xref: /titanic_50/usr/src/cmd/ypcmd/yp2lscripts/inityp2l.sh (revision 5819f75e225cf93d9c11f52e04ee71c2dcd0eca9)
1#! /usr/bin/ksh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26# inityp2l -- Utility to generate YP (NIS) to LDAP
27#             configuration file (/etc/default/ypserv)
28#             and mapping file (/var/yp/NISLDAPmapping)
29#
30
31
32
33#
34# Displays message corresponding to the argument tag passed.
35#
36display_msg()
37{
38    case "$1" in
39    usage) cat <<EOF
40
41 $PROG:  [ -m mapping_file ] [ -c config_file ]
42   m <mapping_file> Name of the generated NISLDAP mapping file
43                    Default is /var/yp/NISLDAPmapping
44   c <config_file>  Name of the generated ypserv configuration file
45                    Default is /etc/default/ypserv
46
47EOF
48    ;;
49    no_config_file_name_specified) cat <<EOF
50
51You have not specified the config file name. You still have the
52option to skip creating this file, specify a config file name, or
53continue creating it with the default file name (${CONFIG_FILE}).
54
55EOF
56    ;;
57    no_mapping_file_name_specified) cat <<EOF
58
59You have not specified the mapping file name. You still have the
60option to skip creating this file, specify a mapping file name, or
61continue creating it with the default file name (${MAP_FILE}).
62
63EOF
64    ;;
65    new_config_file_name_help) cat <<EOF
66
67You can either specify a new file name, or accept the default
68config file name (${CONFIG_FILE}). 
69
70It is recommended not to use the default file name since this
71script just helps with rapid creation of a config file. You
72should examine it's content before using it.
73
74EOF
75    ;;
76    new_mapping_file_name_help) cat <<EOF
77
78You can either specify a new file name, or accept the default
79mapping file name (${MAP_FILE}). 
80
81It is recommended not to use the default file name since this
82script just helps with rapid creation of a mapping file. You
83should examine it's content before using it. And if there are
84custom maps, then their entries in the mapping file need to be
85customized too.
86
87Also, creation of default mapping file would cause NIS components
88to work in NIS to LDAP (N2L), rather than traditional NIS, mode
89when next restarted.
90
91EOF
92    ;;
93    backup_config_file) cat <<EOF
94
95The config file "${CONFIG_FILE}" already exists. It is strongly
96recommended that you BACKUP this file before running $PROG.
97
98However, even if you continue, you would be given the option to
99back up this file before it gets overwritten.
100
101EOF
102    ;;
103    backup_mapping_file) cat <<EOF
104
105The mapping file "${MAP_FILE}" already exists. It is strongly
106recommended that you BACKUP this file before running $PROG.
107
108However, even if you continue, you would be given the option to
109back up this file before it gets overwritten.
110
111EOF
112    ;;
113    warn_n2l_mode) cat <<EOF
114
115Warning : Creation of default mapping file (`basename $MAP_FILE`)
116          at default location (`dirname $MAP_FILE`) would cause NIS
117          components to work in NIS to LDAP (N2L) mode, rather than
118          traditional NIS mode, when next restarted.
119
120          "$PROG" assists with rapid creation of a simple N2L mapping
121          file. The user should examine it's content before using it.
122          For custom maps, this file needs to be customized which can
123          be done using standard text editors.
124
125EOF
126    ;;
127    config_auth_method_menu) cat <<EOF
128    The following are the supported Authentication Methods -
129      1  none
130      2  simple
131      3  sasl/cram-md5
132      4  sasl/digest-md5
133EOF
134    ;;
135    auth_method_menu) cat <<EOF
136    The following are the supported Authentication Methods -
137      1  simple
138      2  sasl/cram-md5
139      3  sasl/digest-md5
140EOF
141    ;;
142    tls_method_menu) cat <<EOF
143    The following are the supported TLS Methods -
144      1  none
145      2  ssl
146EOF
147    ;;
148    retrieve_error_action_menu) cat <<EOF
149    The following are the supported actions -
150      1  use_cached
151      2  fail
152EOF
153    ;;
154    store_error_action_menu) cat <<EOF
155    The following are the supported actions -
156      1  retry
157      2  fail
158EOF
159    ;;
160    sorry) cat <<EOF
161
162HELP - No help is available for this topic.
163
164EOF
165    ;;
166    backup_config_file_cont_help) cat <<EOF
167
168HELP - Since $PROG will overwrite the existing config file, it is
169       strongly recommended that you backup this file prior to
170       running this utility.
171
172       However, even if you continue, you would be given the option
173       to back up this file before it gets overwritten.
174
175EOF
176    ;;
177    backup_config_file_help) cat <<EOF
178
179HELP - If you choose to backup the existing config file, it would be
180       saved with current date and time suffix in yymmdd.HH.MM.SS format.
181
182EOF
183    ;;
184    backup_mapping_file_cont_help) cat <<EOF
185
186HELP - Since $PROG will overwrite the existing mapping file, it is
187       strongly recommended that you backup this file prior to running
188       this utility.
189
190       However, even if you continue, you would be given the option to
191       back up this file before it gets overwritten.
192
193EOF
194    ;;
195    backup_mapping_file_help) cat <<EOF
196
197HELP - If you choose to backup the existing mapping file, it would be
198       saved with current date and time suffix in yymmdd.HH.MM.SS format.
199
200EOF
201    ;;
202    warn_n2l_mode_help) cat <<EOF
203
204HELP - It is strongly recommended that the mapping file is created at
205       non-default location (other than `dirname $MAP_FILE`). After this,
206       it's content should be verified, custom maps should be handled,
207       and if NIS components are desired to run in NIS to LDAP (N2L),
208       then only it should be copied at the default location.
209
210EOF
211    ;;
212    nisLDAPconfigDN_help) cat <<EOF
213
214HELP - The DN which stores the configuration information in LDAP.
215       There is no default value for this field. Leave empty or
216       undefined to get this information from config file (ypserv).
217
218EOF
219    ;;
220    nisLDAPconfigPreferredServerList_help) cat <<EOF
221
222HELP - List of directory servers to provide the configuration
223       information. There is no default. The preferred servers
224       must be entered IN THE ORDER you wish to have them contacted.
225       The preferred server list is a space separated list of IP
226       addresses. Providing port numbers is optional, and when not
227       supplied, port 389 is assumed. For an LDAP server running
228       on this machine, at port 389, use "127.0.0.1:389".
229
230EOF
231    ;;
232    auth_help) cat <<EOF
233
234HELP - The authentication method to be used to obtain information
235       from LDAP server. The supported methods are provided in menu.
236
237EOF
238    ;;
239    tls_help) cat <<EOF
240
241HELP - The transport layer security used for connection to the LDAP
242       server. In order to successfully use transport layer security,
243       the server must also support the chosen values. The supported
244       methods are provided in menu. Default is "$DEF_TLS".
245
246EOF
247    ;;
248    TLSCertificateDBPath_help) cat <<EOF
249
250HELP - The absolute path name of the directory containing the certificate
251       database. The default value is "$DEF_TLSCertificateDBPath"
252
253EOF
254    ;;
255    nisLDAPconfigProxyUser_help) cat <<EOF
256
257HELP - The bind DN of the proxy user used to obtain configuration
258       information. There is no default value. If the value ends
259       with a comma, the value of the nisLDAPconfigDN attribute
260       is appended.
261
262EOF
263    ;;
264    ProxyPassword_warn) cat <<EOF
265
266Warning : In order to avoid having this password publicly visible
267          on the machine, the password should appear only in the
268          configuration file, and the file should have an appropriate
269          owner, group, and file mode.
270
271          So, once this file is ready, please modify appropriately
272          to make sure this file is well protected.
273
274EOF
275    ;;
276    preferredServerList_help) cat <<EOF
277
278HELP - List of directory servers for mapping data to/from LDAP.
279       There is no default. The preferred servers must be entered
280       IN THE ORDER you wish to have them contacted. The preferred
281       server list is a space separated list of IP addresses.
282       Providing port numbers is optional, and when not supplied,
283       port 389 is assumed. For an LDAP server running on this
284       machine, at port 389, use "127.0.0.1:389".
285
286EOF
287    ;;
288    nisLDAPproxyUser_help) cat <<EOF
289
290HELP - The bind DN of the proxy user the ypserv to read or write
291       from or to LDAP. Assumed to have the appropriate permission
292       to read and modify LDAP data. There is no default value. If
293       the value ends with a comma, the value of the context for
294       the current domain (as defined by a nisLDAPdomainContext
295       attribute (NISLDAPmapping(4))) is appended.
296
297EOF
298    ;;
299    nisLDAPbindTimeout_help) cat <<EOF
300
301HELP - The amount of time in seconds after which an LDAP bind operation
302       will timeout. Default is $DEF_nisLDAPbindTimeout seconds.
303       Decimal values are allowed.
304
305EOF
306    ;;
307    nisLDAPsearchTimeout_help) cat <<EOF
308
309HELP - The amount of time in seconds after which an LDAP search operation
310       will timeout. Default is $DEF_nisLDAPsearchTimeout seconds.
311       Decimal values are allowed.
312
313EOF
314    ;;
315    nisLDAPmodifyTimeout_help) cat <<EOF
316
317HELP - The amount of time in seconds after which an LDAP modify operation
318       will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds.
319       Decimal values are allowed.
320
321EOF
322    ;;
323    nisLDAPaddTimeout_help) cat <<EOF
324
325HELP - The amount of time in seconds after which an LDAP add operation
326       will timeout. Default is $DEF_nisLDAPaddTimeout seconds.
327       Decimal values are allowed.
328
329EOF
330    ;;
331    nisLDAPdeleteTimeout_help) cat <<EOF
332
333HELP - The amount of time in seconds after which an LDAP delete operation
334       will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds.
335       Decimal values are allowed.
336
337EOF
338    ;;
339    nisLDAPsearchTimeLimit_help) cat <<EOF
340
341HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which
342       suggests a time limit for the search operation on the LDAP
343       server. The server may impose its own constraints on possible
344       values. See your LDAP server documentation. The default is the
345       nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value.
346       Only integer values are allowed.
347
348       Since the nisLDAPsearchTimeout limits the amount of time the
349       client ypserv will wait for completion of a search operation,
350       setting the nisLDAPsearchTimeLimit larger than the
351       nisLDAPsearchTimeout is not recommended.
352
353EOF
354    ;;
355    nisLDAPsearchSizeLimit_help) cat <<EOF
356
357HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which
358       suggests a size limit, in bytes, for the search results on
359       the LDAP server. The server may impose its own constraints
360       on possible values. See your LDAP server documentation. The
361       default is $DEF_nisLDAPsearchSizeLimit, which means unlimited.
362       Only integer values are allowed.
363
364EOF
365    ;;
366    nisLDAPfollowReferral_help) cat <<EOF
367
368HELP - Determines if the ypserv should follow referrals or not.
369       Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral.
370
371EOF
372    ;;
373    nisLDAPretrieveErrorAction_help) cat <<EOF
374
375HELP - If an error occurs while trying to retrieve an entry from
376       LDAP, one of the following actions can be selected:
377
378       use_cached : Retry the retrieval the number of time specified
379                    by nisLDAPretrieveErrorAttempts, with the
380                    nisLDAPretrieveErrorTimeout value controlling
381                    the wait between each attempt.
382
383                    If all attempts fail then log a warning and
384                    return the value currently in the cache to the
385                    client.  This is the default value.
386
387       fail       : Proceed as for 'use_cached' but if all attempts
388                    fail return a YPERR_YPERR error to the client.
389
390EOF
391    ;;
392    nisLDAPretrieveErrorAttempts_help) cat <<EOF
393
394HELP - The number of times a failed retrieval should be retried.
395       The default is unlimited. Note while retries are made, the
396       NIS daemon will be prevented from servicing further requests.
397       Hence, values other than 1 should be used with caution.
398
399EOF
400    ;;
401    nisLDAPretrieveErrorTimeout_help) cat <<EOF
402
403HELP - The timeout (in seconds) between each new attempt to retrieve
404       LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds.
405
406EOF
407    ;;
408    nisLDAPstoreErrorAction_help) cat <<EOF
409
410HELP - If an error occurs while trying to store data to the LDAP
411       repository, one of the following actions can be selected :
412
413       retry : Retry operation nisLDAPstoreErrorAttempts times with
414               nisLDAPstoreErrorTimeout seconds between each attempt.
415               Note while retries are made the NIS daemon will be
416               prevented from servicing further requests. Use with
417               caution. This is the default value.
418
419       fail  : Return YPERR_YPERR error to the client.
420
421EOF
422    ;;
423    nisLDAPstoreErrorAttempts_help) cat <<EOF
424
425HELP - The number of times a failed attempt to store data to the
426       LDAP repository should be retried. The default is unlimited.
427
428       The value for nisLDAPstoreErrorAttempts is ignored unless
429       nisLDAPstoreErrorAction=retry.
430
431EOF
432    ;;
433    nisLDAPstoreErrorTimeout_help) cat <<EOF
434
435HELP - The timeout (in seconds) between each new attempt to store
436       LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds.
437
438       The value for nisLDAPstoreErrorTimeout is ignored unless
439       nisLDAPstoreErrorAction=retry.
440
441EOF
442    ;;
443    selectDomain4N2L_help) cat <<EOF
444
445HELP - Whether this domain needs to be served by YP to LDAP transition
446       solution. The default is no in which case the data in this
447       domain would not be taken care for transitioning to LDAP.
448
449EOF
450    ;;
451    generate_comment_info_for_cust_map_help) cat <<EOF
452
453HELP - If selected, this script will try to add relevant comments
454       in the mapping file which might help in customizing the
455       mapping information for custom maps.
456
457EOF
458    ;;
459    generate_mapping_info_for_cust_map_help) cat <<EOF
460
461HELP - If selected, this script will try to generate mapping
462       information for this map assuming it is a "simple" map.
463
464       A map is assumed to be "simple" if each entry of this map
465       has only one "key value" entry in YP, and if each map entry
466       can be represented as a single DIT string in the LDAP server.
467
468       If this map is not a simple map and you do want to store it
469       in LDAP, you have two options :
470
471       1 - Answer yes, and this script would generate the mapping
472           information for this map assuming it is a simple map.
473           And once the execution of the script is over, you can
474           customize the mapping information by hand editing the
475           mapping file.
476
477       2 - Answer no, and this script would not generate mapping
478           info for this map. And once the execution of the script
479           is over, you can include the customized mapping
480           information by hand editing the mapping file.
481
482EOF
483    ;;
484    nisLDAPdomainContext_help) cat <<EOF
485
486HELP - This parameter defines the context (default location) in
487       the directory tree at which all the name service entries
488       for this particular domain would be stored.
489
490EOF
491    ;;
492    nisLDAPyppasswddDomains_help) cat <<EOF
493
494HELP - Lists the domains for which password changes should be
495       made.  If this is not present then the value returned by
496       'domainname' will be used.
497
498       NIS password change requests do not specify the domains in
499       which any given password should be changed. (In traditional
500       NIS this information is effectively hard coded in the NIS
501       makefile.)
502
503EOF
504    ;;
505    custom_map_comment_char_help) cat <<EOF
506
507HELP - If selected, it will allow you to specify a character which
508       would represent the start of the special 'comment' field in
509       a given NIS map. If this attribute is not present then the
510       default comment character '#' is used.
511
512       If a map cannot contain comments then the blank comment
513       character ('') should be specified (just hit the return key).
514
515EOF
516    ;;
517    same_comment_char_help) cat <<EOF
518
519HELP - If selected, for a given map, it will allow you to specify
520       a common comment character for all the domains.
521
522       Or else by selecting NO, for the same map, you would be
523       given the option to specify different comment character
524       for different domains.
525
526EOF
527    ;;
528    secure_flag_on_help) cat <<EOF
529
530HELP - Secure flag is set on maps which are generated with
531       "makedbm -s". When converting data from LDAP to YP,
532       it adds YP_SECURE entries.
533       
534EOF
535    ;;
536    secure_flag_all_domains_help) cat <<EOF
537
538HELP - If selected, it will allow you to set the secure flag on
539       for this map for all the domains.
540
541       Or else by selecting NO, you would be given the option to
542       set this flag, for the same map, on per domain basis.
543
544EOF
545    ;;
546    interdomain_flag_on_help) cat <<EOF
547
548HELP - Interdomain flag is set on a set of maps which are generated
549       with "makedbm -b". It signals NIS servers to use the domain
550       name resolver for host name and address lookups for hosts
551       not found in the maps.
552
553       If selected, it adds YP_INTERDOMAIN entries in these maps
554       when converting data from LDAP to YP.
555       
556EOF
557    ;;
558    interdomain_flag_all_domains_help) cat <<EOF
559
560HELP - If selected, it will allow you to set the interdomain flag
561       on for all the domains.
562
563       Or else by selecting NO, you would be given the option to
564       set this flag on per domain basis.
565
566EOF
567    ;;
568    initialTTLlo_help) cat <<EOF
569
570HELP - The lower limit for the initial TTL (in seconds) for data
571       read from disk when the ypserv starts. If initialTTLhi also
572       is specified, the actual initialTTL will be randomly selected
573       from the interval initialTTLlo to initialTTLhi (inclusive).
574
575       Leaving the field empty yields the default value of $DEF_iTTLlo.
576
577EOF
578    ;;
579    initialTTLhi_help) cat <<EOF
580
581HELP - The upper limit for the initial TTL (in seconds).
582       If left empty, defaults to "$DEF_iTTLhi".
583
584EOF
585    ;;
586    runningTTL_help) cat <<EOF
587
588HELP - The TTL (in seconds) for data retrieved from LDAP while the
589       ypserv is running. If left empty, defaults to "$DEF_runTTL".
590
591EOF
592    ;;
593    default_ttl_help) cat <<EOF
594
595HELP - The default TTL value for each map is set to :
596       ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}
597
598       Select yes if you want to change the current TTL value.
599
600EOF
601    ;;
602    non_default_same_ttl_help) cat <<EOF
603
604HELP - Select yes if you want to set a new TTL value, but want
605       to keep it same for all the maps.
606      
607EOF
608    ;;
609    non_default_different_ttl_help) cat <<EOF
610
611HELP - Select yes if you want to set TTL value for each map, but
612       want to keep it same for all the domains.
613      
614EOF
615    ;;
616    default_different_ttl_help) cat <<EOF
617
618HELP - Select yes if you want to accept the default TTL
619       value for this map.
620      
621EOF
622    ;;
623    same_ttl_across_domains_help) cat <<EOF
624
625HELP - Select yes if you want to set TTL value for the map,
626       but want to keep it same for all the domains.
627
628EOF
629    ;;
630
631    esac
632}
633
634#
635# Echo the message passed only if DEBUG is set.
636# Reduces the line width significantly.
637#
638d_echo()
639{
640[ DEBUG -eq 1 ] && echo $@
641}
642
643
644#
645# get_ans(): gets an answer from the user.
646#		$1  instruction/comment/description/question
647#		$2  default value
648#
649get_ans()
650{
651    if [ -z "$2" ]
652    then
653	echo "$1 \c"
654    else
655	echo "$1 [$2] \c"
656    fi
657
658    read ANS
659    if [ -z "$ANS" ]
660    then
661	ANS=$2
662    fi
663}
664
665
666#
667# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
668#		$@  instruction/comment/description/question
669#
670get_ans_req()
671{
672    ANS=""                  # Set ANS to NULL.
673    while [ "$ANS" = "" ]
674    do
675	get_ans "$@"
676	[ "$ANS" = "" ] && echo "NULL value not allowed!"
677    done
678}
679
680
681#
682# get_integer(): Querys and verifies that number entered is integer.
683#                Function will repeat prompt user for integer value.
684#                $1  Message text.
685#                $2  default value.
686#                $3  Help argument.
687#
688get_integer()
689{
690    ANS=""                  # Set ANS to NULL.
691    NUM=""
692
693    get_ans "$1" "$2"
694
695    # Verify that value is integer.
696    while not_integer $ANS
697    do
698	case "$ANS" in
699	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
700	    * ) echo "Invalid value: \"${ANS}\". \c"
701	     ;;
702	esac
703
704	# Get a new value.
705	get_ans "Enter an integer value:" "$2"
706    done
707    NUM=$ANS
708}
709
710
711#
712# get_number(): Querys and verifies that number entered is numeric.
713#               Function will repeat prompt user for numeric value.
714#               $1  Message text.
715#	        $2  default value.
716#               $3  Help argument.
717#
718get_number()
719{
720    ANS=""                  # Set ANS to NULL.
721    NUM=""
722
723    get_ans "$1" "$2"
724
725    # Verify that value is numeric.
726    while not_numeric $ANS
727    do
728	case "$ANS" in
729	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
730	    * ) echo "Invalid value: \"${ANS}\". \c"
731	     ;;
732	esac
733
734	# Get a new value.
735	get_ans "Enter a numeric value:" "$2"
736    done
737    NUM=$ANS
738}
739
740
741#
742# get_pos_int(): Only allows positive integer.
743#
744#                   $1 - Prompt message.
745#                   $2 - Default value (require).
746#                   $3 - Optional help argument.
747get_pos_int()
748{
749    while :
750    do
751	get_integer "$1" "$2" "$3"
752
753	if [ $ANS -lt 0 ]; then
754	    echo "Invalid number: please enter a positive integer."
755	else
756	    break      # Positive integer
757	fi
758    done
759}
760
761
762#
763# get_pos_num(): Only allows positive number.
764#
765#                   $1 - Prompt message.
766#                   $2 - Default value (require).
767#                   $3 - Optional help argument.
768get_pos_num()
769{
770    while :
771    do
772	get_number "$1" "$2" "$3"
773
774	if [ $ANS -lt 0 ]; then
775	    echo "Invalid number: please enter a positive number."
776	else
777	    break      # Positive number
778	fi
779    done
780}
781
782
783#
784#
785# get_passwd(): Reads a password from the user and verify with second.
786#		$@  instruction/comment/description/question
787#
788get_passwd()
789{
790    [ $DEBUG -eq 1 ] && echo "In get_passwd()"
791
792    # Temporary PASSWD variables
793    _PASS1=""
794    _PASS2=""
795
796    # Handle signals, so that echo can be turned back on if Ctrl-C.
797    trap "/usr/bin/stty echo; exit" 1 2 3 6 15
798
799    /usr/bin/stty -echo     # Turn echo OFF
800
801    # Endless loop that continues until passwd and re-entered passwd
802    # match.
803    while :
804    do
805	ANS=""                  # Set ANS to NULL.
806
807	# Don't allow NULL for first try.
808	while [ "$ANS" = "" ]
809	do
810	    get_ans "$@"
811	    [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!"
812	done
813	_PASS1=$ANS         # Store first try.
814
815	# Get second try.
816	echo ""
817	get_ans "Re-enter passwd:"
818	_PASS2=$ANS
819
820	# Test if passwords are identical.
821	if [ "$_PASS1" = "$_PASS2" ]; then
822	    break
823	fi
824
825	# Move cursor down to next line and print ERROR message.
826	echo ""
827	echo "ERROR: passwords don't match; try again."
828    done
829
830    /usr/bin/stty echo      # Turn echo ON
831
832    # Removed signal handler
833    trap 1 2 3 6 15
834
835    echo ""
836}
837
838
839#
840# get_passwd_nochk(): Reads a password from the user w/o check.
841#		$@  instruction/comment/description/question
842#
843get_passwd_nochk()
844{
845    [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()"
846
847    # Handle signals, so that echo can be turned back on if Ctrl-C.
848    trap "/usr/bin/stty echo; exit" 1 2 3 6 15
849
850    /usr/bin/stty -echo     # Turn echo OFF
851
852    get_ans "$@"
853
854    /usr/bin/stty echo      # Turn echo ON
855
856    # Removed signal handler
857    trap 1 2 3 6 15
858
859    echo ""
860}
861
862
863#
864# get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
865#                $1 - Message
866#                $2 - default value.
867#
868get_confirm()
869{
870    _ANSWER=
871
872    while :
873    do
874	# Display Internal ERROR if $2 not set.
875	if [ -z "$2" ]; then
876	    echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
877	    exit 2
878	fi
879
880	# Display prompt.
881	echo "$1 [$2] \c"
882
883	# Get the ANSWER.
884	read _ANSWER
885	if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
886	    _ANSWER=$2
887	fi
888	case "$_ANSWER" in
889	    [Yy] | yes | Yes | YES) return 1 ;;
890	    [Nn] | no  | No  | NO)  return 0 ;;
891	    [Hh] | help | Help | \?) display_msg ${3:-sorry};;
892	    * ) echo "Please enter y or n."  ;;
893	esac
894    done
895}
896
897
898#
899# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
900#                      No default value supported. Returns 1 for yes.
901#
902get_confirm_nodef()
903{
904    _ANSWER=
905
906    while :
907    do
908	echo "$@ \c"
909	read _ANSWER
910	case "$_ANSWER" in
911	    [Yy] | yes | Yes | YES) return 1 ;;
912	    [Nn] | no  | No  | NO)  return 0 ;;
913	    * ) echo "Please enter y or n."  ;;
914	esac
915    done
916}
917
918
919#
920# is_integer(): Tells if a string is numeric integer.
921#    0 = Integer
922#    1 = NOT Integer
923#
924is_integer()
925{
926    # Check for parameter.
927    if [ $# -ne 1 ]; then
928	return 1
929    fi
930
931    # Determine if integer.
932    expr "$1" + 1 > /dev/null 2>&1
933
934    if [ $? -ge 2 ]; then
935	return 1
936    fi
937
938    # Made it here, it's Numeric.
939    return 0
940}
941
942
943#
944# not_integer(): Reverses the return values of is_integer.  Useful
945#                for if and while statements that want to test for
946#                non-integer data.
947#    0 = NOT Integer
948#    1 = Integer
949#
950not_integer()
951{
952    is_integer $1
953    if [ $? -eq 0 ]; then
954       return 1
955    else
956       return 0
957    fi
958}
959
960
961#
962# is_numeric(): Tells if a string is numeric.
963#    0 = Numeric
964#    1 = NOT Numeric
965#
966is_numeric()
967{
968    # Check for parameter.
969    if [ $# -ne 1 ]; then
970	return 1
971    fi
972
973    # Determine if numeric.
974    let _NUM="$1 + 1" > /dev/null 2>&1
975
976    if [ $? -eq 0 ]; then
977	return 0
978    fi
979
980}
981
982
983#
984# not_numeric(): Reverses the return values of is_numeric.  Useful
985#                for if and while statements that want to test for
986#                non-numeric data.
987#    0 = NOT Numeric
988#    1 = Numeric
989#
990not_numeric()
991{
992    is_numeric $1
993    if [ $? -eq 0 ]; then
994       return 1
995    else
996       return 0
997    fi
998}
999
1000
1001#
1002# domain_2_dc(): Convert a domain name into dc string.
1003#    $1  .. Domain name.
1004#
1005domain_2_dc()
1006{
1007    _DOM=$1           # Domain parameter.
1008    _DOM_2_DC=""      # Return value from function.
1009    _FIRST=1          # Flag for first time.
1010
1011    export _DOM_2_DC  # Make visible for others.
1012
1013    # Convert "."'s to spaces for "for" loop.
1014    domtmp="`echo ${_DOM} | tr '.' ' '`"
1015    for i in $domtmp; do
1016	if [ $_FIRST -eq 1 ]; then
1017	    _DOM_2_DC="dc=${i}"
1018	    _FIRST=0
1019	else
1020	    _DOM_2_DC="${_DOM_2_DC},dc=${i}"
1021	fi
1022    done
1023}
1024
1025
1026#
1027# is_root_user(): Check to see if logged in as super user.
1028#
1029is_root_user()
1030{
1031    case `id` in
1032	uid=0\(root\)*) return 0 ;;
1033	* )             return 1 ;;
1034    esac
1035}
1036
1037
1038#
1039# parse_arg(): Parses the command line arguments and sets the
1040#              appropriate variables.
1041#
1042parse_arg()
1043{
1044    while getopts ":dm:c:" ARG
1045    do
1046	case $ARG in
1047	    d)      DEBUG=1;;
1048
1049	    m)      MAP_FILE=$OPTARG
1050	            MAPPING_FILE_SPECIFIED=1;;
1051
1052	    c)      CONFIG_FILE=$OPTARG
1053                    CONFIG_FILE_SPECIFIED=1;;
1054
1055	    \?)	    echo "**ERROR: Invalid option '$OPTARG'"
1056		    display_msg usage
1057		    exit 1;;
1058	esac
1059    done
1060
1061    shift `expr $OPTIND - 1`
1062    if [ $# -gt 0 ]; then
1063        echo "**ERROR: wrong usage "
1064        display_msg usage
1065        exit 1
1066    fi
1067}
1068
1069
1070#
1071# present() : Checks if the first argument exists in the
1072#            argument list. Returns 0 if found, else 1.
1073#
1074present ()
1075{
1076_ELEMENT=$1
1077
1078shift
1079ARG_LIST=$@
1080
1081for item in $ARG_LIST
1082do
1083  [ "$_ELEMENT" = "$item" ] && return 0
1084done
1085
1086# If reached here, then the clement does not exist
1087return 1
1088}
1089
1090
1091#
1092# remove() : Returns a new string after removing the first
1093#            argument in the argument list.
1094#
1095remove ()
1096{
1097_ELEMENT=$1
1098
1099shift
1100ARG_LIST=$@
1101
1102NEW_LIST=""
1103
1104for item in $ARG_LIST
1105do
1106  [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item"
1107done
1108
1109echo $NEW_LIST
1110return 0
1111}
1112
1113
1114#
1115# merge_lists() : Returns a list after merging elements
1116#                 (uniquely) supplied in the argument list.
1117#
1118merge_lists()
1119{
1120MERGED_LIST=""
1121
1122for _VAR in "$@"
1123do
1124  if ! present $_VAR $MERGED_LIST; then
1125    MERGED_LIST="$MERGED_LIST $_VAR"
1126  fi
1127done
1128
1129echo $MERGED_LIST
1130return 0
1131}
1132
1133
1134#
1135# init(): initializes variables and options
1136#
1137init()
1138{
1139# General variables.
1140DEBUG=0             		# Set Debug OFF
1141
1142MAPPING_FILE_SPECIFIED=0	# No file name passed
1143CONFIG_FILE_SPECIFIED=0		# No file name passed
1144
1145# Prevent others from snooping
1146umask 077
1147
1148# Set default config and mapping files.
1149DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping"
1150DEFAULT_CONFIG_FILE="/etc/default/ypserv"
1151
1152MAP_FILE="$DEFAULT_MAP_FILE"
1153CONFIG_FILE="$DEFAULT_CONFIG_FILE"
1154
1155# Set and create TMPDIR. Use a safe place to discourage hackers.
1156TMPDIR="/var/yp/inityp2l"
1157
1158# Temporary file names to be used to prevent system starting in
1159# N2L mode in case something goes wrong during file creation.
1160TMPCONF="ypserv-tmp"
1161TMPMAP="NISLDAPmapping-tmp"
1162
1163# Remove if the temp directory has been leftover
1164[ -d "$TMPDIR" ] && rm -rf $TMPDIR
1165mkdir $TMPDIR
1166if [ $? -ne 0 ]; then
1167  echo ERROR : Failed to create temp directory $TMPDIR
1168  exit 1
1169fi
1170
1171# Initialize the default NIS maps.
1172DEFAULT_NIS_MAPS="passwd.byname
1173                  passwd.byuid
1174                  group.byname
1175                  group.bygid
1176                  hosts.byaddr
1177                  hosts.byname
1178                  ipnodes.byaddr
1179                  ipnodes.byname
1180                  ethers.byaddr
1181                  ethers.byname
1182                  networks.byaddr
1183                  networks.byname
1184                  rpc.bynumber
1185                  services.byname
1186                  services.byservicename
1187                  printers.conf.byname
1188                  project.byname
1189                  project.byprojid
1190                  protocols.byname
1191                  protocols.bynumber
1192                  netgroup
1193                  netgroup.byuser
1194                  netgroup.byhost
1195                  bootparams
1196                  mail.aliases
1197                  mail.byaddr
1198                  publickey.byname
1199                  netid.byname
1200                  netmasks.byaddr
1201                  passwd.adjunct.byname
1202                  group.adjunct.byname
1203                  timezone.byname
1204                  auth_attr
1205                  exec_attr
1206                  prof_attr
1207                  user_attr
1208                  audit_user
1209                  auto.master
1210                  auto.home
1211                  ypservers"
1212
1213set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS
1214
1215# The default TTL maps in database ID format.
1216DEF_TTL_MAPLIST="audit_user
1217                 auto.home
1218                 auto.master
1219                 auth_attr
1220                 bootparams
1221                 ethers
1222                 exec_attr
1223                 group
1224                 group.adjunct.byname
1225                 keys.host
1226                 keys.pass
1227                 keys.nobody
1228                 hosts
1229                 multihosts
1230                 ipnodes
1231                 multiipnodes
1232                 netgroup
1233                 networks
1234                 passwd
1235                 passwd.adjunct.byname
1236                 printers.conf.byname
1237                 prof_attr
1238                 project
1239                 protocols
1240                 services
1241                 mail.aliases
1242                 mail.mapping
1243                 netid.host
1244                 netid.pass
1245                 netmasks.byaddr
1246                 rpc.bynumber
1247                 ageing.byname
1248                 timezone.byname
1249                 user_attr
1250                 ypservers"
1251
1252
1253# Initialize default values for config parameters.
1254
1255configDN_flag=0
1256DEF_nisLDAPconfigDN=""
1257DEF_TLS=none
1258DEF_TLSCertificateDBPath=/var/yp/
1259DEF_nisLDAPbindTimeout=15
1260DEF_nisLDAPsearchTimeout=180
1261DEF_nisLDAPmodifyTimeout=15
1262DEF_nisLDAPaddTimeout=15
1263DEF_nisLDAPdeleteTimeout=15
1264DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout}
1265DEF_nisLDAPsearchSizeLimit=0
1266DEF_nisLDAPfollowReferral=no
1267DEF_nisLDAPretrieveErrorAction=use_cached
1268
1269# The default is unlimited, but since it prevents the NIS daemon,
1270# from servicing further requests, set 1 as the suggested value.
1271SUG_nisLDAPretrieveErrorAttempts=1
1272DEF_nisLDAPretrieveErrorTimeout=15
1273DEF_nisLDAPstoreErrorAction=retry
1274
1275# The default is unlimited, but set 1 as the suggested value.
1276SUG_nisLDAPstoreErrorAttempts=1
1277DEF_nisLDAPstoreErrorTimeout=15
1278
1279# Default TTL values (in seconds) for NIS MAPS for mapping file.
1280DEF_iTTLlo=1800
1281DEF_iTTLhi=5400
1282DEF_runTTL=3600
1283
1284}
1285
1286
1287#
1288# config_auth_menu_handler(): Enter the authentication method
1289#                             for config server.
1290#
1291config_auth_menu_handler()
1292{
1293    # Display Auth menu
1294    display_msg config_auth_method_menu
1295
1296    # Get a Valid choice.
1297    while :
1298    do
1299	# Display appropriate prompt and get answer.
1300        get_ans_req "    Choose one Authentication Method (h=help):"
1301
1302	# Determine choice.
1303	_MENU_CHOICE=$ANS
1304	case "$_MENU_CHOICE" in
1305	    1) _AUTHMETHOD="none"
1306		break ;;
1307	    2) _AUTHMETHOD="simple"
1308		break ;;
1309	    3) _AUTHMETHOD="sasl/cram-md5"
1310		break ;;
1311	    4) _AUTHMETHOD="sasl/digest-md5"
1312		break ;;
1313	    h) display_msg auth_help ;;
1314	    *) echo "Please enter 1-4, or h=help." ;;
1315	esac
1316    done
1317}
1318
1319
1320#
1321# auth_menu_handler(): Enter the Authentication method for LDAP server.
1322#
1323auth_menu_handler()
1324{
1325    # Display Auth menu
1326    display_msg auth_method_menu
1327
1328    # Get a Valid choice.
1329    while :
1330    do
1331	# Display appropriate prompt and get answer.
1332        get_ans_req "    Choose one Authentication Method (h=help):"
1333
1334	# Determine choice.
1335	_MENU_CHOICE=$ANS
1336	case "$_MENU_CHOICE" in
1337	    1) _AUTHMETHOD="simple"
1338		break ;;
1339	    2) _AUTHMETHOD="sasl/cram-md5"
1340		break ;;
1341	    3) _AUTHMETHOD="sasl/digest-md5"
1342		break ;;
1343	    h) display_msg auth_help ;;
1344	    *) echo "Please enter 1-3, or h=help." ;;
1345	esac
1346    done
1347}
1348
1349
1350#
1351# tls_menu_handler(): Enter the transport layer security
1352#
1353tls_menu_handler()
1354{
1355    # Display TLS menu
1356    display_msg tls_method_menu
1357
1358    # Get a Valid choice.
1359    while :
1360    do
1361	# Display appropriate prompt and get answer.
1362	# Default value is "none".
1363
1364        get_ans "    Choose one Transport Layer Security Method (h=help):" "1"
1365
1366	# Determine choice.
1367	_MENU_CHOICE=$ANS
1368	case "$_MENU_CHOICE" in
1369	    1) _TLSMETHOD="none"
1370		break ;;
1371	    2) _TLSMETHOD="ssl"
1372		break ;;
1373	    h) display_msg tls_help ;;
1374	    *) echo "Please enter 1, 2, or h=help." ;;
1375	esac
1376    done
1377}
1378
1379
1380#
1381# retrieve_error_action_menu_handler(): Enter the retrieve error action
1382#
1383retrieve_error_action_menu_handler()
1384{
1385    # Display retrieve error action menu
1386    display_msg retrieve_error_action_menu
1387
1388    # Get a Valid choice.
1389    while :
1390    do
1391	# Display appropriate prompt and get answer. use_cached is default
1392        get_ans "    Choose one retrieval error action (h=help):" "1"
1393
1394	# Determine choice.
1395	_MENU_CHOICE=$ANS
1396	case "$_MENU_CHOICE" in
1397	    1) _RET_ERR_ACT="use_cached"
1398		break ;;
1399	    2) _RET_ERR_ACT="fail"
1400		break ;;
1401	    h) display_msg nisLDAPretrieveErrorAction_help ;;
1402	    *) echo "Please enter 1, 2, or h=help." ;;
1403	esac
1404    done
1405}
1406
1407
1408#
1409# store_error_action_menu_handler(): Enter the store error action
1410#
1411store_error_action_menu_handler()
1412{
1413    # Display store error action menu
1414    display_msg store_error_action_menu
1415
1416    # Get a Valid choice.
1417    while :
1418    do
1419	# Display appropriate prompt and get answer. retry is default
1420        get_ans "    Choose one store error action (h=help):" "1"
1421
1422	# Determine choice.
1423	_MENU_CHOICE=$ANS
1424	case "$_MENU_CHOICE" in
1425	    1) _STOR_ERR_ACT="retry"
1426		break ;;
1427	    2) _STOR_ERR_ACT="fail"
1428		break ;;
1429	    h) display_msg nisLDAPstoreErrorAction_help ;;
1430	    *) echo "Please enter 1, 2, or h=help." ;;
1431	esac
1432    done
1433}
1434
1435
1436#
1437# cleanup(): Remove the TMPDIR and all files in it.
1438#
1439cleanup()
1440{
1441[ $DEBUG -eq 1 ] && echo "In cleanup()"
1442
1443# Leave the temp directory if debug is set
1444[ $DEBUG -eq 0 ] && rm -rf $TMPDIR
1445}
1446
1447
1448# Save existing config file if elected
1449check_back_config_file()
1450{
1451if [ -f $CONFIG_FILE ]; then
1452  display_msg backup_config_file
1453
1454  get_confirm "Do you wish to continue (y/n/h)?" \
1455              "n" "backup_config_file_cont_help"
1456
1457  if [ $? -eq 0 ]; then    # if No, cleanup and exit.
1458    cleanup ; exit 1
1459  fi
1460
1461  get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \
1462              "y" "backup_config_file_help"
1463
1464  if [ $? -eq 1 ]; then    # Save the old config file with timestamp
1465
1466    # SCCS converts '% H %' (without spaces) in current date during putback.
1467    # So use some other combination.
1468    SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1469
1470    cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX}
1471    echo "  Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}"
1472  fi
1473fi
1474}
1475
1476
1477# Save existing mapping file if elected
1478check_back_mapping_file()
1479{
1480if [ -f $MAP_FILE ]; then
1481  display_msg backup_mapping_file
1482
1483  get_confirm "Do you wish to continue (y/n/h)?" \
1484              "n" "backup_mapping_file_cont_help"
1485
1486  if [ $? -eq 0 ]; then    # if No, cleanup and exit.
1487    cleanup ; exit 1
1488  fi
1489
1490  get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \
1491                   "y" "backup_mapping_file_help"
1492
1493  if [ $? -eq 1 ]; then    # if Yes, save the old map file with timestamp
1494
1495    # SCCS converts '% H %' (without spaces) in current date during putback.
1496    # So use some other combination.
1497    SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1498
1499    cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX}
1500    echo "  Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}"
1501  fi
1502
1503else
1504  if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then
1505    display_msg warn_n2l_mode
1506
1507    get_confirm "Do you wish to continue (y/n/h)?" \
1508                "n" "warn_n2l_mode_help"
1509
1510    if [ $? -eq 0 ]; then
1511      cleanup ; exit 1
1512    fi
1513  fi
1514fi
1515}
1516
1517
1518put_config_file_copyright_info()
1519{
1520
1521# Start with an emptty file, so don't append, but overwrite here.
1522# Just change the name, but keep the same date and version number
1523# as in the ident string of this script.
1524
1525grep "ident	\"@(#)$PROG" $ABS_PROG | \
1526      sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE
1527
1528echo "\
1529#
1530# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
1531# Use is subject to license terms.
1532#\
1533" >> $MAP_FILE
1534}
1535
1536
1537get_nisLDAPconfigDN()
1538{
1539while :
1540do
1541
1542get_ans "DN for configuration information (h=help):"
1543
1544# If help continue, otherwise break.
1545case "$ANS" in
1546  [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;;
1547                       * ) break ;;
1548esac
1549done
1550
1551nisLDAPconfigDN="${ANS}"
1552
1553# Store in config file only if a non-default value is specified.
1554if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then
1555  echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE
1556fi
1557
1558# Ask remaining config server related questions only if this
1559# DN is set. So, if a value is specified, set a flag.
1560
1561[ "$ANS" != "" ] && configDN_flag=1
1562}
1563
1564
1565get_nisLDAPconfigPreferredServerList()
1566{
1567while :
1568do
1569
1570get_ans_req "Preferred server list for configuration information (h=help):"
1571
1572# If help continue, otherwise break.
1573case "$ANS" in
1574  [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;;
1575                       * ) break ;;
1576esac
1577done
1578
1579nisLDAPconfigPreferredServerList=${ANS}
1580echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE
1581}
1582
1583
1584get_nisLDAPconfigAuthenticationMethod()
1585{
1586_AUTHMETHOD=""
1587
1588echo "Select the Authentication Method for configuration server :"
1589config_auth_menu_handler
1590
1591nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}
1592echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1593}
1594
1595
1596get_nisLDAPconfigTLS()
1597{
1598_TLSMETHOD=""
1599
1600echo "Select the Transport Layer Security (TLS) for configuration server :"
1601tls_menu_handler
1602
1603nisLDAPconfigTLS=${_TLSMETHOD}
1604
1605# Store in config file only if a non-default value is specified.
1606if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1607    echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1608fi
1609}
1610
1611
1612get_nisLDAPconfigTLSCertificateDBPath()
1613{
1614while :
1615do
1616
1617get_ans "Path with TLS Certificate DB for configuration server (h=help):"\
1618            "${DEF_TLSCertificateDBPath}"
1619
1620# If help continue, otherwise break.
1621case "$ANS" in
1622  [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1623                       * ) break ;;
1624esac
1625done
1626
1627nisLDAPconfigTLSCertificateDBPath=${ANS}
1628
1629# Store in config file only if a non-default value is specified.
1630if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1631  echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1632fi
1633}
1634
1635
1636get_nisLDAPconfigProxyUser()
1637{
1638while :
1639do
1640
1641get_ans_req "Proxy user bind DN to obtain configuration information (h=help):"
1642# If help continue, otherwise break.
1643case "$ANS" in
1644  [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;;
1645                       * ) break ;;
1646esac
1647done
1648
1649nisLDAPconfigProxyUser=${ANS}
1650echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE
1651}
1652
1653
1654get_nisLDAPconfigProxyPassword()
1655{
1656get_passwd "Proxy user password to obtain configuration information :"
1657nisLDAPconfigProxyPassword=${ANS}
1658
1659echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE
1660
1661display_msg ProxyPassword_warn
1662}
1663
1664
1665get_preferredServerList()
1666{
1667while :
1668do
1669
1670get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):"
1671
1672# If help continue, otherwise break.
1673case "$ANS" in
1674  [Hh] | help | Help | \?) display_msg preferredServerList_help ;;
1675                       * ) break ;;
1676esac
1677done
1678
1679preferredServerList=${ANS}
1680echo "preferredServerList=${ANS}" >> $CONFIG_FILE
1681}
1682
1683
1684get_authenticationMethod()
1685{
1686_AUTHMETHOD=""
1687
1688echo "Select the Authentication Method for mapping data to/from LDAP :"
1689auth_menu_handler
1690
1691authenticationMethod=${_AUTHMETHOD}
1692echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1693}
1694
1695
1696get_nisLDAPTLS()
1697{
1698_TLSMETHOD=""
1699
1700echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :"
1701tls_menu_handler
1702
1703nisLDAPTLS=${_TLSMETHOD}
1704
1705# Store in config file only if a non-default value is specified.
1706if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1707    echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1708fi
1709}
1710
1711
1712get_nisLDAPTLSCertificateDBPath()
1713{
1714while :
1715do
1716
1717get_ans "Path with TLS Certificate DB for LDAP data server (h=help):"\
1718        "${DEF_nisLDAPTLSCertificateDBPath}"
1719
1720# If help continue, otherwise break.
1721case "$ANS" in
1722  [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1723                       * ) break ;;
1724esac
1725done
1726
1727nisLDAPTLSCertificateDBPath=${ANS}
1728
1729# Store in config file only if a non-default value is specified.
1730if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1731  echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1732fi
1733}
1734
1735
1736get_nisLDAPproxyUser()
1737{
1738while :
1739do
1740
1741get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):"
1742
1743# If help continue, otherwise break.
1744case "$ANS" in
1745  [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;;
1746                       * ) break ;;
1747esac
1748done
1749
1750nisLDAPproxyUser=${ANS}
1751echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE
1752}
1753
1754
1755get_nisLDAPproxyPassword()
1756{
1757get_passwd "Proxy user password to read/write data from/to LDAP :"
1758nisLDAPproxyPassword=${ANS}
1759
1760echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE
1761
1762display_msg ProxyPassword_warn
1763}
1764
1765
1766get_nisLDAPbindTimeout()
1767{
1768get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \
1769              "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help"
1770
1771nisLDAPbindTimeout=${NUM}
1772
1773# Store in config file only if a non-default value is specified.
1774if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then
1775  echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE
1776fi
1777}
1778
1779
1780get_nisLDAPsearchTimeout()
1781{
1782get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \
1783            "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help"
1784
1785nisLDAPsearchTimeout=${NUM}
1786
1787# Store in config file only if a non-default value is specified.
1788if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then
1789  echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE
1790fi
1791}
1792
1793
1794get_nisLDAPmodifyTimeout()
1795{
1796get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \
1797            "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help"
1798
1799nisLDAPmodifyTimeout=${NUM}
1800
1801# Store in config file only if a non-default value is specified.
1802if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then
1803  echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE
1804fi
1805}
1806
1807
1808get_nisLDAPaddTimeout()
1809{
1810get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \
1811            "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help"
1812
1813nisLDAPaddTimeout=${NUM}
1814
1815# Store in config file only if a non-default value is specified.
1816if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then
1817  echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE
1818fi
1819}
1820
1821
1822get_nisLDAPdeleteTimeout()
1823{
1824get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \
1825            "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help"
1826
1827nisLDAPdeleteTimeout=${NUM}
1828
1829# Store in config file only if a non-default value is specified.
1830if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then
1831  echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE
1832fi
1833}
1834
1835
1836get_nisLDAPsearchTimeLimit()
1837{
1838get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \
1839            "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help"
1840
1841nisLDAPsearchTimeLimit=${NUM}
1842
1843# Store in config file only if a non-default value is specified.
1844if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then
1845  echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE
1846fi
1847}
1848
1849
1850get_nisLDAPsearchSizeLimit()
1851{
1852get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \
1853            "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help"
1854
1855nisLDAPsearchSizeLimit=${NUM}
1856
1857# Store in config file only if a non-default value is specified.
1858if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then
1859  echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE
1860fi
1861}
1862
1863
1864get_nisLDAPfollowReferral()
1865{
1866get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \
1867            "n" "nisLDAPfollowReferral_help"
1868
1869if [ $? -eq 1 ]; then
1870  _ANS="yes"
1871else
1872  _ANS="no"
1873fi
1874
1875# Store in config file only if a non-default value is specified.
1876if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then
1877  echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE
1878fi
1879}
1880
1881
1882get_nisLDAPretrieveErrorAction()
1883{
1884_RET_ERR_ACT=""
1885
1886echo "Select the action to be taken in case of LDAP retrieval error :"
1887retrieve_error_action_menu_handler
1888
1889nisLDAPretrieveErrorAction=${_RET_ERR_ACT}
1890
1891# Store in config file only if a non-default value is specified.
1892if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then
1893    echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE
1894fi
1895}
1896
1897
1898get_nisLDAPretrieveErrorAttempts()
1899{
1900
1901get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \
1902            "$SUG_nisLDAPretrieveErrorAttempts" \
1903            "nisLDAPretrieveErrorAttempts_help"
1904
1905nisLDAPretrieveErrorAttempts=${NUM}
1906
1907echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE
1908}
1909
1910
1911get_nisLDAPretrieveErrorTimeout()
1912{
1913# if nisLDAPretrieveErrorAttempts=0, then no point in asking
1914# for timeout vales as it is ignored anyway.
1915
1916[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0
1917
1918get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\
1919            "${DEF_nisLDAPretrieveErrorTimeout}" \
1920            "nisLDAPretrieveErrorTimeout_help"
1921
1922nisLDAPretrieveErrorTimeout=${NUM}
1923
1924# Store in config file only if a non-default value is specified.
1925if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then
1926  echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE
1927fi
1928}
1929
1930
1931get_nisLDAPstoreErrorAction()
1932{
1933_STOR_ERR_ACT=""
1934
1935echo "Select the action to be taken in case of LDAP store error :"
1936store_error_action_menu_handler
1937
1938nisLDAPstoreErrorAction=${_STOR_ERR_ACT}
1939
1940# Store in config file only if a non-default value is specified.
1941if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then
1942    echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE
1943fi
1944}
1945
1946
1947get_nisLDAPstoreErrorAttempts()
1948{
1949
1950# if nisLDAPstoreErrorAction="fail", then no point in asking
1951# for no. of attempts or timeout vales as they are ignored.
1952
1953[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1954
1955get_pos_int "Number of attempts in case of LDAP store error (h=help):" \
1956            "$SUG_nisLDAPstoreErrorAttempts" \
1957            "nisLDAPstoreErrorAttempts_help"
1958
1959nisLDAPstoreErrorAttempts=${NUM}
1960
1961echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE
1962}
1963
1964
1965get_nisLDAPstoreErrorTimeout()
1966{
1967
1968# if nisLDAPstoreErrorAction="fail", then no point in asking
1969# for no. of attempts or timeout vales as they are ignored.
1970
1971[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1972
1973# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question.
1974
1975[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0
1976
1977get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\
1978            "${DEF_nisLDAPstoreErrorTimeout}" \
1979            "nisLDAPstoreErrorTimeout_help"
1980
1981nisLDAPstoreErrorTimeout=${NUM}
1982
1983# Store in config file only if a non-default value is specified.
1984if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then
1985  echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE
1986fi
1987}
1988
1989
1990
1991create_config_file()
1992{
1993
1994# To prevent from leaving a partial config file in case some error or
1995# signal takes place, store the output being generated in a temporary
1996# file first, and move it at the final destination only at the end if
1997# everything goes fine.
1998
1999_CONFIG_FILE=$CONFIG_FILE
2000CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$
2001
2002echo "Generating config file temporarily as \"${CONFIG_FILE}\""
2003
2004# Truncate the file before we append anything.
2005# Place copyright information
2006put_config_file_copyright_info
2007
2008# Filter out all the YP domains in /var/yp
2009# The list of domains is stored in list "VARYP_DMN_LIST"
2010
2011echo "\
2012#
2013# Configuration file for ypserv(1M); see ypserv(4) for more information,
2014# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping.
2015
2016# Unless otherwise noted, commented lines show default values.
2017" >> $CONFIG_FILE
2018
2019echo "\
2020# Where to look for configuration information in LDAP. Leave empty or
2021# undefined to use this file, in which case the values of the other
2022# 'nisLdapConfig*' attributes are ignored.
2023#
2024#nisLDAPconfigDN=\
2025" >> $CONFIG_FILE
2026
2027get_nisLDAPconfigDN
2028
2029echo "
2030
2031# Server(s) for configuration information. There is no default;
2032# use the value on the line below for an LDAP server running on
2033# this machine, at port 389.
2034#nisLDAPconfigPreferredServerList=127.0.0.1:389\
2035" >> $CONFIG_FILE
2036
2037[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList
2038
2039echo "
2040
2041# Authentication method(s) to obtain configuration information.
2042#\
2043" >> $CONFIG_FILE
2044
2045[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod
2046
2047echo "
2048
2049# Transport layer security for configuration information
2050#
2051#nisLDAPconfigTLS=${DEF_TLS}\
2052" >> $CONFIG_FILE
2053
2054[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS
2055
2056echo "
2057
2058# Certificate DB for transport layer security
2059#
2060#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2061" >> $CONFIG_FILE
2062
2063# ask for Certificate DB only if SSL is set
2064if [ "${nisLDAPconfigTLS}" = "ssl" ]; then
2065  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath
2066fi
2067
2068echo "
2069
2070# Proxy user(s) to obtain configuration information. The line below
2071# is an example of the format.
2072#
2073#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\
2074" >> $CONFIG_FILE
2075
2076# Ask proxy user bind DN only if needed.
2077if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2078  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser
2079fi
2080
2081echo "
2082
2083# Password for proxy user. Must be supplied if the authentication method
2084# requires a password. If a password appears in this file, it should be
2085# protected appropriately against access by unauthorized users.
2086#
2087#nisLDAPconfigProxyPassword=\
2088" >> $CONFIG_FILE
2089
2090if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2091  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword
2092fi
2093
2094echo "
2095
2096# Server list for mapping data to/from LDAP. There is no default;
2097# use the value on the line below for an LDAP server running on
2098# this machine, at port 389.
2099#preferredServerList=127.0.0.1:389\
2100" >> $CONFIG_FILE
2101
2102get_preferredServerList
2103
2104echo "
2105
2106# Authentication method for mapping data to/from LDAP
2107#\
2108" >> $CONFIG_FILE
2109
2110get_authenticationMethod
2111
2112echo "
2113
2114# Transport layer security for mapping data to/from LDAP.
2115#
2116#nisLDAPTLS=${DEF_TLS}\
2117" >> $CONFIG_FILE
2118
2119get_nisLDAPTLS
2120
2121echo "
2122
2123# Certificate DB for transport layer security
2124#
2125#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2126" >> $CONFIG_FILE
2127
2128# ask for Certificate DB only if SSL is set
2129if [ "${nisLDAPTLS}" = "ssl" ]; then
2130  get_nisLDAPTLSCertificateDBPath
2131fi
2132
2133echo "
2134
2135# Proxy user for ypserv. Assumed to have appropriate permission to read
2136# and/or create or modify LDAP data. The line below is an example of the
2137# format.
2138#
2139#nisLDAPproxyUser=cn=nisAdmin,ou=People,\
2140" >> $CONFIG_FILE
2141
2142# Ask proxy user bind DN only if needed.
2143if [ "${authenticationMethod}" != "none" ]; then
2144  get_nisLDAPproxyUser
2145fi
2146
2147echo "
2148
2149# Password for proxy user. Must be supplied if the authentication method
2150# requires a password. If a password appears in this file, it should be
2151# protected appropriately against unauthorized access.
2152#
2153#nisLDAPproxyPassword=\
2154" >> $CONFIG_FILE
2155
2156if [ "${authenticationMethod}" != "none" ]; then
2157  get_nisLDAPproxyPassword
2158fi
2159
2160echo "
2161
2162# Timeouts and time/size limits for LDAP operations.
2163#
2164#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\
2165" >> $CONFIG_FILE
2166
2167get_nisLDAPbindTimeout
2168
2169echo "
2170#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\
2171" >> $CONFIG_FILE
2172
2173get_nisLDAPsearchTimeout
2174
2175echo "
2176#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\
2177" >> $CONFIG_FILE
2178
2179get_nisLDAPmodifyTimeout
2180
2181echo "
2182#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\
2183" >> $CONFIG_FILE
2184
2185get_nisLDAPaddTimeout
2186
2187echo "
2188#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\
2189" >> $CONFIG_FILE
2190
2191get_nisLDAPdeleteTimeout
2192
2193echo "
2194#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\
2195" >> $CONFIG_FILE
2196
2197get_nisLDAPsearchTimeLimit
2198
2199echo "
2200#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\
2201" >> $CONFIG_FILE
2202
2203get_nisLDAPsearchSizeLimit
2204
2205echo "
2206
2207# Should the ypserv follow LDAP referrals ?
2208#
2209#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\
2210" >> $CONFIG_FILE
2211
2212get_nisLDAPfollowReferral
2213
2214echo "
2215
2216# Action, number of attempts, and timeout following an LDAP retrieval error
2217#
2218#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\
2219" >> $CONFIG_FILE
2220
2221get_nisLDAPretrieveErrorAction
2222
2223echo "
2224#nisLDAPretrieveErrorAttempts=\
2225" >> $CONFIG_FILE
2226
2227get_nisLDAPretrieveErrorAttempts
2228
2229echo "
2230#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\
2231" >> $CONFIG_FILE
2232
2233get_nisLDAPretrieveErrorTimeout
2234
2235echo "
2236
2237# Action, number of attempts, and timeout following an LDAP store error
2238#
2239#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\
2240" >> $CONFIG_FILE
2241
2242get_nisLDAPstoreErrorAction
2243
2244echo "
2245#nisLDAPstoreErrorAttempts=\
2246" >> $CONFIG_FILE
2247
2248get_nisLDAPstoreErrorAttempts
2249
2250echo "
2251#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\
2252" >> $CONFIG_FILE
2253
2254get_nisLDAPstoreErrorTimeout
2255
2256
2257# We are done, so move back the config file from temp. location
2258# to actual location.
2259# In case the config file name has a directory component which does
2260# not exist, then create it now, otherwise 'mv' will return error.
2261
2262DIR_TO_CREATE=`dirname ${_CONFIG_FILE}`
2263mkdir -p ${DIR_TO_CREATE}
2264
2265echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)"
2266mv $CONFIG_FILE $_CONFIG_FILE
2267
2268# Revert back the config file name in case needed.
2269CONFIG_FILE=$_CONFIG_FILE
2270echo "Finished creation of config file ( $_CONFIG_FILE )"
2271
2272}
2273
2274
2275put_mapping_file_copyright_info()
2276{
2277
2278# Start with an emptty file, so don't append, but overwrite here.
2279# Just change the name and add the word pragma, but keep the same
2280# date and version number as in the ident string of this script.
2281
2282grep "ident	\"@(#)$PROG" $ABS_PROG | \
2283      sed "s/ ident/pragma ident/g" | \
2284      sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE
2285
2286echo "\
2287#
2288# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
2289# Use is subject to license terms.
2290#
2291#-------------------------------------------------------------------
2292#\
2293" >> $MAP_FILE
2294}
2295
2296
2297#
2298# Filter out all the YP domains in /var/yp
2299# The list of domains is stored in list "VARYP_DMN_LIST"
2300#
2301create_all_var_yp_domain_list()
2302{
2303VARYP_DMN_LIST=""
2304
2305for entry in /var/yp/*
2306do
2307  DMN=`basename $entry`
2308  if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ]
2309  then
2310    VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN"
2311  fi
2312done
2313
2314# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2315[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2316}
2317
2318
2319#
2320# Ask user which domains would be served by N2L
2321# The list of N2L domains is stored in global array
2322# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT
2323#
2324create_n2l_domain_list()
2325{
2326# First make a list of all the domains in /var/yp
2327create_all_var_yp_domain_list
2328
2329# Now identify those to be served by N2L
2330let count=0
2331
2332for DMN in $VARYP_DMN_LIST
2333do
2334  get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \
2335              "n" "selectDomain4N2L_help"
2336
2337  if [ $? -eq 1 ]; then
2338    N2L_DMN_LIST[count]=$DMN
2339    let count="count + 1"
2340  fi
2341
2342done
2343N2L_DMN_CNT=$count
2344
2345[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]}
2346[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT
2347}
2348
2349
2350#
2351# Make various lists for different types of maps for each N2L domain
2352# and ask user if mapping information and comments need to be generated
2353# for custom maps.
2354#
2355# This function looks big, but since KSH does not support 2-D arrays, or
2356# two level of dereferencing, it forced to have so many lists and arrays.
2357# Lists are better for adding or removing elements, and arrays are better
2358# for accessing with index and in knowing the no. of elements.
2359#
2360create_map_lists()
2361{
2362# Initialize them with no maps.
2363ALL_DMN_ALL_MAPLIST=""
2364ALL_DMN_DEF_MAPLIST=""
2365ALL_DMN_CUST_MAPLIST=""
2366ALL_DMN_AUTO_CUST_MAPLIST=""
2367
2368# Default to don't generate custom mapping info or comment info.
2369CUST_MAP_NEEDED=0
2370CUST_CMT_NEEDED=0
2371
2372let count=0
2373
2374while (( $count < $N2L_DMN_CNT ))
2375do
2376  DMN=${N2L_DMN_LIST[count]}
2377  MAPDIR=/var/yp/${DMN}
2378
2379  # Initialize per domain lists to NULL.
2380  ALL_MAPLIST=""
2381  DEF_MAPLIST=""
2382  CUST_MAPLIST=""
2383  AUTO_CUST_MAPLIST=""
2384
2385  for dbmfile in $MAPDIR/*.dir
2386  do
2387    MAP=`basename $dbmfile .dir`
2388
2389    # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname)
2390    if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \
2391       [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]]
2392    then
2393      ALL_MAPLIST="$ALL_MAPLIST $MAP"
2394
2395      if present $MAP $DEFAULT_NIS_MAPS
2396      then
2397        DEF_MAPLIST="$DEF_MAPLIST $MAP"
2398
2399      elif [[ $MAP = auto.* ]]
2400      then
2401        AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP"
2402
2403      else
2404        # If we reached here, means it is custom map.
2405        get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \
2406                    "n" "generate_mapping_info_for_cust_map_help"
2407
2408        if [ $? -eq 1 ]
2409        then
2410          CUST_MAPLIST="$CUST_MAPLIST $MAP"
2411        else
2412          # If a customer map is not desired, then delete it from
2413          # all maplist too.
2414          ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST)
2415        fi
2416
2417      fi
2418
2419    fi
2420
2421  done
2422
2423  # Make ALL_DMN lists as they are very helpful in checking if a map exists.
2424  ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST)
2425  ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST)
2426  ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST)
2427  ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \
2428                                          $AUTO_CUST_MAPLIST)
2429
2430  # Store per domain lists in arrays.
2431  ALL_MAPS[$count]="$ALL_MAPLIST"
2432  DEF_MAPS[$count]="$DEF_MAPLIST"
2433  CUST_MAPS[$count]="$CUST_MAPLIST"
2434  AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST"
2435
2436  [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]}
2437  [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]}
2438  [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]}
2439  [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]}
2440
2441  let count="count + 1"
2442done
2443
2444[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST
2445[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST
2446[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST
2447[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST
2448
2449# Store all domain lists in array too.
2450set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST
2451set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST
2452set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST
2453set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST
2454
2455# A positive customer map count implies custom mapping information
2456# is required. Set this flag.
2457[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1
2458
2459# Give bit of info, and ask if comments need to be placed in mapping file
2460echo "
2461  This script can place relevant information regarding custom
2462  maps at appropriate places in the mapping file which can be
2463  helpful in customizing this file.
2464"
2465
2466get_confirm "Do you want such information to be generated (y/n/h)?" \
2467            "n" "generate_comment_info_for_cust_map_help"
2468
2469[ $? -eq 1 ] && CUST_CMT_NEEDED=1
2470
2471[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED
2472[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED
2473
2474}
2475
2476
2477#
2478# Ask user the context for each (N2l) domain
2479#
2480get_nisLDAPdomainContext()
2481{
2482echo "
2483# List domains and contexts
2484" >> $MAP_FILE
2485
2486for DMN in ${N2L_DMN_LIST[*]}
2487do
2488  while :
2489  do
2490    # Convert to domain in dc format for default choice
2491    domain_2_dc $DMN
2492
2493    get_ans "Enter the naming context for $DMN domain (h=help):"\
2494            "$_DOM_2_DC"
2495
2496    # If help continue, otherwise break.
2497    case "$ANS" in
2498      [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;;
2499                           * ) break ;;
2500    esac
2501  done
2502
2503  # If a value is specified, set it, and save in mapping file too.
2504  if [ "$ANS" != "" ]; then
2505    echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE
2506  fi
2507
2508  [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}"
2509done
2510}
2511
2512
2513#
2514# Ask user the domains for which passwords should be changed
2515#
2516get_nisLDAPyppasswddDomains()
2517{
2518
2519echo "
2520# List domains for which passwords should be changed. If this is not
2521# present then the value returned by 'domainname' will be used.
2522" >> $MAP_FILE
2523
2524for DMN in ${N2L_DMN_LIST[*]}
2525do
2526  get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \
2527              "n" "nisLDAPyppasswddDomains_help"
2528
2529  if [ $? -eq 1 ]; then
2530      echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE
2531  fi
2532done
2533
2534echo "
2535#
2536#-------------------------------------------------------------------
2537#\
2538" >> $MAP_FILE
2539}
2540
2541
2542#
2543# Create NIS databaseId mappings (aliases)
2544#
2545create_nisLDAPdatabaseIdMapping()
2546{
2547echo '
2548# Associate map names with databaseIds (aliases)
2549
2550# Standard maps
2551nisLDAPdatabaseIdMapping	ethers: ethers.byaddr ethers.byname
2552nisLDAPdatabaseIdMapping	group: group.bygid group.byname
2553nisLDAPdatabaseIdMapping	hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \
2554				hosts.byaddr hosts.byname
2555# Special mapping to handle the YP_MULTI cases
2556nisLDAPdatabaseIdMapping        multihosts: \
2557				[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \
2558				hosts.byname
2559nisLDAPdatabaseIdMapping	networks: networks.byaddr networks.byname
2560nisLDAPdatabaseIdMapping	project: project.byname project.byprojid
2561nisLDAPdatabaseIdMapping	protocols: protocols.byname protocols.bynumber
2562nisLDAPdatabaseIdMapping	services: services.byname services.byservicename
2563
2564# netid.byname is built up from the hosts and passwd files using different
2565# mappings. It thus has two associated nisLDAPdatabaseIdMappings.
2566nisLDAPdatabaseIdMapping	netid.host:[number="0"] netid.byname
2567nisLDAPdatabaseIdMapping	netid.pass:[number="[1-9]*"] netid.byname
2568
2569# The next two are special databaseIds. They associate maps with databaseIds
2570# but additionally identify which maps contain password and password adjunct
2571# information for yppasswdd.
2572nisLDAPdatabaseIdMapping	passwd: passwd.byname passwd.byuid
2573
2574# mail.byaddr needs to select entries of the form x@y or x!y
2575nisLDAPdatabaseIdMapping	mail.mapping:[rf_key="*@*", rf_key="*!*"] \
2576				mail.byaddr
2577
2578# publickey.byname
2579# Each entry in publickey map consists of a network user name which
2580# may refer to a host or a user. It also contains a default entry for nobody.
2581# Hence, we need three nisLDAPdatabaseIdmappings to support the three
2582# different types of keys.
2583nisLDAPdatabaseIdMapping        keys.host:[rf_key="unix.[a-zA-Z]*@*"] \
2584				publickey.byname
2585nisLDAPdatabaseIdMapping        keys.pass:[rf_key="unix.[0-9]*@*"] \
2586				publickey.byname
2587nisLDAPdatabaseIdMapping        keys.nobody:[rf_key="nobody"] publickey.byname
2588
2589# Single standard maps. No point aliasing.
2590# mail.aliases
2591# netmasks.byaddr
2592# rpc.bynumber
2593# ypservers
2594
2595# Other maps
2596# ipnodes looks identical to hosts but maps to a different context.
2597nisLDAPdatabaseIdMapping	ipnodes:[addr="*:*"] \
2598				ipnodes.byaddr ipnodes.byname
2599# Special mapping to handle the YP_MULTI cases
2600nisLDAPdatabaseIdMapping        multiipnodes: \
2601				[addr="*:*,*"] \
2602				ipnodes.byname
2603
2604# Other single maps. No point aliasing
2605# audit_user
2606# auth_attr
2607# exec_attr
2608# prof_attr
2609# user_attr
2610# auto.home
2611# auto.master
2612# bootparams
2613# timezone.byname
2614# printers.conf.byname
2615# passwd.adjunct.byname
2616# group.adjunct.byname
2617' >> $MAP_FILE
2618
2619[ CUST_CMT_NEEDED -eq 1 ] && \
2620echo "
2621# If any custom map needs to be aliased, then it should be listed
2622# here in the following format :
2623# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...]
2624" >> $MAP_FILE
2625
2626[ CUST_MAP_NEEDED -eq 1 ] && \
2627echo "\
2628# Not aliasing non-default/custom maps as they are assumed to be
2629# simple, single maps.\
2630" >> $MAP_FILE
2631
2632for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
2633do
2634  echo "# $MAP" >> $MAP_FILE
2635done
2636
2637echo "\
2638#
2639#------------------------------------------------------------------------------
2640#
2641" >> $MAP_FILE
2642}
2643
2644
2645#
2646# Finds the domains in which the given map exists in the supplied list.
2647# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are
2648# set globally, so they can be accessed from any where.
2649# Input : $1 - map, $2 - list name (just name, not the value)
2650#
2651find_domains()
2652{
2653_MAP=$1
2654_ARRAY=$2
2655
2656let PRESENT_COUNT=0
2657PRESENT_IN_DOMAINS=""
2658
2659let count=0
2660
2661while (( $count < $N2L_DMN_CNT ))
2662do
2663
2664  # Quick and dirty way to get around unavailability of 2D array
2665  case "$_ARRAY" in
2666          ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;;
2667          DEF_MAPS ) _LIST=${DEF_MAPS[$count]}  ;;
2668         CUST_MAPS ) _LIST=${CUST_MAPS[$count]}  ;;
2669    AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]}  ;;
2670                 * ) echo "Invalid value: \"${_ARRAY}\". \c"
2671                  ;;
2672  esac
2673
2674  if present $_MAP $_LIST
2675  then
2676    let PRESENT_COUNT="$PRESENT_COUNT + 1"
2677    PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}"
2678  fi
2679  let count="count + 1"
2680done
2681
2682[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT"
2683[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS"
2684
2685return 0
2686}
2687
2688
2689#
2690# For a given map, find out which list it belongs to (PRESENT_IN_LIST),
2691# and in how many domains this map shows up (PRESENT_COUNT), and in
2692# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so
2693# they can be accessed from any where.
2694#
2695find_map_presence_details()
2696{
2697_MAP=$1
2698
2699let PRESENT_COUNT=0
2700PRESENT_IN_LIST=""
2701PRESENT_IN_DOMAINS=""
2702
2703# If the map does not exist, return right away, else
2704# find which list it belongs to.
2705# If a map exists in def or auto or cust lists, then
2706# it also exists in "all" list.
2707
2708if ! present $_MAP $ALL_DMN_ALL_MAPLIST
2709then
2710  return 1
2711
2712elif present $_MAP $ALL_DMN_DEF_MAPLIST
2713then
2714  PRESENT_IN_LIST="DEF_MAPS"
2715
2716elif present $_MAP $ALL_DMN_CUST_MAPLIST
2717then
2718  PRESENT_IN_LIST="CUST_MAPS"
2719
2720else
2721  # If map exists, and not in previous two lists,
2722  # then it has to be here only.
2723  PRESENT_IN_LIST="AUTO_CUST_MAPS"
2724fi
2725
2726# Now we know which list the map belongs to. So, we need to
2727# find which are the domains in which this map exists.
2728
2729find_domains $_MAP $PRESENT_IN_LIST
2730
2731# Since the above function sets the values of PRESENT_COUNT and
2732# PRESENT_IN_DOMAINS fields, we don't need to do anything else.
2733
2734[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST"
2735
2736return 0
2737}
2738
2739
2740#
2741# Check if the comment char is a single character, return 0 on success.
2742# Input is passed via global variable "COMMENT_CHAR"
2743#
2744valid_comment_char()
2745{
2746COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c`
2747
2748# echo adds new line character, so adjust length appropriately
2749if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then
2750  echo " Comment character has to be a blank or single character; try again."
2751  return 1
2752else
2753  return 0
2754fi
2755}
2756
2757
2758#
2759# Read the comment character for a MAP. Append in mapping file if valid.
2760# Input - $1 : MAP name
2761#
2762get_comment_char()
2763{
2764_MAP=$1
2765
2766while :
2767do
2768  get_ans "Specify the comment character for $_MAP :"
2769  COMMENT_CHAR=$ANS
2770
2771  if valid_comment_char; then
2772    break
2773  fi
2774done
2775
2776echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE
2777}
2778
2779
2780#
2781# Read a seperate comment character for a MAP for each domain and
2782# update this information in mapping file.
2783# Input - $1 : MAP name, $@ : list of domains
2784#
2785get_comment_char_per_domain()
2786{
2787_MAP=$1
2788shift
2789_DOMAIN_LIST="$@"
2790
2791for _DMN in $_DOMAIN_LIST
2792do
2793
2794  while :
2795  do
2796
2797    get_ans "Specify the comment character for $_MAP,${_DMN} :"
2798    COMMENT_CHAR=$ANS
2799
2800    if valid_comment_char; then
2801      break
2802    fi
2803
2804  done
2805  echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE
2806
2807done
2808}
2809
2810
2811#
2812# This function generates custom comment entries. The output is
2813# appended in the mapping file.
2814#
2815get_custom_nisLDAPcommentChar()
2816{
2817
2818# All the auto mounter maps are assumed to have '#' as the default comment
2819# char. But still list the non-default auto map entries here anyway. This
2820# will make it very easy in case these entries need to be changed.
2821
2822for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
2823do
2824  echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE
2825done
2826
2827if [ CUST_MAP_NEEDED -eq 1 ]; then
2828  get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \
2829              "n" "custom_map_comment_char_help"
2830
2831  if [ $? -eq 1 ]; then
2832    for MAP in ${ALL_DMN_CUST_MAPS[*]}
2833    do
2834
2835      get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \
2836                  "n" "custom_map_comment_char_help"
2837
2838      if [ $? -eq 1 ]; then
2839        find_domains $MAP CUST_MAPS
2840        if [ $PRESENT_COUNT -gt 1 ]; then
2841          echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
2842
2843          get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \
2844                      "y" "same_comment_char_help"
2845
2846          if [ $? -eq 1 ]; then
2847            get_comment_char $MAP
2848          else
2849            get_comment_char_per_domain  $MAP "$PRESENT_IN_DOMAINS"
2850          fi
2851
2852        else
2853          get_comment_char $MAP
2854        fi
2855
2856      fi
2857    done
2858  fi
2859fi
2860
2861}
2862
2863
2864# List comment character (if any) for maps
2865create_nisLDAPcommentChar()
2866{
2867
2868echo "\
2869# Specify the character representing the start of comments.
2870" >> $MAP_FILE
2871
2872[ CUST_CMT_NEEDED -eq 1 ] && echo "\
2873# The comment character represents the start of the special 'comment'
2874# field in a given NIS map. If this attribute is not present then the
2875# default comment character '#' is used. If a map cannot contain comments
2876# then the NULL ('') comment character should be specified. The format to
2877# specify the comment character is :
2878# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char'
2879" >> $MAP_FILE
2880
2881echo "\
2882nisLDAPcommentChar group : ''
2883nisLDAPcommentChar passwd : ''
2884nisLDAPcommentChar ageing.byname : ''
2885nisLDAPcommentChar audit_user : ''
2886nisLDAPcommentChar auth_attr : ''
2887nisLDAPcommentChar exec_attr : ''
2888nisLDAPcommentChar user_attr : ''
2889nisLDAPcommentChar bootparams : ''
2890" >> $MAP_FILE
2891
2892# Need to handle passwd.adjunct.byname map for multiple domain.
2893_MAP=passwd.adjunct.byname
2894if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2895then
2896  # Just put the syntax in comment form
2897  echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2898else
2899  # Find the domains in which this map exists.
2900  find_domains $_MAP DEF_MAPS
2901  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2902  then
2903    # Don't put domain info as the map is present in all of them.
2904    echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2905  else
2906    # Not every domain has this map. So, list for the ones which do.
2907    for _DMN in $PRESENT_IN_DOMAINS
2908    do
2909      echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2910    done
2911  fi
2912fi
2913# passwd.adjunct.byname done
2914
2915
2916# Need to handle group.adjunct.byname map for multiple domain.
2917_MAP=group.adjunct.byname
2918if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2919then
2920  # Just put the syntax in comment form
2921  echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2922else
2923  # Find the domains in which this map exists.
2924  find_domains $_MAP DEF_MAPS
2925  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2926  then
2927    # Don't put domain info as the map is present in all of them.
2928    echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2929  else
2930    # Not every domain has this map. So, list for the ones which do.
2931    for _DMN in $PRESENT_IN_DOMAINS
2932    do
2933      echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2934    done
2935  fi
2936fi
2937# group.adjunct.byname done
2938
2939echo "" >> $MAP_FILE
2940
2941# Ask user for comment char for custom maps
2942get_custom_nisLDAPcommentChar
2943
2944echo "
2945#
2946#------------------------------------------------------------------------------
2947#
2948" >> $MAP_FILE
2949}
2950
2951
2952#
2953# Generate secure flag entries
2954#
2955create_secure_flag_entries()
2956{
2957echo "\
2958# Specify YP_SECURE flags
2959" >> $MAP_FILE
2960
2961[ CUST_CMT_NEEDED -eq 1 ] && echo "\
2962# If a map is secure, then it needs to be mentioned here
2963# in the following format :
2964# nisLDAPmapFlags mapname : s
2965">> $MAP_FILE
2966
2967# Need to handle passwd.adjunct.byname map for multiple domain.
2968_MAP=passwd.adjunct.byname
2969if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2970then
2971  # Just put the syntax in comment form
2972  echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
2973else
2974  # Find the domains in which this map exists.
2975  find_domains $_MAP DEF_MAPS
2976  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2977  then
2978    # Don't put domain info as the map is present in all of them.
2979    echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
2980  else
2981    # Not every domain has this map. So, list for the ones which do.
2982    for _DMN in $PRESENT_IN_DOMAINS
2983    do
2984      echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE
2985    done
2986  fi
2987fi
2988
2989# Need to handle group.adjunct.byname map for multiple domain.
2990_MAP=group.adjunct.byname
2991if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2992then
2993  # Just put the syntax in comment form
2994  echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
2995else
2996  # Find the domains in which this map exists.
2997  find_domains $_MAP DEF_MAPS
2998  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2999  then
3000    # Don't put domain info as the map is present in all of them.
3001    echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
3002  else
3003    # Not every domain has this map. So, list for the ones which do.
3004    for _DMN in $PRESENT_IN_DOMAINS
3005    do
3006      echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE
3007    done
3008  fi
3009fi
3010
3011echo "" >> $MAP_FILE
3012
3013STR="any"    # Just to make the question look better.
3014while :
3015do
3016  get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \
3017              "n" "secure_flag_on_help"
3018
3019  if [ $? -eq 0 ]; then
3020    return 0
3021
3022  else
3023    get_ans "Enter the MAP name :"
3024    MAP=$ANS
3025
3026    if [[ $MAP = "" ]]; then
3027      echo " Error : BLANK map name not allowed; try again"
3028      continue
3029    fi
3030
3031    # Check if the supplied map name exists, and if yes, then
3032    # set the PRESENT attributes for further processing
3033
3034    find_map_presence_details $MAP
3035
3036    case $PRESENT_COUNT in
3037
3038      0 ) echo " Error : $MAP not found in any domain; try again"
3039          ;;
3040
3041      1 ) # The map exists in only one domain.
3042          echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3043          STR="another"    # Just to make the question look better.
3044          ;;
3045
3046      * ) # The map exists in multiple domain. Ask if this flag needs
3047          # to be set for all domains, or some specific ones.
3048
3049          echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
3050          get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \
3051                      "y" "secure_flag_all_domains_help"
3052
3053          if [ $? -eq 1 ]; then
3054            echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3055          else
3056
3057            for _DMN in $PRESENT_IN_DOMAINS
3058            do
3059
3060              get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?"
3061
3062              if [ $? -eq 1 ]; then
3063                echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE
3064              fi
3065
3066            done
3067          fi
3068          STR="another"    # Just to make the question look better.
3069          ;;
3070
3071    esac
3072
3073  fi
3074done
3075}
3076
3077
3078#
3079# Generate interdomain flag entries
3080#
3081create_interdomain_flag_entries()
3082{
3083
3084INTERDOMAIN_MAP_LIST="ipnodes
3085                       multiipnodes
3086                       hosts
3087                       multihosts
3088                       services.byservicename"
3089
3090#
3091# Simple function to avoid duplication of code
3092#
3093print_interdomain_entries()
3094{
3095for _MAP in $INTERDOMAIN_MAP_LIST
3096do
3097  echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3098done
3099}
3100
3101echo "
3102# Specify YP_INTERDOMAIN flags
3103" >> $MAP_FILE
3104
3105[ CUST_CMT_NEEDED -eq 1 ] && echo "\
3106# It is used to indicate NIS servers to use the domain name resolver for
3107# host name and address lookups for hosts not found in the maps.
3108# If set, it adds YP_INTERDOMAIN entries in these maps when converting
3109# data from LDAP to YP. It needs to be set in the following format :
3110# nisLDAPmapFlags mapname : b
3111" >> $MAP_FILE
3112
3113# List one set of entries in commented form anyway as it might help
3114# user understand what it means.
3115
3116echo "\
3117# If \$B is set in /var/yp/Makefile, then this flag should be
3118# set for following maps :\
3119" >> $MAP_FILE
3120
3121for _MAP in $INTERDOMAIN_MAP_LIST
3122do
3123  echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3124done
3125
3126# Put a blank line for indentation purpose
3127echo  >> $MAP_FILE
3128
3129get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \
3130            "n" "interdomain_flag_on_help"
3131
3132if [ $? -eq 1 ]; then
3133
3134  if [ $N2L_DMN_CNT -gt 1 ]; then
3135
3136    get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \
3137                "y" "interdomain_flag_all_domains_help"
3138
3139    if [ $? -eq 1 ]; then
3140      print_interdomain_entries
3141    else
3142
3143      for _DMN in ${N2L_DMN_LIST[*]}
3144      do
3145        get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?"
3146
3147        if [ $? -eq 1 ]; then
3148          for _MAP in $INTERDOMAIN_MAP_LIST
3149          do
3150            echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE
3151          done
3152        fi
3153
3154      done
3155    fi
3156
3157  else
3158    print_interdomain_entries
3159  fi
3160fi
3161
3162echo "
3163#
3164#------------------------------------------------------------------------------
3165#
3166" >> $MAP_FILE
3167
3168return 0
3169}
3170
3171
3172#
3173# List SECURE and INTERDOMAIN flags
3174#
3175create_nisLDAPmapFlags()
3176{
3177create_secure_flag_entries
3178create_interdomain_flag_entries
3179}
3180
3181
3182#
3183# Print one Map TTL entry in mapping file using supplied TTL.
3184#
3185print_one_map_ttl_entry()
3186{
3187_Map=$1
3188_iTtlLo=$2
3189_iTtlHi=$3
3190_runTtl=$4
3191
3192echo "\
3193nisLDAPentryTtl        ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\
3194" >> $MAP_FILE
3195
3196return 0
3197}
3198
3199
3200#
3201# Print all the maps TTL entries of same TTL
3202# values using the supplied TTL triplet.
3203#
3204print_all_same_ttl_entries()
3205{
3206_iTTLlo=$1
3207_iTTLhi=$2
3208_runTTL=$3
3209
3210for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3211            ${ALL_DMN_AUTO_CUST_MAPS[*]}
3212do
3213
3214  if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3215	[ "$_MAP" != "group.adjunct.byname" ]
3216  then
3217    print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3218
3219  else
3220
3221    # adjunct maps might not exist in all the domains.
3222    find_domains $_MAP DEF_MAPS
3223
3224    if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3225    then
3226
3227      # Don't put domain info as the map is present in all of them.
3228      print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3229
3230    else
3231
3232      for _DMN_ in $PRESENT_IN_DOMAINS
3233      do
3234        _STR="${_MAP},${_DMN_}"
3235        print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL
3236      done
3237
3238    fi
3239  fi
3240done
3241
3242return 0
3243}
3244
3245#
3246# Read the initialTTLlo. Set the value in global variable.
3247#
3248get_ittl_lo()
3249{
3250get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \
3251            "$DEF_iTTLlo" "initialTTLlo_help"
3252
3253iTTLlo=${NUM}
3254}
3255
3256
3257#
3258# Read the initialTTLhi. Set the value in global variable.
3259#
3260get_ittl_hi()
3261{
3262get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \
3263            "$DEF_iTTLhi" "initialTTLhi_help"
3264
3265iTTLhi=${NUM}
3266}
3267
3268
3269#
3270# Read the initialTTLhi. Set the value in global variable.
3271#
3272get_run_ttl()
3273{
3274get_pos_int "Runtime TTL (in seconds) (h=help):" \
3275            "$DEF_runTTL" "runningTTL_help"
3276
3277runTTL=${NUM}
3278}
3279
3280
3281#
3282# Read one TTL triplet. Set the result in global variables.
3283#
3284read_one_ttl_triplet()
3285{
3286# Just call the individual functions for each TTL.
3287
3288  get_ittl_lo
3289  get_ittl_hi
3290  get_run_ttl
3291
3292[ $DEBUG -eq 1 ] && \
3293  echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}"
3294
3295return 0
3296}
3297
3298#
3299# Takes MAP name (with or without domain name) as argument, asks
3300# user for TTL values, and appends the entry in the mapping file.
3301#
3302process_one_map_ttl_value()
3303{
3304
3305_Map_="$1"
3306
3307get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \
3308            "y" "default_different_ttl_help"
3309
3310if [ $? -eq 1 ]; then
3311  print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3312else
3313
3314  echo "Reading TTL values for $_Map_ :"
3315  read_one_ttl_triplet
3316  print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL
3317
3318fi
3319return 0
3320}
3321
3322
3323#
3324# Read only one TTL triplet for each existing MAP without asking
3325# different values for each domain and update the mapping file.
3326#
3327read_all_maps_ttl_values_no_multiple_domain_issue()
3328{
3329
3330# Need to read only one TTL triplet for each existing MAP.
3331
3332for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3333            ${ALL_DMN_AUTO_CUST_MAPS[*]}
3334do
3335
3336  if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3337	[ "$_MAP" != "group.adjunct.byname" ]
3338  then
3339    process_one_map_ttl_value $_MAP
3340
3341  else
3342
3343    # adjunct maps might not exist in all the domains.
3344    find_domains $_MAP DEF_MAPS
3345
3346    if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3347    then
3348
3349      # Don't put domain info as the map is present in all of them.
3350      process_one_map_ttl_value $_MAP
3351
3352    else
3353
3354      for _DMN_ in $PRESENT_IN_DOMAINS
3355      do
3356        _STR="${_MAP},${_DMN_}"
3357        process_one_map_ttl_value $_STR
3358      done
3359
3360    fi
3361  fi
3362done
3363
3364return 0
3365}
3366
3367
3368#
3369# Read TTL triplet for each default MAP (in database ID form) while
3370# taking care of multiple domains issue and update the mapping file.
3371#
3372read_default_maps_ttl_values_with_multi_domain_issue()
3373{
3374
3375for _MAP_ in ${DEF_TTL_MAPLIST}
3376do
3377  if [ "$_MAP_" != "passwd.adjunct.byname" ] && \
3378	[ "$_MAP_" != "group.adjunct.byname" ]
3379  then
3380
3381    for _DMN_ in ${N2L_DMN_LIST[*]}
3382    do
3383      _STR_="${_MAP_},${_DMN_}"
3384      # Now process each combination one at a time.
3385      process_one_map_ttl_value "$_STR_"
3386    done
3387
3388  else
3389    # List only those domains in which adjunct.byname exists.
3390    find_domains $_MAP_ DEF_MAPS
3391    for _DMN_ in $PRESENT_IN_DOMAINS
3392    do
3393      _STR_="${_MAP_},${_DMN_}"
3394      process_one_map_ttl_value "$_STR_"
3395    done
3396  fi
3397done
3398
3399return 0
3400}
3401
3402
3403#
3404# Read TTL triplet for each existing custom MAP while taking
3405# care of multiple domains issue and update the mapping file.
3406#
3407read_custom_maps_ttl_values_with_multi_domain_issue()
3408{
3409
3410for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]}
3411do
3412
3413  find_map_presence_details $_MAP_
3414
3415  if [ $PRESENT_COUNT -eq 1 ]; then
3416
3417    # This map exists in only one domain.
3418    # So, no need to ask for multiple domains.
3419
3420    process_one_map_ttl_value $_MAP_
3421
3422  else
3423
3424    # Handle multiple domains.
3425
3426    echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS"
3427
3428    get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3429                "y" "same_ttl_across_domains_help"
3430
3431    if [ $? -eq 1 ]; then
3432
3433      # Need to read only one TTL triplet for this MAP.
3434      process_one_map_ttl_value $_MAP_
3435
3436    else
3437
3438      # Need to ask for each domain
3439
3440      for _DMN_ in $PRESENT_IN_DOMAINS
3441      do
3442        _STR="${_MAP_},${_DMN_}"
3443
3444        # Now process each combination one at a time.
3445        process_one_map_ttl_value "$_STR"
3446
3447      done
3448    fi
3449  fi
3450done
3451
3452return 0
3453}
3454
3455
3456#
3457# List the TTL values for various MAPs
3458#
3459create_nisLDAPentryTtl()
3460{
3461
3462echo "\
3463# Associate TTLs with NIS entries derived from LDAP
3464" >> $MAP_FILE
3465
3466[ CUST_CMT_NEEDED -eq 1 ] && echo "\
3467# Each map has three TTL values which are specified in seconds.
3468# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial
3469#    TTL (in seconds) for data read from disk when the ypserv starts.
3470#
3471# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL.
3472#
3473# 3. runningTTL   (default $DEF_runTTL sec) The TTL (in seconds) for data
3474#    retrieved from LDAP while the ypserv is running.
3475#
3476# If any value is not specified, then default value is used.
3477# The format of TTL entry is :
3478# nisLDAPentryTtl   MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL
3479" >> $MAP_FILE
3480
3481# If no maps are present, just return.
3482[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0
3483
3484echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}"
3485get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \
3486            "n" "default_ttl_help"
3487
3488if [ $? -eq 0 ]; then
3489  # Default values accepted for all the maps.
3490  # So, just print all the maps with default TTL values.
3491
3492  print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3493
3494else
3495  echo "You would be allowed to enter the new TTL values."
3496  get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \
3497              "y" "non_default_same_ttl_help"
3498
3499  if [ $? -eq 1 ]; then
3500    # Need to read only one TTL triplet.
3501    # Print all the maps with new TTL triplet.
3502
3503    # read one ttl triplet
3504    echo "Enter the new TTL values :"
3505
3506    read_one_ttl_triplet
3507
3508    print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL
3509
3510  else
3511    if [ $N2L_DMN_CNT -eq 1 ]; then
3512
3513      # TTL values are different now. But we haev only one domain.
3514      # So, no need to worry about multiple domains. Need to read
3515      # only one TTL triplet for each existing MAP.
3516
3517      read_all_maps_ttl_values_no_multiple_domain_issue
3518
3519    else
3520
3521      # TTL values are different now. And we have multiple domains
3522      # too. Check if MAPS are going to have same TTL across domains.
3523      # This is just to avoid asking too many TTL triplet inputs
3524
3525      echo "You would be allowed to enter different TTL values for each map."
3526
3527      get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3528                  "y" "non_default_different_ttl_help"
3529
3530      if [ $? -eq 1 ]; then
3531
3532        # Need to read only one TTL triplet for each existing MAP.
3533        read_all_maps_ttl_values_no_multiple_domain_issue
3534
3535      else
3536
3537        # We have hit the worst case scenario. TTLs could be
3538        # different per map and per domain.
3539
3540        read_default_maps_ttl_values_with_multi_domain_issue
3541        read_custom_maps_ttl_values_with_multi_domain_issue
3542      fi
3543    fi
3544  fi
3545fi
3546
3547echo "
3548#
3549#------------------------------------------------------------------------------
3550#
3551" >> $MAP_FILE
3552
3553return 0
3554}
3555
3556
3557#
3558# The custom maps for which we do not have enough
3559# information to be able to generate specific entries,
3560# we just log the message that the user needs to take
3561# care of those entries manually.
3562#
3563ask_user_to_update_the_custom_map_entries_too()
3564{
3565
3566if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then
3567
3568  echo "
3569# Similar entries need to be created
3570# for following custom maps too :\
3571" >> $MAP_FILE
3572
3573  for _MAP in ${ALL_DMN_CUST_MAPS[*]}
3574  do
3575    echo "# $_MAP" >> $MAP_FILE
3576  done
3577fi
3578}
3579
3580
3581put_default_nisLDAPnameFields()
3582{
3583echo '
3584# Associate names with fields in the maps. Must be same for all domains.
3585nisLDAPnameFields audit_user: \
3586			("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags)
3587
3588nisLDAPnameFields auto.home: \
3589			("%s",value)
3590
3591nisLDAPnameFields auto.master: \
3592			("%s",value)
3593
3594nisLDAPnameFields auth_attr: \
3595			("%s:%s:%s:%s:%s:%s", \
3596			name, res1, res2, short_desc, long_desc, attrs )
3597
3598nisLDAPnameFields bootparams: \
3599			("%s", params)
3600
3601nisLDAPnameFields ethers: \
3602			("%s %s", addr, name)
3603
3604nisLDAPnameFields exec_attr: \
3605			("%s:%s:%s:%s:%s:%s:%s", \
3606			name, policy, type, res1, res2, id, attrs)
3607
3608nisLDAPnameFields group: \
3609			("%s:%s:%s:%s", name, passwd, gid, users)
3610' >> $MAP_FILE
3611
3612# Need to handle group.adjunct.byname map for multiple domain.
3613
3614_MAP=group.adjunct.byname
3615if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3616then
3617  # Just put the syntax in comment form
3618  echo '#nisLDAPnameFields group.adjunct.byname: \
3619#			("%s:%s", name, passwd)
3620' >> $MAP_FILE
3621else
3622  # Find the domains in which this map exists.
3623  find_domains $_MAP DEF_MAPS
3624  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3625  then
3626
3627    # Don't put domain info as the map is present in all of them.
3628    echo 'nisLDAPnameFields group.adjunct.byname: \
3629			("%s:%s", name, passwd)
3630' >> $MAP_FILE
3631  else
3632    # Not every domain has this map. So, list for the ones which do.
3633    for _DMN in $PRESENT_IN_DOMAINS
3634    do
3635      echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\
3636			(\"%s:%s\", name, passwd)
3637" >> $MAP_FILE
3638    done
3639  fi
3640fi
3641
3642echo 'nisLDAPnameFields keys.host: \
3643			("%s:%s", publicKey ,secretKey)
3644
3645nisLDAPnameFields keys.pass: \
3646			("%s:%s", publicKey ,secretKey)
3647
3648nisLDAPnameFields keys.nobody: \
3649			("%s:%s", publicKey ,secretKey)
3650
3651nisLDAPnameFields hosts: \
3652			("%a %s %s", addr, canonicalName, aliases)
3653
3654nisLDAPnameFields multihosts: \
3655			("%a %s %s", addr, canonicalName, aliases)
3656
3657nisLDAPnameFields ipnodes: \
3658			("%a %s %s", addr, canonicalName, aliases)
3659
3660nisLDAPnameFields multiipnodes: \
3661			("%a %s %s", addr, canonicalName, aliases)
3662
3663nisLDAPnameFields mail.aliases: \
3664			("%s", addresses)
3665
3666nisLDAPnameFields mail.mapping: \
3667			("%s", address)
3668
3669# memberTriples	is split into sub-fields by a latter nisLDAPsplitField
3670# attribute.
3671nisLDAPnameFields netgroup: \
3672			("%s", memberTriples)
3673
3674nisLDAPnameFields netid.host: \
3675			("%s:%s", number, data)
3676
3677nisLDAPnameFields netid.pass: \
3678			("%s:%s", number, data)
3679
3680nisLDAPnameFields netmasks.byaddr: \
3681			("%a", mask)
3682
3683nisLDAPnameFields networks: \
3684			("%s %s %s", name, number, aliases)
3685
3686nisLDAPnameFields project: \
3687			("%s:%s:%s:%s:%s:%s", \
3688			name, projID, comment, users, groups, attrs)
3689
3690nisLDAPnameFields protocols:	\
3691			("%s %s %s", name, number, aliases)
3692
3693nisLDAPnameFields rpc.bynumber:	\
3694			("%s %s %s", name, number, aliases)
3695
3696nisLDAPnameFields passwd: \
3697			("%s:%s:%s:%s:%s:%s:%s", \
3698			name, passwd, uid, gid, gecos, home, shell)
3699
3700# It is not obvious what the fields in passwd.adjunct are for. They are not
3701# the same as the shadow map. The following is based on information in:-
3702#
3703#	lib/libbc/inc/include/pwdadj.h.
3704#
3705# This file implies that these are documented in getpwaent(3) but this man page
3706# does not seem to exist.
3707#
3708# It is believed that 'min','max' and 'def' labels were reserved fields in
3709# SunOS 4.x and are now unused.  'always' and 'never' audit information is
3710# now contained in audit_user(4) so is now unused.
3711#
3712' >> $MAP_FILE
3713
3714# Need to handle passwd.adjunct.byname map for multiple domain.
3715
3716_MAP=passwd.adjunct.byname
3717if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3718then
3719  # Just put the syntax in comment form
3720  echo '#nisLDAPnameFields passwd.adjunct.byname: \
3721#			("%s:%s:%s:%s:%s:%s:%s", \
3722#			name, passwd, min, max, def, always, \
3723#			never)
3724' >> $MAP_FILE
3725else
3726  # Find the domains in which this map exists.
3727  find_domains $_MAP DEF_MAPS
3728
3729  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3730  then
3731
3732    # Don't put domain info as the map is present in all of them.
3733    echo 'nisLDAPnameFields passwd.adjunct.byname: \
3734			("%s:%s:%s:%s:%s:%s:%s", \
3735			name, passwd, min, max, def, always, \
3736			never)
3737' >> $MAP_FILE
3738  else
3739    # Not every domain has this map. So, list for the ones which do.
3740    for _DMN in $PRESENT_IN_DOMAINS
3741    do
3742      echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\
3743			(\"%s:%s:%s:%s:%s:%s:%s\", \\
3744                        name, passwd, min, max, def, always, \\
3745                        never)
3746" >> $MAP_FILE
3747    done
3748  fi
3749fi
3750
3751echo '
3752nisLDAPnameFields printers.conf.byname: \
3753			("%s:%s", names, values)
3754
3755nisLDAPnameFields prof_attr: \
3756			("%s:%s:%s:%s:%s", \
3757			name, res1, res2, desc, attrs)
3758
3759nisLDAPnameFields services: \
3760			("%s %s/%s %s", name, port, protocol, aliases)
3761
3762# This map is never created but yppasswd uses the mapping to extract password
3763# ageing information from the DIT. The password itself is not required by this
3764# mechanism so is not included in the ageing mapping.
3765nisLDAPnameFields ageing.byname: \
3766			("%s:%s:%s:%s:%s:%s:%s:%s", \
3767			name, lastchg, min, max, warn, inactive, \
3768			expire, flag)
3769
3770nisLDAPnameFields timezone.byname: \
3771			("%s %s", zoneName, hostName)
3772
3773nisLDAPnameFields user_attr: \
3774			("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs)
3775' >> $MAP_FILE
3776}
3777
3778#
3779# List namefields for non-default auto maps and custom maps.
3780#
3781put_auto_and_custom_map_nisLDAPnameFields()
3782{
3783for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
3784do
3785
3786  echo "\
3787nisLDAPnameFields ${_MAP}: \\
3788                      (\"%s\",value)
3789" >> $MAP_FILE
3790
3791done
3792}
3793
3794
3795create_nisLDAPnameFields()
3796{
3797# Put format information of "nisLDAPnameFields"
3798[ CUST_CMT_NEEDED -eq 1 ] && echo '
3799# "nisLDAPnameFields" specifies the content of entries in a NIS map
3800# and how they should be broken into named fields. It is required as,
3801# unlike NIS+, NIS maps do not store information in named fields.
3802#
3803# Following is the syntax for nisLDAPnameFields :
3804#
3805# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
3806# fieldName       = nameOrArrayName[","...]
3807# nameOrArrayName = Name of field or 'array' of repeated fields.
3808# matchspec       = \" formatString \"
3809' >> $MAP_FILE
3810
3811# List the default nameField values
3812put_default_nisLDAPnameFields
3813
3814# List the underlying assumption
3815echo "\
3816# With the assumption that all the custom maps are simple, single
3817# map (single key-value pair type), below is the nisLDAPnameFields
3818# information for all the custom and non-default auto.* maps. If
3819# this assumption is not valid, then refer to the NISLDAPmapping
3820# man page for information on how to customize this section.
3821" >> $MAP_FILE
3822
3823# List namefields for non-default auto maps and custom maps.
3824put_auto_and_custom_map_nisLDAPnameFields
3825
3826
3827echo "
3828#
3829#------------------------------------------------------------------------------
3830#
3831" >> $MAP_FILE
3832
3833return 0
3834}
3835
3836
3837#
3838# List repeated field seperators
3839#
3840create_nisLDAPrepeatedFieldSeparators()
3841{
3842
3843[ CUST_CMT_NEEDED -eq 1 ] && echo "
3844# nisLDAPrepeatedFieldSeparators : It is a character which separates
3845# the repeatable instnaces of splitable fields. It's format is :
3846#
3847# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\"
3848#               sepChar = A separator character.
3849#               Default value is space or tab.
3850" >> $MAP_FILE
3851
3852echo "\
3853#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\"
3854" >> $MAP_FILE
3855
3856}
3857
3858
3859#
3860# List split fields
3861#
3862create_nisLDAPsplitField()
3863{
3864# List the default split fields
3865
3866[ CUST_CMT_NEEDED -eq 1 ] && echo '
3867# nisLDAPsplitFields : It defines how a field, or list of fields,
3868# named by nisLDAPnameFields is split into sub fields. The original
3869# field is compared with each line of this attribute until one matches.
3870# When a match is found named sub-fields are generated. In latter
3871# operations sub-field names can be used in the same way as other
3872# field names. The format of nisLDAPsplitFields is :
3873#
3874# "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
3875# splitSpec       = "(" matchspec "," subFieldNames ")"
3876# fieldName       = Name of a field from nisLDAPnameFields
3877# subFieldNames   = subFieldname[","...]
3878# matchspec       = \" formatString \"
3879' >> $MAP_FILE
3880
3881echo '
3882nisLDAPsplitField memberTriples: \
3883			("(%s,%s,%s)", host, user, domain), \
3884			("%s", group)
3885' >> $MAP_FILE
3886
3887}
3888
3889#
3890# List split fields and repeated field separators.
3891#
3892create_split_field_and_repeatedfield_seperators()
3893{
3894
3895echo "\
3896# Specify how to break fields up into sub fields.
3897" >> $MAP_FILE
3898
3899create_nisLDAPrepeatedFieldSeparators
3900
3901create_nisLDAPsplitField
3902
3903echo "
3904#
3905#------------------------------------------------------------------------------
3906#
3907" >> $MAP_FILE
3908}
3909
3910list_default_nisLDAPobjectDN()
3911{
3912echo '
3913# Associate maps with RDNs and object classes. Base DN comes from the
3914# nisLDAPdomainContext.
3915#
3916# As supplied this file gives only the most derived objectClass for each map.
3917# For some servers it may be necessary to add "objectClass=" statements for
3918# all the superclasses. This should be done here.
3919
3920nisLDAPobjectDN	auto.home: \
3921			automountmapname=auto_home,?one? \
3922			objectClass=automount:
3923
3924nisLDAPobjectDN	auto.master: \
3925			automountmapname=auto_master,?one? \
3926			objectClass=automount:
3927
3928nisLDAPobjectDN	auth_attr: \
3929			ou=SolarisAuthAttr,?one? \
3930			objectClass=SolarisAuthAttr:
3931
3932nisLDAPobjectDN	bootparams: \
3933			ou=ethers,?one? \
3934			objectClass=bootableDevice, \
3935			bootParameter=*:\
3936			ou=ethers,?one? \
3937			objectClass=device, \
3938			objectClass=bootableDevice
3939
3940
3941nisLDAPobjectDN exec_attr:\
3942			ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3943				SolarisKernelSecurityPolicy=*:\
3944			ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3945				objectClass=SolarisProfAttr,\
3946				objectClass=top
3947
3948nisLDAPobjectDN	ethers: \
3949			ou=ethers,?one? \
3950			objectClass=ieee802Device, \
3951			macAddress=*:\
3952			ou=ethers,?one? \
3953			objectClass=device, \
3954			objectClass=ieee802Device
3955
3956nisLDAPobjectDN	group: \
3957			ou=group,?one? \
3958			objectClass=posixGroup:
3959' >> $MAP_FILE
3960
3961
3962# Need to handle group.adjunct.byname map for multiple domain.
3963
3964_MAP=group.adjunct.byname
3965if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3966then
3967  # Just put the syntax in comment form
3968  echo '#nisLDAPobjectDN group.adjunct.byname: \
3969#			ou=group,?one? \
3970#			objectClass=posixGroup:
3971' >> $MAP_FILE
3972else
3973  # Find the domains in which this map exists.
3974  find_domains $_MAP DEF_MAPS
3975  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3976  then
3977    # Don't put domain info as the map is present in all of them.
3978    echo 'nisLDAPobjectDN group.adjunct.byname: \
3979			ou=group,?one? \
3980			objectClass=posixGroup:
3981' >> $MAP_FILE
3982  else
3983    # Not every domain has this map. So, list for the ones which do.
3984    for _DMN in $PRESENT_IN_DOMAINS
3985    do
3986      echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\
3987			ou=group,?one? \\
3988			objectClass=posixGroup:
3989" >> $MAP_FILE
3990    done
3991  fi
3992fi
3993
3994
3995echo 'nisLDAPobjectDN	hosts: \
3996			ou=hosts,?one? \
3997			objectClass=ipHost:\
3998			ou=hosts,?one? \
3999			objectClass=device, \
4000			objectClass=ipHost
4001
4002nisLDAPobjectDN multihosts: \
4003			ou=hosts,?one? \
4004			objectClass=ipHost, \
4005			ipHostNumber=*.*
4006
4007nisLDAPobjectDN	ipnodes: \
4008			ou=hosts,?one? \
4009			objectClass=ipHost:\
4010			ou=hosts,?one? \
4011			objectClass=device, \
4012			objectClass=ipHost
4013
4014nisLDAPobjectDN multiipnodes: \
4015			ou=hosts,?one? \
4016			objectClass=ipHost, \
4017			ipHostNumber=*\:*
4018
4019nisLDAPobjectDN	mail.aliases: \
4020			ou=aliases,?one? \
4021			objectClass=mailGroup:
4022
4023nisLDAPobjectDN	mail.mapping: \
4024			ou=aliases,?one? \
4025			objectClass=mailGroup
4026
4027nisLDAPobjectDN	netgroup: \
4028			ou=netgroup,?one? \
4029			objectClass=nisNetgroup:
4030
4031nisLDAPobjectDN	networks: \
4032			ou=networks,?one? \
4033			objectClass=ipNetwork, \
4034			cn=*:
4035
4036# Must come after networks (or equivalent) that creates ipNetworks
4037nisLDAPobjectDN netmasks.byaddr: \
4038			ou=networks,?one? \
4039			objectClass=ipNetwork, \
4040			ipNetMaskNumber=*:
4041
4042nisLDAPobjectDN	passwd: \
4043			ou=people,?one? \
4044			objectClass=posixAccount:\
4045			ou=people,?one? \
4046			objectClass=account, \
4047			objectClass=shadowAccount, \
4048			objectClass=posixAccount
4049' >> $MAP_FILE
4050
4051
4052# Need to handle passwd.adjunct.byname map for multiple domain.
4053
4054_MAP=passwd.adjunct.byname
4055if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4056then
4057  # Just put the syntax in comment form
4058  echo '#nisLDAPobjectDN passwd.adjunct.byname: \
4059#			ou=people,?one? \
4060#			objectClass=posixAccount:\
4061#			ou=people,?one? \
4062#			objectClass=account, \
4063#			objectClass=shadowAccount, \
4064#			objectClass=posixAccount
4065' >> $MAP_FILE
4066else
4067  # Find the domains in which this map exists.
4068  find_domains $_MAP DEF_MAPS
4069  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4070  then
4071    # Don't put domain info as the map is present in all of them.
4072    echo 'nisLDAPobjectDN passwd.adjunct.byname: \
4073			ou=people,?one? \
4074			objectClass=posixAccount:\
4075			ou=people,?one? \
4076			objectClass=account, \
4077			objectClass=shadowAccount, \
4078			objectClass=posixAccount
4079' >> $MAP_FILE
4080  else
4081    # Not every domain has this map. So, list for the ones which do.
4082    for _DMN in $PRESENT_IN_DOMAINS
4083    do
4084      echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\
4085			ou=people,?one? \\
4086			objectClass=posixAccount:\\
4087			ou=people,?one? \\
4088			objectClass=account, \\
4089			objectClass=shadowAccount, \\
4090			objectClass=posixAccount
4091" >> $MAP_FILE
4092    done
4093  fi
4094fi
4095
4096
4097echo '# Must follow passwd
4098nisLDAPobjectDN netid.pass: \
4099			ou=people,?one? \
4100			objectClass=posixAccount
4101
4102# Must follow hosts
4103nisLDAPobjectDN netid.host: \
4104			ou=hosts,?one? \
4105			objectClass=ipHost
4106
4107nisLDAPobjectDN	printers.conf.byname: \
4108			ou=printers,?one? \
4109				objectClass=printerService:\
4110			ou=printers,?one? \
4111				objectClass=sunPrinter, \
4112				objectClass=printerService, \
4113				objectClass=printerLPR, \
4114				objectClass=printerAbstract
4115
4116nisLDAPobjectDN prof_attr:\
4117			ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4118				SolarisAttrLongDesc=*:\
4119			ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4120				objectClass=SolarisExecAttr,\
4121				objectClass=top
4122nisLDAPobjectDN project: \
4123			ou=project,?one? \
4124			objectClass=SolarisProject:
4125
4126nisLDAPobjectDN	protocols: \
4127			ou=protocols,?one? \
4128			objectClass=ipProtocol:
4129
4130nisLDAPobjectDN rpc.bynumber: \
4131			ou=rpc,?one? \
4132			objectClass=oncRpc:
4133
4134nisLDAPobjectDN	services.byname: \
4135			ou=services,?one? \
4136			objectClass=ipService:
4137
4138# Because services.byservicename contains keys of form both 'name'
4139# and 'name/protocol' we generate the DIT just from services.byname.
4140# Hence, write-disabled for services.byservicename
4141nisLDAPobjectDN	services.byservicename: \
4142			ou=services,?one? \
4143			objectClass=ipService
4144
4145# This map is never created but yppasswd uses the mapping to extract password
4146# aging information from the DIT.
4147nisLDAPobjectDN	ageing.byname: \
4148			ou=people,?one? \
4149			objectClass=shadowAccount:
4150
4151# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap
4152nisLDAPobjectDN	timezone.byname: \
4153			ou=Timezone,?one? \
4154			objectClass=nisplusTimeZoneData:
4155
4156nisLDAPobjectDN	user_attr: \
4157			ou=people,?one? \
4158			objectClass=SolarisUserAttr:
4159
4160# Must come after passwd (or equivalent) that creates posixAccounts
4161nisLDAPobjectDN	audit_user: \
4162			ou=people,?one? \
4163			objectClass=SolarisAuditUser:
4164
4165# Must come after hosts + passwd.
4166nisLDAPobjectDN keys.host: \
4167			ou=hosts,?one? \
4168			objectClass=NisKeyObject:
4169
4170nisLDAPobjectDN keys.pass: \
4171			ou=people,?one? \
4172			objectClass=NisKeyObject:
4173
4174nisLDAPobjectDN keys.nobody: \
4175			ou=people,?one? \
4176			objectClass=NisKeyObject:\
4177			ou=people,?one? \
4178			objectClass=account, \
4179			objectClass=NisKeyObject
4180
4181nisLDAPobjectDN ypservers: \
4182			ou=ypservers,?one? \
4183			objectClass=device:
4184' >> $MAP_FILE
4185}
4186
4187# List all the non-default auto.* and custom maps.
4188list_auto_custom_nisLDAPobjectDN()
4189{
4190
4191# auto.* entries are easy.
4192if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4193  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4194
4195  for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4196  do
4197
4198    # We need to find one container for each auto.* map.
4199    # Assume that each auto.* maps's container is auto_*.
4200
4201    _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"`
4202
4203    echo "\
4204nisLDAPobjectDN ${_MAP}: \\
4205                      automountmapname=${_MAP_UNDERSCORE},?one? \\
4206                      objectClass=automount:
4207" >> $MAP_FILE
4208  done
4209fi
4210
4211# Since we do not have enough information to generate
4212# entries for other custom maps, best we can do is to
4213# log this map names and ask user to take care of them.
4214
4215ask_user_to_update_the_custom_map_entries_too
4216
4217}
4218
4219
4220#
4221# List association of maps with RDNs and object classes.
4222#
4223create_nisLDAPobjectDN()
4224{
4225
4226[ CUST_CMT_NEEDED -eq 1 ] && echo '
4227# nisLDAPobjectDN : It specifies the connection between group of NIS
4228# maps and the LDAP directory. This attribute also defines the 'order'
4229# of the NIS maps. When NIS maps are bulk copied to or from the DIT
4230# they are processed in the same order as related nisLDAPobjectDN
4231# attributes appear in /var/yp/NISLDAPmapping.
4232# The format of "nisLDAPobjectDN" is :
4233#
4234# mapName[" "...] ":" objectDN *( ";" objectDN )
4235#
4236# where:
4237#
4238# objectDN        = readObjectSpec [":"[writeObjectSpec]]
4239# readObjectSpec  = [baseAndScope [filterAttrValList]]
4240# writeObjectSpec = [baseAndScope [attrValList]]
4241# baseAndScope    = [baseDN] ["?" [scope]]
4242# filterAttrValList = ["?" [filter | attrValList]]]
4243# scope           = "base" | "one" | "sub"
4244# attrValList     = attribute "=" value
4245#                       *("," attribute "=" value)
4246' >> $MAP_FILE
4247
4248# List all the default entries anyway.
4249list_default_nisLDAPobjectDN
4250
4251# List all the non-default auto.* and custom maps.
4252list_auto_custom_nisLDAPobjectDN
4253
4254}
4255
4256#
4257# List all the default nisLDAPattributeFromField entries
4258#
4259list_default_nisLDAPattributeFromField()
4260{
4261echo '
4262# Describe how named fields are mapped to DIT entries.
4263
4264# audit_user
4265nisLDAPattributeFromField audit_user: \
4266			dn=("uid=%s,", rf_key ), \
4267			SolarisAuditAlways=alwaysAuditFlags, \
4268			SolarisAuditNever=neverAuditFlags
4269
4270# auto.home
4271nisLDAPattributeFromField auto.home: \
4272			dn=("automountKey=%s,", rf_key ), \
4273			automountKey=rf_key, \
4274			automountInformation=value
4275
4276# auto.master
4277nisLDAPattributeFromField auto.master: \
4278			dn=("automountKey=%s,", rf_key ), \
4279			automountKey=rf_key, \
4280			automountInformation=value
4281
4282# auth_attr
4283nisLDAPattributeFromField auth_attr: \
4284			dn=("cn=%s,", rf_key ), \
4285			cn=name, \
4286			SolarisAttrReserved1=res1, \
4287			SolarisAttrReserved2=res2, \
4288			SolarisAttrShortDesc=short_desc, \
4289			SolarisAttrLongDesc=long_desc, \
4290			SolarisAttrKeyValue=attrs
4291
4292# exec_attr. Because of the messy NIS keys special handling is required here
4293nisLDAPattributeFromField exec_attr: \
4294			dn=("cn=%s+SolarisKernelSecurityPolicy=%s\
4295				+SolarisProfileType=%s+SolarisProfileID=%s,", \
4296				name, policy,type,id), \
4297			("%s:*", cn)=rf_key, \
4298			("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \
4299			("*:*:%s", SolarisProfileId)=rf_key, \
4300			solarisProfileType=type, \
4301			solarisAttrReserved1=res1, \
4302			SolarisAttrReserved2=res2, \
4303			solarisAttrKeyValue=attrs
4304
4305# ethers
4306nisLDAPattributeFromField ethers.byname: \
4307			dn=("cn=%s,", rf_key ), \
4308			macAddress=addr
4309nisLDAPattributeFromField ethers.byaddr: \
4310			dn=("cn=%s,", name ), \
4311			macAddress=rf_key
4312nisLDAPattributeFromField ethers: \
4313			cn=name, \
4314			description=rf_comment
4315
4316# bootparams. Must be done after ethers
4317nisLDAPattributeFromField bootparams: \
4318			dn=("cn=%s,", rf_key ), \
4319			cn=rf_key, \
4320			(bootParameter)=(params, " ")
4321' >> $MAP_FILE
4322
4323# group syntax is different when group.adjunct map is present.
4324# So, need to handle the various possibilities
4325
4326_MAP=group.adjunct.byname
4327
4328if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4329then
4330
4331  # Just put the group.adjunct syntax in comment form
4332
4333  echo '# group
4334nisLDAPattributeFromField group.byname: \
4335			dn=("cn=%s,", rf_key ), \
4336                        gidNumber=gid
4337nisLDAPattributeFromField group.bygid: \
4338		        dn=("cn=%s,", name ), \
4339                        gidNumber=rf_key
4340nisLDAPattributeFromField group: \
4341                        cn=name, \
4342                        userPassword=("{crypt}%s",passwd), \
4343                        (memberUid)=(users, ",")
4344
4345#
4346# If you are using group.adjunct, comment the group section above
4347# and uncomment the following group and group.adjunct sections
4348#
4349# group
4350#nisLDAPattributeFromField group.byname: \
4351#			dn=("cn=%s,", rf_key ), \
4352#			gidNumber=gid
4353#nisLDAPattributeFromField group.bygid: \
4354#			dn=("cn=%s,", name ), \
4355#			gidNumber=rf_key
4356#nisLDAPattributeFromField group: \
4357#			cn=name, \
4358#			(memberUid)=(users, ",")
4359
4360# group.adjunct
4361#nisLDAPattributeFromField group.adjunct.byname: \
4362#			dn=("cn=%s,", rf_key ), \
4363#			cn=name, \
4364#			userPassword=("{crypt}%s",passwd)
4365' >> $MAP_FILE
4366
4367else
4368
4369  # Find the domains in which group.adjunct map exists.
4370  find_domains $_MAP DEF_MAPS
4371
4372  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4373  then
4374
4375    # All the domains have group.adjunct map.
4376
4377    echo '# group
4378#nisLDAPattributeFromField group.byname: \
4379#			dn=("cn=%s,", rf_key ), \
4380#			gidNumber=gid
4381#nisLDAPattributeFromField group.bygid: \
4382#			dn=("cn=%s,", name ), \
4383#			gidNumber=rf_key
4384#nisLDAPattributeFromField group: \
4385#			cn=name, \
4386#			userPassword=("{crypt}%s",passwd), \
4387#			(memberUid)=(users, ",")
4388
4389# If you are not using group.adjunct, uncomment the group section above
4390# and comment the following group and group.adjunct sections
4391#
4392# group
4393nisLDAPattributeFromField group.byname: \
4394			dn=("cn=%s,", rf_key ), \
4395			gidNumber=gid
4396nisLDAPattributeFromField group.bygid: \
4397			dn=("cn=%s,", name ), \
4398			gidNumber=rf_key
4399nisLDAPattributeFromField group: \
4400			cn=name, \
4401			(memberUid)=(users, ",")
4402
4403# group.adjunct
4404nisLDAPattributeFromField group.adjunct.byname: \
4405			dn=("cn=%s,", rf_key ), \
4406			cn=name, \
4407			userPassword=("{crypt}%s",passwd)
4408' >> $MAP_FILE
4409
4410  else
4411    # Not every domain has group.adjunct map.
4412
4413    # First put the password syntax with domain name for domains
4414    # in which group.adjunct exists.
4415
4416    echo "# group" >> $MAP_FILE
4417
4418    for _DMN in $PRESENT_IN_DOMAINS
4419    do
4420
4421      echo "\
4422# domain-specific group
4423nisLDAPattributeFromField group.byname,${_DMN}: \\
4424			dn=(\"cn=%s,\", rf_key ), \\
4425			gidNumber=gid
4426nisLDAPattributeFromField group.bygid,${_DMN}: \\
4427			dn=(\"cn=%s,\", name ), \\
4428			gidNumber=rf_key
4429nisLDAPattributeFromField group,${_DMN}: \\
4430			cn=name, \\
4431			(memberUid)=(users, \",\")
4432" >> $MAP_FILE
4433    done
4434
4435    # Now put the other group syntax. We do not need to
4436    # append the domain name here.
4437
4438    echo '
4439nisLDAPattributeFromField group.byname: \
4440			dn=("cn=%s,", rf_key ), \
4441			gidNumber=gid
4442nisLDAPattributeFromField group.bygid: \
4443			dn=("cn=%s,", name ), \
4444			gidNumber=rf_key
4445nisLDAPattributeFromField group: \
4446			cn=name, \
4447			userPassword=("{crypt}%s",passwd), \
4448			(memberUid)=(users, ",")
4449' >> $MAP_FILE
4450
4451    # Now we need to put the group.adjunct syntax for domains
4452    # in which this map exists.
4453
4454    echo "# group.adjunct" >> $MAP_FILE
4455
4456    for _DMN in $PRESENT_IN_DOMAINS
4457    do
4458
4459      echo "\
4460nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\
4461			dn=(\"cn=%s,\", rf_key ), \\
4462			cn=name, \\
4463			userPassword=(\"{crypt}%s\",passwd)
4464" >> $MAP_FILE
4465    done
4466
4467  fi
4468
4469fi
4470
4471
4472echo '
4473# hosts
4474# Cannot forward map hosts.byname key as the YP_MULTI entries will not work.
4475nisLDAPattributeFromField hosts.byname: \
4476                        cn=rf_searchkey
4477nisLDAPattributeFromField hosts.byaddr: \
4478                        ipHostNumber=rf_searchipkey
4479nisLDAPattributeFromField hosts: \
4480                        ipHostNumber=addr, \
4481			dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4482                        cn=canonicalName, \
4483                        (cn)=(aliases, " "), \
4484                        description=rf_comment
4485
4486nisLDAPattributeFromField multihosts: \
4487			("YP_MULTI_%s", cn)=rf_searchkey
4488
4489# ipnodes
4490# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work.
4491nisLDAPattributeFromField ipnodes.byname: \
4492                        cn=rf_searchkey
4493nisLDAPattributeFromField ipnodes.byaddr: \
4494                        ipHostNumber=rf_searchipkey
4495nisLDAPattributeFromField ipnodes: \
4496                        ipHostNumber=addr, \
4497			dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4498			cn=canonicalName, \
4499                        (cn)=(aliases, " "), \
4500                        description=rf_comment
4501
4502nisLDAPattributeFromField multiipnodes: \
4503			("YP_MULTI_%s", cn)=rf_searchkey
4504
4505#mail.aliases
4506nisLDAPattributeFromField mail.aliases: \
4507			dn=("mail=%s,", rf_key), \
4508			mail=rf_key, \
4509			(mgrprfc822mailmember)=(addresses, ",")
4510
4511#mail.mapping
4512#Commented out because all NIS->LDAP mappings are done by mail.aliases
4513#nisLDAPattributeFromField mail.mapping: \
4514#			dn=("mail=%s,", address), \
4515#			mail=address, \
4516#			mgrprfc822mailmember=rf_key
4517nisLDAPattributeFromField mail.mapping: \
4518			mgrprfc822mailmember=rf_searchkey
4519
4520# netgroup.
4521#
4522# Only need to create DIT entries for netgroup. This contains a superset of
4523# the information in netgroup.byhost and netgroup.byuser
4524nisLDAPattributeFromField netgroup: \
4525			dn=("cn=%s,", rf_key ), \
4526			(memberNisNetgroup)=group, \
4527			(nisNetgroupTriple)= \
4528					("(%s,%s,%s)", host, user, domain), \
4529			cn=rf_key, \
4530			description=rf_comment
4531
4532# netid.pass
4533#
4534# Commented out because, unless remote domains (and thus /etc/netid) is
4535# supported, all NIS->LDAP mappings are set up from passwd.
4536#nisLDAPattributeFromField netid.pass: \
4537#			("unix.%s@*", uidNumber)=rf_key, \
4538#			(gidNumber)=("%s", (data), " "), \
4539#			description=rf_comment
4540nisLDAPattributeFromField netid.pass: \
4541			("unix.%s@*", uidNumber)=rf_searchkey
4542
4543# netid.host
4544#
4545# Commented out because, unless remote domains (and thus /etc/netid) is
4546# supported, all NIS->LDAP mappings are set up from hosts.
4547#nisLDAPattributeFromField netid.host: \
4548#			dn=("cn=%s+ipHostNumber=%s,", data, \
4549#			        ldap:ipHostNumber:?one?("cn=%s", data)), \
4550#			ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \
4551#			("unix.%s@*", cn)=rf_key, \
4552#			description=rf_comment
4553nisLDAPattributeFromField netid.host: \
4554			("unix.%s@*", cn)=rf_searchkey
4555
4556# netmasks.byaddr
4557nisLDAPattributeFromField netmasks.byaddr: \
4558			dn=("ipNetworkNumber=%s,", rf_ipkey ), \
4559			ipNetworkNumber=rf_ipkey, \
4560			ipNetmaskNumber=mask, \
4561			description=rf_comment
4562
4563# networks.
4564nisLDAPattributeFromField networks.byname: \
4565			dn=("ipNetworkNumber=%s,", number ), \
4566			cn=name, \
4567			cn=rf_key
4568nisLDAPattributeFromField networks.byaddr: \
4569			dn=("ipNetworkNumber=%s,", rf_key ), \
4570			cn=name
4571nisLDAPattributeFromField networks: \
4572			(cn)=(aliases, " "), \
4573			ipNetworkNumber=number, \
4574			description=rf_comment
4575' >> $MAP_FILE
4576
4577
4578# passwd syntax is different when passwd.adjunct map is present.
4579# So, need to handle the various possibilities
4580
4581_MAP=passwd.adjunct.byname
4582
4583if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4584then
4585
4586  # Just put the passwd.adjunct syntax in comment form
4587
4588  echo '# passwd
4589nisLDAPattributeFromField passwd.byname: \
4590			dn=("uid=%s,", rf_key ), \
4591			uid=rf_key, \
4592			uidNumber=uid
4593nisLDAPattributeFromField passwd.byuid: \
4594			dn=("uid=%s,", name ), \
4595			uidNumber=rf_key, \
4596			uid=name
4597nisLDAPattributeFromField passwd: \
4598			cn=name, \
4599			userPassword=("{crypt}%s",passwd), \
4600			gidNumber=gid, \
4601			gecos=gecos, \
4602			homeDirectory=home, \
4603			loginShell=shell
4604
4605#
4606# If you are using passwd.adjunct, comment the passwd section above
4607# and uncomment the following passwd and passwd.adjunct sections
4608#
4609# passwd
4610#nisLDAPattributeFromField passwd.byname: \
4611#			dn=("uid=%s,", rf_key ), \
4612#			uid=rf_key, \
4613#			uidNumber=uid
4614#nisLDAPattributeFromField passwd.byuid: \
4615#			dn=("uid=%s,", name ), \
4616#			uidNumber=rf_key, \
4617#			uid=name
4618#nisLDAPattributeFromField passwd: \
4619#			cn=name, \
4620#			gidNumber=gid, \
4621#			gecos=gecos, \
4622#			homeDirectory=home, \
4623#			loginShell=shell
4624
4625# passwd.adjunct
4626#nisLDAPattributeFromField passwd.adjunct.byname: \
4627#			dn=("uid=%s,", rf_key ), \
4628#			uid=name, \
4629#			userPassword=("{crypt}%s",passwd)
4630' >> $MAP_FILE
4631
4632else
4633
4634  # Find the domains in which passwd.adjunct map exists.
4635  find_domains $_MAP DEF_MAPS
4636
4637  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4638  then
4639
4640    # All the domains have passwd.adjunct map. So, put the right
4641    # passwd syntax and comment-in the passwd.adjunct syntax.
4642
4643
4644    echo '# passwd
4645#nisLDAPattributeFromField passwd.byname: \
4646#			dn=("uid=%s,", rf_key ), \
4647#			uid=rf_key, \
4648#			uidNumber=uid
4649#nisLDAPattributeFromField passwd.byuid: \
4650#			dn=("uid=%s,", name ), \
4651#			uidNumber=rf_key, \
4652#			uid=name
4653#nisLDAPattributeFromField passwd: \
4654#			cn=name, \
4655#			userPassword=("{crypt}%s",passwd), \
4656#			gidNumber=gid, \
4657#			gecos=gecos, \
4658#			homeDirectory=home, \
4659#			loginShell=shell
4660
4661# If you are not using passwd.adjunct, uncomment the passwd section above
4662# and comment the following passwd and passwd.adjunct sections
4663#
4664# passwd
4665nisLDAPattributeFromField passwd.byname: \
4666			dn=("uid=%s,", rf_key ), \
4667			uid=rf_key, \
4668			uidNumber=uid
4669nisLDAPattributeFromField passwd.byuid: \
4670			dn=("uid=%s,", name ), \
4671			uidNumber=rf_key, \
4672			uid=name
4673nisLDAPattributeFromField passwd: \
4674			cn=name, \
4675			gidNumber=gid, \
4676			gecos=gecos, \
4677			homeDirectory=home, \
4678			loginShell=shell
4679
4680# passwd.adjunct
4681nisLDAPattributeFromField passwd.adjunct.byname: \
4682			dn=("uid=%s,", rf_key ), \
4683			uid=name, \
4684			userPassword=("{crypt}%s",passwd)
4685' >> $MAP_FILE
4686
4687  else
4688    # Not every domain has passwd.adjunct map.
4689
4690    # First put the password syntax with domain name for domains
4691    # in which passwd.adjunct exists.
4692
4693    echo "# passwd" >> $MAP_FILE
4694
4695    for _DMN in $PRESENT_IN_DOMAINS
4696    do
4697
4698      echo "\
4699nisLDAPattributeFromField passwd.byname,${_DMN}: \\
4700			dn=(\"uid=%s,\", rf_key ), \\
4701			uid=rf_key, \\
4702			uidNumber=uid
4703nisLDAPattributeFromField passwd.byuid,${_DMN}: \\
4704			dn=(\"uid=%s,\", name ), \\
4705			uidNumber=rf_key, \\
4706			uid=name
4707nisLDAPattributeFromField passwd,${_DMN}: \\
4708			cn=name, \\
4709			gidNumber=gid, \\
4710			gecos=gecos, \\
4711			homeDirectory=home, \\
4712			loginShell=shell
4713" >> $MAP_FILE
4714    done
4715
4716    # Now put the other passwd syntax. We do not need to
4717    # append the domain name here.
4718
4719    echo '
4720nisLDAPattributeFromField passwd.byname: \
4721			dn=("uid=%s,", rf_key ), \
4722			uid=rf_key, \
4723			uidNumber=uid
4724nisLDAPattributeFromField passwd.byuid: \
4725			dn=("uid=%s,", name ), \
4726			uidNumber=rf_key, \
4727			uid=name
4728nisLDAPattributeFromField passwd: \
4729			cn=name, \
4730			userPassword=("{crypt}%s",passwd), \
4731			gidNumber=gid, \
4732			gecos=gecos, \
4733			homeDirectory=home, \
4734			loginShell=shell
4735' >> $MAP_FILE
4736
4737    # Now we need to put the passwd.adjunct syntax for domains
4738    # in which this map exists.
4739
4740    echo "# passwd.adjunct" >> $MAP_FILE
4741
4742    for _DMN in $PRESENT_IN_DOMAINS
4743    do
4744
4745      echo "\
4746nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\
4747			dn=(\"uid=%s,\", rf_key ), \\
4748			uid=name, \\
4749			userPassword=(\"{crypt}%s\",passwd)
4750" >> $MAP_FILE
4751    done
4752
4753  fi
4754
4755fi
4756
4757echo '
4758# This map is never created but yppasswd uses the mapping to extract password
4759# aging information from the DIT.
4760nisLDAPattributeFromField ageing.byname: \
4761			dn=("uid=%s,", rf_key ), \
4762			uid=name, \
4763			shadowLastChange=lastchg, \
4764			shadowMin=min, \
4765			shadowMax=max, \
4766			shadowWarning=warn, \
4767			shadowInactive=inactive, \
4768			shadowExpire=expire, \
4769			shadowFlag=flag
4770
4771# printers.conf.byname
4772nisLDAPattributeFromField printers.conf.byname: \
4773			dn=("printer-uri=%s,", rf_key ), \
4774			printer-name=rf_key, \
4775			(printer-aliases)=(names, "|"), \
4776			sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \
4777			(sun-printer-kvp)=(values,":"), \
4778			description=rf_comment
4779
4780# prof_attr
4781nisLDAPattributeFromField prof_attr: \
4782			dn=("cn=%s,", rf_key ), \
4783			cn=name, \
4784			SolarisAttrReserved1=res1, \
4785			SolarisAttrReserved2=res2, \
4786			SolarisAttrLongDesc=desc, \
4787			SolarisAttrKeyValue=attrs
4788
4789# project
4790nisLDAPattributeFromField project.byname: \
4791			dn=("SolarisProjectName=%s,", rf_key )
4792nisLDAPattributeFromField project.byprojid: \
4793			dn=("SolarisProjectName=%s,", name ), \
4794			SolarisProjectID=rf_searchkey
4795nisLDAPattributeFromField project: \
4796			SolarisProjectName=name, \
4797			SolarisProjectID=projID, \
4798			(memberUid)=(users, ","), \
4799			(memberGid)=(groups, ","), \
4800			(SolarisProjectAttr)=(attrs, ";"), \
4801			description=comment
4802
4803# protocols
4804nisLDAPattributeFromField protocols.byname: \
4805                        ipProtocolNumber=number, \
4806                        cn=rf_searchkey
4807nisLDAPattributeFromField protocols.bynumber: \
4808                        ipProtocolNumber=rf_key, \
4809                        description=rf_comment
4810nisLDAPattributeFromField protocols: \
4811			dn=("cn=%s,", name ), \
4812                        (cn)=(aliases, " "), \
4813			cn=name
4814
4815# rpc.bynumber
4816nisLDAPattributeFromField rpc.bynumber: \
4817			dn=("cn=%s,", name ), \
4818			oncRpcNumber=rf_key, \
4819                        (cn)=(aliases, " "), \
4820			cn=name, \
4821			description=rf_comment
4822
4823# services
4824# services.byservicename rule is only used to speed single search
4825nisLDAPattributeFromField services.byservicename: \
4826			("%s/%s", cn, ipServiceProtocol) = rf_searchkey
4827
4828nisLDAPattributeFromField services.byname: \
4829			dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \
4830     			("*/%s", ipServiceProtocol)=rf_key, \
4831     			("%s/*", ipServicePort)=rf_key, \
4832                        (cn)=(aliases, " "), \
4833			cn=name, \
4834                        description=rf_comment
4835
4836# timezone.byname
4837nisLDAPattributeFromField timezone.byname: \
4838			dn=("cn=%s,", rf_key ), \
4839			cn=hostName, \
4840			nisplusTimeZone=zoneName, \
4841			description=comment
4842
4843# user_attr
4844nisLDAPattributeFromField user_attr: \
4845			dn=("uid=%s,", rf_key ), \
4846			uid=rf_key, \
4847			SolarisUserAttr=qualifier, \
4848			SolarisUserReserved1=res1, \
4849			SolarisUserReserved2=res2, \
4850			SolarisAttrKeyValue=attrs
4851
4852# publickey.byname
4853nisLDAPattributeFromField keys.host: \
4854			dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \
4855			nisPublicKey=publicKey, \
4856			nisSecretKey=secretKey
4857
4858nisLDAPattributeFromField keys.pass: \
4859			dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \
4860			nisPublicKey=publicKey, \
4861			nisSecretKey=secretKey
4862
4863nisLDAPattributeFromField keys.nobody: \
4864			dn=("uid=%s,",yp:rf_key), \
4865			cn=rf_key, \
4866			nisPublicKey=publicKey, \
4867			nisSecretKey=secretKey
4868
4869# ypservers. This derived from IPlanet implementation not RFC.
4870nisLDAPattributeFromField ypservers: \
4871			dn=("cn=%s,", rf_key), \
4872			cn=rf_key
4873' >> $MAP_FILE
4874}
4875
4876#
4877# List all the non-default auto.* and custom maps.
4878#
4879list_auto_and_custom_nisLDAPattributeFromField()
4880{
4881
4882# auto.* entries are easy.
4883if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4884  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4885fi
4886
4887for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4888do
4889  echo "\
4890# ${_MAP}
4891nisLDAPattributeFromField ${_MAP}: \\
4892                        dn=(\"automountKey=%s,\", rf_key ), \\
4893                        automountKey=rf_key, \\
4894                        automountInformation=value
4895" >> $MAP_FILE
4896done
4897
4898# Since we do not have enough information to generate
4899# entries for other custom maps, best we can do is to
4900# log this map names and ask user to take care of them.
4901
4902ask_user_to_update_the_custom_map_entries_too
4903
4904}
4905
4906
4907#
4908# List mapping of named fields to DIT entries
4909#
4910create_nisLDAPattributeFromField()
4911{
4912
4913[ CUST_CMT_NEEDED -eq 1 ] && echo '
4914# nisLDAPattributeFromField : It specifies how an LDAP attribute
4915# value is derived from a NIS entries field values.
4916#
4917# The format of nisLDAPattributeFromField entry is :
4918# mapName ":" fieldattrspec *("," fieldattrspec )
4919' >> $MAP_FILE
4920
4921# List all the default entries anyway.
4922list_default_nisLDAPattributeFromField
4923
4924# List all the non-default auto.* and custom maps.
4925list_auto_and_custom_nisLDAPattributeFromField
4926
4927echo "
4928#
4929#------------------------------------------------------------------------------
4930#
4931" >> $MAP_FILE
4932}
4933
4934
4935#
4936# List all the default nisLDAPattributeFromField entries
4937#
4938list_default_nisLDAPfieldFromAttribute()
4939{
4940echo '
4941# Describe how named fields are mapped from DIT entries.
4942
4943# audit_user
4944nisLDAPfieldFromAttribute audit_user: \
4945			("uid=%s,*", rf_key)=dn, \
4946			("uid=%s,*", name)=dn, \
4947			alwaysAuditFlags=SolarisAuditAlways, \
4948			neverAuditFlags=SolarisAuditNever
4949
4950# auto.home
4951nisLDAPfieldFromAttribute auto.home: \
4952			rf_key=automountKey, \
4953			value=automountInformation
4954
4955# auto.master
4956nisLDAPfieldFromAttribute auto.master: \
4957			rf_key=automountKey, \
4958			value=automountInformation
4959
4960# auth_attr
4961nisLDAPfieldFromAttribute auth_attr: \
4962			rf_key=cn, \
4963			name=cn, \
4964			res1=SolarisAttrReserved1, \
4965			res2=SolarisAttrReserved2, \
4966			short_desc=SolarisAttrShortDesc, \
4967			long_desc=SolarisAttrLongDesc, \
4968			attrs=SolarisAttrKeyValue
4969
4970# Exec_attr. Because of messy NIS keys special handlind is required here
4971nisLDAPfieldFromAttribute exec_attr: \
4972			rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \
4973				solarisProfileId), \
4974			name=cn, \
4975			policy=SolarisKernelSecurityPolicy, \
4976			type=SolarisProfileType, \
4977			res1=SolarisAttrReserved1, \
4978			res2=SolarisAttrReserved2, \
4979			id=SolarisProfileId, \
4980			attrs=SolarisAttrKeyValue
4981
4982
4983# ethers
4984nisLDAPfieldFromAttribute ethers.byname: \
4985			rf_key=cn
4986nisLDAPfieldFromAttribute ethers.byaddr: \
4987			rf_key=macAddress
4988nisLDAPfieldFromAttribute ethers: \
4989			name=cn, \
4990			addr=macAddress, \
4991			rf_comment=description
4992
4993# bootparams. Must be done after ethers
4994nisLDAPfieldFromAttribute bootparams: \
4995			rf_key=cn, \
4996			params=("%s ", (bootParameter), " ")
4997' >> $MAP_FILE
4998
4999# group syntax is different when group.adjunct map is present.
5000# So, need to handle the various possibilities
5001
5002_MAP=group.adjunct.byname
5003
5004if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5005then
5006
5007  # Just put the group.adjunct syntax in comment form
5008
5009  echo '# group
5010nisLDAPfieldFromAttribute group.byname: \
5011			rf_key=cn
5012nisLDAPfieldFromAttribute group.bygid: \
5013                        rf_key=gidNumber
5014nisLDAPfieldFromAttribute group: \
5015                        gid=gidNumber, \
5016                        name=cn, \
5017			("{crypt}%s", passwd)=userPassword, \
5018			users=("%s,", (memberUid), ",")
5019
5020#
5021# If you are using group.adjunct, comment the group section above
5022# and uncomment the following group and group.adjunct section
5023#
5024# group
5025#nisLDAPfieldFromAttribute group.byname: \
5026#			rf_key=cn
5027#nisLDAPfieldFromAttribute group.bygid: \
5028#			rf_key=gidNumber
5029#nisLDAPfieldFromAttribute group: \
5030#			gid=gidNumber, \
5031#			name=cn, \
5032#			passwd=("#$%s", cn), \
5033#			users=("%s,", (memberUid), ",")
5034
5035# group.adjunct
5036#nisLDAPfieldFromAttribute group.adjunct.byname: \
5037#			rf_key=cn, \
5038#			name=cn, \
5039#			("{crypt}%s", passwd)=userPassword
5040' >> $MAP_FILE
5041
5042else
5043
5044  # Find the domains in which group.adjunct map exists.
5045  find_domains $_MAP DEF_MAPS
5046
5047  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5048  then
5049
5050    # All the domains have group.adjunct map.
5051
5052
5053    echo '# group
5054#nisLDAPfieldFromAttribute group.byname: \
5055#			rf_key=cn
5056#nisLDAPfieldFromAttribute group.bygid: \
5057#                        rf_key=gidNumber
5058#nisLDAPfieldFromAttribute group: \
5059#                        gid=gidNumber, \
5060#                        name=cn, \
5061#			("{crypt}%s", passwd)=userPassword, \
5062#			users=("%s,", (memberUid), ",")
5063
5064#
5065# If you are not using group.adjunct, comment the group section above
5066# and uncomment the following group and group.adjunct sections
5067#
5068# group
5069nisLDAPfieldFromAttribute group.byname: \
5070			rf_key=cn
5071nisLDAPfieldFromAttribute group.bygid: \
5072			rf_key=gidNumber
5073nisLDAPfieldFromAttribute group: \
5074			gid=gidNumber, \
5075			name=cn, \
5076			passwd=("#$%s", cn), \
5077			users=("%s,", (memberUid), ",")
5078
5079#
5080# group.adjunct
5081nisLDAPfieldFromAttribute group.adjunct.byname: \
5082			rf_key=cn, \
5083			name=cn, \
5084			("{crypt}%s", passwd)=userPassword
5085' >> $MAP_FILE
5086
5087  else
5088    # Not every domain has group.adjunct map.
5089
5090    echo "# group" >> $MAP_FILE
5091
5092    for _DMN in $PRESENT_IN_DOMAINS
5093    do
5094
5095      echo "\
5096nisLDAPfieldFromAttribute group.byname,${_DMN}: \\
5097			rf_key=cn
5098nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\
5099			rf_key=gidNumber
5100nisLDAPfieldFromAttribute group,${_DMN}: \\
5101			gid=gidNumber, \\
5102			name=cn, \\
5103			passwd=(\"#$%s\", cn), \\
5104			users=(\"%s,\", (memberUid), \",\")
5105" >> $MAP_FILE
5106    done
5107
5108    # Now put the generic group syntax. We do not need to
5109    # append the domain name here.
5110
5111    echo '
5112nisLDAPfieldFromAttribute group.byname: \
5113			rf_key=cn
5114nisLDAPfieldFromAttribute group.bygid: \
5115                        rf_key=gidNumber
5116nisLDAPfieldFromAttribute group: \
5117                        gid=gidNumber, \
5118                        name=cn, \
5119			("{crypt}%s", passwd)=userPassword, \
5120			users=("%s,", (memberUid), ",")
5121' >> $MAP_FILE
5122
5123    # Now we need to put the group.adjunct syntax for domains
5124    # in which this map exists.
5125
5126    echo "#
5127# group.adjunct
5128# " >> $MAP_FILE
5129
5130    for _DMN in $PRESENT_IN_DOMAINS
5131    do
5132
5133      echo "\
5134nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\
5135			rf_key=cn, \\
5136			name=cn, \\
5137			(\"{crypt}%s\", passwd)=userPassword
5138" >> $MAP_FILE
5139
5140    done
5141
5142  fi
5143
5144fi
5145
5146echo '
5147# hosts
5148nisLDAPfieldFromAttribute hosts.byaddr: \
5149                        rf_ipkey=ipHostNumber
5150nisLDAPfieldFromAttribute hosts.byname: \
5151			(rf_key)=(cn)
5152nisLDAPfieldFromAttribute hosts: \
5153			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5154                        addr=ipHostNumber, \
5155			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5156                        rf_comment=description
5157
5158nisLDAPfieldFromAttribute multihosts: \
5159			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5160			(rf_key)=("YP_MULTI_%s", cn), \
5161			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5162			rf_comment=description, \
5163			(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5164				(ipHostNumber=*.*))", yp:canonicalName)), \
5165			addr=("%s,", (yp:tmp), ",")
5166
5167# ipnodes
5168nisLDAPfieldFromAttribute ipnodes.byaddr: \
5169                        rf_ipkey=ipHostNumber
5170nisLDAPfieldFromAttribute ipnodes.byname: \
5171			("cn=%s+ipHostNumber=*", rf_key)=dn
5172nisLDAPfieldFromAttribute ipnodes: \
5173			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5174                        addr=ipHostNumber, \
5175			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5176                        rf_comment=description
5177
5178nisLDAPfieldFromAttribute multiipnodes: \
5179			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5180			(rf_key)=("YP_MULTI_%s", cn), \
5181			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5182			rf_comment=description, \
5183			(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5184				(ipHostNumber=*:*))", yp:canonicalName)), \
5185			addr=("%s,", (yp:tmp), ",")
5186
5187#mail.aliases
5188nisLDAPfieldFromAttribute mail.aliases: \
5189			rf_key=mail, \
5190			addresses= ("%s,", (mgrprfc822mailmember), ","), \
5191			rf_comment=description
5192
5193#mail.mapping
5194nisLDAPfieldFromAttribute mail.mapping: \
5195			rf_key=mgrprfc822mailmember, \
5196			address=mail, \
5197			rf_comment=description
5198
5199# netgroup.
5200nisLDAPfieldFromAttribute netgroup: \
5201			rf_key=cn, \
5202			(group)=(memberNisNetgroup), \
5203			("(%s,%s,%s)", host, user, domain)= \
5204						(nisNetgroupTriple), \
5205			rf_comment=description
5206
5207# netid.pass
5208nisLDAPfieldFromAttribute netid.pass: \
5209			number=uidNumber, \
5210			(tmp)=("%s", gidNumber:ou=group,?one?\
5211				("memberUid=%s", ldap:uid)), \
5212			sgid=("%s,", (yp:tmp) - gidNumber, ","), \
5213			data=("%s,%s", gidNumber, yp:sgid), \
5214			data=gidNumber, \
5215			(rf_key)=("unix.%s@%s", yp:number, yp:rf_domain)
5216
5217# netid.host
5218nisLDAPfieldFromAttribute netid.host: \
5219			("cn=%s+ipHostNumber=*", data)=dn, \
5220			number=("0"), \
5221			(rf_key)=("unix.%s@%s", yp:data, yp:rf_domain)
5222
5223# netmasks.byaddr
5224nisLDAPfieldFromAttribute netmasks.byaddr: \
5225			("ipNetworkNumber=%s,*", rf_ipkey)=dn, \
5226			mask=ipNetmaskNumber, \
5227			rf_comment=description
5228
5229# networks.
5230nisLDAPfieldFromAttribute networks.byname: \
5231			(rf_key)=(cn)
5232nisLDAPfieldFromAttribute networks.byaddr: \
5233			("ipNetworkNumber=%s,*", rf_key)=dn
5234nisLDAPfieldFromAttribute networks: \
5235			name=cn, \
5236			aliases=("%s ", (cn) - yp:name, " "), \
5237			number=ipNetworkNumber, \
5238			rf_comment=description
5239' >> $MAP_FILE
5240
5241# passwd syntax is different when passwd.adjunct map is present.
5242# So, need to handle the various possibilities
5243
5244_MAP=passwd.adjunct.byname
5245
5246if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5247then
5248
5249  # Just put the passwd.adjunct syntax in comment form
5250
5251  echo '# passwd
5252nisLDAPfieldFromAttribute passwd.byname: \
5253			rf_key=uid
5254nisLDAPfieldFromAttribute passwd.byuid: \
5255			rf_key=uidNumber
5256nisLDAPfieldFromAttribute passwd: \
5257			name=uid, \
5258			uid=uidNumber, \
5259			("{crypt}%s", passwd)=userPassword, \
5260			gid=gidNumber, \
5261			gecos=gecos, \
5262			home=homeDirectory, \
5263			shell=loginShell
5264
5265#
5266# If you are using passwd.adjunct, comment the passwd section above
5267# and uncomment the following passwd and passwd.adjunct sections
5268#
5269# passwd
5270#nisLDAPfieldFromAttribute passwd.byname: \
5271#			rf_key=uid
5272#nisLDAPfieldFromAttribute passwd.byuid: \
5273#			rf_key=uidNumber
5274#nisLDAPfieldFromAttribute passwd: \
5275#			name=uid, \
5276#			uid=uidNumber, \
5277#			passwd=("##%s", uid), \
5278#			gid=gidNumber, \
5279#			gecos=gecos, \
5280#			home=homeDirectory, \
5281#			shell=loginShell
5282
5283# passwd.adjunct
5284#nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5285#			rf_key=uid, \
5286#			name=uid, \
5287#			("{crypt}%s", passwd)=userPassword
5288' >> $MAP_FILE
5289
5290else
5291
5292  # Find the domains in which passwd.adjunct map exists.
5293  find_domains $_MAP DEF_MAPS
5294
5295  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5296  then
5297
5298    # All the domains have passwd.adjunct map. So, put the right
5299    # passwd syntax and comment-in the passwd.adjunct syntax.
5300
5301
5302    echo '# passwd
5303#nisLDAPfieldFromAttribute passwd.byname: \
5304#			rf_key=uid
5305#nisLDAPfieldFromAttribute passwd.byuid: \
5306#			rf_key=uidNumber
5307#nisLDAPfieldFromAttribute passwd: \
5308#			name=uid, \
5309#			uid=uidNumber, \
5310#			("{crypt}%s", passwd)=userPassword, \
5311#			gid=gidNumber, \
5312#			gecos=gecos, \
5313#			home=homeDirectory, \
5314#			shell=loginShell
5315
5316#
5317# If you are not using passwd.adjunct, uncomment the passwd section
5318# above and comment the following passwd and passwd.adjunct sections
5319#
5320# passwd
5321nisLDAPfieldFromAttribute passwd.byname: \
5322			rf_key=uid
5323nisLDAPfieldFromAttribute passwd.byuid: \
5324			rf_key=uidNumber
5325nisLDAPfieldFromAttribute passwd: \
5326			name=uid, \
5327			uid=uidNumber, \
5328			passwd=("##%s", uid), \
5329			gid=gidNumber, \
5330			gecos=gecos, \
5331			home=homeDirectory, \
5332			shell=loginShell
5333
5334#
5335# passwd.adjunct Must follow passwd
5336#
5337nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5338			rf_key=uid, \
5339			name=uid, \
5340			("{crypt}%s", passwd)=userPassword
5341' >> $MAP_FILE
5342
5343  else
5344    # Not every domain has passwd.adjunct map.
5345
5346    # First put the password syntax with domain name for domains
5347    # in which passwd.adjunct exists.
5348
5349    echo "# passwd" >> $MAP_FILE
5350
5351    for _DMN in $PRESENT_IN_DOMAINS
5352    do
5353
5354      echo "\
5355nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\
5356			rf_key=uid
5357nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\
5358			rf_key=uidNumber
5359nisLDAPfieldFromAttribute passwd,${_DMN}: \\
5360			name=uid, \\
5361			uid=uidNumber, \\
5362			passwd=(\"##%s\", uid), \\
5363			gid=gidNumber, \\
5364			gecos=gecos, \\
5365			home=homeDirectory, \\
5366			shell=loginShell
5367" >> $MAP_FILE
5368    done
5369
5370    # Now put the other passwd syntax. We do not need to
5371    # append the domain name here.
5372
5373    echo '
5374nisLDAPfieldFromAttribute passwd.byname: \
5375			rf_key=uid
5376nisLDAPfieldFromAttribute passwd.byuid: \
5377			rf_key=uidNumber
5378nisLDAPfieldFromAttribute passwd: \
5379			name=uid, \
5380			uid=uidNumber, \
5381			("{crypt}%s", passwd)=userPassword, \
5382			gid=gidNumber, \
5383			gecos=gecos, \
5384			home=homeDirectory, \
5385			shell=loginShell
5386' >> $MAP_FILE
5387
5388    # Now we need to put the passwd.adjunct syntax for domains
5389    # in which this map exists.
5390
5391    echo "#
5392# passwd.adjunct Must follow passwd
5393# " >> $MAP_FILE
5394
5395    for _DMN in $PRESENT_IN_DOMAINS
5396    do
5397
5398      echo "\
5399nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\
5400			rf_key=uid, \\
5401			name=uid, \\
5402			(\"{crypt}%s\", passwd)=userPassword
5403" >> $MAP_FILE
5404
5405    done
5406
5407  fi
5408
5409fi
5410
5411echo '
5412# This map is never created but yppasswd uses the mapping to extract password
5413# ageing information from the DIT.
5414nisLDAPfieldFromAttribute ageing.byname: \
5415			rf_key=uid, \
5416			name=uid, \
5417			lastchg=shadowLastChange, \
5418			min=shadowMin, \
5419			max=shadowMax, \
5420			warn=shadowWarning, \
5421			inactive=shadowInactive, \
5422			expire=shadowExpire, \
5423			flag=shadowFlag
5424
5425# printers.conf.byname
5426nisLDAPfieldFromAttribute printers.conf.byname: \
5427			rf_key=printer-uri, \
5428			names=("%s|", (printer-aliases), "|"), \
5429			bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \
5430			kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \
5431			values=("%s:%s", yp:bsdaddr, yp:kvps), \
5432			values=("%s:", yp:bsdaddr), \
5433			values=yp:kvps, \
5434                        rf_comment=description
5435
5436# prof_attr
5437nisLDAPfieldFromAttribute prof_attr: \
5438			rf_key=cn, \
5439			name=cn, \
5440			res1=SolarisAttrReserved1, \
5441			res2=SolarisAttrReserved2, \
5442			desc=SolarisAttrLongDesc, \
5443			attrs=SolarisAttrKeyValue
5444
5445# project
5446nisLDAPfieldFromAttribute project.byname: \
5447			rf_key=SolarisProjectName
5448nisLDAPfieldFromAttribute project.byprojid: \
5449			rf_key=SolarisProjectID
5450nisLDAPfieldFromAttribute project: \
5451			name=SolarisProjectName, \
5452			projID=SolarisProjectID, \
5453			comment=description, \
5454			users=("%s,", (memberUid), ","), \
5455			groups=("%s,", (memberGid), ","), \
5456			attrs=("%s;", (SolarisProjectAttr), ";")
5457
5458# protocols
5459nisLDAPfieldFromAttribute protocols.byname: \
5460			("cn=%s,*", rf_key)=dn, \
5461			(rf_key)=(cn)
5462nisLDAPfieldFromAttribute protocols.bynumber: \
5463                        rf_key=ipProtocolNumber, \
5464                        rf_comment=description
5465nisLDAPfieldFromAttribute protocols: \
5466			("cn=%s,*", name)=dn, \
5467                        number=ipProtocolNumber, \
5468                        aliases=("%s ", (cn) - yp:name, " ")
5469
5470# rpc.bynumber
5471nisLDAPfieldFromAttribute rpc.bynumber: \
5472			rf_key=oncRpcNumber, \
5473			number=oncRpcNumber, \
5474			("cn=%s,*", name)=dn, \
5475                        aliases=("%s ", (cn) - yp:name, " "), \
5476			rf_comment=description
5477
5478# services
5479nisLDAPfieldFromAttribute services.byname: \
5480			rf_key = ("%s/%s", ipServicePort, ipServiceProtocol)
5481nisLDAPfieldFromAttribute services.byservicename: \
5482			(rf_key)=("%s/%s", cn, ipServiceProtocol), \
5483			(rf_key)=(cn)
5484nisLDAPfieldFromAttribute services: \
5485			("cn=%s+ipServiceProtocol=*", name)=dn, \
5486     			protocol=ipServiceProtocol, \
5487     			port=ipServicePort, \
5488                        aliases=("%s ", (cn) - yp:name, " "), \
5489                        rf_comment=description
5490
5491# timezone.byname
5492nisLDAPfieldFromAttribute timezone.byname: \
5493			rf_key=cn, \
5494			hostName=cn, \
5495			zoneName=nisplusTimeZone, \
5496			rf_comment=description
5497
5498# user_attr
5499nisLDAPfieldFromAttribute user_attr: \
5500			("uid=%s,*", rf_key)=dn, \
5501			("uid=%s,*", user)=dn, \
5502			qualifier=SolarisUserAttr, \
5503			res1=SolarisUserReserved1, \
5504			res2=SolarisUserReserved2, \
5505			attrs=SolarisAttrKeyValue
5506
5507# publickey.byname
5508nisLDAPfieldFromAttribute keys.host: \
5509			("cn=%s+ipHostNumber=*", cname)=dn, \
5510			rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \
5511			publicKey=nisPublicKey, \
5512			secretKey=nisSecretKey
5513
5514nisLDAPfieldFromAttribute keys.pass: \
5515			rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \
5516			publicKey=nisPublicKey, \
5517			secretKey=nisSecretKey
5518
5519nisLDAPfieldFromAttribute keys.nobody: \
5520			rf_key=uid, \
5521			publicKey=nisPublicKey, \
5522			secretKey=nisSecretKey
5523
5524# ypservers. This derived from IPlanet implementation not RFC.
5525nisLDAPfieldFromAttribute ypservers: \
5526			rf_key=cn
5527' >> $MAP_FILE
5528}
5529
5530
5531#
5532# List all the non-default auto.* and custom maps.
5533#
5534list_auto_and_custom_nisLDAPfieldFromAttribute()
5535{
5536
5537# auto.* entries are easy.
5538if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
5539  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
5540fi
5541
5542for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
5543do
5544  echo "\
5545# ${_MAP}
5546nisLDAPfieldFromAttribute ${_MAP}: \\
5547                        rf_key=automountKey, \\
5548                        value=automountInformation
5549" >> $MAP_FILE
5550done
5551
5552# Since we do not have enough information to generate
5553# entries for other custom maps, best we can do is to
5554# log this map names and ask user to take care of them.
5555
5556ask_user_to_update_the_custom_map_entries_too
5557
5558}
5559
5560
5561#
5562# List mapping of named fields from DIT entries
5563#
5564create_nisLDAPfieldFromAttribute()
5565{
5566
5567[ CUST_CMT_NEEDED -eq 1 ] && echo '
5568# nisLDAPfieldFromAttribute : It specifies how a NIS entries
5569# field values  are derived from LDAP attribute values.
5570#
5571# The format of nisLDAPfieldFromAttribute is :
5572# mapName ":" fieldattrspec *("," fieldattrspec)
5573' >> $MAP_FILE
5574
5575# List all the default entries anyway.
5576list_default_nisLDAPfieldFromAttribute
5577
5578# List all the non-default auto.* and custom maps.
5579list_auto_and_custom_nisLDAPfieldFromAttribute
5580
5581echo "
5582#
5583#------------------------------------------------------------------------------
5584#
5585" >> $MAP_FILE
5586}
5587
5588
5589
5590# Main function for creating the mapping file
5591create_mapping_file()
5592{
5593# Ask user the list of domains to be served by N2L
5594create_n2l_domain_list
5595
5596# If there are no N2L domains or none selected, then exit
5597if [ $N2L_DMN_CNT -eq 0 ]; then
5598  echo "There are no domains to serve. No mapping file generated."
5599  return 1
5600fi
5601
5602while :
5603do
5604  get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}"
5605
5606  # If help continue, otherwise break.
5607  case "$ANS" in
5608    [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;;
5609                         * ) break ;;
5610  esac
5611done
5612
5613MAP_FILE=${ANS}
5614[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE
5615
5616# Backup existing mapping file if selected
5617check_back_mapping_file
5618
5619# To prevent from leaving a partial mapping file in case some error
5620# or signal takes place which might result in machine starting in N2L
5621# mode at next reboot, store the output being generated in a temporary
5622# file first, and move it at the final destination only at the end if
5623# everything goes fine.
5624
5625_MAP_FILE=$MAP_FILE
5626MAP_FILE=${TMPDIR}/${TMPMAP}.$$
5627
5628echo "Generating mapping file temporarily as \"${MAP_FILE}\""
5629
5630# Place copyright information
5631put_mapping_file_copyright_info
5632
5633
5634# Prepare various map lists for each domain
5635create_map_lists
5636
5637# List domains and contexts
5638get_nisLDAPdomainContext
5639
5640# List domains for which passwords should be changed
5641get_nisLDAPyppasswddDomains
5642
5643# List databaseId mappings (aliases)
5644create_nisLDAPdatabaseIdMapping
5645
5646# List comment character for maps
5647create_nisLDAPcommentChar
5648
5649# List SECURE and INTERDOMAIN flags
5650create_nisLDAPmapFlags
5651
5652# List TTL values
5653 create_nisLDAPentryTtl
5654
5655# List name fields
5656create_nisLDAPnameFields
5657
5658# List split fields and repeated fields seperators.
5659create_split_field_and_repeatedfield_seperators
5660
5661# List association of maps with RDNs and object classes.
5662create_nisLDAPobjectDN
5663
5664# List mapping of named fields to DIT entries
5665create_nisLDAPattributeFromField
5666
5667# List mapping of named fields from DIT entries
5668create_nisLDAPfieldFromAttribute
5669
5670
5671# We are done, so move back the mapping file from temp. location
5672# to actual location.
5673# In case the mapping file name has a directory component which does
5674# not exist, then create it now, otherwise 'mv' will return error.
5675
5676DIR_TO_CREATE=`dirname ${_MAP_FILE}`
5677mkdir -p ${DIR_TO_CREATE}
5678
5679echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)"
5680mv $MAP_FILE $_MAP_FILE
5681
5682# Revert back the mapping file name in case needed.
5683MAP_FILE=$_MAP_FILE
5684echo "Finished creation of mapping file ( $MAP_FILE )"
5685
5686}
5687
5688
5689#
5690# Main function for creating config file (ypserv)
5691#
5692process_config_file()
5693{
5694# Ask for confirmation if the file name is not specified.
5695
5696if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then
5697  display_msg no_config_file_name_specified
5698
5699  get_confirm_nodef "Do you want to create the config file (y/n) ?"
5700
5701  [ $? -eq 0 ] && return 0
5702
5703  while :
5704  do
5705    get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}"
5706
5707    # If help continue, otherwise break.
5708    case "$ANS" in
5709      [Hh] | help | Help | \?) display_msg new_config_file_name_help ;;
5710                           * ) break ;;
5711    esac
5712  done
5713
5714  CONFIG_FILE=${ANS}
5715  [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE
5716
5717fi
5718
5719# Backup existing config file if selected
5720check_back_config_file
5721
5722# Create config file
5723create_config_file
5724}
5725
5726
5727#
5728# Main function for creating mapping file (NISLDAPmapping)
5729#
5730process_mapping_file()
5731{
5732# Ask for confirmation if the file name is not specified.
5733
5734if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then
5735  display_msg no_mapping_file_name_specified
5736
5737  get_confirm_nodef "Do you want to create the mapping file (y/n) ?"
5738
5739  [ $? -eq 0 ] && return 0
5740
5741
5742fi
5743
5744# Create mapping file
5745create_mapping_file
5746}
5747
5748###########################################
5749###########	   MAIN		###########
5750###########################################
5751
5752PROG=`basename $0`	# Program name
5753ABS_PROG=$0		# absolute path needed
5754
5755# Only superuser should be able to run this script.
5756is_root_user
5757if [ $? -ne 0 ]; then
5758  echo "ERROR : Only root can run $PROG"
5759  exit 1
5760fi
5761
5762# Initialize things
5763init
5764
5765# Parse command line arguments.
5766parse_arg $*
5767
5768# Create config file (ypserv)
5769process_config_file
5770
5771# Create mapping file (NISLDAPmapping).
5772process_mapping_file
5773
5774# Cleanup temp files and directories unless debug.
5775[ $DEBUG -eq 0 ] && cleanup
5776
5777exit 0
5778