDAPfieldFromAttribute passwd.byname: \ 5253 rf_key=uid 5254nisLDAPfieldFromAttribute passwd.byuid: \ 5255 rf_key=uidNumber 5256nisLDAPfieldFromAttribute passwd: \ 5257 name=uid, \ 5258 uid=uidNumber, \ 5259 ("{crypt}%s", passwd)=userPassword, \ 5260 gid=gidNumber, \ 5261 gecos=gecos, \ 5262 home=homeDirectory, \ 5263 shell=loginShell 5264 5265# 5266# If you are using passwd.adjunct, comment the passwd section above 5267# and uncomment the following passwd and passwd.adjunct sections 5268# 5269# passwd 5270#nisLDAPfieldFromAttribute passwd.byname: \ 5271# rf_key=uid 5272#nisLDAPfieldFromAttribute passwd.byuid: \ 5273# rf_key=uidNumber 5274#nisLDAPfieldFromAttribute passwd: \ 5275# name=uid, \ 5276# uid=uidNumber, \ 5277# passwd=("##%s", uid), \ 5278# gid=gidNumber, \ 5279# gecos=gecos, \ 5280# home=homeDirectory, \ 5281# shell=loginShell 5282 5283# passwd.adjunct 5284#nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5285# rf_key=uid, \ 5286# name=uid, \ 5287# ("{crypt}%s", passwd)=userPassword 5288' >> $MAP_FILE 5289 5290else 5291 5292 # Find the domains in which passwd.adjunct map exists. 5293 find_domains $_MAP DEF_MAPS 5294 5295 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5296 then 5297 5298 # All the domains have passwd.adjunct map. So, put the right 5299 # passwd syntax and comment-in the passwd.adjunct syntax. 5300 5301 5302 echo '# passwd 5303#nisLDAPfieldFromAttribute passwd.byname: \ 5304# rf_key=uid 5305#nisLDAPfieldFromAttribute passwd.byuid: \ 5306# rf_key=uidNumber 5307#nisLDAPfieldFromAttribute passwd: \ 5308# name=uid, \ 5309# uid=uidNumber, \ 5310# ("{crypt}%s", passwd)=userPassword, \ 5311# gid=gidNumber, \ 5312# gecos=gecos, \ 5313# home=homeDirectory, \ 5314# shell=loginShell 5315 5316# 5317# If you are not using passwd.adjunct, uncomment the passwd section 5318# above and comment the following passwd and passwd.adjunct sections 5319# 5320# passwd 5321nisLDAPfieldFromAttribute passwd.byname: \ 5322 rf_key=uid 5323nisLDAPfieldFromAttribute passwd.byuid: \ 5324 rf_key=uidNumber 5325nisLDAPfieldFromAttribute passwd: \ 5326 name=uid, \ 5327 uid=uidNumber, \ 5328 passwd=("##%s", uid), \ 5329 gid=gidNumber, \ 5330 gecos=gecos, \ 5331 home=homeDirectory, \ 5332 shell=loginShell 5333 5334# 5335# passwd.adjunct Must follow passwd 5336# 5337nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5338 rf_key=uid, \ 5339 name=uid, \ 5340 ("{crypt}%s", passwd)=userPassword 5341' >> $MAP_FILE 5342 5343 else 5344 # Not every domain has passwd.adjunct map. 5345 5346 # First put the password syntax with domain name for domains 5347 # in which passwd.adjunct exists. 5348 5349 echo "# passwd" >> $MAP_FILE 5350 5351 for _DMN in $PRESENT_IN_DOMAINS 5352 do 5353 5354 echo "\ 5355nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\ 5356 rf_key=uid 5357nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\ 5358 rf_key=uidNumber 5359nisLDAPfieldFromAttribute passwd,${_DMN}: \\ 5360 name=uid, \\ 5361 uid=uidNumber, \\ 5362 passwd=(\"##%s\", uid), \\ 5363 gid=gidNumber, \\ 5364 gecos=gecos, \\ 5365 home=homeDirectory, \\ 5366 shell=loginShell 5367" >> $MAP_FILE 5368 done 5369 5370 # Now put the other passwd syntax. We do not need to 5371 # append the domain name here. 5372 5373 echo ' 5374nisLDAPfieldFromAttribute passwd.byname: \ 5375 rf_key=uid 5376nisLDAPfieldFromAttribute passwd.byuid: \ 5377 rf_key=uidNumber 5378nisLDAPfieldFromAttribute passwd: \ 5379 name=uid, \ 5380 uid=uidNumber, \ 5381 ("{crypt}%s", passwd)=userPassword, \ 5382 gid=gidNumber, \ 5383 gecos=gecos, \ 5384 home=homeDirectory, \ 5385 shell=loginShell 5386' >> $MAP_FILE 5387 5388 # Now we need to put the passwd.adjunct syntax for domains 5389 # in which this map exists. 5390 5391 echo "# 5392# passwd.adjunct Must follow passwd 5393# " >> $MAP_FILE 5394 5395 for _DMN in $PRESENT_IN_DOMAINS 5396 do 5397 5398 echo "\ 5399nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\ 5400 rf_key=uid, \\ 5401 name=uid, \\ 5402 (\"{crypt}%s\", passwd)=userPassword 5403" >> $MAP_FILE 5404 5405 done 5406 5407 fi 5408 5409fi 5410 5411echo ' 5412# This map is never created but yppasswd uses the mapping to extract password 5413# ageing information from the DIT. 5414nisLDAPfieldFromAttribute ageing.byname: \ 5415 rf_key=uid, \ 5416 name=uid, \ 5417 lastchg=shadowLastChange, \ 5418 min=shadowMin, \ 5419 max=shadowMax, \ 5420 warn=shadowWarning, \ 5421 inactive=shadowInactive, \ 5422 expire=shadowExpire, \ 5423 flag=shadowFlag 5424 5425# printers.conf.byname 5426nisLDAPfieldFromAttribute printers.conf.byname: \ 5427 rf_key=printer-uri, \ 5428 names=("%s|", (printer-aliases), "|"), \ 5429 bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \ 5430 kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \ 5431 values=("%s:%s", yp:bsdaddr, yp:kvps), \ 5432 values=("%s:", yp:bsdaddr), \ 5433 values=yp:kvps, \ 5434 rf_comment=description 5435 5436# prof_attr 5437nisLDAPfieldFromAttribute prof_attr: \ 5438 rf_key=cn, \ 5439 name=cn, \ 5440 res1=SolarisAttrReserved1, \ 5441 res2=SolarisAttrReserved2, \ 5442 desc=SolarisAttrLongDesc, \ 5443 attrs=SolarisAttrKeyValue 5444 5445# project 5446nisLDAPfieldFromAttribute project.byname: \ 5447 rf_key=SolarisProjectName 5448nisLDAPfieldFromAttribute project.byprojid: \ 5449 rf_key=SolarisProjectID 5450nisLDAPfieldFromAttribute project: \ 5451 name=SolarisProjectName, \ 5452 projID=SolarisProjectID, \ 5453 comment=description, \ 5454 users=("%s,", (memberUid), ","), \ 5455 groups=("%s,", (memberGid), ","), \ 5456 attrs=("%s;", (SolarisProjectAttr), ";") 5457 5458# protocols 5459nisLDAPfieldFromAttribute protocols.byname: \ 5460 ("cn=%s,*", rf_key)=dn, \ 5461 (rf_key)=(cn) 5462nisLDAPfieldFromAttribute protocols.bynumber: \ 5463 rf_key=ipProtocolNumber, \ 5464 rf_comment=description 5465nisLDAPfieldFromAttribute protocols: \ 5466 ("cn=%s,*", name)=dn, \ 5467 number=ipProtocolNumber, \ 5468 aliases=("%s ", (cn) - yp:name, " ") 5469 5470# rpc.bynumber 5471nisLDAPfieldFromAttribute rpc.bynumber: \ 5472 rf_key=oncRpcNumber, \ 5473 number=oncRpcNumber, \ 5474 ("cn=%s,*", name)=dn, \ 5475 aliases=("%s ", (cn) - yp:name, " "), \ 5476 rf_comment=description 5477 5478# services 5479nisLDAPfieldFromAttribute services.byname: \ 5480 rf_key = ("%s/%s", ipServicePort, ipServiceProtocol) 5481nisLDAPfieldFromAttribute services.byservicename: \ 5482 (rf_key)=("%s/%s", cn, ipServiceProtocol), \ 5483 (rf_key)=(cn) 5484nisLDAPfieldFromAttribute services: \ 5485 ("cn=%s+ipServiceProtocol=*", name)=dn, \ 5486 protocol=ipServiceProtocol, \ 5487 port=ipServicePort, \ 5488 aliases=("%s ", (cn) - yp:name, " "), \ 5489 rf_comment=description 5490 5491# timezone.byname 5492nisLDAPfieldFromAttribute timezone.byname: \ 5493 rf_key=cn, \ 5494 hostName=cn, \ 5495 zoneName=nisplusTimeZone, \ 5496 rf_comment=description 5497 5498# user_attr 5499nisLDAPfieldFromAttribute user_attr: \ 5500 ("uid=%s,*", rf_key)=dn, \ 5501 ("uid=%s,*", user)=dn, \ 5502 qualifier=SolarisUserAttr, \ 5503 res1=SolarisUserReserved1, \ 5504 res2=SolarisUserReserved2, \ 5505 attrs=SolarisAttrKeyValue 5506 5507# publickey.byname 5508nisLDAPfieldFromAttribute keys.host: \ 5509 ("cn=%s+ipHostNumber=*", cname)=dn, \ 5510 rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \ 5511 publicKey=nisPublicKey, \ 5512 secretKey=nisSecretKey 5513 5514nisLDAPfieldFromAttribute keys.pass: \ 5515 rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \ 5516 publicKey=nisPublicKey, \ 5517 secretKey=nisSecretKey 5518 5519nisLDAPfieldFromAttribute keys.nobody: \ 5520 rf_key=uid, \ 5521 publicKey=nisPublicKey, \ 5522 secretKey=nisSecretKey 5523 5524# ypservers. This derived from IPlanet implementation not RFC. 5525nisLDAPfieldFromAttribute ypservers: \ 5526 rf_key=cn 5527' >> $MAP_FILE 5528} 5529 5530 5531# 5532# List all the non-default auto.* and custom maps. 5533# 5534list_auto_and_custom_nisLDAPfieldFromAttribute() 5535{ 5536 5537# auto.* entries are easy. 5538if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 5539 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 5540fi 5541 5542for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 5543do 5544 echo "\ 5545# ${_MAP} 5546nisLDAPfieldFromAttribute ${_MAP}: \\ 5547 rf_key=automountKey, \\ 5548 value=automountInformation 5549" >> $MAP_FILE 5550done 5551 5552# Since we do not have enough information to generate 5553# entries for other custom maps, best we can do is to 5554# log this map names and ask user to take care of them. 5555 5556ask_user_to_update_the_custom_map_entries_too 5557 5558} 5559 5560 5561# 5562# List mapping of named fields from DIT entries 5563# 5564create_nisLDAPfieldFromAttribute() 5565{ 5566 5567[ CUST_CMT_NEEDED -eq 1 ] && echo ' 5568# nisLDAPfieldFromAttribute : It specifies how a NIS entries 5569# field values are derived from LDAP attribute values. 5570# 5571# The format of nisLDAPfieldFromAttribute is : 5572# mapName ":" fieldattrspec *("," fieldattrspec) 5573' >> $MAP_FILE 5574 5575# List all the default entries anyway. 5576list_default_nisLDAPfieldFromAttribute 5577 5578# List all the non-default auto.* and custom maps. 5579list_auto_and_custom_nisLDAPfieldFromAttribute 5580 5581echo " 5582# 5583#------------------------------------------------------------------------------ 5584# 5585" >> $MAP_FILE 5586} 5587 5588 5589 5590# Main function for creating the mapping file 5591create_mapping_file() 5592{ 5593# Ask user the list of domains to be served by N2L 5594create_n2l_domain_list 5595 5596# If there are no N2L domains or none selected, then exit 5597if [ $N2L_DMN_CNT -eq 0 ]; then 5598 echo "There are no domains to serve. No mapping file generated." 5599 return 1 5600fi 5601 5602while : 5603do 5604 get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}" 5605 5606 # If help continue, otherwise break. 5607 case "$ANS" in 5608 [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;; 5609 * ) break ;; 5610 esac 5611done 5612 5613MAP_FILE=${ANS} 5614[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE 5615 5616# Backup existing mapping file if selected 5617check_back_mapping_file 5618 5619# To prevent from leaving a partial mapping file in case some error 5620# or signal takes place which might result in machine starting in N2L 5621# mode at next reboot, store the output being generated in a temporary 5622# file first, and move it at the final destination only at the end if 5623# everything goes fine. 5624 5625_MAP_FILE=$MAP_FILE 5626MAP_FILE=${TMPDIR}/${TMPMAP}.$$ 5627 5628echo "Generating mapping file temporarily as \"${MAP_FILE}\"" 5629 5630# Place copyright information 5631put_mapping_file_copyright_info 5632 5633 5634# Prepare various map lists for each domain 5635create_map_lists 5636 5637# List domains and contexts 5638get_nisLDAPdomainContext 5639 5640# List domains for which passwords should be changed 5641get_nisLDAPyppasswddDomains 5642 5643# List databaseId mappings (aliases) 5644create_nisLDAPdatabaseIdMapping 5645 5646# List comment character for maps 5647create_nisLDAPcommentChar 5648 5649# List SECURE and INTERDOMAIN flags 5650create_nisLDAPmapFlags 5651 5652# List TTL values 5653 create_nisLDAPentryTtl 5654 5655# List name fields 5656create_nisLDAPnameFields 5657 5658# List split fields and repeated fields seperators. 5659create_split_field_and_repeatedfield_seperators 5660 5661# List association of maps with RDNs and object classes. 5662create_nisLDAPobjectDN 5663 5664# List mapping of named fields to DIT entries 5665create_nisLDAPattributeFromField 5666 5667# List mapping of named fields from DIT entries 5668create_nisLDAPfieldFromAttribute 5669 5670 5671# We are done, so move back the mapping file from temp. location 5672# to actual location. 5673# In case the mapping file name has a directory component which does 5674# not exist, then create it now, otherwise 'mv' will return error. 5675 5676DIR_TO_CREATE=`dirname ${_MAP_FILE}` 5677mkdir -p ${DIR_TO_CREATE} 5678 5679echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)" 5680mv $MAP_FILE $_MAP_FILE 5681 5682# Revert back the mapping file name in case needed. 5683MAP_FILE=$_MAP_FILE 5684echo "Finished creation of mapping file ( $MAP_FILE )" 5685 5686} 5687 5688 5689# 5690# Main function for creating config file (ypserv) 5691# 5692process_config_file() 5693{ 5694# Ask for confirmation if the file name is not specified. 5695 5696if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then 5697 display_msg no_config_file_name_specified 5698 5699 get_confirm_nodef "Do you want to create the config file (y/n) ?" 5700 5701 [ $? -eq 0 ] && return 0 5702 5703 while : 5704 do 5705 get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}" 5706 5707 # If help continue, otherwise break. 5708 case "$ANS" in 5709 [Hh] | help | Help | \?) display_msg new_config_file_name_help ;; 5710 * ) break ;; 5711 esac 5712 done 5713 5714 CONFIG_FILE=${ANS} 5715 [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE 5716 5717fi 5718 5719# Backup existing config file if selected 5720check_back_config_file 5721 5722# Create config file 5723create_config_file 5724} 5725 5726 5727# 5728# Main function for creating mapping file (NISLDAPmapping) 5729# 5730process_mapping_file() 5731{ 5732# Ask for confirmation if the file name is not specified. 5733 5734if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then 5735 display_msg no_mapping_file_name_specified 5736 5737 get_confirm_nodef "Do you want to create the mapping file (y/n) ?" 5738 5739 [ $? -eq 0 ] && return 0 5740 5741 5742fi 5743 5744# Create mapping file 5745create_mapping_file 5746} 5747 5748########################################### 5749########### MAIN ########### 5750########################################### 5751 5752PROG=`basename $0` # Program name 5753ABS_PROG=$0 # absolute path needed 5754 5755# Only superuser should be able to run this script. 5756is_root_user 5757if [ $? -ne 0 ]; then 5758 echo "ERROR : Only root can run $PROG" 5759 exit 1 5760fi 5761 5762# Initialize things 5763init 5764 5765# Parse command line arguments. 5766parse_arg $* 5767 5768# Create config file (ypserv) 5769process_config_file 5770 5771# Create mapping file (NISLDAPmapping). 5772process_mapping_file 5773 5774# Cleanup temp files and directories unless debug. 5775[ $DEBUG -eq 0 ] && cleanup 5776 5777exit 0 5778