1#! /usr/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# ident "%Z%%M% %I% %E% SMI" 24# 25# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 26# Use is subject to license terms. 27# 28# inityp2l -- Utility to generate YP (NIS) to LDAP 29# configuration file (/etc/default/ypserv) 30# and mapping file (/var/yp/NISLDAPmapping) 31# 32 33 34 35# 36# Displays message corresponding to the argument tag passed. 37# 38display_msg() 39{ 40 case "$1" in 41 usage) cat <<EOF 42 43 $PROG: [ -m mapping_file ] [ -c config_file ] 44 m <mapping_file> Name of the generated NISLDAP mapping file 45 Default is /var/yp/NISLDAPmapping 46 c <config_file> Name of the generated ypserv configuration file 47 Default is /etc/default/ypserv 48 49EOF 50 ;; 51 no_config_file_name_specified) cat <<EOF 52 53You have not specified the config file name. You still have the 54option to skip creating this file, specify a config file name, or 55continue creating it with the default file name (${CONFIG_FILE}). 56 57EOF 58 ;; 59 no_mapping_file_name_specified) cat <<EOF 60 61You have not specified the mapping file name. You still have the 62option to skip creating this file, specify a mapping file name, or 63continue creating it with the default file name (${MAP_FILE}). 64 65EOF 66 ;; 67 new_config_file_name_help) cat <<EOF 68 69You can either specify a new file name, or accept the default 70config file name (${CONFIG_FILE}). 71 72It is recommended not to use the default file name since this 73script just helps with rapid creation of a config file. You 74should examine it's content before using it. 75 76EOF 77 ;; 78 new_mapping_file_name_help) cat <<EOF 79 80You can either specify a new file name, or accept the default 81mapping file name (${MAP_FILE}). 82 83It is recommended not to use the default file name since this 84script just helps with rapid creation of a mapping file. You 85should examine it's content before using it. And if there are 86custom maps, then their entries in the mapping file need to be 87customized too. 88 89Also, creation of default mapping file would cause NIS components 90to work in NIS to LDAP (N2L), rather than traditional NIS, mode 91when next restarted. 92 93EOF 94 ;; 95 backup_config_file) cat <<EOF 96 97The config file "${CONFIG_FILE}" already exists. It is strongly 98recommended that you BACKUP this file before running $PROG. 99 100However, even if you continue, you would be given the option to 101back up this file before it gets overwritten. 102 103EOF 104 ;; 105 backup_mapping_file) cat <<EOF 106 107The mapping file "${MAP_FILE}" already exists. It is strongly 108recommended that you BACKUP this file before running $PROG. 109 110However, even if you continue, you would be given the option to 111back up this file before it gets overwritten. 112 113EOF 114 ;; 115 warn_n2l_mode) cat <<EOF 116 117Warning : Creation of default mapping file (`basename $MAP_FILE`) 118 at default location (`dirname $MAP_FILE`) would cause NIS 119 components to work in NIS to LDAP (N2L) mode, rather than 120 traditional NIS mode, when next restarted. 121 122 "$PROG" assists with rapid creation of a simple N2L mapping 123 file. The user should examine it's content before using it. 124 For custom maps, this file needs to be customized which can 125 be done using standard text editors. 126 127EOF 128 ;; 129 config_auth_method_menu) cat <<EOF 130 The following are the supported Authentication Methods - 131 1 none 132 2 simple 133 3 sasl/cram-md5 134 4 sasl/digest-md5 135EOF 136 ;; 137 auth_method_menu) cat <<EOF 138 The following are the supported Authentication Methods - 139 1 simple 140 2 sasl/cram-md5 141 3 sasl/digest-md5 142EOF 143 ;; 144 tls_method_menu) cat <<EOF 145 The following are the supported TLS Methods - 146 1 none 147 2 ssl 148EOF 149 ;; 150 retrieve_error_action_menu) cat <<EOF 151 The following are the supported actions - 152 1 use_cached 153 2 fail 154EOF 155 ;; 156 store_error_action_menu) cat <<EOF 157 The following are the supported actions - 158 1 retry 159 2 fail 160EOF 161 ;; 162 sorry) cat <<EOF 163 164HELP - No help is available for this topic. 165 166EOF 167 ;; 168 backup_config_file_cont_help) cat <<EOF 169 170HELP - Since $PROG will overwrite the existing config file, it is 171 strongly recommended that you backup this file prior to 172 running this utility. 173 174 However, even if you continue, you would be given the option 175 to back up this file before it gets overwritten. 176 177EOF 178 ;; 179 backup_config_file_help) cat <<EOF 180 181HELP - If you choose to backup the existing config file, it would be 182 saved with current date and time suffix in yymmdd.HH.MM.SS format. 183 184EOF 185 ;; 186 backup_mapping_file_cont_help) cat <<EOF 187 188HELP - Since $PROG will overwrite the existing mapping file, it is 189 strongly recommended that you backup this file prior to running 190 this utility. 191 192 However, even if you continue, you would be given the option to 193 back up this file before it gets overwritten. 194 195EOF 196 ;; 197 backup_mapping_file_help) cat <<EOF 198 199HELP - If you choose to backup the existing mapping file, it would be 200 saved with current date and time suffix in yymmdd.HH.MM.SS format. 201 202EOF 203 ;; 204 warn_n2l_mode_help) cat <<EOF 205 206HELP - It is strongly recommended that the mapping file is created at 207 non-default location (other than `dirname $MAP_FILE`). After this, 208 it's content should be verified, custom maps should be handled, 209 and if NIS components are desired to run in NIS to LDAP (N2L), 210 then only it should be copied at the default location. 211 212EOF 213 ;; 214 nisLDAPconfigDN_help) cat <<EOF 215 216HELP - The DN which stores the configuration information in LDAP. 217 There is no default value for this field. Leave empty or 218 undefined to get this information from config file (ypserv). 219 220EOF 221 ;; 222 nisLDAPconfigPreferredServerList_help) cat <<EOF 223 224HELP - List of directory servers to provide the configuration 225 information. There is no default. The preferred servers 226 must be entered IN THE ORDER you wish to have them contacted. 227 The preferred server list is a space separated list of IP 228 addresses. Providing port numbers is optional, and when not 229 supplied, port 389 is assumed. For an LDAP server running 230 on this machine, at port 389, use "127.0.0.1:389". 231 232EOF 233 ;; 234 auth_help) cat <<EOF 235 236HELP - The authentication method to be used to obtain information 237 from LDAP server. The supported methods are provided in menu. 238 239EOF 240 ;; 241 tls_help) cat <<EOF 242 243HELP - The transport layer security used for connection to the LDAP 244 server. In order to successfully use transport layer security, 245 the server must also support the chosen values. The supported 246 methods are provided in menu. Default is "$DEF_TLS". 247 248EOF 249 ;; 250 TLSCertificateDBPath_help) cat <<EOF 251 252HELP - The absolute path name of the file containing the certificate 253 database. The default value is "$DEF_TLSCertificateDBPath" 254 255EOF 256 ;; 257 nisLDAPconfigProxyUser_help) cat <<EOF 258 259HELP - The bind DN of the proxy user used to obtain configuration 260 information. There is no default value. If the value ends 261 with a comma, the value of the nisLDAPconfigDN attribute 262 is appended. 263 264EOF 265 ;; 266 ProxyPassword_warn) cat <<EOF 267 268Warning : In order to avoid having this password publicly visible 269 on the machine, the password should appear only in the 270 configuration file, and the file should have an appropriate 271 owner, group, and file mode. 272 273 So, once this file is ready, please modify appropriately 274 to make sure this file is well protected. 275 276EOF 277 ;; 278 preferredServerList_help) cat <<EOF 279 280HELP - List of directory servers for mapping data to/from LDAP. 281 There is no default. The preferred servers must be entered 282 IN THE ORDER you wish to have them contacted. The preferred 283 server list is a space separated list of IP addresses. 284 Providing port numbers is optional, and when not supplied, 285 port 389 is assumed. For an LDAP server running on this 286 machine, at port 389, use "127.0.0.1:389". 287 288EOF 289 ;; 290 nisLDAPproxyUser_help) cat <<EOF 291 292HELP - The bind DN of the proxy user the ypserv to read or write 293 from or to LDAP. Assumed to have the appropriate permission 294 to read and modify LDAP data. There is no default value. If 295 the value ends with a comma, the value of the context for 296 the current domain (as defined by a nisLDAPdomainContext 297 attribute (NISLDAPmapping(4))) is appended. 298 299EOF 300 ;; 301 nisLDAPbindTimeout_help) cat <<EOF 302 303HELP - The amount of time in seconds after which an LDAP bind operation 304 will timeout. Default is $DEF_nisLDAPbindTimeout seconds. 305 Decimal values are allowed. 306 307EOF 308 ;; 309 nisLDAPsearchTimeout_help) cat <<EOF 310 311HELP - The amount of time in seconds after which an LDAP search operation 312 will timeout. Default is $DEF_nisLDAPsearchTimeout seconds. 313 Decimal values are allowed. 314 315EOF 316 ;; 317 nisLDAPmodifyTimeout_help) cat <<EOF 318 319HELP - The amount of time in seconds after which an LDAP modify operation 320 will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds. 321 Decimal values are allowed. 322 323EOF 324 ;; 325 nisLDAPaddTimeout_help) cat <<EOF 326 327HELP - The amount of time in seconds after which an LDAP add operation 328 will timeout. Default is $DEF_nisLDAPaddTimeout seconds. 329 Decimal values are allowed. 330 331EOF 332 ;; 333 nisLDAPdeleteTimeout_help) cat <<EOF 334 335HELP - The amount of time in seconds after which an LDAP delete operation 336 will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds. 337 Decimal values are allowed. 338 339EOF 340 ;; 341 nisLDAPsearchTimeLimit_help) cat <<EOF 342 343HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which 344 suggests a time limit for the search operation on the LDAP 345 server. The server may impose its own constraints on possible 346 values. See your LDAP server documentation. The default is the 347 nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value. 348 Only integer values are allowed. 349 350 Since the nisLDAPsearchTimeout limits the amount of time the 351 client ypserv will wait for completion of a search operation, 352 setting the nisLDAPsearchTimeLimit larger than the 353 nisLDAPsearchTimeout is not recommended. 354 355EOF 356 ;; 357 nisLDAPsearchSizeLimit_help) cat <<EOF 358 359HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which 360 suggests a size limit, in bytes, for the search results on 361 the LDAP server. The server may impose its own constraints 362 on possible values. See your LDAP server documentation. The 363 default is $DEF_nisLDAPsearchSizeLimit, which means unlimited. 364 Only integer values are allowed. 365 366EOF 367 ;; 368 nisLDAPfollowReferral_help) cat <<EOF 369 370HELP - Determines if the ypserv should follow referrals or not. 371 Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral. 372 373EOF 374 ;; 375 nisLDAPretrieveErrorAction_help) cat <<EOF 376 377HELP - If an error occurs while trying to retrieve an entry from 378 LDAP, one of the following actions can be selected: 379 380 use_cached : Retry the retrieval the number of time specified 381 by nisLDAPretrieveErrorAttempts, with the 382 nisLDAPretrieveErrorTimeout value controlling 383 the wait between each attempt. 384 385 If all attempts fail then log a warning and 386 return the value currently in the cache to the 387 client. This is the default value. 388 389 fail : Proceed as for 'use_cached' but if all attempts 390 fail return a YPERR_YPERR error to the client. 391 392EOF 393 ;; 394 nisLDAPretrieveErrorAttempts_help) cat <<EOF 395 396HELP - The number of times a failed retrieval should be retried. 397 The default is unlimited. Note while retries are made, the 398 NIS daemon will be prevented from servicing further requests. 399 Hence, values other than 1 should be used with caution. 400 401EOF 402 ;; 403 nisLDAPretrieveErrorTimeout_help) cat <<EOF 404 405HELP - The timeout (in seconds) between each new attempt to retrieve 406 LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds. 407 408EOF 409 ;; 410 nisLDAPstoreErrorAction_help) cat <<EOF 411 412HELP - If an error occurs while trying to store data to the LDAP 413 repository, one of the following actions can be selected : 414 415 retry : Retry operation nisLDAPstoreErrorAttempts times with 416 nisLDAPstoreErrorTimeout seconds between each attempt. 417 Note while retries are made the NIS daemon will be 418 prevented from servicing further requests. Use with 419 caution. This is the default value. 420 421 fail : Return YPERR_YPERR error to the client. 422 423EOF 424 ;; 425 nisLDAPstoreErrorAttempts_help) cat <<EOF 426 427HELP - The number of times a failed attempt to store data to the 428 LDAP repository should be retried. The default is unlimited. 429 430 The value for nisLDAPstoreErrorAttempts is ignored unless 431 nisLDAPstoreErrorAction=retry. 432 433EOF 434 ;; 435 nisLDAPstoreErrorTimeout_help) cat <<EOF 436 437HELP - The timeout (in seconds) between each new attempt to store 438 LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds. 439 440 The value for nisLDAPstoreErrorTimeout is ignored unless 441 nisLDAPstoreErrorAction=retry. 442 443EOF 444 ;; 445 selectDomain4N2L_help) cat <<EOF 446 447HELP - Whether this domain needs to be served by YP to LDAP transition 448 solution. The default is no in which case the data in this 449 domain would not be taken care for transitioning to LDAP. 450 451EOF 452 ;; 453 generate_comment_info_for_cust_map_help) cat <<EOF 454 455HELP - If selected, this script will try to add relevant comments 456 in the mapping file which might help in customizing the 457 mapping information for custom maps. 458 459EOF 460 ;; 461 generate_mapping_info_for_cust_map_help) cat <<EOF 462 463HELP - If selected, this script will try to generate mapping 464 information for this map assuming it is a "simple" map. 465 466 A map is assumed to be "simple" if each entry of this map 467 has only one "key value" entry in YP, and if each map entry 468 can be represented as a single DIT string in the LDAP server. 469 470 If this map is not a simple map and you do want to store it 471 in LDAP, you have two options : 472 473 1 - Answer yes, and this script would generate the mapping 474 information for this map assuming it is a simple map. 475 And once the execution of the script is over, you can 476 customize the mapping information by hand editing the 477 mapping file. 478 479 2 - Answer no, and this script would not generate mapping 480 info for this map. And once the execution of the script 481 is over, you can include the customized mapping 482 information by hand editing the mapping file. 483 484EOF 485 ;; 486 nisLDAPdomainContext_help) cat <<EOF 487 488HELP - This parameter defines the context (default location) in 489 the directory tree at which all the name service entries 490 for this particular domain would be stored. 491 492EOF 493 ;; 494 nisLDAPyppasswddDomains_help) cat <<EOF 495 496HELP - Lists the domains for which password changes should be 497 made. If this is not present then the value returned by 498 'domainname' will be used. 499 500 NIS password change requests do not specify the domains in 501 which any given password should be changed. (In traditional 502 NIS this information is effectively hard coded in the NIS 503 makefile.) 504 505EOF 506 ;; 507 custom_map_comment_char_help) cat <<EOF 508 509HELP - If selected, it will allow you to specify a character which 510 would represent the start of the special 'comment' field in 511 a given NIS map. If this attribute is not present then the 512 default comment character '#' is used. 513 514 If a map cannot contain comments then the blank comment 515 character ('') should be specified (just hit the return key). 516 517EOF 518 ;; 519 same_comment_char_help) cat <<EOF 520 521HELP - If selected, for a given map, it will allow you to specify 522 a common comment character for all the domains. 523 524 Or else by selecting NO, for the same map, you would be 525 given the option to specify different comment character 526 for different domains. 527 528EOF 529 ;; 530 secure_flag_on_help) cat <<EOF 531 532HELP - Secure flag is set on maps which are generated with 533 "makedbm -s". When converting data from LDAP to YP, 534 it adds YP_SECURE entries. 535 536EOF 537 ;; 538 secure_flag_all_domains_help) cat <<EOF 539 540HELP - If selected, it will allow you to set the secure flag on 541 for this map for all the domains. 542 543 Or else by selecting NO, you would be given the option to 544 set this flag, for the same map, on per domain basis. 545 546EOF 547 ;; 548 interdomain_flag_on_help) cat <<EOF 549 550HELP - Interdomain flag is set on a set of maps which are generated 551 with "makedbm -b". It signals NIS servers to use the domain 552 name resolver for host name and address lookups for hosts 553 not found in the maps. 554 555 If selected, it adds YP_INTERDOMAIN entries in these maps 556 when converting data from LDAP to YP. 557 558EOF 559 ;; 560 interdomain_flag_all_domains_help) cat <<EOF 561 562HELP - If selected, it will allow you to set the interdomain flag 563 on for all the domains. 564 565 Or else by selecting NO, you would be given the option to 566 set this flag on per domain basis. 567 568EOF 569 ;; 570 initialTTLlo_help) cat <<EOF 571 572HELP - The lower limit for the initial TTL (in seconds) for data 573 read from disk when the ypserv starts. If initialTTLhi also 574 is specified, the actual initialTTL will be randomly selected 575 from the interval initialTTLlo to initialTTLhi (inclusive). 576 577 Leaving the field empty yields the default value of $DEF_iTTLlo. 578 579EOF 580 ;; 581 initialTTLhi_help) cat <<EOF 582 583HELP - The upper limit for the initial TTL (in seconds). 584 If left empty, defaults to "$DEF_iTTLhi". 585 586EOF 587 ;; 588 runningTTL_help) cat <<EOF 589 590HELP - The TTL (in seconds) for data retrieved from LDAP while the 591 ypserv is running. If left empty, defaults to "$DEF_runTTL". 592 593EOF 594 ;; 595 default_ttl_help) cat <<EOF 596 597HELP - The default TTL value for each map is set to : 598 ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL} 599 600 Select yes if you want to change the current TTL value. 601 602EOF 603 ;; 604 non_default_same_ttl_help) cat <<EOF 605 606HELP - Select yes if you want to set a new TTL value, but want 607 to keep it same for all the maps. 608 609EOF 610 ;; 611 non_default_different_ttl_help) cat <<EOF 612 613HELP - Select yes if you want to set TTL value for each map, but 614 want to keep it same for all the domains. 615 616EOF 617 ;; 618 default_different_ttl_help) cat <<EOF 619 620HELP - Select yes if you want to accept the default TTL 621 value for this map. 622 623EOF 624 ;; 625 same_ttl_across_domains_help) cat <<EOF 626 627HELP - Select yes if you want to set TTL value for the map, 628 but want to keep it same for all the domains. 629 630EOF 631 ;; 632 633 esac 634} 635 636# 637# Echo the message passed only if DEBUG is set. 638# Reduces the line width significantly. 639# 640d_echo() 641{ 642[ DEBUG -eq 1 ] && echo $@ 643} 644 645 646# 647# get_ans(): gets an answer from the user. 648# $1 instruction/comment/description/question 649# $2 default value 650# 651get_ans() 652{ 653 if [ -z "$2" ] 654 then 655 echo "$1 \c" 656 else 657 echo "$1 [$2] \c" 658 fi 659 660 read ANS 661 if [ -z "$ANS" ] 662 then 663 ANS=$2 664 fi 665} 666 667 668# 669# get_ans_req(): gets an answer (required) from the user, NULL value not allowed. 670# $@ instruction/comment/description/question 671# 672get_ans_req() 673{ 674 ANS="" # Set ANS to NULL. 675 while [ "$ANS" = "" ] 676 do 677 get_ans "$@" 678 [ "$ANS" = "" ] && echo "NULL value not allowed!" 679 done 680} 681 682 683# 684# get_integer(): Querys and verifies that number entered is integer. 685# Function will repeat prompt user for integer value. 686# $1 Message text. 687# $2 default value. 688# $3 Help argument. 689# 690get_integer() 691{ 692 ANS="" # Set ANS to NULL. 693 NUM="" 694 695 get_ans "$1" "$2" 696 697 # Verify that value is integer. 698 while not_integer $ANS 699 do 700 case "$ANS" in 701 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 702 * ) echo "Invalid value: \"${ANS}\". \c" 703 ;; 704 esac 705 706 # Get a new value. 707 get_ans "Enter an integer value:" "$2" 708 done 709 NUM=$ANS 710} 711 712 713# 714# get_number(): Querys and verifies that number entered is numeric. 715# Function will repeat prompt user for numeric value. 716# $1 Message text. 717# $2 default value. 718# $3 Help argument. 719# 720get_number() 721{ 722 ANS="" # Set ANS to NULL. 723 NUM="" 724 725 get_ans "$1" "$2" 726 727 # Verify that value is numeric. 728 while not_numeric $ANS 729 do 730 case "$ANS" in 731 [Hh] | help | Help | \?) display_msg ${3:-sorry} ;; 732 * ) echo "Invalid value: \"${ANS}\". \c" 733 ;; 734 esac 735 736 # Get a new value. 737 get_ans "Enter a numeric value:" "$2" 738 done 739 NUM=$ANS 740} 741 742 743# 744# get_pos_int(): Only allows positive integer. 745# 746# $1 - Prompt message. 747# $2 - Default value (require). 748# $3 - Optional help argument. 749get_pos_int() 750{ 751 while : 752 do 753 get_integer "$1" "$2" "$3" 754 755 if [ $ANS -lt 0 ]; then 756 echo "Invalid number: please enter a positive integer." 757 else 758 break # Positive integer 759 fi 760 done 761} 762 763 764# 765# get_pos_num(): Only allows positive number. 766# 767# $1 - Prompt message. 768# $2 - Default value (require). 769# $3 - Optional help argument. 770get_pos_num() 771{ 772 while : 773 do 774 get_number "$1" "$2" "$3" 775 776 if [ $ANS -lt 0 ]; then 777 echo "Invalid number: please enter a positive number." 778 else 779 break # Positive number 780 fi 781 done 782} 783 784 785# 786# 787# get_passwd(): Reads a password from the user and verify with second. 788# $@ instruction/comment/description/question 789# 790get_passwd() 791{ 792 [ $DEBUG -eq 1 ] && echo "In get_passwd()" 793 794 # Temporary PASSWD variables 795 _PASS1="" 796 _PASS2="" 797 798 # Handle signals, so that echo can be turned back on if Ctrl-C. 799 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 800 801 /usr/bin/stty -echo # Turn echo OFF 802 803 # Endless loop that continues until passwd and re-entered passwd 804 # match. 805 while : 806 do 807 ANS="" # Set ANS to NULL. 808 809 # Don't allow NULL for first try. 810 while [ "$ANS" = "" ] 811 do 812 get_ans "$@" 813 [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!" 814 done 815 _PASS1=$ANS # Store first try. 816 817 # Get second try. 818 echo "" 819 get_ans "Re-enter passwd:" 820 _PASS2=$ANS 821 822 # Test if passwords are identical. 823 if [ "$_PASS1" = "$_PASS2" ]; then 824 break 825 fi 826 827 # Move cursor down to next line and print ERROR message. 828 echo "" 829 echo "ERROR: passwords don't match; try again." 830 done 831 832 /usr/bin/stty echo # Turn echo ON 833 834 # Removed signal handler 835 trap 1 2 3 6 15 836 837 echo "" 838} 839 840 841# 842# get_passwd_nochk(): Reads a password from the user w/o check. 843# $@ instruction/comment/description/question 844# 845get_passwd_nochk() 846{ 847 [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()" 848 849 # Handle signals, so that echo can be turned back on if Ctrl-C. 850 trap "/usr/bin/stty echo; exit" 1 2 3 6 15 851 852 /usr/bin/stty -echo # Turn echo OFF 853 854 get_ans "$@" 855 856 /usr/bin/stty echo # Turn echo ON 857 858 # Removed signal handler 859 trap 1 2 3 6 15 860 861 echo "" 862} 863 864 865# 866# get_confirm(): Get confirmation from the user. (Y/Yes or N/No) 867# $1 - Message 868# $2 - default value. 869# 870get_confirm() 871{ 872 _ANSWER= 873 874 while : 875 do 876 # Display Internal ERROR if $2 not set. 877 if [ -z "$2" ]; then 878 echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional." 879 exit 2 880 fi 881 882 # Display prompt. 883 echo "$1 [$2] \c" 884 885 # Get the ANSWER. 886 read _ANSWER 887 if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then 888 _ANSWER=$2 889 fi 890 case "$_ANSWER" in 891 [Yy] | yes | Yes | YES) return 1 ;; 892 [Nn] | no | No | NO) return 0 ;; 893 [Hh] | help | Help | \?) display_msg ${3:-sorry};; 894 * ) echo "Please enter y or n." ;; 895 esac 896 done 897} 898 899 900# 901# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No) 902# No default value supported. Returns 1 for yes. 903# 904get_confirm_nodef() 905{ 906 _ANSWER= 907 908 while : 909 do 910 echo "$@ \c" 911 read _ANSWER 912 case "$_ANSWER" in 913 [Yy] | yes | Yes | YES) return 1 ;; 914 [Nn] | no | No | NO) return 0 ;; 915 * ) echo "Please enter y or n." ;; 916 esac 917 done 918} 919 920 921# 922# is_integer(): Tells if a string is numeric integer. 923# 0 = Integer 924# 1 = NOT Integer 925# 926is_integer() 927{ 928 # Check for parameter. 929 if [ $# -ne 1 ]; then 930 return 1 931 fi 932 933 # Determine if integer. 934 expr "$1" + 1 > /dev/null 2>&1 935 936 if [ $? -ge 2 ]; then 937 return 1 938 fi 939 940 # Made it here, it's Numeric. 941 return 0 942} 943 944 945# 946# not_integer(): Reverses the return values of is_integer. Useful 947# for if and while statements that want to test for 948# non-integer data. 949# 0 = NOT Integer 950# 1 = Integer 951# 952not_integer() 953{ 954 is_integer $1 955 if [ $? -eq 0 ]; then 956 return 1 957 else 958 return 0 959 fi 960} 961 962 963# 964# is_numeric(): Tells if a string is numeric. 965# 0 = Numeric 966# 1 = NOT Numeric 967# 968is_numeric() 969{ 970 # Check for parameter. 971 if [ $# -ne 1 ]; then 972 return 1 973 fi 974 975 # Determine if numeric. 976 let _NUM="$1 + 1" > /dev/null 2>&1 977 978 if [ $? -eq 0 ]; then 979 return 0 980 fi 981 982} 983 984 985# 986# not_numeric(): Reverses the return values of is_numeric. Useful 987# for if and while statements that want to test for 988# non-numeric data. 989# 0 = NOT Numeric 990# 1 = Numeric 991# 992not_numeric() 993{ 994 is_numeric $1 995 if [ $? -eq 0 ]; then 996 return 1 997 else 998 return 0 999 fi 1000} 1001 1002 1003# 1004# domain_2_dc(): Convert a domain name into dc string. 1005# $1 .. Domain name. 1006# 1007domain_2_dc() 1008{ 1009 _DOM=$1 # Domain parameter. 1010 _DOM_2_DC="" # Return value from function. 1011 _FIRST=1 # Flag for first time. 1012 1013 export _DOM_2_DC # Make visible for others. 1014 1015 # Convert "."'s to spaces for "for" loop. 1016 domtmp="`echo ${_DOM} | tr '.' ' '`" 1017 for i in $domtmp; do 1018 if [ $_FIRST -eq 1 ]; then 1019 _DOM_2_DC="dc=${i}" 1020 _FIRST=0 1021 else 1022 _DOM_2_DC="${_DOM_2_DC},dc=${i}" 1023 fi 1024 done 1025} 1026 1027 1028# 1029# is_root_user(): Check to see if logged in as super user. 1030# 1031is_root_user() 1032{ 1033 case `id` in 1034 uid=0\(root\)*) return 0 ;; 1035 * ) return 1 ;; 1036 esac 1037} 1038 1039 1040# 1041# parse_arg(): Parses the command line arguments and sets the 1042# appropriate variables. 1043# 1044parse_arg() 1045{ 1046 while getopts ":dm:c:" ARG 1047 do 1048 case $ARG in 1049 d) DEBUG=1;; 1050 1051 m) MAP_FILE=$OPTARG 1052 MAPPING_FILE_SPECIFIED=1;; 1053 1054 c) CONFIG_FILE=$OPTARG 1055 CONFIG_FILE_SPECIFIED=1;; 1056 1057 \?) echo "**ERROR: Invalid option '$OPTARG'" 1058 display_msg usage 1059 exit 1;; 1060 esac 1061 done 1062 1063 shift `expr $OPTIND - 1` 1064 if [ $# -gt 0 ]; then 1065 echo "**ERROR: wrong usage " 1066 display_msg usage 1067 exit 1 1068 fi 1069} 1070 1071 1072# 1073# present() : Checks if the first argument exists in the 1074# argument list. Returns 0 if found, else 1. 1075# 1076present () 1077{ 1078_ELEMENT=$1 1079 1080shift 1081ARG_LIST=$@ 1082 1083for item in $ARG_LIST 1084do 1085 [ "$_ELEMENT" = "$item" ] && return 0 1086done 1087 1088# If reached here, then the clement does not exist 1089return 1 1090} 1091 1092 1093# 1094# remove() : Returns a new string after removing the first 1095# argument in the argument list. 1096# 1097remove () 1098{ 1099_ELEMENT=$1 1100 1101shift 1102ARG_LIST=$@ 1103 1104NEW_LIST="" 1105 1106for item in $ARG_LIST 1107do 1108 [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item" 1109done 1110 1111echo $NEW_LIST 1112return 0 1113} 1114 1115 1116# 1117# merge_lists() : Returns a list after merging elements 1118# (uniquely) supplied in the argument list. 1119# 1120merge_lists() 1121{ 1122MERGED_LIST="" 1123 1124for _VAR in "$@" 1125do 1126 if ! present $_VAR $MERGED_LIST; then 1127 MERGED_LIST="$MERGED_LIST $_VAR" 1128 fi 1129done 1130 1131echo $MERGED_LIST 1132return 0 1133} 1134 1135 1136# 1137# init(): initializes variables and options 1138# 1139init() 1140{ 1141# General variables. 1142DEBUG=0 # Set Debug OFF 1143 1144MAPPING_FILE_SPECIFIED=0 # No file name passed 1145CONFIG_FILE_SPECIFIED=0 # No file name passed 1146 1147# Prevent others from snooping 1148umask 077 1149 1150# Set default config and mapping files. 1151DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping" 1152DEFAULT_CONFIG_FILE="/etc/default/ypserv" 1153 1154MAP_FILE="$DEFAULT_MAP_FILE" 1155CONFIG_FILE="$DEFAULT_CONFIG_FILE" 1156 1157# Set and create TMPDIR. Use a safe place to discourage hackers. 1158TMPDIR="/var/yp/inityp2l" 1159 1160# Temporary file names to be used to prevent system starting in 1161# N2L mode in case something goes wrong during file creation. 1162TMPCONF="ypserv-tmp" 1163TMPMAP="NISLDAPmapping-tmp" 1164 1165# Remove if the temp directory has been leftover 1166[ -d "$TMPDIR" ] && rm -rf $TMPDIR 1167mkdir $TMPDIR 1168if [ $? -ne 0 ]; then 1169 echo ERROR : Failed to create temp directory $TMPDIR 1170 exit 1 1171fi 1172 1173# Initialize the default NIS maps. 1174DEFAULT_NIS_MAPS="passwd.byname 1175 passwd.byuid 1176 group.byname 1177 group.bygid 1178 hosts.byaddr 1179 hosts.byname 1180 ipnodes.byaddr 1181 ipnodes.byname 1182 ethers.byaddr 1183 ethers.byname 1184 networks.byaddr 1185 networks.byname 1186 rpc.bynumber 1187 services.byname 1188 services.byservicename 1189 printers.conf.byname 1190 project.byname 1191 project.byprojid 1192 protocols.byname 1193 protocols.bynumber 1194 netgroup 1195 netgroup.byuser 1196 netgroup.byhost 1197 bootparams 1198 mail.aliases 1199 mail.byaddr 1200 publickey.byname 1201 netid.byname 1202 netmasks.byaddr 1203 passwd.adjunct.byname 1204 group.adjunct.byname 1205 timezone.byname 1206 auth_attr 1207 exec_attr 1208 prof_attr 1209 user_attr 1210 audit_user 1211 auto.master 1212 auto.home 1213 ypservers" 1214 1215set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS 1216 1217# The default TTL maps in database ID format. 1218DEF_TTL_MAPLIST="audit_user 1219 auto.home 1220 auto.master 1221 auth_attr 1222 bootparams 1223 ethers 1224 exec_attr 1225 group 1226 group.adjunct.byname 1227 keys.host 1228 keys.pass 1229 keys.nobody 1230 hosts 1231 multihosts 1232 ipnodes 1233 multiipnodes 1234 netgroup 1235 networks 1236 passwd 1237 passwd.adjunct.byname 1238 printers.conf.byname 1239 prof_attr 1240 project 1241 protocols 1242 services 1243 mail.aliases 1244 mail.mapping 1245 netid.host 1246 netid.pass 1247 netmasks.byaddr 1248 rpc.bynumber 1249 ageing.byname 1250 timezone.byname 1251 user_attr 1252 ypservers" 1253 1254 1255# Initialize default values for config parameters. 1256 1257configDN_flag=0 1258DEF_nisLDAPconfigDN="" 1259DEF_TLS=none 1260DEF_TLSCertificateDBPath=/var/yp/cert7.db 1261DEF_nisLDAPbindTimeout=15 1262DEF_nisLDAPsearchTimeout=180 1263DEF_nisLDAPmodifyTimeout=15 1264DEF_nisLDAPaddTimeout=15 1265DEF_nisLDAPdeleteTimeout=15 1266DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout} 1267DEF_nisLDAPsearchSizeLimit=0 1268DEF_nisLDAPfollowReferral=no 1269DEF_nisLDAPretrieveErrorAction=use_cached 1270 1271# The default is unlimited, but since it prevents the NIS daemon, 1272# from servicing further requests, set 1 as the suggested value. 1273SUG_nisLDAPretrieveErrorAttempts=1 1274DEF_nisLDAPretrieveErrorTimeout=15 1275DEF_nisLDAPstoreErrorAction=retry 1276 1277# The default is unlimited, but set 1 as the suggested value. 1278SUG_nisLDAPstoreErrorAttempts=1 1279DEF_nisLDAPstoreErrorTimeout=15 1280 1281# Default TTL values (in seconds) for NIS MAPS for mapping file. 1282DEF_iTTLlo=1800 1283DEF_iTTLhi=5400 1284DEF_runTTL=3600 1285 1286} 1287 1288 1289# 1290# config_auth_menu_handler(): Enter the authentication method 1291# for config server. 1292# 1293config_auth_menu_handler() 1294{ 1295 # Display Auth menu 1296 display_msg config_auth_method_menu 1297 1298 # Get a Valid choice. 1299 while : 1300 do 1301 # Display appropriate prompt and get answer. 1302 get_ans_req " Choose one Authentication Method (h=help):" 1303 1304 # Determine choice. 1305 _MENU_CHOICE=$ANS 1306 case "$_MENU_CHOICE" in 1307 1) _AUTHMETHOD="none" 1308 break ;; 1309 2) _AUTHMETHOD="simple" 1310 break ;; 1311 3) _AUTHMETHOD="sasl/cram-md5" 1312 break ;; 1313 4) _AUTHMETHOD="sasl/digest-md5" 1314 break ;; 1315 h) display_msg auth_help ;; 1316 *) echo "Please enter 1-4, or h=help." ;; 1317 esac 1318 done 1319} 1320 1321 1322# 1323# auth_menu_handler(): Enter the Authentication method for LDAP server. 1324# 1325auth_menu_handler() 1326{ 1327 # Display Auth menu 1328 display_msg auth_method_menu 1329 1330 # Get a Valid choice. 1331 while : 1332 do 1333 # Display appropriate prompt and get answer. 1334 get_ans_req " Choose one Authentication Method (h=help):" 1335 1336 # Determine choice. 1337 _MENU_CHOICE=$ANS 1338 case "$_MENU_CHOICE" in 1339 1) _AUTHMETHOD="simple" 1340 break ;; 1341 2) _AUTHMETHOD="sasl/cram-md5" 1342 break ;; 1343 3) _AUTHMETHOD="sasl/digest-md5" 1344 break ;; 1345 h) display_msg auth_help ;; 1346 *) echo "Please enter 1-3, or h=help." ;; 1347 esac 1348 done 1349} 1350 1351 1352# 1353# tls_menu_handler(): Enter the transport layer security 1354# 1355tls_menu_handler() 1356{ 1357 # Display TLS menu 1358 display_msg tls_method_menu 1359 1360 # Get a Valid choice. 1361 while : 1362 do 1363 # Display appropriate prompt and get answer. 1364 # Default value is "none". 1365 1366 get_ans " Choose one Transport Layer Security Method (h=help):" "1" 1367 1368 # Determine choice. 1369 _MENU_CHOICE=$ANS 1370 case "$_MENU_CHOICE" in 1371 1) _TLSMETHOD="none" 1372 break ;; 1373 2) _TLSMETHOD="ssl" 1374 break ;; 1375 h) display_msg tls_help ;; 1376 *) echo "Please enter 1, 2, or h=help." ;; 1377 esac 1378 done 1379} 1380 1381 1382# 1383# retrieve_error_action_menu_handler(): Enter the retrieve error action 1384# 1385retrieve_error_action_menu_handler() 1386{ 1387 # Display retrieve error action menu 1388 display_msg retrieve_error_action_menu 1389 1390 # Get a Valid choice. 1391 while : 1392 do 1393 # Display appropriate prompt and get answer. use_cached is default 1394 get_ans " Choose one retrieval error action (h=help):" "1" 1395 1396 # Determine choice. 1397 _MENU_CHOICE=$ANS 1398 case "$_MENU_CHOICE" in 1399 1) _RET_ERR_ACT="use_cached" 1400 break ;; 1401 2) _RET_ERR_ACT="fail" 1402 break ;; 1403 h) display_msg nisLDAPretrieveErrorAction_help ;; 1404 *) echo "Please enter 1, 2, or h=help." ;; 1405 esac 1406 done 1407} 1408 1409 1410# 1411# store_error_action_menu_handler(): Enter the store error action 1412# 1413store_error_action_menu_handler() 1414{ 1415 # Display store error action menu 1416 display_msg store_error_action_menu 1417 1418 # Get a Valid choice. 1419 while : 1420 do 1421 # Display appropriate prompt and get answer. retry is default 1422 get_ans " Choose one store error action (h=help):" "1" 1423 1424 # Determine choice. 1425 _MENU_CHOICE=$ANS 1426 case "$_MENU_CHOICE" in 1427 1) _STOR_ERR_ACT="retry" 1428 break ;; 1429 2) _STOR_ERR_ACT="fail" 1430 break ;; 1431 h) display_msg nisLDAPstoreErrorAction_help ;; 1432 *) echo "Please enter 1, 2, or h=help." ;; 1433 esac 1434 done 1435} 1436 1437 1438# 1439# cleanup(): Remove the TMPDIR and all files in it. 1440# 1441cleanup() 1442{ 1443[ $DEBUG -eq 1 ] && echo "In cleanup()" 1444 1445# Leave the temp directory if debug is set 1446[ $DEBUG -eq 0 ] && rm -rf $TMPDIR 1447} 1448 1449 1450# Save existing config file if elected 1451check_back_config_file() 1452{ 1453if [ -f $CONFIG_FILE ]; then 1454 display_msg backup_config_file 1455 1456 get_confirm "Do you wish to continue (y/n/h)?" \ 1457 "n" "backup_config_file_cont_help" 1458 1459 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1460 cleanup ; exit 1 1461 fi 1462 1463 get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \ 1464 "y" "backup_config_file_help" 1465 1466 if [ $? -eq 1 ]; then # Save the old config file with timestamp 1467 1468 # SCCS converts '% H %' (without spaces) in current date during putback. 1469 # So use some other combination. 1470 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1471 1472 cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX} 1473 echo " Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}" 1474 fi 1475fi 1476} 1477 1478 1479# Save existing mapping file if elected 1480check_back_mapping_file() 1481{ 1482if [ -f $MAP_FILE ]; then 1483 display_msg backup_mapping_file 1484 1485 get_confirm "Do you wish to continue (y/n/h)?" \ 1486 "n" "backup_mapping_file_cont_help" 1487 1488 if [ $? -eq 0 ]; then # if No, cleanup and exit. 1489 cleanup ; exit 1 1490 fi 1491 1492 get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \ 1493 "y" "backup_mapping_file_help" 1494 1495 if [ $? -eq 1 ]; then # if Yes, save the old map file with timestamp 1496 1497 # SCCS converts '% H %' (without spaces) in current date during putback. 1498 # So use some other combination. 1499 SUFFIX=`date '+%d%h%Y.%H:%M:%S'` 1500 1501 cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX} 1502 echo " Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}" 1503 fi 1504 1505else 1506 if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then 1507 display_msg warn_n2l_mode 1508 1509 get_confirm "Do you wish to continue (y/n/h)?" \ 1510 "n" "warn_n2l_mode_help" 1511 1512 if [ $? -eq 0 ]; then 1513 cleanup ; exit 1 1514 fi 1515 fi 1516fi 1517} 1518 1519 1520put_config_file_copyright_info() 1521{ 1522 1523# Start with an emptty file, so don't append, but overwrite here. 1524# Just change the name, but keep the same date and version number 1525# as in the ident string of this script. 1526 1527grep "ident \"@(#)$PROG" $ABS_PROG | \ 1528 sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE 1529 1530echo "\ 1531# 1532# Copyright 2003 Sun Microsystems, Inc. All rights reserved. 1533# Use is subject to license terms. 1534#\ 1535" >> $MAP_FILE 1536} 1537 1538 1539get_nisLDAPconfigDN() 1540{ 1541while : 1542do 1543 1544get_ans "DN for configuration information (h=help):" 1545 1546# If help continue, otherwise break. 1547case "$ANS" in 1548 [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;; 1549 * ) break ;; 1550esac 1551done 1552 1553nisLDAPconfigDN="${ANS}" 1554 1555# Store in config file only if a non-default value is specified. 1556if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then 1557 echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE 1558fi 1559 1560# Ask remaining config server related questions only if this 1561# DN is set. So, if a value is specified, set a flag. 1562 1563[ "$ANS" != "" ] && configDN_flag=1 1564} 1565 1566 1567get_nisLDAPconfigPreferredServerList() 1568{ 1569while : 1570do 1571 1572get_ans_req "Preferred server list for configuration information (h=help):" 1573 1574# If help continue, otherwise break. 1575case "$ANS" in 1576 [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;; 1577 * ) break ;; 1578esac 1579done 1580 1581nisLDAPconfigPreferredServerList=${ANS} 1582echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE 1583} 1584 1585 1586get_nisLDAPconfigAuthenticationMethod() 1587{ 1588_AUTHMETHOD="" 1589 1590echo "Select the Authentication Method for configuration server :" 1591config_auth_menu_handler 1592 1593nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD} 1594echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1595} 1596 1597 1598get_nisLDAPconfigTLS() 1599{ 1600_TLSMETHOD="" 1601 1602echo "Select the Transport Layer Security (TLS) for configuration server :" 1603tls_menu_handler 1604 1605nisLDAPconfigTLS=${_TLSMETHOD} 1606 1607# Store in config file only if a non-default value is specified. 1608if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1609 echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1610fi 1611} 1612 1613 1614get_nisLDAPconfigTLSCertificateDBPath() 1615{ 1616while : 1617do 1618 1619get_ans "TLS Certificate DB for configuration server (h=help):"\ 1620 "${DEF_TLSCertificateDBPath}" 1621 1622# If help continue, otherwise break. 1623case "$ANS" in 1624 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1625 * ) break ;; 1626esac 1627done 1628 1629nisLDAPconfigTLSCertificateDBPath=${ANS} 1630 1631# Store in config file only if a non-default value is specified. 1632if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1633 echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1634fi 1635} 1636 1637 1638get_nisLDAPconfigProxyUser() 1639{ 1640while : 1641do 1642 1643get_ans_req "Proxy user bind DN to obtain configuration information (h=help):" 1644# If help continue, otherwise break. 1645case "$ANS" in 1646 [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;; 1647 * ) break ;; 1648esac 1649done 1650 1651nisLDAPconfigProxyUser=${ANS} 1652echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE 1653} 1654 1655 1656get_nisLDAPconfigProxyPassword() 1657{ 1658get_passwd "Proxy user password to obtain configuration information :" 1659nisLDAPconfigProxyPassword=${ANS} 1660 1661echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE 1662 1663display_msg ProxyPassword_warn 1664} 1665 1666 1667get_preferredServerList() 1668{ 1669while : 1670do 1671 1672get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):" 1673 1674# If help continue, otherwise break. 1675case "$ANS" in 1676 [Hh] | help | Help | \?) display_msg preferredServerList_help ;; 1677 * ) break ;; 1678esac 1679done 1680 1681preferredServerList=${ANS} 1682echo "preferredServerList=${ANS}" >> $CONFIG_FILE 1683} 1684 1685 1686get_authenticationMethod() 1687{ 1688_AUTHMETHOD="" 1689 1690echo "Select the Authentication Method for mapping data to/from LDAP :" 1691auth_menu_handler 1692 1693authenticationMethod=${_AUTHMETHOD} 1694echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE 1695} 1696 1697 1698get_nisLDAPTLS() 1699{ 1700_TLSMETHOD="" 1701 1702echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :" 1703tls_menu_handler 1704 1705nisLDAPTLS=${_TLSMETHOD} 1706 1707# Store in config file only if a non-default value is specified. 1708if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then 1709 echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE 1710fi 1711} 1712 1713 1714get_nisLDAPTLSCertificateDBPath() 1715{ 1716while : 1717do 1718 1719get_ans "TLS Certificate DB for LDAP data server (h=help):"\ 1720 "${DEF_nisLDAPTLSCertificateDBPath}" 1721 1722# If help continue, otherwise break. 1723case "$ANS" in 1724 [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;; 1725 * ) break ;; 1726esac 1727done 1728 1729nisLDAPTLSCertificateDBPath=${ANS} 1730 1731# Store in config file only if a non-default value is specified. 1732if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then 1733 echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE 1734fi 1735} 1736 1737 1738get_nisLDAPproxyUser() 1739{ 1740while : 1741do 1742 1743get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):" 1744 1745# If help continue, otherwise break. 1746case "$ANS" in 1747 [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;; 1748 * ) break ;; 1749esac 1750done 1751 1752nisLDAPproxyUser=${ANS} 1753echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE 1754} 1755 1756 1757get_nisLDAPproxyPassword() 1758{ 1759get_passwd "Proxy user password to read/write data from/to LDAP :" 1760nisLDAPproxyPassword=${ANS} 1761 1762echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE 1763 1764display_msg ProxyPassword_warn 1765} 1766 1767 1768get_nisLDAPbindTimeout() 1769{ 1770get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \ 1771 "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help" 1772 1773nisLDAPbindTimeout=${NUM} 1774 1775# Store in config file only if a non-default value is specified. 1776if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then 1777 echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE 1778fi 1779} 1780 1781 1782get_nisLDAPsearchTimeout() 1783{ 1784get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \ 1785 "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help" 1786 1787nisLDAPsearchTimeout=${NUM} 1788 1789# Store in config file only if a non-default value is specified. 1790if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then 1791 echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE 1792fi 1793} 1794 1795 1796get_nisLDAPmodifyTimeout() 1797{ 1798get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \ 1799 "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help" 1800 1801nisLDAPmodifyTimeout=${NUM} 1802 1803# Store in config file only if a non-default value is specified. 1804if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then 1805 echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE 1806fi 1807} 1808 1809 1810get_nisLDAPaddTimeout() 1811{ 1812get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \ 1813 "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help" 1814 1815nisLDAPaddTimeout=${NUM} 1816 1817# Store in config file only if a non-default value is specified. 1818if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then 1819 echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE 1820fi 1821} 1822 1823 1824get_nisLDAPdeleteTimeout() 1825{ 1826get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \ 1827 "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help" 1828 1829nisLDAPdeleteTimeout=${NUM} 1830 1831# Store in config file only if a non-default value is specified. 1832if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then 1833 echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE 1834fi 1835} 1836 1837 1838get_nisLDAPsearchTimeLimit() 1839{ 1840get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \ 1841 "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help" 1842 1843nisLDAPsearchTimeLimit=${NUM} 1844 1845# Store in config file only if a non-default value is specified. 1846if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then 1847 echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE 1848fi 1849} 1850 1851 1852get_nisLDAPsearchSizeLimit() 1853{ 1854get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \ 1855 "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help" 1856 1857nisLDAPsearchSizeLimit=${NUM} 1858 1859# Store in config file only if a non-default value is specified. 1860if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then 1861 echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE 1862fi 1863} 1864 1865 1866get_nisLDAPfollowReferral() 1867{ 1868get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \ 1869 "n" "nisLDAPfollowReferral_help" 1870 1871if [ $? -eq 1 ]; then 1872 _ANS="yes" 1873else 1874 _ANS="no" 1875fi 1876 1877# Store in config file only if a non-default value is specified. 1878if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then 1879 echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE 1880fi 1881} 1882 1883 1884get_nisLDAPretrieveErrorAction() 1885{ 1886_RET_ERR_ACT="" 1887 1888echo "Select the action to be taken in case of LDAP retrieval error :" 1889retrieve_error_action_menu_handler 1890 1891nisLDAPretrieveErrorAction=${_RET_ERR_ACT} 1892 1893# Store in config file only if a non-default value is specified. 1894if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then 1895 echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE 1896fi 1897} 1898 1899 1900get_nisLDAPretrieveErrorAttempts() 1901{ 1902 1903get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \ 1904 "$SUG_nisLDAPretrieveErrorAttempts" \ 1905 "nisLDAPretrieveErrorAttempts_help" 1906 1907nisLDAPretrieveErrorAttempts=${NUM} 1908 1909echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE 1910} 1911 1912 1913get_nisLDAPretrieveErrorTimeout() 1914{ 1915# if nisLDAPretrieveErrorAttempts=0, then no point in asking 1916# for timeout vales as it is ignored anyway. 1917 1918[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0 1919 1920get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\ 1921 "${DEF_nisLDAPretrieveErrorTimeout}" \ 1922 "nisLDAPretrieveErrorTimeout_help" 1923 1924nisLDAPretrieveErrorTimeout=${NUM} 1925 1926# Store in config file only if a non-default value is specified. 1927if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then 1928 echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE 1929fi 1930} 1931 1932 1933get_nisLDAPstoreErrorAction() 1934{ 1935_STOR_ERR_ACT="" 1936 1937echo "Select the action to be taken in case of LDAP store error :" 1938store_error_action_menu_handler 1939 1940nisLDAPstoreErrorAction=${_STOR_ERR_ACT} 1941 1942# Store in config file only if a non-default value is specified. 1943if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then 1944 echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE 1945fi 1946} 1947 1948 1949get_nisLDAPstoreErrorAttempts() 1950{ 1951 1952# if nisLDAPstoreErrorAction="fail", then no point in asking 1953# for no. of attempts or timeout vales as they are ignored. 1954 1955[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1956 1957get_pos_int "Number of attempts in case of LDAP store error (h=help):" \ 1958 "$SUG_nisLDAPstoreErrorAttempts" \ 1959 "nisLDAPstoreErrorAttempts_help" 1960 1961nisLDAPstoreErrorAttempts=${NUM} 1962 1963echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE 1964} 1965 1966 1967get_nisLDAPstoreErrorTimeout() 1968{ 1969 1970# if nisLDAPstoreErrorAction="fail", then no point in asking 1971# for no. of attempts or timeout vales as they are ignored. 1972 1973[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0 1974 1975# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question. 1976 1977[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0 1978 1979get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\ 1980 "${DEF_nisLDAPstoreErrorTimeout}" \ 1981 "nisLDAPstoreErrorTimeout_help" 1982 1983nisLDAPstoreErrorTimeout=${NUM} 1984 1985# Store in config file only if a non-default value is specified. 1986if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then 1987 echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE 1988fi 1989} 1990 1991 1992 1993create_config_file() 1994{ 1995 1996# To prevent from leaving a partial config file in case some error or 1997# signal takes place, store the output being generated in a temporary 1998# file first, and move it at the final destination only at the end if 1999# everything goes fine. 2000 2001_CONFIG_FILE=$CONFIG_FILE 2002CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$ 2003 2004echo "Generating config file temporarily as \"${CONFIG_FILE}\"" 2005 2006# Truncate the file before we append anything. 2007# Place copyright information 2008put_config_file_copyright_info 2009 2010# Filter out all the YP domains in /var/yp 2011# The list of domains is stored in list "VARYP_DMN_LIST" 2012 2013echo "\ 2014# 2015# Configuration file for ypserv(1M); see ypserv(4) for more information, 2016# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping. 2017 2018# Unless otherwise noted, commented lines show default values. 2019" >> $CONFIG_FILE 2020 2021echo "\ 2022# Where to look for configuration information in LDAP. Leave empty or 2023# undefined to use this file, in which case the values of the other 2024# 'nisLdapConfig*' attributes are ignored. 2025# 2026#nisLDAPconfigDN=\ 2027" >> $CONFIG_FILE 2028 2029get_nisLDAPconfigDN 2030 2031echo " 2032 2033# Server(s) for configuration information. There is no default; 2034# use the value on the line below for an LDAP server running on 2035# this machine, at port 389. 2036#nisLDAPconfigPreferredServerList=127.0.0.1:389\ 2037" >> $CONFIG_FILE 2038 2039[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList 2040 2041echo " 2042 2043# Authentication method(s) to obtain configuration information. 2044#\ 2045" >> $CONFIG_FILE 2046 2047[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod 2048 2049echo " 2050 2051# Transport layer security for configuration information 2052# 2053#nisLDAPconfigTLS=${DEF_TLS}\ 2054" >> $CONFIG_FILE 2055 2056[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS 2057 2058echo " 2059 2060# Certificate DB for transport layer security 2061# 2062#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2063" >> $CONFIG_FILE 2064 2065# ask for Certificate DB only if SSL is set 2066if [ "${nisLDAPconfigTLS}" = "ssl" ]; then 2067 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath 2068fi 2069 2070echo " 2071 2072# Proxy user(s) to obtain configuration information. The line below 2073# is an example of the format. 2074# 2075#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\ 2076" >> $CONFIG_FILE 2077 2078# Ask proxy user bind DN only if needed. 2079if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2080 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser 2081fi 2082 2083echo " 2084 2085# Password for proxy user. Must be supplied if the authentication method 2086# requires a password. If a password appears in this file, it should be 2087# protected appropriately against access by unauthorized users. 2088# 2089#nisLDAPconfigProxyPassword=\ 2090" >> $CONFIG_FILE 2091 2092if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then 2093 [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword 2094fi 2095 2096echo " 2097 2098# Server list for mapping data to/from LDAP. There is no default; 2099# use the value on the line below for an LDAP server running on 2100# this machine, at port 389. 2101#preferredServerList=127.0.0.1:389\ 2102" >> $CONFIG_FILE 2103 2104get_preferredServerList 2105 2106echo " 2107 2108# Authentication method for mapping data to/from LDAP 2109#\ 2110" >> $CONFIG_FILE 2111 2112get_authenticationMethod 2113 2114echo " 2115 2116# Transport layer security for mapping data to/from LDAP. 2117# 2118#nisLDAPTLS=${DEF_TLS}\ 2119" >> $CONFIG_FILE 2120 2121get_nisLDAPTLS 2122 2123echo " 2124 2125# Certificate DB for transport layer security 2126# 2127#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\ 2128" >> $CONFIG_FILE 2129 2130# ask for Certificate DB only if SSL is set 2131if [ "${nisLDAPTLS}" = "ssl" ]; then 2132 get_nisLDAPTLSCertificateDBPath 2133fi 2134 2135echo " 2136 2137# Proxy user for ypserv. Assumed to have appropriate permission to read 2138# and/or create or modify LDAP data. The line below is an example of the 2139# format. 2140# 2141#nisLDAPproxyUser=cn=nisAdmin,ou=People,\ 2142" >> $CONFIG_FILE 2143 2144# Ask proxy user bind DN only if needed. 2145if [ "${authenticationMethod}" != "none" ]; then 2146 get_nisLDAPproxyUser 2147fi 2148 2149echo " 2150 2151# Password for proxy user. Must be supplied if the authentication method 2152# requires a password. If a password appears in this file, it should be 2153# protected appropriately against unauthorized access. 2154# 2155#nisLDAPproxyPassword=\ 2156" >> $CONFIG_FILE 2157 2158if [ "${authenticationMethod}" != "none" ]; then 2159 get_nisLDAPproxyPassword 2160fi 2161 2162echo " 2163 2164# Timeouts and time/size limits for LDAP operations. 2165# 2166#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\ 2167" >> $CONFIG_FILE 2168 2169get_nisLDAPbindTimeout 2170 2171echo " 2172#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\ 2173" >> $CONFIG_FILE 2174 2175get_nisLDAPsearchTimeout 2176 2177echo " 2178#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\ 2179" >> $CONFIG_FILE 2180 2181get_nisLDAPmodifyTimeout 2182 2183echo " 2184#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\ 2185" >> $CONFIG_FILE 2186 2187get_nisLDAPaddTimeout 2188 2189echo " 2190#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\ 2191" >> $CONFIG_FILE 2192 2193get_nisLDAPdeleteTimeout 2194 2195echo " 2196#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\ 2197" >> $CONFIG_FILE 2198 2199get_nisLDAPsearchTimeLimit 2200 2201echo " 2202#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\ 2203" >> $CONFIG_FILE 2204 2205get_nisLDAPsearchSizeLimit 2206 2207echo " 2208 2209# Should the ypserv follow LDAP referrals ? 2210# 2211#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\ 2212" >> $CONFIG_FILE 2213 2214get_nisLDAPfollowReferral 2215 2216echo " 2217 2218# Action, number of attempts, and timeout following an LDAP retrieval error 2219# 2220#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\ 2221" >> $CONFIG_FILE 2222 2223get_nisLDAPretrieveErrorAction 2224 2225echo " 2226#nisLDAPretrieveErrorAttempts=\ 2227" >> $CONFIG_FILE 2228 2229get_nisLDAPretrieveErrorAttempts 2230 2231echo " 2232#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\ 2233" >> $CONFIG_FILE 2234 2235get_nisLDAPretrieveErrorTimeout 2236 2237echo " 2238 2239# Action, number of attempts, and timeout following an LDAP store error 2240# 2241#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\ 2242" >> $CONFIG_FILE 2243 2244get_nisLDAPstoreErrorAction 2245 2246echo " 2247#nisLDAPstoreErrorAttempts=\ 2248" >> $CONFIG_FILE 2249 2250get_nisLDAPstoreErrorAttempts 2251 2252echo " 2253#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\ 2254" >> $CONFIG_FILE 2255 2256get_nisLDAPstoreErrorTimeout 2257 2258 2259# We are done, so move back the config file from temp. location 2260# to actual location. 2261# In case the config file name has a directory component which does 2262# not exist, then create it now, otherwise 'mv' will return error. 2263 2264DIR_TO_CREATE=`dirname ${_CONFIG_FILE}` 2265mkdir -p ${DIR_TO_CREATE} 2266 2267echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)" 2268mv $CONFIG_FILE $_CONFIG_FILE 2269 2270# Revert back the config file name in case needed. 2271CONFIG_FILE=$_CONFIG_FILE 2272echo "Finished creation of config file ( $_CONFIG_FILE )" 2273 2274} 2275 2276 2277put_mapping_file_copyright_info() 2278{ 2279 2280# Start with an emptty file, so don't append, but overwrite here. 2281# Just change the name and add the word pragma, but keep the same 2282# date and version number as in the ident string of this script. 2283 2284grep "ident \"@(#)$PROG" $ABS_PROG | \ 2285 sed "s/ ident/pragma ident/g" | \ 2286 sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE 2287 2288echo "\ 2289# 2290# Copyright 2003 Sun Microsystems, Inc. All rights reserved. 2291# Use is subject to license terms. 2292# 2293#------------------------------------------------------------------- 2294#\ 2295" >> $MAP_FILE 2296} 2297 2298 2299# 2300# Filter out all the YP domains in /var/yp 2301# The list of domains is stored in list "VARYP_DMN_LIST" 2302# 2303create_all_var_yp_domain_list() 2304{ 2305VARYP_DMN_LIST="" 2306 2307for entry in /var/yp/* 2308do 2309 DMN=`basename $entry` 2310 if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ] 2311 then 2312 VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN" 2313 fi 2314done 2315 2316# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2317[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST" 2318} 2319 2320 2321# 2322# Ask user which domains would be served by N2L 2323# The list of N2L domains is stored in global array 2324# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT 2325# 2326create_n2l_domain_list() 2327{ 2328# First make a list of all the domains in /var/yp 2329create_all_var_yp_domain_list 2330 2331# Now identify those to be served by N2L 2332let count=0 2333 2334for DMN in $VARYP_DMN_LIST 2335do 2336 get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \ 2337 "n" "selectDomain4N2L_help" 2338 2339 if [ $? -eq 1 ]; then 2340 N2L_DMN_LIST[count]=$DMN 2341 let count="count + 1" 2342 fi 2343 2344done 2345N2L_DMN_CNT=$count 2346 2347[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]} 2348[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT 2349} 2350 2351 2352# 2353# Make various lists for different types of maps for each N2L domain 2354# and ask user if mapping information and comments need to be generated 2355# for custom maps. 2356# 2357# This function looks big, but since KSH does not support 2-D arrays, or 2358# two level of dereferencing, it forced to have so many lists and arrays. 2359# Lists are better for adding or removing elements, and arrays are better 2360# for accessing with index and in knowing the no. of elements. 2361# 2362create_map_lists() 2363{ 2364# Initialize them with no maps. 2365ALL_DMN_ALL_MAPLIST="" 2366ALL_DMN_DEF_MAPLIST="" 2367ALL_DMN_CUST_MAPLIST="" 2368ALL_DMN_AUTO_CUST_MAPLIST="" 2369 2370# Default to don't generate custom mapping info or comment info. 2371CUST_MAP_NEEDED=0 2372CUST_CMT_NEEDED=0 2373 2374let count=0 2375 2376while (( $count < $N2L_DMN_CNT )) 2377do 2378 DMN=${N2L_DMN_LIST[count]} 2379 MAPDIR=/var/yp/${DMN} 2380 2381 # Initialize per domain lists to NULL. 2382 ALL_MAPLIST="" 2383 DEF_MAPLIST="" 2384 CUST_MAPLIST="" 2385 AUTO_CUST_MAPLIST="" 2386 2387 for dbmfile in $MAPDIR/*.dir 2388 do 2389 MAP=`basename $dbmfile .dir` 2390 2391 # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname) 2392 if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \ 2393 [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]] 2394 then 2395 ALL_MAPLIST="$ALL_MAPLIST $MAP" 2396 2397 if present $MAP $DEFAULT_NIS_MAPS 2398 then 2399 DEF_MAPLIST="$DEF_MAPLIST $MAP" 2400 2401 elif [[ $MAP = auto.* ]] 2402 then 2403 AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP" 2404 2405 else 2406 # If we reached here, means it is custom map. 2407 get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \ 2408 "n" "generate_mapping_info_for_cust_map_help" 2409 2410 if [ $? -eq 1 ] 2411 then 2412 CUST_MAPLIST="$CUST_MAPLIST $MAP" 2413 else 2414 # If a customer map is not desired, then delete it from 2415 # all maplist too. 2416 ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST) 2417 fi 2418 2419 fi 2420 2421 fi 2422 2423 done 2424 2425 # Make ALL_DMN lists as they are very helpful in checking if a map exists. 2426 ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST) 2427 ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST) 2428 ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST) 2429 ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \ 2430 $AUTO_CUST_MAPLIST) 2431 2432 # Store per domain lists in arrays. 2433 ALL_MAPS[$count]="$ALL_MAPLIST" 2434 DEF_MAPS[$count]="$DEF_MAPLIST" 2435 CUST_MAPS[$count]="$CUST_MAPLIST" 2436 AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST" 2437 2438 [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]} 2439 [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]} 2440 [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]} 2441 [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]} 2442 2443 let count="count + 1" 2444done 2445 2446[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST 2447[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST 2448[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST 2449[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST 2450 2451# Store all domain lists in array too. 2452set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST 2453set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST 2454set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST 2455set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST 2456 2457# A positive customer map count implies custom mapping information 2458# is required. Set this flag. 2459[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1 2460 2461# Give bit of info, and ask if comments need to be placed in mapping file 2462echo " 2463 This script can place relevant information regarding custom 2464 maps at appropriate places in the mapping file which can be 2465 helpful in customizing this file. 2466" 2467 2468get_confirm "Do you want such information to be generated (y/n/h)?" \ 2469 "n" "generate_comment_info_for_cust_map_help" 2470 2471[ $? -eq 1 ] && CUST_CMT_NEEDED=1 2472 2473[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED 2474[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED 2475 2476} 2477 2478 2479# 2480# Ask user the context for each (N2l) domain 2481# 2482get_nisLDAPdomainContext() 2483{ 2484echo " 2485# List domains and contexts 2486" >> $MAP_FILE 2487 2488for DMN in ${N2L_DMN_LIST[*]} 2489do 2490 while : 2491 do 2492 # Convert to domain in dc format for default choice 2493 domain_2_dc $DMN 2494 2495 get_ans "Enter the naming context for $DMN domain (h=help):"\ 2496 "$_DOM_2_DC" 2497 2498 # If help continue, otherwise break. 2499 case "$ANS" in 2500 [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;; 2501 * ) break ;; 2502 esac 2503 done 2504 2505 # If a value is specified, set it, and save in mapping file too. 2506 if [ "$ANS" != "" ]; then 2507 echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE 2508 fi 2509 2510 [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}" 2511done 2512} 2513 2514 2515# 2516# Ask user the domains for which passwords should be changed 2517# 2518get_nisLDAPyppasswddDomains() 2519{ 2520 2521echo " 2522# List domains for which passwords should be changed. If this is not 2523# present then the value returned by 'domainname' will be used. 2524" >> $MAP_FILE 2525 2526for DMN in ${N2L_DMN_LIST[*]} 2527do 2528 get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \ 2529 "n" "nisLDAPyppasswddDomains_help" 2530 2531 if [ $? -eq 1 ]; then 2532 echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE 2533 fi 2534done 2535 2536echo " 2537# 2538#------------------------------------------------------------------- 2539#\ 2540" >> $MAP_FILE 2541} 2542 2543 2544# 2545# Create NIS databaseId mappings (aliases) 2546# 2547create_nisLDAPdatabaseIdMapping() 2548{ 2549echo ' 2550# Associate map names with databaseIds (aliases) 2551 2552# Standard maps 2553nisLDAPdatabaseIdMapping ethers: ethers.byaddr ethers.byname 2554nisLDAPdatabaseIdMapping group: group.bygid group.byname 2555nisLDAPdatabaseIdMapping hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \ 2556 hosts.byaddr hosts.byname 2557# Special mapping to handle the YP_MULTI cases 2558nisLDAPdatabaseIdMapping multihosts: \ 2559 [addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \ 2560 hosts.byname 2561nisLDAPdatabaseIdMapping networks: networks.byaddr networks.byname 2562nisLDAPdatabaseIdMapping project: project.byname project.byprojid 2563nisLDAPdatabaseIdMapping protocols: protocols.byname protocols.bynumber 2564nisLDAPdatabaseIdMapping services: services.byname services.byservicename 2565 2566# netid.byname is built up from the hosts and passwd files using different 2567# mappings. It thus has two associated nisLDAPdatabaseIdMappings. 2568nisLDAPdatabaseIdMapping netid.host:[number="0"] netid.byname 2569nisLDAPdatabaseIdMapping netid.pass:[number="[1-9]*"] netid.byname 2570 2571# The next two are special databaseIds. They associate maps with databaseIds 2572# but additionally identify which maps contain password and password adjunct 2573# information for yppasswdd. 2574nisLDAPdatabaseIdMapping passwd: passwd.byname passwd.byuid 2575 2576# mail.byaddr needs to select entries of the form x@y or x!y 2577nisLDAPdatabaseIdMapping mail.mapping:[rf_key="*@*", rf_key="*!*"] \ 2578 mail.byaddr 2579 2580# publickey.byname 2581# Each entry in publickey map consists of a network user name which 2582# may refer to a host or a user. It also contains a default entry for nobody. 2583# Hence, we need three nisLDAPdatabaseIdmappings to support the three 2584# different types of keys. 2585nisLDAPdatabaseIdMapping keys.host:[rf_key="unix.[a-zA-Z]*@*"] \ 2586 publickey.byname 2587nisLDAPdatabaseIdMapping keys.pass:[rf_key="unix.[0-9]*@*"] \ 2588 publickey.byname 2589nisLDAPdatabaseIdMapping keys.nobody:[rf_key="nobody"] publickey.byname 2590 2591# Single standard maps. No point aliasing. 2592# mail.aliases 2593# netmasks.byaddr 2594# rpc.bynumber 2595# ypservers 2596 2597# Other maps 2598# ipnodes looks identical to hosts but maps to a different context. 2599nisLDAPdatabaseIdMapping ipnodes:[addr="*:*"] \ 2600 ipnodes.byaddr ipnodes.byname 2601# Special mapping to handle the YP_MULTI cases 2602nisLDAPdatabaseIdMapping multiipnodes: \ 2603 [addr="*:*,*"] \ 2604 ipnodes.byname 2605 2606# Other single maps. No point aliasing 2607# audit_user 2608# auth_attr 2609# exec_attr 2610# prof_attr 2611# user_attr 2612# auto.home 2613# auto.master 2614# bootparams 2615# timezone.byname 2616# printers.conf.byname 2617# passwd.adjunct.byname 2618# group.adjunct.byname 2619' >> $MAP_FILE 2620 2621[ CUST_CMT_NEEDED -eq 1 ] && \ 2622echo " 2623# If any custom map needs to be aliased, then it should be listed 2624# here in the following format : 2625# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...] 2626" >> $MAP_FILE 2627 2628[ CUST_MAP_NEEDED -eq 1 ] && \ 2629echo "\ 2630# Not aliasing non-default/custom maps as they are assumed to be 2631# simple, single maps.\ 2632" >> $MAP_FILE 2633 2634for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 2635do 2636 echo "# $MAP" >> $MAP_FILE 2637done 2638 2639echo "\ 2640# 2641#------------------------------------------------------------------------------ 2642# 2643" >> $MAP_FILE 2644} 2645 2646 2647# 2648# Finds the domains in which the given map exists in the supplied list. 2649# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are 2650# set globally, so they can be accessed from any where. 2651# Input : $1 - map, $2 - list name (just name, not the value) 2652# 2653find_domains() 2654{ 2655_MAP=$1 2656_ARRAY=$2 2657 2658let PRESENT_COUNT=0 2659PRESENT_IN_DOMAINS="" 2660 2661let count=0 2662 2663while (( $count < $N2L_DMN_CNT )) 2664do 2665 2666 # Quick and dirty way to get around unavailability of 2D array 2667 case "$_ARRAY" in 2668 ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;; 2669 DEF_MAPS ) _LIST=${DEF_MAPS[$count]} ;; 2670 CUST_MAPS ) _LIST=${CUST_MAPS[$count]} ;; 2671 AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]} ;; 2672 * ) echo "Invalid value: \"${_ARRAY}\". \c" 2673 ;; 2674 esac 2675 2676 if present $_MAP $_LIST 2677 then 2678 let PRESENT_COUNT="$PRESENT_COUNT + 1" 2679 PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}" 2680 fi 2681 let count="count + 1" 2682done 2683 2684[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT" 2685[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS" 2686 2687return 0 2688} 2689 2690 2691# 2692# For a given map, find out which list it belongs to (PRESENT_IN_LIST), 2693# and in how many domains this map shows up (PRESENT_COUNT), and in 2694# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so 2695# they can be accessed from any where. 2696# 2697find_map_presence_details() 2698{ 2699_MAP=$1 2700 2701let PRESENT_COUNT=0 2702PRESENT_IN_LIST="" 2703PRESENT_IN_DOMAINS="" 2704 2705# If the map does not exist, return right away, else 2706# find which list it belongs to. 2707# If a map exists in def or auto or cust lists, then 2708# it also exists in "all" list. 2709 2710if ! present $_MAP $ALL_DMN_ALL_MAPLIST 2711then 2712 return 1 2713 2714elif present $_MAP $ALL_DMN_DEF_MAPLIST 2715then 2716 PRESENT_IN_LIST="DEF_MAPS" 2717 2718elif present $_MAP $ALL_DMN_CUST_MAPLIST 2719then 2720 PRESENT_IN_LIST="CUST_MAPS" 2721 2722else 2723 # If map exists, and not in previous two lists, 2724 # then it has to be here only. 2725 PRESENT_IN_LIST="AUTO_CUST_MAPS" 2726fi 2727 2728# Now we know which list the map belongs to. So, we need to 2729# find which are the domains in which this map exists. 2730 2731find_domains $_MAP $PRESENT_IN_LIST 2732 2733# Since the above function sets the values of PRESENT_COUNT and 2734# PRESENT_IN_DOMAINS fields, we don't need to do anything else. 2735 2736[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST" 2737 2738return 0 2739} 2740 2741 2742# 2743# Check if the comment char is a single character, return 0 on success. 2744# Input is passed via global variable "COMMENT_CHAR" 2745# 2746valid_comment_char() 2747{ 2748COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c` 2749 2750# echo adds new line character, so adjust length appropriately 2751if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then 2752 echo " Comment character has to be a blank or single character; try again." 2753 return 1 2754else 2755 return 0 2756fi 2757} 2758 2759 2760# 2761# Read the comment character for a MAP. Append in mapping file if valid. 2762# Input - $1 : MAP name 2763# 2764get_comment_char() 2765{ 2766_MAP=$1 2767 2768while : 2769do 2770 get_ans "Specify the comment character for $_MAP :" 2771 COMMENT_CHAR=$ANS 2772 2773 if valid_comment_char; then 2774 break 2775 fi 2776done 2777 2778echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE 2779} 2780 2781 2782# 2783# Read a seperate comment character for a MAP for each domain and 2784# update this information in mapping file. 2785# Input - $1 : MAP name, $@ : list of domains 2786# 2787get_comment_char_per_domain() 2788{ 2789_MAP=$1 2790shift 2791_DOMAIN_LIST="$@" 2792 2793for _DMN in $_DOMAIN_LIST 2794do 2795 2796 while : 2797 do 2798 2799 get_ans "Specify the comment character for $_MAP,${_DMN} :" 2800 COMMENT_CHAR=$ANS 2801 2802 if valid_comment_char; then 2803 break 2804 fi 2805 2806 done 2807 echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE 2808 2809done 2810} 2811 2812 2813# 2814# This function generates custom comment entries. The output is 2815# appended in the mapping file. 2816# 2817get_custom_nisLDAPcommentChar() 2818{ 2819 2820# All the auto mounter maps are assumed to have '#' as the default comment 2821# char. But still list the non-default auto map entries here anyway. This 2822# will make it very easy in case these entries need to be changed. 2823 2824for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 2825do 2826 echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE 2827done 2828 2829if [ CUST_MAP_NEEDED -eq 1 ]; then 2830 get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \ 2831 "n" "custom_map_comment_char_help" 2832 2833 if [ $? -eq 1 ]; then 2834 for MAP in ${ALL_DMN_CUST_MAPS[*]} 2835 do 2836 2837 get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \ 2838 "n" "custom_map_comment_char_help" 2839 2840 if [ $? -eq 1 ]; then 2841 find_domains $MAP CUST_MAPS 2842 if [ $PRESENT_COUNT -gt 1 ]; then 2843 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 2844 2845 get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \ 2846 "y" "same_comment_char_help" 2847 2848 if [ $? -eq 1 ]; then 2849 get_comment_char $MAP 2850 else 2851 get_comment_char_per_domain $MAP "$PRESENT_IN_DOMAINS" 2852 fi 2853 2854 else 2855 get_comment_char $MAP 2856 fi 2857 2858 fi 2859 done 2860 fi 2861fi 2862 2863} 2864 2865 2866# List comment character (if any) for maps 2867create_nisLDAPcommentChar() 2868{ 2869 2870echo "\ 2871# Specify the character representing the start of comments. 2872" >> $MAP_FILE 2873 2874[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2875# The comment character represents the start of the special 'comment' 2876# field in a given NIS map. If this attribute is not present then the 2877# default comment character '#' is used. If a map cannot contain comments 2878# then the NULL ('') comment character should be specified. The format to 2879# specify the comment character is : 2880# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char' 2881" >> $MAP_FILE 2882 2883echo "\ 2884nisLDAPcommentChar group : '' 2885nisLDAPcommentChar passwd : '' 2886nisLDAPcommentChar ageing.byname : '' 2887nisLDAPcommentChar audit_user : '' 2888nisLDAPcommentChar auth_attr : '' 2889nisLDAPcommentChar exec_attr : '' 2890nisLDAPcommentChar user_attr : '' 2891nisLDAPcommentChar bootparams : '' 2892" >> $MAP_FILE 2893 2894# Need to handle passwd.adjunct.byname map for multiple domain. 2895_MAP=passwd.adjunct.byname 2896if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2897then 2898 # Just put the syntax in comment form 2899 echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2900else 2901 # Find the domains in which this map exists. 2902 find_domains $_MAP DEF_MAPS 2903 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2904 then 2905 # Don't put domain info as the map is present in all of them. 2906 echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE 2907 else 2908 # Not every domain has this map. So, list for the ones which do. 2909 for _DMN in $PRESENT_IN_DOMAINS 2910 do 2911 echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2912 done 2913 fi 2914fi 2915# passwd.adjunct.byname done 2916 2917 2918# Need to handle group.adjunct.byname map for multiple domain. 2919_MAP=group.adjunct.byname 2920if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2921then 2922 # Just put the syntax in comment form 2923 echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2924else 2925 # Find the domains in which this map exists. 2926 find_domains $_MAP DEF_MAPS 2927 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2928 then 2929 # Don't put domain info as the map is present in all of them. 2930 echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE 2931 else 2932 # Not every domain has this map. So, list for the ones which do. 2933 for _DMN in $PRESENT_IN_DOMAINS 2934 do 2935 echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE 2936 done 2937 fi 2938fi 2939# group.adjunct.byname done 2940 2941echo "" >> $MAP_FILE 2942 2943# Ask user for comment char for custom maps 2944get_custom_nisLDAPcommentChar 2945 2946echo " 2947# 2948#------------------------------------------------------------------------------ 2949# 2950" >> $MAP_FILE 2951} 2952 2953 2954# 2955# Generate secure flag entries 2956# 2957create_secure_flag_entries() 2958{ 2959echo "\ 2960# Specify YP_SECURE flags 2961" >> $MAP_FILE 2962 2963[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 2964# If a map is secure, then it needs to be mentioned here 2965# in the following format : 2966# nisLDAPmapFlags mapname : s 2967">> $MAP_FILE 2968 2969# Need to handle passwd.adjunct.byname map for multiple domain. 2970_MAP=passwd.adjunct.byname 2971if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2972then 2973 # Just put the syntax in comment form 2974 echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 2975else 2976 # Find the domains in which this map exists. 2977 find_domains $_MAP DEF_MAPS 2978 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 2979 then 2980 # Don't put domain info as the map is present in all of them. 2981 echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE 2982 else 2983 # Not every domain has this map. So, list for the ones which do. 2984 for _DMN in $PRESENT_IN_DOMAINS 2985 do 2986 echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE 2987 done 2988 fi 2989fi 2990 2991# Need to handle group.adjunct.byname map for multiple domain. 2992_MAP=group.adjunct.byname 2993if ! present $_MAP $ALL_DMN_DEF_MAPLIST 2994then 2995 # Just put the syntax in comment form 2996 echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 2997else 2998 # Find the domains in which this map exists. 2999 find_domains $_MAP DEF_MAPS 3000 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3001 then 3002 # Don't put domain info as the map is present in all of them. 3003 echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE 3004 else 3005 # Not every domain has this map. So, list for the ones which do. 3006 for _DMN in $PRESENT_IN_DOMAINS 3007 do 3008 echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE 3009 done 3010 fi 3011fi 3012 3013echo "" >> $MAP_FILE 3014 3015STR="any" # Just to make the question look better. 3016while : 3017do 3018 get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \ 3019 "n" "secure_flag_on_help" 3020 3021 if [ $? -eq 0 ]; then 3022 return 0 3023 3024 else 3025 get_ans "Enter the MAP name :" 3026 MAP=$ANS 3027 3028 if [[ $MAP = "" ]]; then 3029 echo " Error : BLANK map name not allowed; try again" 3030 continue 3031 fi 3032 3033 # Check if the supplied map name exists, and if yes, then 3034 # set the PRESENT attributes for further processing 3035 3036 find_map_presence_details $MAP 3037 3038 case $PRESENT_COUNT in 3039 3040 0 ) echo " Error : $MAP not found in any domain; try again" 3041 ;; 3042 3043 1 ) # The map exists in only one domain. 3044 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3045 STR="another" # Just to make the question look better. 3046 ;; 3047 3048 * ) # The map exists in multiple domain. Ask if this flag needs 3049 # to be set for all domains, or some specific ones. 3050 3051 echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS" 3052 get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \ 3053 "y" "secure_flag_all_domains_help" 3054 3055 if [ $? -eq 1 ]; then 3056 echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE 3057 else 3058 3059 for _DMN in $PRESENT_IN_DOMAINS 3060 do 3061 3062 get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?" 3063 3064 if [ $? -eq 1 ]; then 3065 echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE 3066 fi 3067 3068 done 3069 fi 3070 STR="another" # Just to make the question look better. 3071 ;; 3072 3073 esac 3074 3075 fi 3076done 3077} 3078 3079 3080# 3081# Generate interdomain flag entries 3082# 3083create_interdomain_flag_entries() 3084{ 3085 3086INTERDOMAIN_MAP_LIST="ipnodes 3087 multiipnodes 3088 hosts 3089 multihosts 3090 services.byservicename" 3091 3092# 3093# Simple function to avoid duplication of code 3094# 3095print_interdomain_entries() 3096{ 3097for _MAP in $INTERDOMAIN_MAP_LIST 3098do 3099 echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3100done 3101} 3102 3103echo " 3104# Specify YP_INTERDOMAIN flags 3105" >> $MAP_FILE 3106 3107[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3108# It is used to indicate NIS servers to use the domain name resolver for 3109# host name and address lookups for hosts not found in the maps. 3110# If set, it adds YP_INTERDOMAIN entries in these maps when converting 3111# data from LDAP to YP. It needs to be set in the following format : 3112# nisLDAPmapFlags mapname : b 3113" >> $MAP_FILE 3114 3115# List one set of entries in commented form anyway as it might help 3116# user understand what it means. 3117 3118echo "\ 3119# If \$B is set in /var/yp/Makefile, then this flag should be 3120# set for following maps :\ 3121" >> $MAP_FILE 3122 3123for _MAP in $INTERDOMAIN_MAP_LIST 3124do 3125 echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE 3126done 3127 3128# Put a blank line for indentation purpose 3129echo >> $MAP_FILE 3130 3131get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \ 3132 "n" "interdomain_flag_on_help" 3133 3134if [ $? -eq 1 ]; then 3135 3136 if [ $N2L_DMN_CNT -gt 1 ]; then 3137 3138 get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \ 3139 "y" "interdomain_flag_all_domains_help" 3140 3141 if [ $? -eq 1 ]; then 3142 print_interdomain_entries 3143 else 3144 3145 for _DMN in ${N2L_DMN_LIST[*]} 3146 do 3147 get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?" 3148 3149 if [ $? -eq 1 ]; then 3150 for _MAP in $INTERDOMAIN_MAP_LIST 3151 do 3152 echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE 3153 done 3154 fi 3155 3156 done 3157 fi 3158 3159 else 3160 print_interdomain_entries 3161 fi 3162fi 3163 3164echo " 3165# 3166#------------------------------------------------------------------------------ 3167# 3168" >> $MAP_FILE 3169 3170return 0 3171} 3172 3173 3174# 3175# List SECURE and INTERDOMAIN flags 3176# 3177create_nisLDAPmapFlags() 3178{ 3179create_secure_flag_entries 3180create_interdomain_flag_entries 3181} 3182 3183 3184# 3185# Print one Map TTL entry in mapping file using supplied TTL. 3186# 3187print_one_map_ttl_entry() 3188{ 3189_Map=$1 3190_iTtlLo=$2 3191_iTtlHi=$3 3192_runTtl=$4 3193 3194echo "\ 3195nisLDAPentryTtl ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\ 3196" >> $MAP_FILE 3197 3198return 0 3199} 3200 3201 3202# 3203# Print all the maps TTL entries of same TTL 3204# values using the supplied TTL triplet. 3205# 3206print_all_same_ttl_entries() 3207{ 3208_iTTLlo=$1 3209_iTTLhi=$2 3210_runTTL=$3 3211 3212for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3213 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3214do 3215 3216 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3217 [ "$_MAP" != "group.adjunct.byname" ] 3218 then 3219 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3220 3221 else 3222 3223 # adjunct maps might not exist in all the domains. 3224 find_domains $_MAP DEF_MAPS 3225 3226 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3227 then 3228 3229 # Don't put domain info as the map is present in all of them. 3230 print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL 3231 3232 else 3233 3234 for _DMN_ in $PRESENT_IN_DOMAINS 3235 do 3236 _STR="${_MAP},${_DMN_}" 3237 print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL 3238 done 3239 3240 fi 3241 fi 3242done 3243 3244return 0 3245} 3246 3247# 3248# Read the initialTTLlo. Set the value in global variable. 3249# 3250get_ittl_lo() 3251{ 3252get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \ 3253 "$DEF_iTTLlo" "initialTTLlo_help" 3254 3255iTTLlo=${NUM} 3256} 3257 3258 3259# 3260# Read the initialTTLhi. Set the value in global variable. 3261# 3262get_ittl_hi() 3263{ 3264get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \ 3265 "$DEF_iTTLhi" "initialTTLhi_help" 3266 3267iTTLhi=${NUM} 3268} 3269 3270 3271# 3272# Read the initialTTLhi. Set the value in global variable. 3273# 3274get_run_ttl() 3275{ 3276get_pos_int "Runtime TTL (in seconds) (h=help):" \ 3277 "$DEF_runTTL" "runningTTL_help" 3278 3279runTTL=${NUM} 3280} 3281 3282 3283# 3284# Read one TTL triplet. Set the result in global variables. 3285# 3286read_one_ttl_triplet() 3287{ 3288# Just call the individual functions for each TTL. 3289 3290 get_ittl_lo 3291 get_ittl_hi 3292 get_run_ttl 3293 3294[ $DEBUG -eq 1 ] && \ 3295 echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}" 3296 3297return 0 3298} 3299 3300# 3301# Takes MAP name (with or without domain name) as argument, asks 3302# user for TTL values, and appends the entry in the mapping file. 3303# 3304process_one_map_ttl_value() 3305{ 3306 3307_Map_="$1" 3308 3309get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \ 3310 "y" "default_different_ttl_help" 3311 3312if [ $? -eq 1 ]; then 3313 print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3314else 3315 3316 echo "Reading TTL values for $_Map_ :" 3317 read_one_ttl_triplet 3318 print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL 3319 3320fi 3321return 0 3322} 3323 3324 3325# 3326# Read only one TTL triplet for each existing MAP without asking 3327# different values for each domain and update the mapping file. 3328# 3329read_all_maps_ttl_values_no_multiple_domain_issue() 3330{ 3331 3332# Need to read only one TTL triplet for each existing MAP. 3333 3334for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \ 3335 ${ALL_DMN_AUTO_CUST_MAPS[*]} 3336do 3337 3338 if [ "$_MAP" != "passwd.adjunct.byname" ] && \ 3339 [ "$_MAP" != "group.adjunct.byname" ] 3340 then 3341 process_one_map_ttl_value $_MAP 3342 3343 else 3344 3345 # adjunct maps might not exist in all the domains. 3346 find_domains $_MAP DEF_MAPS 3347 3348 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3349 then 3350 3351 # Don't put domain info as the map is present in all of them. 3352 process_one_map_ttl_value $_MAP 3353 3354 else 3355 3356 for _DMN_ in $PRESENT_IN_DOMAINS 3357 do 3358 _STR="${_MAP},${_DMN_}" 3359 process_one_map_ttl_value $_STR 3360 done 3361 3362 fi 3363 fi 3364done 3365 3366return 0 3367} 3368 3369 3370# 3371# Read TTL triplet for each default MAP (in database ID form) while 3372# taking care of multiple domains issue and update the mapping file. 3373# 3374read_default_maps_ttl_values_with_multi_domain_issue() 3375{ 3376 3377for _MAP_ in ${DEF_TTL_MAPLIST} 3378do 3379 if [ "$_MAP_" != "passwd.adjunct.byname" ] && \ 3380 [ "$_MAP_" != "group.adjunct.byname" ] 3381 then 3382 3383 for _DMN_ in ${N2L_DMN_LIST[*]} 3384 do 3385 _STR_="${_MAP_},${_DMN_}" 3386 # Now process each combination one at a time. 3387 process_one_map_ttl_value "$_STR_" 3388 done 3389 3390 else 3391 # List only those domains in which adjunct.byname exists. 3392 find_domains $_MAP_ DEF_MAPS 3393 for _DMN_ in $PRESENT_IN_DOMAINS 3394 do 3395 _STR_="${_MAP_},${_DMN_}" 3396 process_one_map_ttl_value "$_STR_" 3397 done 3398 fi 3399done 3400 3401return 0 3402} 3403 3404 3405# 3406# Read TTL triplet for each existing custom MAP while taking 3407# care of multiple domains issue and update the mapping file. 3408# 3409read_custom_maps_ttl_values_with_multi_domain_issue() 3410{ 3411 3412for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]} 3413do 3414 3415 find_map_presence_details $_MAP_ 3416 3417 if [ $PRESENT_COUNT -eq 1 ]; then 3418 3419 # This map exists in only one domain. 3420 # So, no need to ask for multiple domains. 3421 3422 process_one_map_ttl_value $_MAP_ 3423 3424 else 3425 3426 # Handle multiple domains. 3427 3428 echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS" 3429 3430 get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3431 "y" "same_ttl_across_domains_help" 3432 3433 if [ $? -eq 1 ]; then 3434 3435 # Need to read only one TTL triplet for this MAP. 3436 process_one_map_ttl_value $_MAP_ 3437 3438 else 3439 3440 # Need to ask for each domain 3441 3442 for _DMN_ in $PRESENT_IN_DOMAINS 3443 do 3444 _STR="${_MAP_},${_DMN_}" 3445 3446 # Now process each combination one at a time. 3447 process_one_map_ttl_value "$_STR" 3448 3449 done 3450 fi 3451 fi 3452done 3453 3454return 0 3455} 3456 3457 3458# 3459# List the TTL values for various MAPs 3460# 3461create_nisLDAPentryTtl() 3462{ 3463 3464echo "\ 3465# Associate TTLs with NIS entries derived from LDAP 3466" >> $MAP_FILE 3467 3468[ CUST_CMT_NEEDED -eq 1 ] && echo "\ 3469# Each map has three TTL values which are specified in seconds. 3470# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial 3471# TTL (in seconds) for data read from disk when the ypserv starts. 3472# 3473# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL. 3474# 3475# 3. runningTTL (default $DEF_runTTL sec) The TTL (in seconds) for data 3476# retrieved from LDAP while the ypserv is running. 3477# 3478# If any value is not specified, then default value is used. 3479# The format of TTL entry is : 3480# nisLDAPentryTtl MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL 3481" >> $MAP_FILE 3482 3483# If no maps are present, just return. 3484[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0 3485 3486echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}" 3487get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \ 3488 "n" "default_ttl_help" 3489 3490if [ $? -eq 0 ]; then 3491 # Default values accepted for all the maps. 3492 # So, just print all the maps with default TTL values. 3493 3494 print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL 3495 3496else 3497 echo "You would be allowed to enter the new TTL values." 3498 get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \ 3499 "y" "non_default_same_ttl_help" 3500 3501 if [ $? -eq 1 ]; then 3502 # Need to read only one TTL triplet. 3503 # Print all the maps with new TTL triplet. 3504 3505 # read one ttl triplet 3506 echo "Enter the new TTL values :" 3507 3508 read_one_ttl_triplet 3509 3510 print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL 3511 3512 else 3513 if [ $N2L_DMN_CNT -eq 1 ]; then 3514 3515 # TTL values are different now. But we haev only one domain. 3516 # So, no need to worry about multiple domains. Need to read 3517 # only one TTL triplet for each existing MAP. 3518 3519 read_all_maps_ttl_values_no_multiple_domain_issue 3520 3521 else 3522 3523 # TTL values are different now. And we have multiple domains 3524 # too. Check if MAPS are going to have same TTL across domains. 3525 # This is just to avoid asking too many TTL triplet inputs 3526 3527 echo "You would be allowed to enter different TTL values for each map." 3528 3529 get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \ 3530 "y" "non_default_different_ttl_help" 3531 3532 if [ $? -eq 1 ]; then 3533 3534 # Need to read only one TTL triplet for each existing MAP. 3535 read_all_maps_ttl_values_no_multiple_domain_issue 3536 3537 else 3538 3539 # We have hit the worst case scenario. TTLs could be 3540 # different per map and per domain. 3541 3542 read_default_maps_ttl_values_with_multi_domain_issue 3543 read_custom_maps_ttl_values_with_multi_domain_issue 3544 fi 3545 fi 3546 fi 3547fi 3548 3549echo " 3550# 3551#------------------------------------------------------------------------------ 3552# 3553" >> $MAP_FILE 3554 3555return 0 3556} 3557 3558 3559# 3560# The custom maps for which we do not have enough 3561# information to be able to generate specific entries, 3562# we just log the message that the user needs to take 3563# care of those entries manually. 3564# 3565ask_user_to_update_the_custom_map_entries_too() 3566{ 3567 3568if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then 3569 3570 echo " 3571# Similar entries need to be created 3572# for following custom maps too :\ 3573" >> $MAP_FILE 3574 3575 for _MAP in ${ALL_DMN_CUST_MAPS[*]} 3576 do 3577 echo "# $_MAP" >> $MAP_FILE 3578 done 3579fi 3580} 3581 3582 3583put_default_nisLDAPnameFields() 3584{ 3585echo ' 3586# Associate names with fields in the maps. Must be same for all domains. 3587nisLDAPnameFields audit_user: \ 3588 ("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags) 3589 3590nisLDAPnameFields auto.home: \ 3591 ("%s",value) 3592 3593nisLDAPnameFields auto.master: \ 3594 ("%s",value) 3595 3596nisLDAPnameFields auth_attr: \ 3597 ("%s:%s:%s:%s:%s:%s", \ 3598 name, res1, res2, short_desc, long_desc, attrs ) 3599 3600nisLDAPnameFields bootparams: \ 3601 ("%s", params) 3602 3603nisLDAPnameFields ethers: \ 3604 ("%s %s", addr, name) 3605 3606nisLDAPnameFields exec_attr: \ 3607 ("%s:%s:%s:%s:%s:%s:%s", \ 3608 name, policy, type, res1, res2, id, attrs) 3609 3610nisLDAPnameFields group: \ 3611 ("%s:%s:%s:%s", name, passwd, gid, users) 3612' >> $MAP_FILE 3613 3614# Need to handle group.adjunct.byname map for multiple domain. 3615 3616_MAP=group.adjunct.byname 3617if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3618then 3619 # Just put the syntax in comment form 3620 echo '#nisLDAPnameFields group.adjunct.byname: \ 3621# ("%s:%s", name, passwd) 3622' >> $MAP_FILE 3623else 3624 # Find the domains in which this map exists. 3625 find_domains $_MAP DEF_MAPS 3626 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3627 then 3628 3629 # Don't put domain info as the map is present in all of them. 3630 echo 'nisLDAPnameFields group.adjunct.byname: \ 3631 ("%s:%s", name, passwd) 3632' >> $MAP_FILE 3633 else 3634 # Not every domain has this map. So, list for the ones which do. 3635 for _DMN in $PRESENT_IN_DOMAINS 3636 do 3637 echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\ 3638 (\"%s:%s\", name, passwd) 3639" >> $MAP_FILE 3640 done 3641 fi 3642fi 3643 3644echo 'nisLDAPnameFields keys.host: \ 3645 ("%s:%s", publicKey ,secretKey) 3646 3647nisLDAPnameFields keys.pass: \ 3648 ("%s:%s", publicKey ,secretKey) 3649 3650nisLDAPnameFields keys.nobody: \ 3651 ("%s:%s", publicKey ,secretKey) 3652 3653nisLDAPnameFields hosts: \ 3654 ("%a %s %s", addr, canonicalName, aliases) 3655 3656nisLDAPnameFields multihosts: \ 3657 ("%a %s %s", addr, canonicalName, aliases) 3658 3659nisLDAPnameFields ipnodes: \ 3660 ("%a %s %s", addr, canonicalName, aliases) 3661 3662nisLDAPnameFields multiipnodes: \ 3663 ("%a %s %s", addr, canonicalName, aliases) 3664 3665nisLDAPnameFields mail.aliases: \ 3666 ("%s", addresses) 3667 3668nisLDAPnameFields mail.mapping: \ 3669 ("%s", address) 3670 3671# memberTriples is split into sub-fields by a latter nisLDAPsplitField 3672# attribute. 3673nisLDAPnameFields netgroup: \ 3674 ("%s", memberTriples) 3675 3676nisLDAPnameFields netid.host: \ 3677 ("%s:%s", number, data) 3678 3679nisLDAPnameFields netid.pass: \ 3680 ("%s:%s", number, data) 3681 3682nisLDAPnameFields netmasks.byaddr: \ 3683 ("%a", mask) 3684 3685nisLDAPnameFields networks: \ 3686 ("%s %s %s", name, number, aliases) 3687 3688nisLDAPnameFields project: \ 3689 ("%s:%s:%s:%s:%s:%s", \ 3690 name, projID, comment, users, groups, attrs) 3691 3692nisLDAPnameFields protocols: \ 3693 ("%s %s %s", name, number, aliases) 3694 3695nisLDAPnameFields rpc.bynumber: \ 3696 ("%s %s %s", name, number, aliases) 3697 3698nisLDAPnameFields passwd: \ 3699 ("%s:%s:%s:%s:%s:%s:%s", \ 3700 name, passwd, uid, gid, gecos, home, shell) 3701 3702# It is not obvious what the fields in passwd.adjunct are for. They are not 3703# the same as the shadow map. The following is based on information in:- 3704# 3705# lib/libbc/inc/include/pwdadj.h. 3706# 3707# This file implies that these are documented in getpwaent(3) but this man page 3708# does not seem to exist. 3709# 3710# It is believed that 'min','max' and 'def' labels were reserved fields in 3711# SunOS 4.x and are now unused. 'always' and 'never' audit information is 3712# now contained in audit_user(4) so is now unused. 3713# 3714' >> $MAP_FILE 3715 3716# Need to handle passwd.adjunct.byname map for multiple domain. 3717 3718_MAP=passwd.adjunct.byname 3719if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3720then 3721 # Just put the syntax in comment form 3722 echo '#nisLDAPnameFields passwd.adjunct.byname: \ 3723# ("%s:%s:%s:%s:%s:%s:%s", \ 3724# name, passwd, min, max, def, always, \ 3725# never) 3726' >> $MAP_FILE 3727else 3728 # Find the domains in which this map exists. 3729 find_domains $_MAP DEF_MAPS 3730 3731 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3732 then 3733 3734 # Don't put domain info as the map is present in all of them. 3735 echo 'nisLDAPnameFields passwd.adjunct.byname: \ 3736 ("%s:%s:%s:%s:%s:%s:%s", \ 3737 name, passwd, min, max, def, always, \ 3738 never) 3739' >> $MAP_FILE 3740 else 3741 # Not every domain has this map. So, list for the ones which do. 3742 for _DMN in $PRESENT_IN_DOMAINS 3743 do 3744 echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\ 3745 (\"%s:%s:%s:%s:%s:%s:%s\", \\ 3746 name, passwd, min, max, def, always, \\ 3747 never) 3748" >> $MAP_FILE 3749 done 3750 fi 3751fi 3752 3753echo ' 3754nisLDAPnameFields printers.conf.byname: \ 3755 ("%s:%s", names, values) 3756 3757nisLDAPnameFields prof_attr: \ 3758 ("%s:%s:%s:%s:%s", \ 3759 name, res1, res2, desc, attrs) 3760 3761nisLDAPnameFields services: \ 3762 ("%s %s/%s %s", name, port, protocol, aliases) 3763 3764# This map is never created but yppasswd uses the mapping to extract password 3765# ageing information from the DIT. The password itself is not required by this 3766# mechanism so is not included in the ageing mapping. 3767nisLDAPnameFields ageing.byname: \ 3768 ("%s:%s:%s:%s:%s:%s:%s:%s", \ 3769 name, lastchg, min, max, warn, inactive, \ 3770 expire, flag) 3771 3772nisLDAPnameFields timezone.byname: \ 3773 ("%s %s", zoneName, hostName) 3774 3775nisLDAPnameFields user_attr: \ 3776 ("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs) 3777' >> $MAP_FILE 3778} 3779 3780# 3781# List namefields for non-default auto maps and custom maps. 3782# 3783put_auto_and_custom_map_nisLDAPnameFields() 3784{ 3785for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]} 3786do 3787 3788 echo "\ 3789nisLDAPnameFields ${_MAP}: \\ 3790 (\"%s\",value) 3791" >> $MAP_FILE 3792 3793done 3794} 3795 3796 3797create_nisLDAPnameFields() 3798{ 3799# Put format information of "nisLDAPnameFields" 3800[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3801# "nisLDAPnameFields" specifies the content of entries in a NIS map 3802# and how they should be broken into named fields. It is required as, 3803# unlike NIS+, NIS maps do not store information in named fields. 3804# 3805# Following is the syntax for nisLDAPnameFields : 3806# 3807# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")" 3808# fieldName = nameOrArrayName[","...] 3809# nameOrArrayName = Name of field or 'array' of repeated fields. 3810# matchspec = \" formatString \" 3811' >> $MAP_FILE 3812 3813# List the default nameField values 3814put_default_nisLDAPnameFields 3815 3816# List the underlying assumption 3817echo "\ 3818# With the assumption that all the custom maps are simple, single 3819# map (single key-value pair type), below is the nisLDAPnameFields 3820# information for all the custom and non-default auto.* maps. If 3821# this assumption is not valid, then refer to the NISLDAPmapping 3822# man page for information on how to customize this section. 3823" >> $MAP_FILE 3824 3825# List namefields for non-default auto maps and custom maps. 3826put_auto_and_custom_map_nisLDAPnameFields 3827 3828 3829echo " 3830# 3831#------------------------------------------------------------------------------ 3832# 3833" >> $MAP_FILE 3834 3835return 0 3836} 3837 3838 3839# 3840# List repeated field seperators 3841# 3842create_nisLDAPrepeatedFieldSeparators() 3843{ 3844 3845[ CUST_CMT_NEEDED -eq 1 ] && echo " 3846# nisLDAPrepeatedFieldSeparators : It is a character which separates 3847# the repeatable instnaces of splitable fields. It's format is : 3848# 3849# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\" 3850# sepChar = A separator character. 3851# Default value is space or tab. 3852" >> $MAP_FILE 3853 3854echo "\ 3855#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\" 3856" >> $MAP_FILE 3857 3858} 3859 3860 3861# 3862# List split fields 3863# 3864create_nisLDAPsplitField() 3865{ 3866# List the default split fields 3867 3868[ CUST_CMT_NEEDED -eq 1 ] && echo ' 3869# nisLDAPsplitFields : It defines how a field, or list of fields, 3870# named by nisLDAPnameFields is split into sub fields. The original 3871# field is compared with each line of this attribute until one matches. 3872# When a match is found named sub-fields are generated. In latter 3873# operations sub-field names can be used in the same way as other 3874# field names. The format of nisLDAPsplitFields is : 3875# 3876# "nisLDAPsplitFields" fieldName ":" splitSpec[","...] 3877# splitSpec = "(" matchspec "," subFieldNames ")" 3878# fieldName = Name of a field from nisLDAPnameFields 3879# subFieldNames = subFieldname[","...] 3880# matchspec = \" formatString \" 3881' >> $MAP_FILE 3882 3883echo ' 3884nisLDAPsplitField memberTriples: \ 3885 ("(%s,%s,%s)", host, user, domain), \ 3886 ("%s", group) 3887' >> $MAP_FILE 3888 3889} 3890 3891# 3892# List split fields and repeated field separators. 3893# 3894create_split_field_and_repeatedfield_seperators() 3895{ 3896 3897echo "\ 3898# Specify how to break fields up into sub fields. 3899" >> $MAP_FILE 3900 3901create_nisLDAPrepeatedFieldSeparators 3902 3903create_nisLDAPsplitField 3904 3905echo " 3906# 3907#------------------------------------------------------------------------------ 3908# 3909" >> $MAP_FILE 3910} 3911 3912list_default_nisLDAPobjectDN() 3913{ 3914echo ' 3915# Associate maps with RDNs and object classes. Base DN comes from the 3916# nisLDAPdomainContext. 3917# 3918# As supplied this file gives only the most derived objectClass for each map. 3919# For some servers it may be necessary to add "objectClass=" statements for 3920# all the superclasses. This should be done here. 3921 3922nisLDAPobjectDN auto.home: \ 3923 automountmapname=auto_home,?one? \ 3924 objectClass=automount: 3925 3926nisLDAPobjectDN auto.master: \ 3927 automountmapname=auto_master,?one? \ 3928 objectClass=automount: 3929 3930nisLDAPobjectDN auth_attr: \ 3931 ou=SolarisAuthAttr,?one? \ 3932 objectClass=SolarisAuthAttr: 3933 3934nisLDAPobjectDN bootparams: \ 3935 ou=ethers,?one? \ 3936 objectClass=bootableDevice, \ 3937 bootParameter=*:\ 3938 ou=ethers,?one? \ 3939 objectClass=device, \ 3940 objectClass=bootableDevice 3941 3942 3943nisLDAPobjectDN exec_attr:\ 3944 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3945 SolarisKernelSecurityPolicy=*:\ 3946 ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\ 3947 objectClass=SolarisProfAttr,\ 3948 objectClass=top 3949 3950nisLDAPobjectDN ethers: \ 3951 ou=ethers,?one? \ 3952 objectClass=ieee802Device, \ 3953 macAddress=*:\ 3954 ou=ethers,?one? \ 3955 objectClass=device, \ 3956 objectClass=ieee802Device 3957 3958nisLDAPobjectDN group: \ 3959 ou=group,?one? \ 3960 objectClass=posixGroup: 3961' >> $MAP_FILE 3962 3963 3964# Need to handle group.adjunct.byname map for multiple domain. 3965 3966_MAP=group.adjunct.byname 3967if ! present $_MAP $ALL_DMN_DEF_MAPLIST 3968then 3969 # Just put the syntax in comment form 3970 echo '#nisLDAPobjectDN group.adjunct.byname: \ 3971# ou=group,?one? \ 3972# objectClass=posixGroup: 3973' >> $MAP_FILE 3974else 3975 # Find the domains in which this map exists. 3976 find_domains $_MAP DEF_MAPS 3977 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 3978 then 3979 # Don't put domain info as the map is present in all of them. 3980 echo 'nisLDAPobjectDN group.adjunct.byname: \ 3981 ou=group,?one? \ 3982 objectClass=posixGroup: 3983' >> $MAP_FILE 3984 else 3985 # Not every domain has this map. So, list for the ones which do. 3986 for _DMN in $PRESENT_IN_DOMAINS 3987 do 3988 echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\ 3989 ou=group,?one? \\ 3990 objectClass=posixGroup: 3991" >> $MAP_FILE 3992 done 3993 fi 3994fi 3995 3996 3997echo 'nisLDAPobjectDN hosts: \ 3998 ou=hosts,?one? \ 3999 objectClass=ipHost:\ 4000 ou=hosts,?one? \ 4001 objectClass=device, \ 4002 objectClass=ipHost 4003 4004nisLDAPobjectDN multihosts: \ 4005 ou=hosts,?one? \ 4006 objectClass=ipHost, \ 4007 ipHostNumber=*.* 4008 4009nisLDAPobjectDN ipnodes: \ 4010 ou=hosts,?one? \ 4011 objectClass=ipHost:\ 4012 ou=hosts,?one? \ 4013 objectClass=device, \ 4014 objectClass=ipHost 4015 4016nisLDAPobjectDN multiipnodes: \ 4017 ou=hosts,?one? \ 4018 objectClass=ipHost, \ 4019 ipHostNumber=*\:* 4020 4021nisLDAPobjectDN mail.aliases: \ 4022 ou=aliases,?one? \ 4023 objectClass=mailGroup: 4024 4025nisLDAPobjectDN mail.mapping: \ 4026 ou=aliases,?one? \ 4027 objectClass=mailGroup 4028 4029nisLDAPobjectDN netgroup: \ 4030 ou=netgroup,?one? \ 4031 objectClass=nisNetgroup: 4032 4033nisLDAPobjectDN networks: \ 4034 ou=networks,?one? \ 4035 objectClass=ipNetwork, \ 4036 cn=*: 4037 4038# Must come after networks (or equivalent) that creates ipNetworks 4039nisLDAPobjectDN netmasks.byaddr: \ 4040 ou=networks,?one? \ 4041 objectClass=ipNetwork, \ 4042 ipNetMaskNumber=*: 4043 4044nisLDAPobjectDN passwd: \ 4045 ou=people,?one? \ 4046 objectClass=posixAccount:\ 4047 ou=people,?one? \ 4048 objectClass=account, \ 4049 objectClass=shadowAccount, \ 4050 objectClass=posixAccount 4051' >> $MAP_FILE 4052 4053 4054# Need to handle passwd.adjunct.byname map for multiple domain. 4055 4056_MAP=passwd.adjunct.byname 4057if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4058then 4059 # Just put the syntax in comment form 4060 echo '#nisLDAPobjectDN passwd.adjunct.byname: \ 4061# ou=people,?one? \ 4062# objectClass=posixAccount:\ 4063# ou=people,?one? \ 4064# objectClass=account, \ 4065# objectClass=shadowAccount, \ 4066# objectClass=posixAccount 4067' >> $MAP_FILE 4068else 4069 # Find the domains in which this map exists. 4070 find_domains $_MAP DEF_MAPS 4071 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4072 then 4073 # Don't put domain info as the map is present in all of them. 4074 echo 'nisLDAPobjectDN passwd.adjunct.byname: \ 4075 ou=people,?one? \ 4076 objectClass=posixAccount:\ 4077 ou=people,?one? \ 4078 objectClass=account, \ 4079 objectClass=shadowAccount, \ 4080 objectClass=posixAccount 4081' >> $MAP_FILE 4082 else 4083 # Not every domain has this map. So, list for the ones which do. 4084 for _DMN in $PRESENT_IN_DOMAINS 4085 do 4086 echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\ 4087 ou=people,?one? \\ 4088 objectClass=posixAccount:\\ 4089 ou=people,?one? \\ 4090 objectClass=account, \\ 4091 objectClass=shadowAccount, \\ 4092 objectClass=posixAccount 4093" >> $MAP_FILE 4094 done 4095 fi 4096fi 4097 4098 4099echo '# Must follow passwd 4100nisLDAPobjectDN netid.pass: \ 4101 ou=people,?one? \ 4102 objectClass=posixAccount 4103 4104# Must follow hosts 4105nisLDAPobjectDN netid.host: \ 4106 ou=hosts,?one? \ 4107 objectClass=ipHost 4108 4109nisLDAPobjectDN printers.conf.byname: \ 4110 ou=printers,?one? \ 4111 objectClass=printerService:\ 4112 ou=printers,?one? \ 4113 objectClass=sunPrinter, \ 4114 objectClass=printerService, \ 4115 objectClass=printerLPR, \ 4116 objectClass=printerAbstract 4117 4118nisLDAPobjectDN prof_attr:\ 4119 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4120 SolarisAttrLongDesc=*:\ 4121 ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\ 4122 objectClass=SolarisExecAttr,\ 4123 objectClass=top 4124nisLDAPobjectDN project: \ 4125 ou=project,?one? \ 4126 objectClass=SolarisProject: 4127 4128nisLDAPobjectDN protocols: \ 4129 ou=protocols,?one? \ 4130 objectClass=ipProtocol: 4131 4132nisLDAPobjectDN rpc.bynumber: \ 4133 ou=rpc,?one? \ 4134 objectClass=oncRpc: 4135 4136nisLDAPobjectDN services.byname: \ 4137 ou=services,?one? \ 4138 objectClass=ipService: 4139 4140# Because services.byservicename contains keys of form both 'name' 4141# and 'name/protocol' we generate the DIT just from services.byname. 4142# Hence, write-disabled for services.byservicename 4143nisLDAPobjectDN services.byservicename: \ 4144 ou=services,?one? \ 4145 objectClass=ipService 4146 4147# This map is never created but yppasswd uses the mapping to extract password 4148# aging information from the DIT. 4149nisLDAPobjectDN ageing.byname: \ 4150 ou=people,?one? \ 4151 objectClass=shadowAccount: 4152 4153# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap 4154nisLDAPobjectDN timezone.byname: \ 4155 ou=Timezone,?one? \ 4156 objectClass=nisplusTimeZoneData: 4157 4158nisLDAPobjectDN user_attr: \ 4159 ou=people,?one? \ 4160 objectClass=SolarisUserAttr: 4161 4162# Must come after passwd (or equivalent) that creates posixAccounts 4163nisLDAPobjectDN audit_user: \ 4164 ou=people,?one? \ 4165 objectClass=SolarisAuditUser: 4166 4167# Must come after hosts + passwd. 4168nisLDAPobjectDN keys.host: \ 4169 ou=hosts,?one? \ 4170 objectClass=NisKeyObject: 4171 4172nisLDAPobjectDN keys.pass: \ 4173 ou=people,?one? \ 4174 objectClass=NisKeyObject: 4175 4176nisLDAPobjectDN keys.nobody: \ 4177 ou=people,?one? \ 4178 objectClass=NisKeyObject:\ 4179 ou=people,?one? \ 4180 objectClass=account, \ 4181 objectClass=NisKeyObject 4182 4183nisLDAPobjectDN ypservers: \ 4184 ou=ypservers,?one? \ 4185 objectClass=device: 4186' >> $MAP_FILE 4187} 4188 4189# List all the non-default auto.* and custom maps. 4190list_auto_custom_nisLDAPobjectDN() 4191{ 4192 4193# auto.* entries are easy. 4194if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4195 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4196 4197 for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4198 do 4199 4200 # We need to find one container for each auto.* map. 4201 # Assume that each auto.* maps's container is auto_*. 4202 4203 _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"` 4204 4205 echo "\ 4206nisLDAPobjectDN ${_MAP}: \\ 4207 automountmapname=${_MAP_UNDERSCORE},?one? \\ 4208 objectClass=automount: 4209" >> $MAP_FILE 4210 done 4211fi 4212 4213# Since we do not have enough information to generate 4214# entries for other custom maps, best we can do is to 4215# log this map names and ask user to take care of them. 4216 4217ask_user_to_update_the_custom_map_entries_too 4218 4219} 4220 4221 4222# 4223# List association of maps with RDNs and object classes. 4224# 4225create_nisLDAPobjectDN() 4226{ 4227 4228[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4229# nisLDAPobjectDN : It specifies the connection between group of NIS 4230# maps and the LDAP directory. This attribute also defines the 'order' 4231# of the NIS maps. When NIS maps are bulk copied to or from the DIT 4232# they are processed in the same order as related nisLDAPobjectDN 4233# attributes appear in /var/yp/NISLDAPmapping. 4234# The format of "nisLDAPobjectDN" is : 4235# 4236# mapName[" "...] ":" objectDN *( ";" objectDN ) 4237# 4238# where: 4239# 4240# objectDN = readObjectSpec [":"[writeObjectSpec]] 4241# readObjectSpec = [baseAndScope [filterAttrValList]] 4242# writeObjectSpec = [baseAndScope [attrValList]] 4243# baseAndScope = [baseDN] ["?" [scope]] 4244# filterAttrValList = ["?" [filter | attrValList]]] 4245# scope = "base" | "one" | "sub" 4246# attrValList = attribute "=" value 4247# *("," attribute "=" value) 4248' >> $MAP_FILE 4249 4250# List all the default entries anyway. 4251list_default_nisLDAPobjectDN 4252 4253# List all the non-default auto.* and custom maps. 4254list_auto_custom_nisLDAPobjectDN 4255 4256} 4257 4258# 4259# List all the default nisLDAPattributeFromField entries 4260# 4261list_default_nisLDAPattributeFromField() 4262{ 4263echo ' 4264# Describe how named fields are mapped to DIT entries. 4265 4266# audit_user 4267nisLDAPattributeFromField audit_user: \ 4268 dn=("uid=%s,", rf_key ), \ 4269 SolarisAuditAlways=alwaysAuditFlags, \ 4270 SolarisAuditNever=neverAuditFlags 4271 4272# auto.home 4273nisLDAPattributeFromField auto.home: \ 4274 dn=("automountKey=%s,", rf_key ), \ 4275 automountKey=rf_key, \ 4276 automountInformation=value 4277 4278# auto.master 4279nisLDAPattributeFromField auto.master: \ 4280 dn=("automountKey=%s,", rf_key ), \ 4281 automountKey=rf_key, \ 4282 automountInformation=value 4283 4284# auth_attr 4285nisLDAPattributeFromField auth_attr: \ 4286 dn=("cn=%s,", rf_key ), \ 4287 cn=name, \ 4288 SolarisAttrReserved1=res1, \ 4289 SolarisAttrReserved2=res2, \ 4290 SolarisAttrShortDesc=short_desc, \ 4291 SolarisAttrLongDesc=long_desc, \ 4292 SolarisAttrKeyValue=attrs 4293 4294# exec_attr. Because of the messy NIS keys special handling is required here 4295nisLDAPattributeFromField exec_attr: \ 4296 dn=("cn=%s+SolarisKernelSecurityPolicy=%s\ 4297 +SolarisProfileType=%s+SolarisProfileID=%s,", \ 4298 name, policy,type,id), \ 4299 ("%s:*", cn)=rf_key, \ 4300 ("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \ 4301 ("*:*:%s", SolarisProfileId)=rf_key, \ 4302 solarisProfileType=type, \ 4303 solarisAttrReserved1=res1, \ 4304 SolarisAttrReserved2=res2, \ 4305 solarisAttrKeyValue=attrs 4306 4307# ethers 4308nisLDAPattributeFromField ethers.byname: \ 4309 dn=("cn=%s,", rf_key ), \ 4310 macAddress=addr 4311nisLDAPattributeFromField ethers.byaddr: \ 4312 dn=("cn=%s,", name ), \ 4313 macAddress=rf_key 4314nisLDAPattributeFromField ethers: \ 4315 cn=name, \ 4316 description=rf_comment 4317 4318# bootparams. Must be done after ethers 4319nisLDAPattributeFromField bootparams: \ 4320 dn=("cn=%s,", rf_key ), \ 4321 cn=rf_key, \ 4322 (bootParameter)=(params, " ") 4323' >> $MAP_FILE 4324 4325# group syntax is different when group.adjunct map is present. 4326# So, need to handle the various possibilities 4327 4328_MAP=group.adjunct.byname 4329 4330if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4331then 4332 4333 # Just put the group.adjunct syntax in comment form 4334 4335 echo '# group 4336nisLDAPattributeFromField group.byname: \ 4337 dn=("cn=%s,", rf_key ), \ 4338 gidNumber=gid 4339nisLDAPattributeFromField group.bygid: \ 4340 dn=("cn=%s,", name ), \ 4341 gidNumber=rf_key 4342nisLDAPattributeFromField group: \ 4343 cn=name, \ 4344 userPassword=("{crypt}%s",passwd), \ 4345 (memberUid)=(users, ",") 4346 4347# 4348# If you are using group.adjunct, comment the group section above 4349# and uncomment the following group and group.adjunct sections 4350# 4351# group 4352#nisLDAPattributeFromField group.byname: \ 4353# dn=("cn=%s,", rf_key ), \ 4354# gidNumber=gid 4355#nisLDAPattributeFromField group.bygid: \ 4356# dn=("cn=%s,", name ), \ 4357# gidNumber=rf_key 4358#nisLDAPattributeFromField group: \ 4359# cn=name, \ 4360# (memberUid)=(users, ",") 4361 4362# group.adjunct 4363#nisLDAPattributeFromField group.adjunct.byname: \ 4364# dn=("cn=%s,", rf_key ), \ 4365# cn=name, \ 4366# userPassword=("{crypt}%s",passwd) 4367' >> $MAP_FILE 4368 4369else 4370 4371 # Find the domains in which group.adjunct map exists. 4372 find_domains $_MAP DEF_MAPS 4373 4374 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4375 then 4376 4377 # All the domains have group.adjunct map. 4378 4379 echo '# group 4380#nisLDAPattributeFromField group.byname: \ 4381# dn=("cn=%s,", rf_key ), \ 4382# gidNumber=gid 4383#nisLDAPattributeFromField group.bygid: \ 4384# dn=("cn=%s,", name ), \ 4385# gidNumber=rf_key 4386#nisLDAPattributeFromField group: \ 4387# cn=name, \ 4388# userPassword=("{crypt}%s",passwd), \ 4389# (memberUid)=(users, ",") 4390 4391# If you are not using group.adjunct, uncomment the group section above 4392# and comment the following group and group.adjunct sections 4393# 4394# group 4395nisLDAPattributeFromField group.byname: \ 4396 dn=("cn=%s,", rf_key ), \ 4397 gidNumber=gid 4398nisLDAPattributeFromField group.bygid: \ 4399 dn=("cn=%s,", name ), \ 4400 gidNumber=rf_key 4401nisLDAPattributeFromField group: \ 4402 cn=name, \ 4403 (memberUid)=(users, ",") 4404 4405# group.adjunct 4406nisLDAPattributeFromField group.adjunct.byname: \ 4407 dn=("cn=%s,", rf_key ), \ 4408 cn=name, \ 4409 userPassword=("{crypt}%s",passwd) 4410' >> $MAP_FILE 4411 4412 else 4413 # Not every domain has group.adjunct map. 4414 4415 # First put the password syntax with domain name for domains 4416 # in which group.adjunct exists. 4417 4418 echo "# group" >> $MAP_FILE 4419 4420 for _DMN in $PRESENT_IN_DOMAINS 4421 do 4422 4423 echo "\ 4424# domain-specific group 4425nisLDAPattributeFromField group.byname,${_DMN}: \\ 4426 dn=(\"cn=%s,\", rf_key ), \\ 4427 gidNumber=gid 4428nisLDAPattributeFromField group.bygid,${_DMN}: \\ 4429 dn=(\"cn=%s,\", name ), \\ 4430 gidNumber=rf_key 4431nisLDAPattributeFromField group,${_DMN}: \\ 4432 cn=name, \\ 4433 (memberUid)=(users, \",\") 4434" >> $MAP_FILE 4435 done 4436 4437 # Now put the other group syntax. We do not need to 4438 # append the domain name here. 4439 4440 echo ' 4441nisLDAPattributeFromField group.byname: \ 4442 dn=("cn=%s,", rf_key ), \ 4443 gidNumber=gid 4444nisLDAPattributeFromField group.bygid: \ 4445 dn=("cn=%s,", name ), \ 4446 gidNumber=rf_key 4447nisLDAPattributeFromField group: \ 4448 cn=name, \ 4449 userPassword=("{crypt}%s",passwd), \ 4450 (memberUid)=(users, ",") 4451' >> $MAP_FILE 4452 4453 # Now we need to put the group.adjunct syntax for domains 4454 # in which this map exists. 4455 4456 echo "# group.adjunct" >> $MAP_FILE 4457 4458 for _DMN in $PRESENT_IN_DOMAINS 4459 do 4460 4461 echo "\ 4462nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\ 4463 dn=(\"cn=%s,\", rf_key ), \\ 4464 cn=name, \\ 4465 userPassword=(\"{crypt}%s\",passwd) 4466" >> $MAP_FILE 4467 done 4468 4469 fi 4470 4471fi 4472 4473 4474echo ' 4475# hosts 4476# Cannot forward map hosts.byname key as the YP_MULTI entries will not work. 4477nisLDAPattributeFromField hosts.byname: \ 4478 cn=rf_searchkey 4479nisLDAPattributeFromField hosts.byaddr: \ 4480 ipHostNumber=rf_searchipkey 4481nisLDAPattributeFromField hosts: \ 4482 ipHostNumber=addr, \ 4483 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4484 cn=canonicalName, \ 4485 (cn)=(aliases, " "), \ 4486 description=rf_comment 4487 4488nisLDAPattributeFromField multihosts: \ 4489 ("YP_MULTI_%s", cn)=rf_searchkey 4490 4491# ipnodes 4492# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work. 4493nisLDAPattributeFromField ipnodes.byname: \ 4494 cn=rf_searchkey 4495nisLDAPattributeFromField ipnodes.byaddr: \ 4496 ipHostNumber=rf_searchipkey 4497nisLDAPattributeFromField ipnodes: \ 4498 ipHostNumber=addr, \ 4499 dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \ 4500 cn=canonicalName, \ 4501 (cn)=(aliases, " "), \ 4502 description=rf_comment 4503 4504nisLDAPattributeFromField multiipnodes: \ 4505 ("YP_MULTI_%s", cn)=rf_searchkey 4506 4507#mail.aliases 4508nisLDAPattributeFromField mail.aliases: \ 4509 dn=("mail=%s,", rf_key), \ 4510 mail=rf_key, \ 4511 (mgrprfc822mailmember)=(addresses, ",") 4512 4513#mail.mapping 4514#Commented out because all NIS->LDAP mappings are done by mail.aliases 4515#nisLDAPattributeFromField mail.mapping: \ 4516# dn=("mail=%s,", address), \ 4517# mail=address, \ 4518# mgrprfc822mailmember=rf_key 4519nisLDAPattributeFromField mail.mapping: \ 4520 mgrprfc822mailmember=rf_searchkey 4521 4522# netgroup. 4523# 4524# Only need to create DIT entries for netgroup. This contains a superset of 4525# the information in netgroup.byhost and netgroup.byuser 4526nisLDAPattributeFromField netgroup: \ 4527 dn=("cn=%s,", rf_key ), \ 4528 (memberNisNetgroup)=group, \ 4529 (nisNetgroupTriple)= \ 4530 ("(%s,%s,%s)", host, user, domain), \ 4531 cn=rf_key, \ 4532 description=rf_comment 4533 4534# netid.pass 4535# 4536# Commented out because, unless remote domains (and thus /etc/netid) is 4537# supported, all NIS->LDAP mappings are set up from passwd. 4538#nisLDAPattributeFromField netid.pass: \ 4539# ("unix.%s@*", uidNumber)=rf_key, \ 4540# (gidNumber)=("%s", (data), " "), \ 4541# description=rf_comment 4542nisLDAPattributeFromField netid.pass: \ 4543 ("unix.%s@*", uidNumber)=rf_searchkey 4544 4545# netid.host 4546# 4547# Commented out because, unless remote domains (and thus /etc/netid) is 4548# supported, all NIS->LDAP mappings are set up from hosts. 4549#nisLDAPattributeFromField netid.host: \ 4550# dn=("cn=%s+ipHostNumber=%s,", data, \ 4551# ldap:ipHostNumber:?one?("cn=%s", data)), \ 4552# ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \ 4553# ("unix.%s@*", cn)=rf_key, \ 4554# description=rf_comment 4555nisLDAPattributeFromField netid.host: \ 4556 ("unix.%s@*", cn)=rf_searchkey 4557 4558# netmasks.byaddr 4559nisLDAPattributeFromField netmasks.byaddr: \ 4560 dn=("ipNetworkNumber=%s,", rf_ipkey ), \ 4561 ipNetworkNumber=rf_ipkey, \ 4562 ipNetmaskNumber=mask, \ 4563 description=rf_comment 4564 4565# networks. 4566nisLDAPattributeFromField networks.byname: \ 4567 dn=("ipNetworkNumber=%s,", number ), \ 4568 cn=name, \ 4569 cn=rf_key 4570nisLDAPattributeFromField networks.byaddr: \ 4571 dn=("ipNetworkNumber=%s,", rf_key ), \ 4572 cn=name 4573nisLDAPattributeFromField networks: \ 4574 (cn)=(aliases, " "), \ 4575 ipNetworkNumber=number, \ 4576 description=rf_comment 4577' >> $MAP_FILE 4578 4579 4580# passwd syntax is different when passwd.adjunct map is present. 4581# So, need to handle the various possibilities 4582 4583_MAP=passwd.adjunct.byname 4584 4585if ! present $_MAP $ALL_DMN_DEF_MAPLIST 4586then 4587 4588 # Just put the passwd.adjunct syntax in comment form 4589 4590 echo '# passwd 4591nisLDAPattributeFromField passwd.byname: \ 4592 dn=("uid=%s,", rf_key ), \ 4593 uid=rf_key, \ 4594 uidNumber=uid 4595nisLDAPattributeFromField passwd.byuid: \ 4596 dn=("uid=%s,", name ), \ 4597 uidNumber=rf_key, \ 4598 uid=name 4599nisLDAPattributeFromField passwd: \ 4600 cn=name, \ 4601 userPassword=("{crypt}%s",passwd), \ 4602 gidNumber=gid, \ 4603 gecos=gecos, \ 4604 homeDirectory=home, \ 4605 loginShell=shell 4606 4607# 4608# If you are using passwd.adjunct, comment the passwd section above 4609# and uncomment the following passwd and passwd.adjunct sections 4610# 4611# passwd 4612#nisLDAPattributeFromField passwd.byname: \ 4613# dn=("uid=%s,", rf_key ), \ 4614# uid=rf_key, \ 4615# uidNumber=uid 4616#nisLDAPattributeFromField passwd.byuid: \ 4617# dn=("uid=%s,", name ), \ 4618# uidNumber=rf_key, \ 4619# uid=name 4620#nisLDAPattributeFromField passwd: \ 4621# cn=name, \ 4622# gidNumber=gid, \ 4623# gecos=gecos, \ 4624# homeDirectory=home, \ 4625# loginShell=shell 4626 4627# passwd.adjunct 4628#nisLDAPattributeFromField passwd.adjunct.byname: \ 4629# dn=("uid=%s,", rf_key ), \ 4630# uid=name, \ 4631# userPassword=("{crypt}%s",passwd) 4632' >> $MAP_FILE 4633 4634else 4635 4636 # Find the domains in which passwd.adjunct map exists. 4637 find_domains $_MAP DEF_MAPS 4638 4639 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 4640 then 4641 4642 # All the domains have passwd.adjunct map. So, put the right 4643 # passwd syntax and comment-in the passwd.adjunct syntax. 4644 4645 4646 echo '# passwd 4647#nisLDAPattributeFromField passwd.byname: \ 4648# dn=("uid=%s,", rf_key ), \ 4649# uid=rf_key, \ 4650# uidNumber=uid 4651#nisLDAPattributeFromField passwd.byuid: \ 4652# dn=("uid=%s,", name ), \ 4653# uidNumber=rf_key, \ 4654# uid=name 4655#nisLDAPattributeFromField passwd: \ 4656# cn=name, \ 4657# userPassword=("{crypt}%s",passwd), \ 4658# gidNumber=gid, \ 4659# gecos=gecos, \ 4660# homeDirectory=home, \ 4661# loginShell=shell 4662 4663# If you are not using passwd.adjunct, uncomment the passwd section above 4664# and comment the following passwd and passwd.adjunct sections 4665# 4666# passwd 4667nisLDAPattributeFromField passwd.byname: \ 4668 dn=("uid=%s,", rf_key ), \ 4669 uid=rf_key, \ 4670 uidNumber=uid 4671nisLDAPattributeFromField passwd.byuid: \ 4672 dn=("uid=%s,", name ), \ 4673 uidNumber=rf_key, \ 4674 uid=name 4675nisLDAPattributeFromField passwd: \ 4676 cn=name, \ 4677 gidNumber=gid, \ 4678 gecos=gecos, \ 4679 homeDirectory=home, \ 4680 loginShell=shell 4681 4682# passwd.adjunct 4683nisLDAPattributeFromField passwd.adjunct.byname: \ 4684 dn=("uid=%s,", rf_key ), \ 4685 uid=name, \ 4686 userPassword=("{crypt}%s",passwd) 4687' >> $MAP_FILE 4688 4689 else 4690 # Not every domain has passwd.adjunct map. 4691 4692 # First put the password syntax with domain name for domains 4693 # in which passwd.adjunct exists. 4694 4695 echo "# passwd" >> $MAP_FILE 4696 4697 for _DMN in $PRESENT_IN_DOMAINS 4698 do 4699 4700 echo "\ 4701nisLDAPattributeFromField passwd.byname,${_DMN}: \\ 4702 dn=(\"uid=%s,\", rf_key ), \\ 4703 uid=rf_key, \\ 4704 uidNumber=uid 4705nisLDAPattributeFromField passwd.byuid,${_DMN}: \\ 4706 dn=(\"uid=%s,\", name ), \\ 4707 uidNumber=rf_key, \\ 4708 uid=name 4709nisLDAPattributeFromField passwd,${_DMN}: \\ 4710 cn=name, \\ 4711 gidNumber=gid, \\ 4712 gecos=gecos, \\ 4713 homeDirectory=home, \\ 4714 loginShell=shell 4715" >> $MAP_FILE 4716 done 4717 4718 # Now put the other passwd syntax. We do not need to 4719 # append the domain name here. 4720 4721 echo ' 4722nisLDAPattributeFromField passwd.byname: \ 4723 dn=("uid=%s,", rf_key ), \ 4724 uid=rf_key, \ 4725 uidNumber=uid 4726nisLDAPattributeFromField passwd.byuid: \ 4727 dn=("uid=%s,", name ), \ 4728 uidNumber=rf_key, \ 4729 uid=name 4730nisLDAPattributeFromField passwd: \ 4731 cn=name, \ 4732 userPassword=("{crypt}%s",passwd), \ 4733 gidNumber=gid, \ 4734 gecos=gecos, \ 4735 homeDirectory=home, \ 4736 loginShell=shell 4737' >> $MAP_FILE 4738 4739 # Now we need to put the passwd.adjunct syntax for domains 4740 # in which this map exists. 4741 4742 echo "# passwd.adjunct" >> $MAP_FILE 4743 4744 for _DMN in $PRESENT_IN_DOMAINS 4745 do 4746 4747 echo "\ 4748nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\ 4749 dn=(\"uid=%s,\", rf_key ), \\ 4750 uid=name, \\ 4751 userPassword=(\"{crypt}%s\",passwd) 4752" >> $MAP_FILE 4753 done 4754 4755 fi 4756 4757fi 4758 4759echo ' 4760# This map is never created but yppasswd uses the mapping to extract password 4761# aging information from the DIT. 4762nisLDAPattributeFromField ageing.byname: \ 4763 dn=("uid=%s,", rf_key ), \ 4764 uid=name, \ 4765 shadowLastChange=lastchg, \ 4766 shadowMin=min, \ 4767 shadowMax=max, \ 4768 shadowWarning=warn, \ 4769 shadowInactive=inactive, \ 4770 shadowExpire=expire, \ 4771 shadowFlag=flag 4772 4773# printers.conf.byname 4774nisLDAPattributeFromField printers.conf.byname: \ 4775 dn=("printer-uri=%s,", rf_key ), \ 4776 printer-name=rf_key, \ 4777 (printer-aliases)=(names, "|"), \ 4778 sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \ 4779 (sun-printer-kvp)=(values,":"), \ 4780 description=rf_comment 4781 4782# prof_attr 4783nisLDAPattributeFromField prof_attr: \ 4784 dn=("cn=%s,", rf_key ), \ 4785 cn=name, \ 4786 SolarisAttrReserved1=res1, \ 4787 SolarisAttrReserved2=res2, \ 4788 SolarisAttrLongDesc=desc, \ 4789 SolarisAttrKeyValue=attrs 4790 4791# project 4792nisLDAPattributeFromField project.byname: \ 4793 dn=("SolarisProjectName=%s,", rf_key ) 4794nisLDAPattributeFromField project.byprojid: \ 4795 dn=("SolarisProjectName=%s,", name ), \ 4796 SolarisProjectID=rf_searchkey 4797nisLDAPattributeFromField project: \ 4798 SolarisProjectName=name, \ 4799 SolarisProjectID=projID, \ 4800 (memberUid)=(users, ","), \ 4801 (memberGid)=(groups, ","), \ 4802 (SolarisProjectAttr)=(attrs, ";"), \ 4803 description=comment 4804 4805# protocols 4806nisLDAPattributeFromField protocols.byname: \ 4807 ipProtocolNumber=number, \ 4808 cn=rf_searchkey 4809nisLDAPattributeFromField protocols.bynumber: \ 4810 ipProtocolNumber=rf_key, \ 4811 description=rf_comment 4812nisLDAPattributeFromField protocols: \ 4813 dn=("cn=%s,", name ), \ 4814 (cn)=(aliases, " "), \ 4815 cn=name 4816 4817# rpc.bynumber 4818nisLDAPattributeFromField rpc.bynumber: \ 4819 dn=("cn=%s,", name ), \ 4820 oncRpcNumber=rf_key, \ 4821 (cn)=(aliases, " "), \ 4822 cn=name, \ 4823 description=rf_comment 4824 4825# services 4826# services.byservicename rule is only used to speed single search 4827nisLDAPattributeFromField services.byservicename: \ 4828 ("%s/%s", cn, ipServiceProtocol) = rf_searchkey 4829 4830nisLDAPattributeFromField services.byname: \ 4831 dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \ 4832 ("*/%s", ipServiceProtocol)=rf_key, \ 4833 ("%s/*", ipServicePort)=rf_key, \ 4834 (cn)=(aliases, " "), \ 4835 cn=name, \ 4836 description=rf_comment 4837 4838# timezone.byname 4839nisLDAPattributeFromField timezone.byname: \ 4840 dn=("cn=%s,", rf_key ), \ 4841 cn=hostName, \ 4842 nisplusTimeZone=zoneName, \ 4843 description=comment 4844 4845# user_attr 4846nisLDAPattributeFromField user_attr: \ 4847 dn=("uid=%s,", rf_key ), \ 4848 uid=rf_key, \ 4849 SolarisUserAttr=qualifier, \ 4850 SolarisUserReserved1=res1, \ 4851 SolarisUserReserved2=res2, \ 4852 SolarisAttrKeyValue=attrs 4853 4854# publickey.byname 4855nisLDAPattributeFromField keys.host: \ 4856 dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \ 4857 nisPublicKey=publicKey, \ 4858 nisSecretKey=secretKey 4859 4860nisLDAPattributeFromField keys.pass: \ 4861 dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \ 4862 nisPublicKey=publicKey, \ 4863 nisSecretKey=secretKey 4864 4865nisLDAPattributeFromField keys.nobody: \ 4866 dn=("uid=%s,",yp:rf_key), \ 4867 cn=rf_key, \ 4868 nisPublicKey=publicKey, \ 4869 nisSecretKey=secretKey 4870 4871# ypservers. This derived from IPlanet implementation not RFC. 4872nisLDAPattributeFromField ypservers: \ 4873 dn=("cn=%s,", rf_key), \ 4874 cn=rf_key 4875' >> $MAP_FILE 4876} 4877 4878# 4879# List all the non-default auto.* and custom maps. 4880# 4881list_auto_and_custom_nisLDAPattributeFromField() 4882{ 4883 4884# auto.* entries are easy. 4885if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 4886 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 4887fi 4888 4889for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 4890do 4891 echo "\ 4892# ${_MAP} 4893nisLDAPattributeFromField ${_MAP}: \\ 4894 dn=(\"automountKey=%s,\", rf_key ), \\ 4895 automountKey=rf_key, \\ 4896 automountInformation=value 4897" >> $MAP_FILE 4898done 4899 4900# Since we do not have enough information to generate 4901# entries for other custom maps, best we can do is to 4902# log this map names and ask user to take care of them. 4903 4904ask_user_to_update_the_custom_map_entries_too 4905 4906} 4907 4908 4909# 4910# List mapping of named fields to DIT entries 4911# 4912create_nisLDAPattributeFromField() 4913{ 4914 4915[ CUST_CMT_NEEDED -eq 1 ] && echo ' 4916# nisLDAPattributeFromField : It specifies how an LDAP attribute 4917# value is derived from a NIS entries field values. 4918# 4919# The format of nisLDAPattributeFromField entry is : 4920# mapName ":" fieldattrspec *("," fieldattrspec ) 4921' >> $MAP_FILE 4922 4923# List all the default entries anyway. 4924list_default_nisLDAPattributeFromField 4925 4926# List all the non-default auto.* and custom maps. 4927list_auto_and_custom_nisLDAPattributeFromField 4928 4929echo " 4930# 4931#------------------------------------------------------------------------------ 4932# 4933" >> $MAP_FILE 4934} 4935 4936 4937# 4938# List all the default nisLDAPattributeFromField entries 4939# 4940list_default_nisLDAPfieldFromAttribute() 4941{ 4942echo ' 4943# Describe how named fields are mapped from DIT entries. 4944 4945# audit_user 4946nisLDAPfieldFromAttribute audit_user: \ 4947 ("uid=%s,*", rf_key)=dn, \ 4948 ("uid=%s,*", name)=dn, \ 4949 alwaysAuditFlags=SolarisAuditAlways, \ 4950 neverAuditFlags=SolarisAuditNever 4951 4952# auto.home 4953nisLDAPfieldFromAttribute auto.home: \ 4954 rf_key=automountKey, \ 4955 value=automountInformation 4956 4957# auto.master 4958nisLDAPfieldFromAttribute auto.master: \ 4959 rf_key=automountKey, \ 4960 value=automountInformation 4961 4962# auth_attr 4963nisLDAPfieldFromAttribute auth_attr: \ 4964 rf_key=cn, \ 4965 name=cn, \ 4966 res1=SolarisAttrReserved1, \ 4967 res2=SolarisAttrReserved2, \ 4968 short_desc=SolarisAttrShortDesc, \ 4969 long_desc=SolarisAttrLongDesc, \ 4970 attrs=SolarisAttrKeyValue 4971 4972# Exec_attr. Because of messy NIS keys special handlind is required here 4973nisLDAPfieldFromAttribute exec_attr: \ 4974 rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \ 4975 solarisProfileId), \ 4976 name=cn, \ 4977 policy=SolarisKernelSecurityPolicy, \ 4978 type=SolarisProfileType, \ 4979 res1=SolarisAttrReserved1, \ 4980 res2=SolarisAttrReserved2, \ 4981 id=SolarisProfileId, \ 4982 attrs=SolarisAttrKeyValue 4983 4984 4985# ethers 4986nisLDAPfieldFromAttribute ethers.byname: \ 4987 rf_key=cn 4988nisLDAPfieldFromAttribute ethers.byaddr: \ 4989 rf_key=macAddress 4990nisLDAPfieldFromAttribute ethers: \ 4991 name=cn, \ 4992 addr=macAddress, \ 4993 rf_comment=description 4994 4995# bootparams. Must be done after ethers 4996nisLDAPfieldFromAttribute bootparams: \ 4997 rf_key=cn, \ 4998 params=("%s ", (bootParameter), " ") 4999' >> $MAP_FILE 5000 5001# group syntax is different when group.adjunct map is present. 5002# So, need to handle the various possibilities 5003 5004_MAP=group.adjunct.byname 5005 5006if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5007then 5008 5009 # Just put the group.adjunct syntax in comment form 5010 5011 echo '# group 5012nisLDAPfieldFromAttribute group.byname: \ 5013 rf_key=cn 5014nisLDAPfieldFromAttribute group.bygid: \ 5015 rf_key=gidNumber 5016nisLDAPfieldFromAttribute group: \ 5017 gid=gidNumber, \ 5018 name=cn, \ 5019 ("{crypt}%s", passwd)=userPassword, \ 5020 users=("%s,", (memberUid), ",") 5021 5022# 5023# If you are using group.adjunct, comment the group section above 5024# and uncomment the following group and group.adjunct section 5025# 5026# group 5027#nisLDAPfieldFromAttribute group.byname: \ 5028# rf_key=cn 5029#nisLDAPfieldFromAttribute group.bygid: \ 5030# rf_key=gidNumber 5031#nisLDAPfieldFromAttribute group: \ 5032# gid=gidNumber, \ 5033# name=cn, \ 5034# passwd=("#$%s", cn), \ 5035# users=("%s,", (memberUid), ",") 5036 5037# group.adjunct 5038#nisLDAPfieldFromAttribute group.adjunct.byname: \ 5039# rf_key=cn, \ 5040# name=cn, \ 5041# ("{crypt}%s", passwd)=userPassword 5042' >> $MAP_FILE 5043 5044else 5045 5046 # Find the domains in which group.adjunct map exists. 5047 find_domains $_MAP DEF_MAPS 5048 5049 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5050 then 5051 5052 # All the domains have group.adjunct map. 5053 5054 5055 echo '# group 5056#nisLDAPfieldFromAttribute group.byname: \ 5057# rf_key=cn 5058#nisLDAPfieldFromAttribute group.bygid: \ 5059# rf_key=gidNumber 5060#nisLDAPfieldFromAttribute group: \ 5061# gid=gidNumber, \ 5062# name=cn, \ 5063# ("{crypt}%s", passwd)=userPassword, \ 5064# users=("%s,", (memberUid), ",") 5065 5066# 5067# If you are not using group.adjunct, comment the group section above 5068# and uncomment the following group and group.adjunct sections 5069# 5070# group 5071nisLDAPfieldFromAttribute group.byname: \ 5072 rf_key=cn 5073nisLDAPfieldFromAttribute group.bygid: \ 5074 rf_key=gidNumber 5075nisLDAPfieldFromAttribute group: \ 5076 gid=gidNumber, \ 5077 name=cn, \ 5078 passwd=("#$%s", cn), \ 5079 users=("%s,", (memberUid), ",") 5080 5081# 5082# group.adjunct 5083nisLDAPfieldFromAttribute group.adjunct.byname: \ 5084 rf_key=cn, \ 5085 name=cn, \ 5086 ("{crypt}%s", passwd)=userPassword 5087' >> $MAP_FILE 5088 5089 else 5090 # Not every domain has group.adjunct map. 5091 5092 echo "# group" >> $MAP_FILE 5093 5094 for _DMN in $PRESENT_IN_DOMAINS 5095 do 5096 5097 echo "\ 5098nisLDAPfieldFromAttribute group.byname,${_DMN}: \\ 5099 rf_key=cn 5100nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\ 5101 rf_key=gidNumber 5102nisLDAPfieldFromAttribute group,${_DMN}: \\ 5103 gid=gidNumber, \\ 5104 name=cn, \\ 5105 passwd=(\"#$%s\", cn), \\ 5106 users=(\"%s,\", (memberUid), \",\") 5107" >> $MAP_FILE 5108 done 5109 5110 # Now put the generic group syntax. We do not need to 5111 # append the domain name here. 5112 5113 echo ' 5114nisLDAPfieldFromAttribute group.byname: \ 5115 rf_key=cn 5116nisLDAPfieldFromAttribute group.bygid: \ 5117 rf_key=gidNumber 5118nisLDAPfieldFromAttribute group: \ 5119 gid=gidNumber, \ 5120 name=cn, \ 5121 ("{crypt}%s", passwd)=userPassword, \ 5122 users=("%s,", (memberUid), ",") 5123' >> $MAP_FILE 5124 5125 # Now we need to put the group.adjunct syntax for domains 5126 # in which this map exists. 5127 5128 echo "# 5129# group.adjunct 5130# " >> $MAP_FILE 5131 5132 for _DMN in $PRESENT_IN_DOMAINS 5133 do 5134 5135 echo "\ 5136nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\ 5137 rf_key=cn, \\ 5138 name=cn, \\ 5139 (\"{crypt}%s\", passwd)=userPassword 5140" >> $MAP_FILE 5141 5142 done 5143 5144 fi 5145 5146fi 5147 5148echo ' 5149# hosts 5150nisLDAPfieldFromAttribute hosts.byaddr: \ 5151 rf_ipkey=ipHostNumber 5152nisLDAPfieldFromAttribute hosts.byname: \ 5153 (rf_key)=(cn) 5154nisLDAPfieldFromAttribute hosts: \ 5155 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5156 addr=ipHostNumber, \ 5157 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5158 rf_comment=description 5159 5160nisLDAPfieldFromAttribute multihosts: \ 5161 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5162 (rf_key)=("YP_MULTI_%s", cn), \ 5163 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5164 rf_comment=description, \ 5165 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5166 (ipHostNumber=*.*))", yp:canonicalName)), \ 5167 addr=("%s,", (yp:tmp), ",") 5168 5169# ipnodes 5170nisLDAPfieldFromAttribute ipnodes.byaddr: \ 5171 rf_ipkey=ipHostNumber 5172nisLDAPfieldFromAttribute ipnodes.byname: \ 5173 ("cn=%s+ipHostNumber=*", rf_key)=dn 5174nisLDAPfieldFromAttribute ipnodes: \ 5175 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5176 addr=ipHostNumber, \ 5177 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5178 rf_comment=description 5179 5180nisLDAPfieldFromAttribute multiipnodes: \ 5181 ("cn=%s+ipHostNumber=*", canonicalName)=dn, \ 5182 (rf_key)=("YP_MULTI_%s", cn), \ 5183 aliases=("%s ", (cn) - yp:canonicalName, " "), \ 5184 rf_comment=description, \ 5185 (tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \ 5186 (ipHostNumber=*:*))", yp:canonicalName)), \ 5187 addr=("%s,", (yp:tmp), ",") 5188 5189#mail.aliases 5190nisLDAPfieldFromAttribute mail.aliases: \ 5191 rf_key=mail, \ 5192 addresses= ("%s,", (mgrprfc822mailmember), ","), \ 5193 rf_comment=description 5194 5195#mail.mapping 5196nisLDAPfieldFromAttribute mail.mapping: \ 5197 rf_key=mgrprfc822mailmember, \ 5198 address=mail, \ 5199 rf_comment=description 5200 5201# netgroup. 5202nisLDAPfieldFromAttribute netgroup: \ 5203 rf_key=cn, \ 5204 (group)=(memberNisNetgroup), \ 5205 ("(%s,%s,%s)", host, user, domain)= \ 5206 (nisNetgroupTriple), \ 5207 rf_comment=description 5208 5209# netid.pass 5210nisLDAPfieldFromAttribute netid.pass: \ 5211 number=uidNumber, \ 5212 (tmp)=("%s", gidNumber:ou=group,?one?\ 5213 ("memberUid=%s", ldap:uid)), \ 5214 sgid=("%s,", (yp:tmp) - gidNumber, ","), \ 5215 data=("%s,%s", gidNumber, yp:sgid), \ 5216 data=gidNumber, \ 5217 (rf_key)=("unix.%s@%s", yp:number, yp:rf_domain) 5218 5219# netid.host 5220nisLDAPfieldFromAttribute netid.host: \ 5221 ("cn=%s+ipHostNumber=*", data)=dn, \ 5222 number=("0"), \ 5223 (rf_key)=("unix.%s@%s", yp:data, yp:rf_domain) 5224 5225# netmasks.byaddr 5226nisLDAPfieldFromAttribute netmasks.byaddr: \ 5227 ("ipNetworkNumber=%s,*", rf_ipkey)=dn, \ 5228 mask=ipNetmaskNumber, \ 5229 rf_comment=description 5230 5231# networks. 5232nisLDAPfieldFromAttribute networks.byname: \ 5233 (rf_key)=(cn) 5234nisLDAPfieldFromAttribute networks.byaddr: \ 5235 ("ipNetworkNumber=%s,*", rf_key)=dn 5236nisLDAPfieldFromAttribute networks: \ 5237 name=cn, \ 5238 aliases=("%s ", (cn) - yp:name, " "), \ 5239 number=ipNetworkNumber, \ 5240 rf_comment=description 5241' >> $MAP_FILE 5242 5243# passwd syntax is different when passwd.adjunct map is present. 5244# So, need to handle the various possibilities 5245 5246_MAP=passwd.adjunct.byname 5247 5248if ! present $_MAP $ALL_DMN_DEF_MAPLIST 5249then 5250 5251 # Just put the passwd.adjunct syntax in comment form 5252 5253 echo '# passwd 5254nisLDAPfieldFromAttribute passwd.byname: \ 5255 rf_key=uid 5256nisLDAPfieldFromAttribute passwd.byuid: \ 5257 rf_key=uidNumber 5258nisLDAPfieldFromAttribute passwd: \ 5259 name=uid, \ 5260 uid=uidNumber, \ 5261 ("{crypt}%s", passwd)=userPassword, \ 5262 gid=gidNumber, \ 5263 gecos=gecos, \ 5264 home=homeDirectory, \ 5265 shell=loginShell 5266 5267# 5268# If you are using passwd.adjunct, comment the passwd section above 5269# and uncomment the following passwd and passwd.adjunct sections 5270# 5271# passwd 5272#nisLDAPfieldFromAttribute passwd.byname: \ 5273# rf_key=uid 5274#nisLDAPfieldFromAttribute passwd.byuid: \ 5275# rf_key=uidNumber 5276#nisLDAPfieldFromAttribute passwd: \ 5277# name=uid, \ 5278# uid=uidNumber, \ 5279# passwd=("##%s", uid), \ 5280# gid=gidNumber, \ 5281# gecos=gecos, \ 5282# home=homeDirectory, \ 5283# shell=loginShell 5284 5285# passwd.adjunct 5286#nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5287# rf_key=uid, \ 5288# name=uid, \ 5289# ("{crypt}%s", passwd)=userPassword 5290' >> $MAP_FILE 5291 5292else 5293 5294 # Find the domains in which passwd.adjunct map exists. 5295 find_domains $_MAP DEF_MAPS 5296 5297 if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ] 5298 then 5299 5300 # All the domains have passwd.adjunct map. So, put the right 5301 # passwd syntax and comment-in the passwd.adjunct syntax. 5302 5303 5304 echo '# passwd 5305#nisLDAPfieldFromAttribute passwd.byname: \ 5306# rf_key=uid 5307#nisLDAPfieldFromAttribute passwd.byuid: \ 5308# rf_key=uidNumber 5309#nisLDAPfieldFromAttribute passwd: \ 5310# name=uid, \ 5311# uid=uidNumber, \ 5312# ("{crypt}%s", passwd)=userPassword, \ 5313# gid=gidNumber, \ 5314# gecos=gecos, \ 5315# home=homeDirectory, \ 5316# shell=loginShell 5317 5318# 5319# If you are not using passwd.adjunct, uncomment the passwd section 5320# above and comment the following passwd and passwd.adjunct sections 5321# 5322# passwd 5323nisLDAPfieldFromAttribute passwd.byname: \ 5324 rf_key=uid 5325nisLDAPfieldFromAttribute passwd.byuid: \ 5326 rf_key=uidNumber 5327nisLDAPfieldFromAttribute passwd: \ 5328 name=uid, \ 5329 uid=uidNumber, \ 5330 passwd=("##%s", uid), \ 5331 gid=gidNumber, \ 5332 gecos=gecos, \ 5333 home=homeDirectory, \ 5334 shell=loginShell 5335 5336# 5337# passwd.adjunct Must follow passwd 5338# 5339nisLDAPfieldFromAttribute passwd.adjunct.byname: \ 5340 rf_key=uid, \ 5341 name=uid, \ 5342 ("{crypt}%s", passwd)=userPassword 5343' >> $MAP_FILE 5344 5345 else 5346 # Not every domain has passwd.adjunct map. 5347 5348 # First put the password syntax with domain name for domains 5349 # in which passwd.adjunct exists. 5350 5351 echo "# passwd" >> $MAP_FILE 5352 5353 for _DMN in $PRESENT_IN_DOMAINS 5354 do 5355 5356 echo "\ 5357nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\ 5358 rf_key=uid 5359nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\ 5360 rf_key=uidNumber 5361nisLDAPfieldFromAttribute passwd,${_DMN}: \\ 5362 name=uid, \\ 5363 uid=uidNumber, \\ 5364 passwd=(\"##%s\", uid), \\ 5365 gid=gidNumber, \\ 5366 gecos=gecos, \\ 5367 home=homeDirectory, \\ 5368 shell=loginShell 5369" >> $MAP_FILE 5370 done 5371 5372 # Now put the other passwd syntax. We do not need to 5373 # append the domain name here. 5374 5375 echo ' 5376nisLDAPfieldFromAttribute passwd.byname: \ 5377 rf_key=uid 5378nisLDAPfieldFromAttribute passwd.byuid: \ 5379 rf_key=uidNumber 5380nisLDAPfieldFromAttribute passwd: \ 5381 name=uid, \ 5382 uid=uidNumber, \ 5383 ("{crypt}%s", passwd)=userPassword, \ 5384 gid=gidNumber, \ 5385 gecos=gecos, \ 5386 home=homeDirectory, \ 5387 shell=loginShell 5388' >> $MAP_FILE 5389 5390 # Now we need to put the passwd.adjunct syntax for domains 5391 # in which this map exists. 5392 5393 echo "# 5394# passwd.adjunct Must follow passwd 5395# " >> $MAP_FILE 5396 5397 for _DMN in $PRESENT_IN_DOMAINS 5398 do 5399 5400 echo "\ 5401nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\ 5402 rf_key=uid, \\ 5403 name=uid, \\ 5404 (\"{crypt}%s\", passwd)=userPassword 5405" >> $MAP_FILE 5406 5407 done 5408 5409 fi 5410 5411fi 5412 5413echo ' 5414# This map is never created but yppasswd uses the mapping to extract password 5415# ageing information from the DIT. 5416nisLDAPfieldFromAttribute ageing.byname: \ 5417 rf_key=uid, \ 5418 name=uid, \ 5419 lastchg=shadowLastChange, \ 5420 min=shadowMin, \ 5421 max=shadowMax, \ 5422 warn=shadowWarning, \ 5423 inactive=shadowInactive, \ 5424 expire=shadowExpire, \ 5425 flag=shadowFlag 5426 5427# printers.conf.byname 5428nisLDAPfieldFromAttribute printers.conf.byname: \ 5429 rf_key=printer-uri, \ 5430 names=("%s|", (printer-aliases), "|"), \ 5431 bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \ 5432 kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \ 5433 values=("%s:%s", yp:bsdaddr, yp:kvps), \ 5434 values=("%s:", yp:bsdaddr), \ 5435 values=yp:kvps, \ 5436 rf_comment=description 5437 5438# prof_attr 5439nisLDAPfieldFromAttribute prof_attr: \ 5440 rf_key=cn, \ 5441 name=cn, \ 5442 res1=SolarisAttrReserved1, \ 5443 res2=SolarisAttrReserved2, \ 5444 desc=SolarisAttrLongDesc, \ 5445 attrs=SolarisAttrKeyValue 5446 5447# project 5448nisLDAPfieldFromAttribute project.byname: \ 5449 rf_key=SolarisProjectName 5450nisLDAPfieldFromAttribute project.byprojid: \ 5451 rf_key=SolarisProjectID 5452nisLDAPfieldFromAttribute project: \ 5453 name=SolarisProjectName, \ 5454 projID=SolarisProjectID, \ 5455 comment=description, \ 5456 users=("%s,", (memberUid), ","), \ 5457 groups=("%s,", (memberGid), ","), \ 5458 attrs=("%s;", (SolarisProjectAttr), ";") 5459 5460# protocols 5461nisLDAPfieldFromAttribute protocols.byname: \ 5462 ("cn=%s,*", rf_key)=dn, \ 5463 (rf_key)=(cn) 5464nisLDAPfieldFromAttribute protocols.bynumber: \ 5465 rf_key=ipProtocolNumber, \ 5466 rf_comment=description 5467nisLDAPfieldFromAttribute protocols: \ 5468 ("cn=%s,*", name)=dn, \ 5469 number=ipProtocolNumber, \ 5470 aliases=("%s ", (cn) - yp:name, " ") 5471 5472# rpc.bynumber 5473nisLDAPfieldFromAttribute rpc.bynumber: \ 5474 rf_key=oncRpcNumber, \ 5475 number=oncRpcNumber, \ 5476 ("cn=%s,*", name)=dn, \ 5477 aliases=("%s ", (cn) - yp:name, " "), \ 5478 rf_comment=description 5479 5480# services 5481nisLDAPfieldFromAttribute services.byname: \ 5482 rf_key = ("%s/%s", ipServicePort, ipServiceProtocol) 5483nisLDAPfieldFromAttribute services.byservicename: \ 5484 (rf_key)=("%s/%s", cn, ipServiceProtocol), \ 5485 (rf_key)=(cn) 5486nisLDAPfieldFromAttribute services: \ 5487 ("cn=%s+ipServiceProtocol=*", name)=dn, \ 5488 protocol=ipServiceProtocol, \ 5489 port=ipServicePort, \ 5490 aliases=("%s ", (cn) - yp:name, " "), \ 5491 rf_comment=description 5492 5493# timezone.byname 5494nisLDAPfieldFromAttribute timezone.byname: \ 5495 rf_key=cn, \ 5496 hostName=cn, \ 5497 zoneName=nisplusTimeZone, \ 5498 rf_comment=description 5499 5500# user_attr 5501nisLDAPfieldFromAttribute user_attr: \ 5502 ("uid=%s,*", rf_key)=dn, \ 5503 ("uid=%s,*", user)=dn, \ 5504 qualifier=SolarisUserAttr, \ 5505 res1=SolarisUserReserved1, \ 5506 res2=SolarisUserReserved2, \ 5507 attrs=SolarisAttrKeyValue 5508 5509# publickey.byname 5510nisLDAPfieldFromAttribute keys.host: \ 5511 ("cn=%s+ipHostNumber=*", cname)=dn, \ 5512 rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \ 5513 publicKey=nisPublicKey, \ 5514 secretKey=nisSecretKey 5515 5516nisLDAPfieldFromAttribute keys.pass: \ 5517 rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \ 5518 publicKey=nisPublicKey, \ 5519 secretKey=nisSecretKey 5520 5521nisLDAPfieldFromAttribute keys.nobody: \ 5522 rf_key=uid, \ 5523 publicKey=nisPublicKey, \ 5524 secretKey=nisSecretKey 5525 5526# ypservers. This derived from IPlanet implementation not RFC. 5527nisLDAPfieldFromAttribute ypservers: \ 5528 rf_key=cn 5529' >> $MAP_FILE 5530} 5531 5532 5533# 5534# List all the non-default auto.* and custom maps. 5535# 5536list_auto_and_custom_nisLDAPfieldFromAttribute() 5537{ 5538 5539# auto.* entries are easy. 5540if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then 5541 echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE 5542fi 5543 5544for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} 5545do 5546 echo "\ 5547# ${_MAP} 5548nisLDAPfieldFromAttribute ${_MAP}: \\ 5549 rf_key=automountKey, \\ 5550 value=automountInformation 5551" >> $MAP_FILE 5552done 5553 5554# Since we do not have enough information to generate 5555# entries for other custom maps, best we can do is to 5556# log this map names and ask user to take care of them. 5557 5558ask_user_to_update_the_custom_map_entries_too 5559 5560} 5561 5562 5563# 5564# List mapping of named fields from DIT entries 5565# 5566create_nisLDAPfieldFromAttribute() 5567{ 5568 5569[ CUST_CMT_NEEDED -eq 1 ] && echo ' 5570# nisLDAPfieldFromAttribute : It specifies how a NIS entries 5571# field values are derived from LDAP attribute values. 5572# 5573# The format of nisLDAPfieldFromAttribute is : 5574# mapName ":" fieldattrspec *("," fieldattrspec) 5575' >> $MAP_FILE 5576 5577# List all the default entries anyway. 5578list_default_nisLDAPfieldFromAttribute 5579 5580# List all the non-default auto.* and custom maps. 5581list_auto_and_custom_nisLDAPfieldFromAttribute 5582 5583echo " 5584# 5585#------------------------------------------------------------------------------ 5586# 5587" >> $MAP_FILE 5588} 5589 5590 5591 5592# Main function for creating the mapping file 5593create_mapping_file() 5594{ 5595# Ask user the list of domains to be served by N2L 5596create_n2l_domain_list 5597 5598# If there are no N2L domains or none selected, then exit 5599if [ $N2L_DMN_CNT -eq 0 ]; then 5600 echo "There are no domains to serve. No mapping file generated." 5601 return 1 5602fi 5603 5604while : 5605do 5606 get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}" 5607 5608 # If help continue, otherwise break. 5609 case "$ANS" in 5610 [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;; 5611 * ) break ;; 5612 esac 5613done 5614 5615MAP_FILE=${ANS} 5616[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE 5617 5618# Backup existing mapping file if selected 5619check_back_mapping_file 5620 5621# To prevent from leaving a partial mapping file in case some error 5622# or signal takes place which might result in machine starting in N2L 5623# mode at next reboot, store the output being generated in a temporary 5624# file first, and move it at the final destination only at the end if 5625# everything goes fine. 5626 5627_MAP_FILE=$MAP_FILE 5628MAP_FILE=${TMPDIR}/${TMPMAP}.$$ 5629 5630echo "Generating mapping file temporarily as \"${MAP_FILE}\"" 5631 5632# Place copyright information 5633put_mapping_file_copyright_info 5634 5635 5636# Prepare various map lists for each domain 5637create_map_lists 5638 5639# List domains and contexts 5640get_nisLDAPdomainContext 5641 5642# List domains for which passwords should be changed 5643get_nisLDAPyppasswddDomains 5644 5645# List databaseId mappings (aliases) 5646create_nisLDAPdatabaseIdMapping 5647 5648# List comment character for maps 5649create_nisLDAPcommentChar 5650 5651# List SECURE and INTERDOMAIN flags 5652create_nisLDAPmapFlags 5653 5654# List TTL values 5655 create_nisLDAPentryTtl 5656 5657# List name fields 5658create_nisLDAPnameFields 5659 5660# List split fields and repeated fields seperators. 5661create_split_field_and_repeatedfield_seperators 5662 5663# List association of maps with RDNs and object classes. 5664create_nisLDAPobjectDN 5665 5666# List mapping of named fields to DIT entries 5667create_nisLDAPattributeFromField 5668 5669# List mapping of named fields from DIT entries 5670create_nisLDAPfieldFromAttribute 5671 5672 5673# We are done, so move back the mapping file from temp. location 5674# to actual location. 5675# In case the mapping file name has a directory component which does 5676# not exist, then create it now, otherwise 'mv' will return error. 5677 5678DIR_TO_CREATE=`dirname ${_MAP_FILE}` 5679mkdir -p ${DIR_TO_CREATE} 5680 5681echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)" 5682mv $MAP_FILE $_MAP_FILE 5683 5684# Revert back the mapping file name in case needed. 5685MAP_FILE=$_MAP_FILE 5686echo "Finished creation of mapping file ( $MAP_FILE )" 5687 5688} 5689 5690 5691# 5692# Main function for creating config file (ypserv) 5693# 5694process_config_file() 5695{ 5696# Ask for confirmation if the file name is not specified. 5697 5698if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then 5699 display_msg no_config_file_name_specified 5700 5701 get_confirm_nodef "Do you want to create the config file (y/n) ?" 5702 5703 [ $? -eq 0 ] && return 0 5704 5705 while : 5706 do 5707 get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}" 5708 5709 # If help continue, otherwise break. 5710 case "$ANS" in 5711 [Hh] | help | Help | \?) display_msg new_config_file_name_help ;; 5712 * ) break ;; 5713 esac 5714 done 5715 5716 CONFIG_FILE=${ANS} 5717 [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE 5718 5719fi 5720 5721# Backup existing config file if selected 5722check_back_config_file 5723 5724# Create config file 5725create_config_file 5726} 5727 5728 5729# 5730# Main function for creating mapping file (NISLDAPmapping) 5731# 5732process_mapping_file() 5733{ 5734# Ask for confirmation if the file name is not specified. 5735 5736if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then 5737 display_msg no_mapping_file_name_specified 5738 5739 get_confirm_nodef "Do you want to create the mapping file (y/n) ?" 5740 5741 [ $? -eq 0 ] && return 0 5742 5743 5744fi 5745 5746# Create mapping file 5747create_mapping_file 5748} 5749 5750########################################### 5751########### MAIN ########### 5752########################################### 5753 5754PROG=`basename $0` # Program name 5755ABS_PROG=$0 # absolute path needed 5756 5757# Only superuser should be able to run this script. 5758is_root_user 5759if [ $? -ne 0 ]; then 5760 echo "ERROR : Only root can run $PROG" 5761 exit 1 5762fi 5763 5764# Initialize things 5765init 5766 5767# Parse command line arguments. 5768parse_arg $* 5769 5770# Create config file (ypserv) 5771process_config_file 5772 5773# Create mapping file (NISLDAPmapping). 5774process_mapping_file 5775 5776# Cleanup temp files and directories unless debug. 5777[ $DEBUG -eq 0 ] && cleanup 5778 5779exit 0 5780