xref: /titanic_50/usr/src/cmd/ypcmd/yp2lscripts/inityp2l.sh (revision 753a6d457b330b1b29b2d3eefcd0831116ce950d)
1#! /usr/bin/ksh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# ident	"%Z%%M%	%I%	%E% SMI"
24#
25# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
26# Use is subject to license terms.
27#
28# inityp2l -- Utility to generate YP (NIS) to LDAP
29#             configuration file (/etc/default/ypserv)
30#             and mapping file (/var/yp/NISLDAPmapping)
31#
32
33
34
35#
36# Displays message corresponding to the argument tag passed.
37#
38display_msg()
39{
40    case "$1" in
41    usage) cat <<EOF
42
43 $PROG:  [ -m mapping_file ] [ -c config_file ]
44   m <mapping_file> Name of the generated NISLDAP mapping file
45                    Default is /var/yp/NISLDAPmapping
46   c <config_file>  Name of the generated ypserv configuration file
47                    Default is /etc/default/ypserv
48
49EOF
50    ;;
51    no_config_file_name_specified) cat <<EOF
52
53You have not specified the config file name. You still have the
54option to skip creating this file, specify a config file name, or
55continue creating it with the default file name (${CONFIG_FILE}).
56
57EOF
58    ;;
59    no_mapping_file_name_specified) cat <<EOF
60
61You have not specified the mapping file name. You still have the
62option to skip creating this file, specify a mapping file name, or
63continue creating it with the default file name (${MAP_FILE}).
64
65EOF
66    ;;
67    new_config_file_name_help) cat <<EOF
68
69You can either specify a new file name, or accept the default
70config file name (${CONFIG_FILE}). 
71
72It is recommended not to use the default file name since this
73script just helps with rapid creation of a config file. You
74should examine it's content before using it.
75
76EOF
77    ;;
78    new_mapping_file_name_help) cat <<EOF
79
80You can either specify a new file name, or accept the default
81mapping file name (${MAP_FILE}). 
82
83It is recommended not to use the default file name since this
84script just helps with rapid creation of a mapping file. You
85should examine it's content before using it. And if there are
86custom maps, then their entries in the mapping file need to be
87customized too.
88
89Also, creation of default mapping file would cause NIS components
90to work in NIS to LDAP (N2L), rather than traditional NIS, mode
91when next restarted.
92
93EOF
94    ;;
95    backup_config_file) cat <<EOF
96
97The config file "${CONFIG_FILE}" already exists. It is strongly
98recommended that you BACKUP this file before running $PROG.
99
100However, even if you continue, you would be given the option to
101back up this file before it gets overwritten.
102
103EOF
104    ;;
105    backup_mapping_file) cat <<EOF
106
107The mapping file "${MAP_FILE}" already exists. It is strongly
108recommended that you BACKUP this file before running $PROG.
109
110However, even if you continue, you would be given the option to
111back up this file before it gets overwritten.
112
113EOF
114    ;;
115    warn_n2l_mode) cat <<EOF
116
117Warning : Creation of default mapping file (`basename $MAP_FILE`)
118          at default location (`dirname $MAP_FILE`) would cause NIS
119          components to work in NIS to LDAP (N2L) mode, rather than
120          traditional NIS mode, when next restarted.
121
122          "$PROG" assists with rapid creation of a simple N2L mapping
123          file. The user should examine it's content before using it.
124          For custom maps, this file needs to be customized which can
125          be done using standard text editors.
126
127EOF
128    ;;
129    config_auth_method_menu) cat <<EOF
130    The following are the supported Authentication Methods -
131      1  none
132      2  simple
133      3  sasl/cram-md5
134      4  sasl/digest-md5
135EOF
136    ;;
137    auth_method_menu) cat <<EOF
138    The following are the supported Authentication Methods -
139      1  simple
140      2  sasl/cram-md5
141      3  sasl/digest-md5
142EOF
143    ;;
144    tls_method_menu) cat <<EOF
145    The following are the supported TLS Methods -
146      1  none
147      2  ssl
148EOF
149    ;;
150    retrieve_error_action_menu) cat <<EOF
151    The following are the supported actions -
152      1  use_cached
153      2  fail
154EOF
155    ;;
156    store_error_action_menu) cat <<EOF
157    The following are the supported actions -
158      1  retry
159      2  fail
160EOF
161    ;;
162    sorry) cat <<EOF
163
164HELP - No help is available for this topic.
165
166EOF
167    ;;
168    backup_config_file_cont_help) cat <<EOF
169
170HELP - Since $PROG will overwrite the existing config file, it is
171       strongly recommended that you backup this file prior to
172       running this utility.
173
174       However, even if you continue, you would be given the option
175       to back up this file before it gets overwritten.
176
177EOF
178    ;;
179    backup_config_file_help) cat <<EOF
180
181HELP - If you choose to backup the existing config file, it would be
182       saved with current date and time suffix in yymmdd.HH.MM.SS format.
183
184EOF
185    ;;
186    backup_mapping_file_cont_help) cat <<EOF
187
188HELP - Since $PROG will overwrite the existing mapping file, it is
189       strongly recommended that you backup this file prior to running
190       this utility.
191
192       However, even if you continue, you would be given the option to
193       back up this file before it gets overwritten.
194
195EOF
196    ;;
197    backup_mapping_file_help) cat <<EOF
198
199HELP - If you choose to backup the existing mapping file, it would be
200       saved with current date and time suffix in yymmdd.HH.MM.SS format.
201
202EOF
203    ;;
204    warn_n2l_mode_help) cat <<EOF
205
206HELP - It is strongly recommended that the mapping file is created at
207       non-default location (other than `dirname $MAP_FILE`). After this,
208       it's content should be verified, custom maps should be handled,
209       and if NIS components are desired to run in NIS to LDAP (N2L),
210       then only it should be copied at the default location.
211
212EOF
213    ;;
214    nisLDAPconfigDN_help) cat <<EOF
215
216HELP - The DN which stores the configuration information in LDAP.
217       There is no default value for this field. Leave empty or
218       undefined to get this information from config file (ypserv).
219
220EOF
221    ;;
222    nisLDAPconfigPreferredServerList_help) cat <<EOF
223
224HELP - List of directory servers to provide the configuration
225       information. There is no default. The preferred servers
226       must be entered IN THE ORDER you wish to have them contacted.
227       The preferred server list is a space separated list of IP
228       addresses. Providing port numbers is optional, and when not
229       supplied, port 389 is assumed. For an LDAP server running
230       on this machine, at port 389, use "127.0.0.1:389".
231
232EOF
233    ;;
234    auth_help) cat <<EOF
235
236HELP - The authentication method to be used to obtain information
237       from LDAP server. The supported methods are provided in menu.
238
239EOF
240    ;;
241    tls_help) cat <<EOF
242
243HELP - The transport layer security used for connection to the LDAP
244       server. In order to successfully use transport layer security,
245       the server must also support the chosen values. The supported
246       methods are provided in menu. Default is "$DEF_TLS".
247
248EOF
249    ;;
250    TLSCertificateDBPath_help) cat <<EOF
251
252HELP - The absolute path name of the file containing the certificate
253       database. The default value is "$DEF_TLSCertificateDBPath"
254
255EOF
256    ;;
257    nisLDAPconfigProxyUser_help) cat <<EOF
258
259HELP - The bind DN of the proxy user used to obtain configuration
260       information. There is no default value. If the value ends
261       with a comma, the value of the nisLDAPconfigDN attribute
262       is appended.
263
264EOF
265    ;;
266    ProxyPassword_warn) cat <<EOF
267
268Warning : In order to avoid having this password publicly visible
269          on the machine, the password should appear only in the
270          configuration file, and the file should have an appropriate
271          owner, group, and file mode.
272
273          So, once this file is ready, please modify appropriately
274          to make sure this file is well protected.
275
276EOF
277    ;;
278    preferredServerList_help) cat <<EOF
279
280HELP - List of directory servers for mapping data to/from LDAP.
281       There is no default. The preferred servers must be entered
282       IN THE ORDER you wish to have them contacted. The preferred
283       server list is a space separated list of IP addresses.
284       Providing port numbers is optional, and when not supplied,
285       port 389 is assumed. For an LDAP server running on this
286       machine, at port 389, use "127.0.0.1:389".
287
288EOF
289    ;;
290    nisLDAPproxyUser_help) cat <<EOF
291
292HELP - The bind DN of the proxy user the ypserv to read or write
293       from or to LDAP. Assumed to have the appropriate permission
294       to read and modify LDAP data. There is no default value. If
295       the value ends with a comma, the value of the context for
296       the current domain (as defined by a nisLDAPdomainContext
297       attribute (NISLDAPmapping(4))) is appended.
298
299EOF
300    ;;
301    nisLDAPbindTimeout_help) cat <<EOF
302
303HELP - The amount of time in seconds after which an LDAP bind operation
304       will timeout. Default is $DEF_nisLDAPbindTimeout seconds.
305       Decimal values are allowed.
306
307EOF
308    ;;
309    nisLDAPsearchTimeout_help) cat <<EOF
310
311HELP - The amount of time in seconds after which an LDAP search operation
312       will timeout. Default is $DEF_nisLDAPsearchTimeout seconds.
313       Decimal values are allowed.
314
315EOF
316    ;;
317    nisLDAPmodifyTimeout_help) cat <<EOF
318
319HELP - The amount of time in seconds after which an LDAP modify operation
320       will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds.
321       Decimal values are allowed.
322
323EOF
324    ;;
325    nisLDAPaddTimeout_help) cat <<EOF
326
327HELP - The amount of time in seconds after which an LDAP add operation
328       will timeout. Default is $DEF_nisLDAPaddTimeout seconds.
329       Decimal values are allowed.
330
331EOF
332    ;;
333    nisLDAPdeleteTimeout_help) cat <<EOF
334
335HELP - The amount of time in seconds after which an LDAP delete operation
336       will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds.
337       Decimal values are allowed.
338
339EOF
340    ;;
341    nisLDAPsearchTimeLimit_help) cat <<EOF
342
343HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which
344       suggests a time limit for the search operation on the LDAP
345       server. The server may impose its own constraints on possible
346       values. See your LDAP server documentation. The default is the
347       nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value.
348       Only integer values are allowed.
349
350       Since the nisLDAPsearchTimeout limits the amount of time the
351       client ypserv will wait for completion of a search operation,
352       setting the nisLDAPsearchTimeLimit larger than the
353       nisLDAPsearchTimeout is not recommended.
354
355EOF
356    ;;
357    nisLDAPsearchSizeLimit_help) cat <<EOF
358
359HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which
360       suggests a size limit, in bytes, for the search results on
361       the LDAP server. The server may impose its own constraints
362       on possible values. See your LDAP server documentation. The
363       default is $DEF_nisLDAPsearchSizeLimit, which means unlimited.
364       Only integer values are allowed.
365
366EOF
367    ;;
368    nisLDAPfollowReferral_help) cat <<EOF
369
370HELP - Determines if the ypserv should follow referrals or not.
371       Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral.
372
373EOF
374    ;;
375    nisLDAPretrieveErrorAction_help) cat <<EOF
376
377HELP - If an error occurs while trying to retrieve an entry from
378       LDAP, one of the following actions can be selected:
379
380       use_cached : Retry the retrieval the number of time specified
381                    by nisLDAPretrieveErrorAttempts, with the
382                    nisLDAPretrieveErrorTimeout value controlling
383                    the wait between each attempt.
384
385                    If all attempts fail then log a warning and
386                    return the value currently in the cache to the
387                    client.  This is the default value.
388
389       fail       : Proceed as for 'use_cached' but if all attempts
390                    fail return a YPERR_YPERR error to the client.
391
392EOF
393    ;;
394    nisLDAPretrieveErrorAttempts_help) cat <<EOF
395
396HELP - The number of times a failed retrieval should be retried.
397       The default is unlimited. Note while retries are made, the
398       NIS daemon will be prevented from servicing further requests.
399       Hence, values other than 1 should be used with caution.
400
401EOF
402    ;;
403    nisLDAPretrieveErrorTimeout_help) cat <<EOF
404
405HELP - The timeout (in seconds) between each new attempt to retrieve
406       LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds.
407
408EOF
409    ;;
410    nisLDAPstoreErrorAction_help) cat <<EOF
411
412HELP - If an error occurs while trying to store data to the LDAP
413       repository, one of the following actions can be selected :
414
415       retry : Retry operation nisLDAPstoreErrorAttempts times with
416               nisLDAPstoreErrorTimeout seconds between each attempt.
417               Note while retries are made the NIS daemon will be
418               prevented from servicing further requests. Use with
419               caution. This is the default value.
420
421       fail  : Return YPERR_YPERR error to the client.
422
423EOF
424    ;;
425    nisLDAPstoreErrorAttempts_help) cat <<EOF
426
427HELP - The number of times a failed attempt to store data to the
428       LDAP repository should be retried. The default is unlimited.
429
430       The value for nisLDAPstoreErrorAttempts is ignored unless
431       nisLDAPstoreErrorAction=retry.
432
433EOF
434    ;;
435    nisLDAPstoreErrorTimeout_help) cat <<EOF
436
437HELP - The timeout (in seconds) between each new attempt to store
438       LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds.
439
440       The value for nisLDAPstoreErrorTimeout is ignored unless
441       nisLDAPstoreErrorAction=retry.
442
443EOF
444    ;;
445    selectDomain4N2L_help) cat <<EOF
446
447HELP - Whether this domain needs to be served by YP to LDAP transition
448       solution. The default is no in which case the data in this
449       domain would not be taken care for transitioning to LDAP.
450
451EOF
452    ;;
453    generate_comment_info_for_cust_map_help) cat <<EOF
454
455HELP - If selected, this script will try to add relevant comments
456       in the mapping file which might help in customizing the
457       mapping information for custom maps.
458
459EOF
460    ;;
461    generate_mapping_info_for_cust_map_help) cat <<EOF
462
463HELP - If selected, this script will try to generate mapping
464       information for this map assuming it is a "simple" map.
465
466       A map is assumed to be "simple" if each entry of this map
467       has only one "key value" entry in YP, and if each map entry
468       can be represented as a single DIT string in the LDAP server.
469
470       If this map is not a simple map and you do want to store it
471       in LDAP, you have two options :
472
473       1 - Answer yes, and this script would generate the mapping
474           information for this map assuming it is a simple map.
475           And once the execution of the script is over, you can
476           customize the mapping information by hand editing the
477           mapping file.
478
479       2 - Answer no, and this script would not generate mapping
480           info for this map. And once the execution of the script
481           is over, you can include the customized mapping
482           information by hand editing the mapping file.
483
484EOF
485    ;;
486    nisLDAPdomainContext_help) cat <<EOF
487
488HELP - This parameter defines the context (default location) in
489       the directory tree at which all the name service entries
490       for this particular domain would be stored.
491
492EOF
493    ;;
494    nisLDAPyppasswddDomains_help) cat <<EOF
495
496HELP - Lists the domains for which password changes should be
497       made.  If this is not present then the value returned by
498       'domainname' will be used.
499
500       NIS password change requests do not specify the domains in
501       which any given password should be changed. (In traditional
502       NIS this information is effectively hard coded in the NIS
503       makefile.)
504
505EOF
506    ;;
507    custom_map_comment_char_help) cat <<EOF
508
509HELP - If selected, it will allow you to specify a character which
510       would represent the start of the special 'comment' field in
511       a given NIS map. If this attribute is not present then the
512       default comment character '#' is used.
513
514       If a map cannot contain comments then the blank comment
515       character ('') should be specified (just hit the return key).
516
517EOF
518    ;;
519    same_comment_char_help) cat <<EOF
520
521HELP - If selected, for a given map, it will allow you to specify
522       a common comment character for all the domains.
523
524       Or else by selecting NO, for the same map, you would be
525       given the option to specify different comment character
526       for different domains.
527
528EOF
529    ;;
530    secure_flag_on_help) cat <<EOF
531
532HELP - Secure flag is set on maps which are generated with
533       "makedbm -s". When converting data from LDAP to YP,
534       it adds YP_SECURE entries.
535       
536EOF
537    ;;
538    secure_flag_all_domains_help) cat <<EOF
539
540HELP - If selected, it will allow you to set the secure flag on
541       for this map for all the domains.
542
543       Or else by selecting NO, you would be given the option to
544       set this flag, for the same map, on per domain basis.
545
546EOF
547    ;;
548    interdomain_flag_on_help) cat <<EOF
549
550HELP - Interdomain flag is set on a set of maps which are generated
551       with "makedbm -b". It signals NIS servers to use the domain
552       name resolver for host name and address lookups for hosts
553       not found in the maps.
554
555       If selected, it adds YP_INTERDOMAIN entries in these maps
556       when converting data from LDAP to YP.
557       
558EOF
559    ;;
560    interdomain_flag_all_domains_help) cat <<EOF
561
562HELP - If selected, it will allow you to set the interdomain flag
563       on for all the domains.
564
565       Or else by selecting NO, you would be given the option to
566       set this flag on per domain basis.
567
568EOF
569    ;;
570    initialTTLlo_help) cat <<EOF
571
572HELP - The lower limit for the initial TTL (in seconds) for data
573       read from disk when the ypserv starts. If initialTTLhi also
574       is specified, the actual initialTTL will be randomly selected
575       from the interval initialTTLlo to initialTTLhi (inclusive).
576
577       Leaving the field empty yields the default value of $DEF_iTTLlo.
578
579EOF
580    ;;
581    initialTTLhi_help) cat <<EOF
582
583HELP - The upper limit for the initial TTL (in seconds).
584       If left empty, defaults to "$DEF_iTTLhi".
585
586EOF
587    ;;
588    runningTTL_help) cat <<EOF
589
590HELP - The TTL (in seconds) for data retrieved from LDAP while the
591       ypserv is running. If left empty, defaults to "$DEF_runTTL".
592
593EOF
594    ;;
595    default_ttl_help) cat <<EOF
596
597HELP - The default TTL value for each map is set to :
598       ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}
599
600       Select yes if you want to change the current TTL value.
601
602EOF
603    ;;
604    non_default_same_ttl_help) cat <<EOF
605
606HELP - Select yes if you want to set a new TTL value, but want
607       to keep it same for all the maps.
608      
609EOF
610    ;;
611    non_default_different_ttl_help) cat <<EOF
612
613HELP - Select yes if you want to set TTL value for each map, but
614       want to keep it same for all the domains.
615      
616EOF
617    ;;
618    default_different_ttl_help) cat <<EOF
619
620HELP - Select yes if you want to accept the default TTL
621       value for this map.
622      
623EOF
624    ;;
625    same_ttl_across_domains_help) cat <<EOF
626
627HELP - Select yes if you want to set TTL value for the map,
628       but want to keep it same for all the domains.
629
630EOF
631    ;;
632
633    esac
634}
635
636#
637# Echo the message passed only if DEBUG is set.
638# Reduces the line width significantly.
639#
640d_echo()
641{
642[ DEBUG -eq 1 ] && echo $@
643}
644
645
646#
647# get_ans(): gets an answer from the user.
648#		$1  instruction/comment/description/question
649#		$2  default value
650#
651get_ans()
652{
653    if [ -z "$2" ]
654    then
655	echo "$1 \c"
656    else
657	echo "$1 [$2] \c"
658    fi
659
660    read ANS
661    if [ -z "$ANS" ]
662    then
663	ANS=$2
664    fi
665}
666
667
668#
669# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
670#		$@  instruction/comment/description/question
671#
672get_ans_req()
673{
674    ANS=""                  # Set ANS to NULL.
675    while [ "$ANS" = "" ]
676    do
677	get_ans "$@"
678	[ "$ANS" = "" ] && echo "NULL value not allowed!"
679    done
680}
681
682
683#
684# get_integer(): Querys and verifies that number entered is integer.
685#                Function will repeat prompt user for integer value.
686#                $1  Message text.
687#                $2  default value.
688#                $3  Help argument.
689#
690get_integer()
691{
692    ANS=""                  # Set ANS to NULL.
693    NUM=""
694
695    get_ans "$1" "$2"
696
697    # Verify that value is integer.
698    while not_integer $ANS
699    do
700	case "$ANS" in
701	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
702	    * ) echo "Invalid value: \"${ANS}\". \c"
703	     ;;
704	esac
705
706	# Get a new value.
707	get_ans "Enter an integer value:" "$2"
708    done
709    NUM=$ANS
710}
711
712
713#
714# get_number(): Querys and verifies that number entered is numeric.
715#               Function will repeat prompt user for numeric value.
716#               $1  Message text.
717#	        $2  default value.
718#               $3  Help argument.
719#
720get_number()
721{
722    ANS=""                  # Set ANS to NULL.
723    NUM=""
724
725    get_ans "$1" "$2"
726
727    # Verify that value is numeric.
728    while not_numeric $ANS
729    do
730	case "$ANS" in
731	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
732	    * ) echo "Invalid value: \"${ANS}\". \c"
733	     ;;
734	esac
735
736	# Get a new value.
737	get_ans "Enter a numeric value:" "$2"
738    done
739    NUM=$ANS
740}
741
742
743#
744# get_pos_int(): Only allows positive integer.
745#
746#                   $1 - Prompt message.
747#                   $2 - Default value (require).
748#                   $3 - Optional help argument.
749get_pos_int()
750{
751    while :
752    do
753	get_integer "$1" "$2" "$3"
754
755	if [ $ANS -lt 0 ]; then
756	    echo "Invalid number: please enter a positive integer."
757	else
758	    break      # Positive integer
759	fi
760    done
761}
762
763
764#
765# get_pos_num(): Only allows positive number.
766#
767#                   $1 - Prompt message.
768#                   $2 - Default value (require).
769#                   $3 - Optional help argument.
770get_pos_num()
771{
772    while :
773    do
774	get_number "$1" "$2" "$3"
775
776	if [ $ANS -lt 0 ]; then
777	    echo "Invalid number: please enter a positive number."
778	else
779	    break      # Positive number
780	fi
781    done
782}
783
784
785#
786#
787# get_passwd(): Reads a password from the user and verify with second.
788#		$@  instruction/comment/description/question
789#
790get_passwd()
791{
792    [ $DEBUG -eq 1 ] && echo "In get_passwd()"
793
794    # Temporary PASSWD variables
795    _PASS1=""
796    _PASS2=""
797
798    # Handle signals, so that echo can be turned back on if Ctrl-C.
799    trap "/usr/bin/stty echo; exit" 1 2 3 6 15
800
801    /usr/bin/stty -echo     # Turn echo OFF
802
803    # Endless loop that continues until passwd and re-entered passwd
804    # match.
805    while :
806    do
807	ANS=""                  # Set ANS to NULL.
808
809	# Don't allow NULL for first try.
810	while [ "$ANS" = "" ]
811	do
812	    get_ans "$@"
813	    [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!"
814	done
815	_PASS1=$ANS         # Store first try.
816
817	# Get second try.
818	echo ""
819	get_ans "Re-enter passwd:"
820	_PASS2=$ANS
821
822	# Test if passwords are identical.
823	if [ "$_PASS1" = "$_PASS2" ]; then
824	    break
825	fi
826
827	# Move cursor down to next line and print ERROR message.
828	echo ""
829	echo "ERROR: passwords don't match; try again."
830    done
831
832    /usr/bin/stty echo      # Turn echo ON
833
834    # Removed signal handler
835    trap 1 2 3 6 15
836
837    echo ""
838}
839
840
841#
842# get_passwd_nochk(): Reads a password from the user w/o check.
843#		$@  instruction/comment/description/question
844#
845get_passwd_nochk()
846{
847    [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()"
848
849    # Handle signals, so that echo can be turned back on if Ctrl-C.
850    trap "/usr/bin/stty echo; exit" 1 2 3 6 15
851
852    /usr/bin/stty -echo     # Turn echo OFF
853
854    get_ans "$@"
855
856    /usr/bin/stty echo      # Turn echo ON
857
858    # Removed signal handler
859    trap 1 2 3 6 15
860
861    echo ""
862}
863
864
865#
866# get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
867#                $1 - Message
868#                $2 - default value.
869#
870get_confirm()
871{
872    _ANSWER=
873
874    while :
875    do
876	# Display Internal ERROR if $2 not set.
877	if [ -z "$2" ]; then
878	    echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
879	    exit 2
880	fi
881
882	# Display prompt.
883	echo "$1 [$2] \c"
884
885	# Get the ANSWER.
886	read _ANSWER
887	if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
888	    _ANSWER=$2
889	fi
890	case "$_ANSWER" in
891	    [Yy] | yes | Yes | YES) return 1 ;;
892	    [Nn] | no  | No  | NO)  return 0 ;;
893	    [Hh] | help | Help | \?) display_msg ${3:-sorry};;
894	    * ) echo "Please enter y or n."  ;;
895	esac
896    done
897}
898
899
900#
901# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
902#                      No default value supported. Returns 1 for yes.
903#
904get_confirm_nodef()
905{
906    _ANSWER=
907
908    while :
909    do
910	echo "$@ \c"
911	read _ANSWER
912	case "$_ANSWER" in
913	    [Yy] | yes | Yes | YES) return 1 ;;
914	    [Nn] | no  | No  | NO)  return 0 ;;
915	    * ) echo "Please enter y or n."  ;;
916	esac
917    done
918}
919
920
921#
922# is_integer(): Tells if a string is numeric integer.
923#    0 = Integer
924#    1 = NOT Integer
925#
926is_integer()
927{
928    # Check for parameter.
929    if [ $# -ne 1 ]; then
930	return 1
931    fi
932
933    # Determine if integer.
934    expr "$1" + 1 > /dev/null 2>&1
935
936    if [ $? -ge 2 ]; then
937	return 1
938    fi
939
940    # Made it here, it's Numeric.
941    return 0
942}
943
944
945#
946# not_integer(): Reverses the return values of is_integer.  Useful
947#                for if and while statements that want to test for
948#                non-integer data.
949#    0 = NOT Integer
950#    1 = Integer
951#
952not_integer()
953{
954    is_integer $1
955    if [ $? -eq 0 ]; then
956       return 1
957    else
958       return 0
959    fi
960}
961
962
963#
964# is_numeric(): Tells if a string is numeric.
965#    0 = Numeric
966#    1 = NOT Numeric
967#
968is_numeric()
969{
970    # Check for parameter.
971    if [ $# -ne 1 ]; then
972	return 1
973    fi
974
975    # Determine if numeric.
976    let _NUM="$1 + 1" > /dev/null 2>&1
977
978    if [ $? -eq 0 ]; then
979	return 0
980    fi
981
982}
983
984
985#
986# not_numeric(): Reverses the return values of is_numeric.  Useful
987#                for if and while statements that want to test for
988#                non-numeric data.
989#    0 = NOT Numeric
990#    1 = Numeric
991#
992not_numeric()
993{
994    is_numeric $1
995    if [ $? -eq 0 ]; then
996       return 1
997    else
998       return 0
999    fi
1000}
1001
1002
1003#
1004# domain_2_dc(): Convert a domain name into dc string.
1005#    $1  .. Domain name.
1006#
1007domain_2_dc()
1008{
1009    _DOM=$1           # Domain parameter.
1010    _DOM_2_DC=""      # Return value from function.
1011    _FIRST=1          # Flag for first time.
1012
1013    export _DOM_2_DC  # Make visible for others.
1014
1015    # Convert "."'s to spaces for "for" loop.
1016    domtmp="`echo ${_DOM} | tr '.' ' '`"
1017    for i in $domtmp; do
1018	if [ $_FIRST -eq 1 ]; then
1019	    _DOM_2_DC="dc=${i}"
1020	    _FIRST=0
1021	else
1022	    _DOM_2_DC="${_DOM_2_DC},dc=${i}"
1023	fi
1024    done
1025}
1026
1027
1028#
1029# is_root_user(): Check to see if logged in as super user.
1030#
1031is_root_user()
1032{
1033    case `id` in
1034	uid=0\(root\)*) return 0 ;;
1035	* )             return 1 ;;
1036    esac
1037}
1038
1039
1040#
1041# parse_arg(): Parses the command line arguments and sets the
1042#              appropriate variables.
1043#
1044parse_arg()
1045{
1046    while getopts ":dm:c:" ARG
1047    do
1048	case $ARG in
1049	    d)      DEBUG=1;;
1050
1051	    m)      MAP_FILE=$OPTARG
1052	            MAPPING_FILE_SPECIFIED=1;;
1053
1054	    c)      CONFIG_FILE=$OPTARG
1055                    CONFIG_FILE_SPECIFIED=1;;
1056
1057	    \?)	    echo "**ERROR: Invalid option '$OPTARG'"
1058		    display_msg usage
1059		    exit 1;;
1060	esac
1061    done
1062
1063    shift `expr $OPTIND - 1`
1064    if [ $# -gt 0 ]; then
1065        echo "**ERROR: wrong usage "
1066        display_msg usage
1067        exit 1
1068    fi
1069}
1070
1071
1072#
1073# present() : Checks if the first argument exists in the
1074#            argument list. Returns 0 if found, else 1.
1075#
1076present ()
1077{
1078_ELEMENT=$1
1079
1080shift
1081ARG_LIST=$@
1082
1083for item in $ARG_LIST
1084do
1085  [ "$_ELEMENT" = "$item" ] && return 0
1086done
1087
1088# If reached here, then the clement does not exist
1089return 1
1090}
1091
1092
1093#
1094# remove() : Returns a new string after removing the first
1095#            argument in the argument list.
1096#
1097remove ()
1098{
1099_ELEMENT=$1
1100
1101shift
1102ARG_LIST=$@
1103
1104NEW_LIST=""
1105
1106for item in $ARG_LIST
1107do
1108  [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item"
1109done
1110
1111echo $NEW_LIST
1112return 0
1113}
1114
1115
1116#
1117# merge_lists() : Returns a list after merging elements
1118#                 (uniquely) supplied in the argument list.
1119#
1120merge_lists()
1121{
1122MERGED_LIST=""
1123
1124for _VAR in "$@"
1125do
1126  if ! present $_VAR $MERGED_LIST; then
1127    MERGED_LIST="$MERGED_LIST $_VAR"
1128  fi
1129done
1130
1131echo $MERGED_LIST
1132return 0
1133}
1134
1135
1136#
1137# init(): initializes variables and options
1138#
1139init()
1140{
1141# General variables.
1142DEBUG=0             		# Set Debug OFF
1143
1144MAPPING_FILE_SPECIFIED=0	# No file name passed
1145CONFIG_FILE_SPECIFIED=0		# No file name passed
1146
1147# Prevent others from snooping
1148umask 077
1149
1150# Set default config and mapping files.
1151DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping"
1152DEFAULT_CONFIG_FILE="/etc/default/ypserv"
1153
1154MAP_FILE="$DEFAULT_MAP_FILE"
1155CONFIG_FILE="$DEFAULT_CONFIG_FILE"
1156
1157# Set and create TMPDIR. Use a safe place to discourage hackers.
1158TMPDIR="/var/yp/inityp2l"
1159
1160# Temporary file names to be used to prevent system starting in
1161# N2L mode in case something goes wrong during file creation.
1162TMPCONF="ypserv-tmp"
1163TMPMAP="NISLDAPmapping-tmp"
1164
1165# Remove if the temp directory has been leftover
1166[ -d "$TMPDIR" ] && rm -rf $TMPDIR
1167mkdir $TMPDIR
1168if [ $? -ne 0 ]; then
1169  echo ERROR : Failed to create temp directory $TMPDIR
1170  exit 1
1171fi
1172
1173# Initialize the default NIS maps.
1174DEFAULT_NIS_MAPS="passwd.byname
1175                  passwd.byuid
1176                  group.byname
1177                  group.bygid
1178                  hosts.byaddr
1179                  hosts.byname
1180                  ipnodes.byaddr
1181                  ipnodes.byname
1182                  ethers.byaddr
1183                  ethers.byname
1184                  networks.byaddr
1185                  networks.byname
1186                  rpc.bynumber
1187                  services.byname
1188                  services.byservicename
1189                  printers.conf.byname
1190                  project.byname
1191                  project.byprojid
1192                  protocols.byname
1193                  protocols.bynumber
1194                  netgroup
1195                  netgroup.byuser
1196                  netgroup.byhost
1197                  bootparams
1198                  mail.aliases
1199                  mail.byaddr
1200                  publickey.byname
1201                  netid.byname
1202                  netmasks.byaddr
1203                  passwd.adjunct.byname
1204                  group.adjunct.byname
1205                  timezone.byname
1206                  auth_attr
1207                  exec_attr
1208                  prof_attr
1209                  user_attr
1210                  audit_user
1211                  auto.master
1212                  auto.home
1213                  ypservers"
1214
1215set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS
1216
1217# The default TTL maps in database ID format.
1218DEF_TTL_MAPLIST="audit_user
1219                 auto.home
1220                 auto.master
1221                 auth_attr
1222                 bootparams
1223                 ethers
1224                 exec_attr
1225                 group
1226                 group.adjunct.byname
1227                 keys.host
1228                 keys.pass
1229                 keys.nobody
1230                 hosts
1231                 multihosts
1232                 ipnodes
1233                 multiipnodes
1234                 netgroup
1235                 networks
1236                 passwd
1237                 passwd.adjunct.byname
1238                 printers.conf.byname
1239                 prof_attr
1240                 project
1241                 protocols
1242                 services
1243                 mail.aliases
1244                 mail.mapping
1245                 netid.host
1246                 netid.pass
1247                 netmasks.byaddr
1248                 rpc.bynumber
1249                 ageing.byname
1250                 timezone.byname
1251                 user_attr
1252                 ypservers"
1253
1254
1255# Initialize default values for config parameters.
1256
1257configDN_flag=0
1258DEF_nisLDAPconfigDN=""
1259DEF_TLS=none
1260DEF_TLSCertificateDBPath=/var/yp/cert7.db
1261DEF_nisLDAPbindTimeout=15
1262DEF_nisLDAPsearchTimeout=180
1263DEF_nisLDAPmodifyTimeout=15
1264DEF_nisLDAPaddTimeout=15
1265DEF_nisLDAPdeleteTimeout=15
1266DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout}
1267DEF_nisLDAPsearchSizeLimit=0
1268DEF_nisLDAPfollowReferral=no
1269DEF_nisLDAPretrieveErrorAction=use_cached
1270
1271# The default is unlimited, but since it prevents the NIS daemon,
1272# from servicing further requests, set 1 as the suggested value.
1273SUG_nisLDAPretrieveErrorAttempts=1
1274DEF_nisLDAPretrieveErrorTimeout=15
1275DEF_nisLDAPstoreErrorAction=retry
1276
1277# The default is unlimited, but set 1 as the suggested value.
1278SUG_nisLDAPstoreErrorAttempts=1
1279DEF_nisLDAPstoreErrorTimeout=15
1280
1281# Default TTL values (in seconds) for NIS MAPS for mapping file.
1282DEF_iTTLlo=1800
1283DEF_iTTLhi=5400
1284DEF_runTTL=3600
1285
1286}
1287
1288
1289#
1290# config_auth_menu_handler(): Enter the authentication method
1291#                             for config server.
1292#
1293config_auth_menu_handler()
1294{
1295    # Display Auth menu
1296    display_msg config_auth_method_menu
1297
1298    # Get a Valid choice.
1299    while :
1300    do
1301	# Display appropriate prompt and get answer.
1302        get_ans_req "    Choose one Authentication Method (h=help):"
1303
1304	# Determine choice.
1305	_MENU_CHOICE=$ANS
1306	case "$_MENU_CHOICE" in
1307	    1) _AUTHMETHOD="none"
1308		break ;;
1309	    2) _AUTHMETHOD="simple"
1310		break ;;
1311	    3) _AUTHMETHOD="sasl/cram-md5"
1312		break ;;
1313	    4) _AUTHMETHOD="sasl/digest-md5"
1314		break ;;
1315	    h) display_msg auth_help ;;
1316	    *) echo "Please enter 1-4, or h=help." ;;
1317	esac
1318    done
1319}
1320
1321
1322#
1323# auth_menu_handler(): Enter the Authentication method for LDAP server.
1324#
1325auth_menu_handler()
1326{
1327    # Display Auth menu
1328    display_msg auth_method_menu
1329
1330    # Get a Valid choice.
1331    while :
1332    do
1333	# Display appropriate prompt and get answer.
1334        get_ans_req "    Choose one Authentication Method (h=help):"
1335
1336	# Determine choice.
1337	_MENU_CHOICE=$ANS
1338	case "$_MENU_CHOICE" in
1339	    1) _AUTHMETHOD="simple"
1340		break ;;
1341	    2) _AUTHMETHOD="sasl/cram-md5"
1342		break ;;
1343	    3) _AUTHMETHOD="sasl/digest-md5"
1344		break ;;
1345	    h) display_msg auth_help ;;
1346	    *) echo "Please enter 1-3, or h=help." ;;
1347	esac
1348    done
1349}
1350
1351
1352#
1353# tls_menu_handler(): Enter the transport layer security
1354#
1355tls_menu_handler()
1356{
1357    # Display TLS menu
1358    display_msg tls_method_menu
1359
1360    # Get a Valid choice.
1361    while :
1362    do
1363	# Display appropriate prompt and get answer.
1364	# Default value is "none".
1365
1366        get_ans "    Choose one Transport Layer Security Method (h=help):" "1"
1367
1368	# Determine choice.
1369	_MENU_CHOICE=$ANS
1370	case "$_MENU_CHOICE" in
1371	    1) _TLSMETHOD="none"
1372		break ;;
1373	    2) _TLSMETHOD="ssl"
1374		break ;;
1375	    h) display_msg tls_help ;;
1376	    *) echo "Please enter 1, 2, or h=help." ;;
1377	esac
1378    done
1379}
1380
1381
1382#
1383# retrieve_error_action_menu_handler(): Enter the retrieve error action
1384#
1385retrieve_error_action_menu_handler()
1386{
1387    # Display retrieve error action menu
1388    display_msg retrieve_error_action_menu
1389
1390    # Get a Valid choice.
1391    while :
1392    do
1393	# Display appropriate prompt and get answer. use_cached is default
1394        get_ans "    Choose one retrieval error action (h=help):" "1"
1395
1396	# Determine choice.
1397	_MENU_CHOICE=$ANS
1398	case "$_MENU_CHOICE" in
1399	    1) _RET_ERR_ACT="use_cached"
1400		break ;;
1401	    2) _RET_ERR_ACT="fail"
1402		break ;;
1403	    h) display_msg nisLDAPretrieveErrorAction_help ;;
1404	    *) echo "Please enter 1, 2, or h=help." ;;
1405	esac
1406    done
1407}
1408
1409
1410#
1411# store_error_action_menu_handler(): Enter the store error action
1412#
1413store_error_action_menu_handler()
1414{
1415    # Display store error action menu
1416    display_msg store_error_action_menu
1417
1418    # Get a Valid choice.
1419    while :
1420    do
1421	# Display appropriate prompt and get answer. retry is default
1422        get_ans "    Choose one store error action (h=help):" "1"
1423
1424	# Determine choice.
1425	_MENU_CHOICE=$ANS
1426	case "$_MENU_CHOICE" in
1427	    1) _STOR_ERR_ACT="retry"
1428		break ;;
1429	    2) _STOR_ERR_ACT="fail"
1430		break ;;
1431	    h) display_msg nisLDAPstoreErrorAction_help ;;
1432	    *) echo "Please enter 1, 2, or h=help." ;;
1433	esac
1434    done
1435}
1436
1437
1438#
1439# cleanup(): Remove the TMPDIR and all files in it.
1440#
1441cleanup()
1442{
1443[ $DEBUG -eq 1 ] && echo "In cleanup()"
1444
1445# Leave the temp directory if debug is set
1446[ $DEBUG -eq 0 ] && rm -rf $TMPDIR
1447}
1448
1449
1450# Save existing config file if elected
1451check_back_config_file()
1452{
1453if [ -f $CONFIG_FILE ]; then
1454  display_msg backup_config_file
1455
1456  get_confirm "Do you wish to continue (y/n/h)?" \
1457              "n" "backup_config_file_cont_help"
1458
1459  if [ $? -eq 0 ]; then    # if No, cleanup and exit.
1460    cleanup ; exit 1
1461  fi
1462
1463  get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \
1464              "y" "backup_config_file_help"
1465
1466  if [ $? -eq 1 ]; then    # Save the old config file with timestamp
1467
1468    # SCCS converts '% H %' (without spaces) in current date during putback.
1469    # So use some other combination.
1470    SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1471
1472    cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX}
1473    echo "  Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}"
1474  fi
1475fi
1476}
1477
1478
1479# Save existing mapping file if elected
1480check_back_mapping_file()
1481{
1482if [ -f $MAP_FILE ]; then
1483  display_msg backup_mapping_file
1484
1485  get_confirm "Do you wish to continue (y/n/h)?" \
1486              "n" "backup_mapping_file_cont_help"
1487
1488  if [ $? -eq 0 ]; then    # if No, cleanup and exit.
1489    cleanup ; exit 1
1490  fi
1491
1492  get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \
1493                   "y" "backup_mapping_file_help"
1494
1495  if [ $? -eq 1 ]; then    # if Yes, save the old map file with timestamp
1496
1497    # SCCS converts '% H %' (without spaces) in current date during putback.
1498    # So use some other combination.
1499    SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1500
1501    cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX}
1502    echo "  Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}"
1503  fi
1504
1505else
1506  if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then
1507    display_msg warn_n2l_mode
1508
1509    get_confirm "Do you wish to continue (y/n/h)?" \
1510                "n" "warn_n2l_mode_help"
1511
1512    if [ $? -eq 0 ]; then
1513      cleanup ; exit 1
1514    fi
1515  fi
1516fi
1517}
1518
1519
1520put_config_file_copyright_info()
1521{
1522
1523# Start with an emptty file, so don't append, but overwrite here.
1524# Just change the name, but keep the same date and version number
1525# as in the ident string of this script.
1526
1527grep "ident	\"@(#)$PROG" $ABS_PROG | \
1528      sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE
1529
1530echo "\
1531#
1532# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
1533# Use is subject to license terms.
1534#\
1535" >> $MAP_FILE
1536}
1537
1538
1539get_nisLDAPconfigDN()
1540{
1541while :
1542do
1543
1544get_ans "DN for configuration information (h=help):"
1545
1546# If help continue, otherwise break.
1547case "$ANS" in
1548  [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;;
1549                       * ) break ;;
1550esac
1551done
1552
1553nisLDAPconfigDN="${ANS}"
1554
1555# Store in config file only if a non-default value is specified.
1556if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then
1557  echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE
1558fi
1559
1560# Ask remaining config server related questions only if this
1561# DN is set. So, if a value is specified, set a flag.
1562
1563[ "$ANS" != "" ] && configDN_flag=1
1564}
1565
1566
1567get_nisLDAPconfigPreferredServerList()
1568{
1569while :
1570do
1571
1572get_ans_req "Preferred server list for configuration information (h=help):"
1573
1574# If help continue, otherwise break.
1575case "$ANS" in
1576  [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;;
1577                       * ) break ;;
1578esac
1579done
1580
1581nisLDAPconfigPreferredServerList=${ANS}
1582echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE
1583}
1584
1585
1586get_nisLDAPconfigAuthenticationMethod()
1587{
1588_AUTHMETHOD=""
1589
1590echo "Select the Authentication Method for configuration server :"
1591config_auth_menu_handler
1592
1593nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}
1594echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1595}
1596
1597
1598get_nisLDAPconfigTLS()
1599{
1600_TLSMETHOD=""
1601
1602echo "Select the Transport Layer Security (TLS) for configuration server :"
1603tls_menu_handler
1604
1605nisLDAPconfigTLS=${_TLSMETHOD}
1606
1607# Store in config file only if a non-default value is specified.
1608if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1609    echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1610fi
1611}
1612
1613
1614get_nisLDAPconfigTLSCertificateDBPath()
1615{
1616while :
1617do
1618
1619get_ans "TLS Certificate DB for configuration server (h=help):"\
1620            "${DEF_TLSCertificateDBPath}"
1621
1622# If help continue, otherwise break.
1623case "$ANS" in
1624  [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1625                       * ) break ;;
1626esac
1627done
1628
1629nisLDAPconfigTLSCertificateDBPath=${ANS}
1630
1631# Store in config file only if a non-default value is specified.
1632if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1633  echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1634fi
1635}
1636
1637
1638get_nisLDAPconfigProxyUser()
1639{
1640while :
1641do
1642
1643get_ans_req "Proxy user bind DN to obtain configuration information (h=help):"
1644# If help continue, otherwise break.
1645case "$ANS" in
1646  [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;;
1647                       * ) break ;;
1648esac
1649done
1650
1651nisLDAPconfigProxyUser=${ANS}
1652echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE
1653}
1654
1655
1656get_nisLDAPconfigProxyPassword()
1657{
1658get_passwd "Proxy user password to obtain configuration information :"
1659nisLDAPconfigProxyPassword=${ANS}
1660
1661echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE
1662
1663display_msg ProxyPassword_warn
1664}
1665
1666
1667get_preferredServerList()
1668{
1669while :
1670do
1671
1672get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):"
1673
1674# If help continue, otherwise break.
1675case "$ANS" in
1676  [Hh] | help | Help | \?) display_msg preferredServerList_help ;;
1677                       * ) break ;;
1678esac
1679done
1680
1681preferredServerList=${ANS}
1682echo "preferredServerList=${ANS}" >> $CONFIG_FILE
1683}
1684
1685
1686get_authenticationMethod()
1687{
1688_AUTHMETHOD=""
1689
1690echo "Select the Authentication Method for mapping data to/from LDAP :"
1691auth_menu_handler
1692
1693authenticationMethod=${_AUTHMETHOD}
1694echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1695}
1696
1697
1698get_nisLDAPTLS()
1699{
1700_TLSMETHOD=""
1701
1702echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :"
1703tls_menu_handler
1704
1705nisLDAPTLS=${_TLSMETHOD}
1706
1707# Store in config file only if a non-default value is specified.
1708if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1709    echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1710fi
1711}
1712
1713
1714get_nisLDAPTLSCertificateDBPath()
1715{
1716while :
1717do
1718
1719get_ans "TLS Certificate DB for LDAP data server (h=help):"\
1720        "${DEF_nisLDAPTLSCertificateDBPath}"
1721
1722# If help continue, otherwise break.
1723case "$ANS" in
1724  [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1725                       * ) break ;;
1726esac
1727done
1728
1729nisLDAPTLSCertificateDBPath=${ANS}
1730
1731# Store in config file only if a non-default value is specified.
1732if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1733  echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1734fi
1735}
1736
1737
1738get_nisLDAPproxyUser()
1739{
1740while :
1741do
1742
1743get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):"
1744
1745# If help continue, otherwise break.
1746case "$ANS" in
1747  [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;;
1748                       * ) break ;;
1749esac
1750done
1751
1752nisLDAPproxyUser=${ANS}
1753echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE
1754}
1755
1756
1757get_nisLDAPproxyPassword()
1758{
1759get_passwd "Proxy user password to read/write data from/to LDAP :"
1760nisLDAPproxyPassword=${ANS}
1761
1762echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE
1763
1764display_msg ProxyPassword_warn
1765}
1766
1767
1768get_nisLDAPbindTimeout()
1769{
1770get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \
1771              "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help"
1772
1773nisLDAPbindTimeout=${NUM}
1774
1775# Store in config file only if a non-default value is specified.
1776if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then
1777  echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE
1778fi
1779}
1780
1781
1782get_nisLDAPsearchTimeout()
1783{
1784get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \
1785            "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help"
1786
1787nisLDAPsearchTimeout=${NUM}
1788
1789# Store in config file only if a non-default value is specified.
1790if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then
1791  echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE
1792fi
1793}
1794
1795
1796get_nisLDAPmodifyTimeout()
1797{
1798get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \
1799            "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help"
1800
1801nisLDAPmodifyTimeout=${NUM}
1802
1803# Store in config file only if a non-default value is specified.
1804if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then
1805  echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE
1806fi
1807}
1808
1809
1810get_nisLDAPaddTimeout()
1811{
1812get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \
1813            "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help"
1814
1815nisLDAPaddTimeout=${NUM}
1816
1817# Store in config file only if a non-default value is specified.
1818if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then
1819  echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE
1820fi
1821}
1822
1823
1824get_nisLDAPdeleteTimeout()
1825{
1826get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \
1827            "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help"
1828
1829nisLDAPdeleteTimeout=${NUM}
1830
1831# Store in config file only if a non-default value is specified.
1832if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then
1833  echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE
1834fi
1835}
1836
1837
1838get_nisLDAPsearchTimeLimit()
1839{
1840get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \
1841            "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help"
1842
1843nisLDAPsearchTimeLimit=${NUM}
1844
1845# Store in config file only if a non-default value is specified.
1846if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then
1847  echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE
1848fi
1849}
1850
1851
1852get_nisLDAPsearchSizeLimit()
1853{
1854get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \
1855            "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help"
1856
1857nisLDAPsearchSizeLimit=${NUM}
1858
1859# Store in config file only if a non-default value is specified.
1860if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then
1861  echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE
1862fi
1863}
1864
1865
1866get_nisLDAPfollowReferral()
1867{
1868get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \
1869            "n" "nisLDAPfollowReferral_help"
1870
1871if [ $? -eq 1 ]; then
1872  _ANS="yes"
1873else
1874  _ANS="no"
1875fi
1876
1877# Store in config file only if a non-default value is specified.
1878if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then
1879  echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE
1880fi
1881}
1882
1883
1884get_nisLDAPretrieveErrorAction()
1885{
1886_RET_ERR_ACT=""
1887
1888echo "Select the action to be taken in case of LDAP retrieval error :"
1889retrieve_error_action_menu_handler
1890
1891nisLDAPretrieveErrorAction=${_RET_ERR_ACT}
1892
1893# Store in config file only if a non-default value is specified.
1894if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then
1895    echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE
1896fi
1897}
1898
1899
1900get_nisLDAPretrieveErrorAttempts()
1901{
1902
1903get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \
1904            "$SUG_nisLDAPretrieveErrorAttempts" \
1905            "nisLDAPretrieveErrorAttempts_help"
1906
1907nisLDAPretrieveErrorAttempts=${NUM}
1908
1909echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE
1910}
1911
1912
1913get_nisLDAPretrieveErrorTimeout()
1914{
1915# if nisLDAPretrieveErrorAttempts=0, then no point in asking
1916# for timeout vales as it is ignored anyway.
1917
1918[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0
1919
1920get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\
1921            "${DEF_nisLDAPretrieveErrorTimeout}" \
1922            "nisLDAPretrieveErrorTimeout_help"
1923
1924nisLDAPretrieveErrorTimeout=${NUM}
1925
1926# Store in config file only if a non-default value is specified.
1927if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then
1928  echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE
1929fi
1930}
1931
1932
1933get_nisLDAPstoreErrorAction()
1934{
1935_STOR_ERR_ACT=""
1936
1937echo "Select the action to be taken in case of LDAP store error :"
1938store_error_action_menu_handler
1939
1940nisLDAPstoreErrorAction=${_STOR_ERR_ACT}
1941
1942# Store in config file only if a non-default value is specified.
1943if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then
1944    echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE
1945fi
1946}
1947
1948
1949get_nisLDAPstoreErrorAttempts()
1950{
1951
1952# if nisLDAPstoreErrorAction="fail", then no point in asking
1953# for no. of attempts or timeout vales as they are ignored.
1954
1955[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1956
1957get_pos_int "Number of attempts in case of LDAP store error (h=help):" \
1958            "$SUG_nisLDAPstoreErrorAttempts" \
1959            "nisLDAPstoreErrorAttempts_help"
1960
1961nisLDAPstoreErrorAttempts=${NUM}
1962
1963echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE
1964}
1965
1966
1967get_nisLDAPstoreErrorTimeout()
1968{
1969
1970# if nisLDAPstoreErrorAction="fail", then no point in asking
1971# for no. of attempts or timeout vales as they are ignored.
1972
1973[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1974
1975# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question.
1976
1977[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0
1978
1979get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\
1980            "${DEF_nisLDAPstoreErrorTimeout}" \
1981            "nisLDAPstoreErrorTimeout_help"
1982
1983nisLDAPstoreErrorTimeout=${NUM}
1984
1985# Store in config file only if a non-default value is specified.
1986if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then
1987  echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE
1988fi
1989}
1990
1991
1992
1993create_config_file()
1994{
1995
1996# To prevent from leaving a partial config file in case some error or
1997# signal takes place, store the output being generated in a temporary
1998# file first, and move it at the final destination only at the end if
1999# everything goes fine.
2000
2001_CONFIG_FILE=$CONFIG_FILE
2002CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$
2003
2004echo "Generating config file temporarily as \"${CONFIG_FILE}\""
2005
2006# Truncate the file before we append anything.
2007# Place copyright information
2008put_config_file_copyright_info
2009
2010# Filter out all the YP domains in /var/yp
2011# The list of domains is stored in list "VARYP_DMN_LIST"
2012
2013echo "\
2014#
2015# Configuration file for ypserv(1M); see ypserv(4) for more information,
2016# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping.
2017
2018# Unless otherwise noted, commented lines show default values.
2019" >> $CONFIG_FILE
2020
2021echo "\
2022# Where to look for configuration information in LDAP. Leave empty or
2023# undefined to use this file, in which case the values of the other
2024# 'nisLdapConfig*' attributes are ignored.
2025#
2026#nisLDAPconfigDN=\
2027" >> $CONFIG_FILE
2028
2029get_nisLDAPconfigDN
2030
2031echo "
2032
2033# Server(s) for configuration information. There is no default;
2034# use the value on the line below for an LDAP server running on
2035# this machine, at port 389.
2036#nisLDAPconfigPreferredServerList=127.0.0.1:389\
2037" >> $CONFIG_FILE
2038
2039[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList
2040
2041echo "
2042
2043# Authentication method(s) to obtain configuration information.
2044#\
2045" >> $CONFIG_FILE
2046
2047[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod
2048
2049echo "
2050
2051# Transport layer security for configuration information
2052#
2053#nisLDAPconfigTLS=${DEF_TLS}\
2054" >> $CONFIG_FILE
2055
2056[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS
2057
2058echo "
2059
2060# Certificate DB for transport layer security
2061#
2062#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2063" >> $CONFIG_FILE
2064
2065# ask for Certificate DB only if SSL is set
2066if [ "${nisLDAPconfigTLS}" = "ssl" ]; then
2067  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath
2068fi
2069
2070echo "
2071
2072# Proxy user(s) to obtain configuration information. The line below
2073# is an example of the format.
2074#
2075#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\
2076" >> $CONFIG_FILE
2077
2078# Ask proxy user bind DN only if needed.
2079if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2080  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser
2081fi
2082
2083echo "
2084
2085# Password for proxy user. Must be supplied if the authentication method
2086# requires a password. If a password appears in this file, it should be
2087# protected appropriately against access by unauthorized users.
2088#
2089#nisLDAPconfigProxyPassword=\
2090" >> $CONFIG_FILE
2091
2092if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2093  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword
2094fi
2095
2096echo "
2097
2098# Server list for mapping data to/from LDAP. There is no default;
2099# use the value on the line below for an LDAP server running on
2100# this machine, at port 389.
2101#preferredServerList=127.0.0.1:389\
2102" >> $CONFIG_FILE
2103
2104get_preferredServerList
2105
2106echo "
2107
2108# Authentication method for mapping data to/from LDAP
2109#\
2110" >> $CONFIG_FILE
2111
2112get_authenticationMethod
2113
2114echo "
2115
2116# Transport layer security for mapping data to/from LDAP.
2117#
2118#nisLDAPTLS=${DEF_TLS}\
2119" >> $CONFIG_FILE
2120
2121get_nisLDAPTLS
2122
2123echo "
2124
2125# Certificate DB for transport layer security
2126#
2127#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2128" >> $CONFIG_FILE
2129
2130# ask for Certificate DB only if SSL is set
2131if [ "${nisLDAPTLS}" = "ssl" ]; then
2132  get_nisLDAPTLSCertificateDBPath
2133fi
2134
2135echo "
2136
2137# Proxy user for ypserv. Assumed to have appropriate permission to read
2138# and/or create or modify LDAP data. The line below is an example of the
2139# format.
2140#
2141#nisLDAPproxyUser=cn=nisAdmin,ou=People,\
2142" >> $CONFIG_FILE
2143
2144# Ask proxy user bind DN only if needed.
2145if [ "${authenticationMethod}" != "none" ]; then
2146  get_nisLDAPproxyUser
2147fi
2148
2149echo "
2150
2151# Password for proxy user. Must be supplied if the authentication method
2152# requires a password. If a password appears in this file, it should be
2153# protected appropriately against unauthorized access.
2154#
2155#nisLDAPproxyPassword=\
2156" >> $CONFIG_FILE
2157
2158if [ "${authenticationMethod}" != "none" ]; then
2159  get_nisLDAPproxyPassword
2160fi
2161
2162echo "
2163
2164# Timeouts and time/size limits for LDAP operations.
2165#
2166#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\
2167" >> $CONFIG_FILE
2168
2169get_nisLDAPbindTimeout
2170
2171echo "
2172#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\
2173" >> $CONFIG_FILE
2174
2175get_nisLDAPsearchTimeout
2176
2177echo "
2178#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\
2179" >> $CONFIG_FILE
2180
2181get_nisLDAPmodifyTimeout
2182
2183echo "
2184#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\
2185" >> $CONFIG_FILE
2186
2187get_nisLDAPaddTimeout
2188
2189echo "
2190#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\
2191" >> $CONFIG_FILE
2192
2193get_nisLDAPdeleteTimeout
2194
2195echo "
2196#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\
2197" >> $CONFIG_FILE
2198
2199get_nisLDAPsearchTimeLimit
2200
2201echo "
2202#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\
2203" >> $CONFIG_FILE
2204
2205get_nisLDAPsearchSizeLimit
2206
2207echo "
2208
2209# Should the ypserv follow LDAP referrals ?
2210#
2211#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\
2212" >> $CONFIG_FILE
2213
2214get_nisLDAPfollowReferral
2215
2216echo "
2217
2218# Action, number of attempts, and timeout following an LDAP retrieval error
2219#
2220#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\
2221" >> $CONFIG_FILE
2222
2223get_nisLDAPretrieveErrorAction
2224
2225echo "
2226#nisLDAPretrieveErrorAttempts=\
2227" >> $CONFIG_FILE
2228
2229get_nisLDAPretrieveErrorAttempts
2230
2231echo "
2232#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\
2233" >> $CONFIG_FILE
2234
2235get_nisLDAPretrieveErrorTimeout
2236
2237echo "
2238
2239# Action, number of attempts, and timeout following an LDAP store error
2240#
2241#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\
2242" >> $CONFIG_FILE
2243
2244get_nisLDAPstoreErrorAction
2245
2246echo "
2247#nisLDAPstoreErrorAttempts=\
2248" >> $CONFIG_FILE
2249
2250get_nisLDAPstoreErrorAttempts
2251
2252echo "
2253#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\
2254" >> $CONFIG_FILE
2255
2256get_nisLDAPstoreErrorTimeout
2257
2258
2259# We are done, so move back the config file from temp. location
2260# to actual location.
2261# In case the config file name has a directory component which does
2262# not exist, then create it now, otherwise 'mv' will return error.
2263
2264DIR_TO_CREATE=`dirname ${_CONFIG_FILE}`
2265mkdir -p ${DIR_TO_CREATE}
2266
2267echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)"
2268mv $CONFIG_FILE $_CONFIG_FILE
2269
2270# Revert back the config file name in case needed.
2271CONFIG_FILE=$_CONFIG_FILE
2272echo "Finished creation of config file ( $_CONFIG_FILE )"
2273
2274}
2275
2276
2277put_mapping_file_copyright_info()
2278{
2279
2280# Start with an emptty file, so don't append, but overwrite here.
2281# Just change the name and add the word pragma, but keep the same
2282# date and version number as in the ident string of this script.
2283
2284grep "ident	\"@(#)$PROG" $ABS_PROG | \
2285      sed "s/ ident/pragma ident/g" | \
2286      sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE
2287
2288echo "\
2289#
2290# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
2291# Use is subject to license terms.
2292#
2293#-------------------------------------------------------------------
2294#\
2295" >> $MAP_FILE
2296}
2297
2298
2299#
2300# Filter out all the YP domains in /var/yp
2301# The list of domains is stored in list "VARYP_DMN_LIST"
2302#
2303create_all_var_yp_domain_list()
2304{
2305VARYP_DMN_LIST=""
2306
2307for entry in /var/yp/*
2308do
2309  DMN=`basename $entry`
2310  if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ]
2311  then
2312    VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN"
2313  fi
2314done
2315
2316# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2317[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2318}
2319
2320
2321#
2322# Ask user which domains would be served by N2L
2323# The list of N2L domains is stored in global array
2324# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT
2325#
2326create_n2l_domain_list()
2327{
2328# First make a list of all the domains in /var/yp
2329create_all_var_yp_domain_list
2330
2331# Now identify those to be served by N2L
2332let count=0
2333
2334for DMN in $VARYP_DMN_LIST
2335do
2336  get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \
2337              "n" "selectDomain4N2L_help"
2338
2339  if [ $? -eq 1 ]; then
2340    N2L_DMN_LIST[count]=$DMN
2341    let count="count + 1"
2342  fi
2343
2344done
2345N2L_DMN_CNT=$count
2346
2347[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]}
2348[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT
2349}
2350
2351
2352#
2353# Make various lists for different types of maps for each N2L domain
2354# and ask user if mapping information and comments need to be generated
2355# for custom maps.
2356#
2357# This function looks big, but since KSH does not support 2-D arrays, or
2358# two level of dereferencing, it forced to have so many lists and arrays.
2359# Lists are better for adding or removing elements, and arrays are better
2360# for accessing with index and in knowing the no. of elements.
2361#
2362create_map_lists()
2363{
2364# Initialize them with no maps.
2365ALL_DMN_ALL_MAPLIST=""
2366ALL_DMN_DEF_MAPLIST=""
2367ALL_DMN_CUST_MAPLIST=""
2368ALL_DMN_AUTO_CUST_MAPLIST=""
2369
2370# Default to don't generate custom mapping info or comment info.
2371CUST_MAP_NEEDED=0
2372CUST_CMT_NEEDED=0
2373
2374let count=0
2375
2376while (( $count < $N2L_DMN_CNT ))
2377do
2378  DMN=${N2L_DMN_LIST[count]}
2379  MAPDIR=/var/yp/${DMN}
2380
2381  # Initialize per domain lists to NULL.
2382  ALL_MAPLIST=""
2383  DEF_MAPLIST=""
2384  CUST_MAPLIST=""
2385  AUTO_CUST_MAPLIST=""
2386
2387  for dbmfile in $MAPDIR/*.dir
2388  do
2389    MAP=`basename $dbmfile .dir`
2390
2391    # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname)
2392    if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \
2393       [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]]
2394    then
2395      ALL_MAPLIST="$ALL_MAPLIST $MAP"
2396
2397      if present $MAP $DEFAULT_NIS_MAPS
2398      then
2399        DEF_MAPLIST="$DEF_MAPLIST $MAP"
2400
2401      elif [[ $MAP = auto.* ]]
2402      then
2403        AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP"
2404
2405      else
2406        # If we reached here, means it is custom map.
2407        get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \
2408                    "n" "generate_mapping_info_for_cust_map_help"
2409
2410        if [ $? -eq 1 ]
2411        then
2412          CUST_MAPLIST="$CUST_MAPLIST $MAP"
2413        else
2414          # If a customer map is not desired, then delete it from
2415          # all maplist too.
2416          ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST)
2417        fi
2418
2419      fi
2420
2421    fi
2422
2423  done
2424
2425  # Make ALL_DMN lists as they are very helpful in checking if a map exists.
2426  ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST)
2427  ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST)
2428  ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST)
2429  ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \
2430                                          $AUTO_CUST_MAPLIST)
2431
2432  # Store per domain lists in arrays.
2433  ALL_MAPS[$count]="$ALL_MAPLIST"
2434  DEF_MAPS[$count]="$DEF_MAPLIST"
2435  CUST_MAPS[$count]="$CUST_MAPLIST"
2436  AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST"
2437
2438  [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]}
2439  [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]}
2440  [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]}
2441  [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]}
2442
2443  let count="count + 1"
2444done
2445
2446[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST
2447[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST
2448[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST
2449[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST
2450
2451# Store all domain lists in array too.
2452set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST
2453set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST
2454set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST
2455set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST
2456
2457# A positive customer map count implies custom mapping information
2458# is required. Set this flag.
2459[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1
2460
2461# Give bit of info, and ask if comments need to be placed in mapping file
2462echo "
2463  This script can place relevant information regarding custom
2464  maps at appropriate places in the mapping file which can be
2465  helpful in customizing this file.
2466"
2467
2468get_confirm "Do you want such information to be generated (y/n/h)?" \
2469            "n" "generate_comment_info_for_cust_map_help"
2470
2471[ $? -eq 1 ] && CUST_CMT_NEEDED=1
2472
2473[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED
2474[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED
2475
2476}
2477
2478
2479#
2480# Ask user the context for each (N2l) domain
2481#
2482get_nisLDAPdomainContext()
2483{
2484echo "
2485# List domains and contexts
2486" >> $MAP_FILE
2487
2488for DMN in ${N2L_DMN_LIST[*]}
2489do
2490  while :
2491  do
2492    # Convert to domain in dc format for default choice
2493    domain_2_dc $DMN
2494
2495    get_ans "Enter the naming context for $DMN domain (h=help):"\
2496            "$_DOM_2_DC"
2497
2498    # If help continue, otherwise break.
2499    case "$ANS" in
2500      [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;;
2501                           * ) break ;;
2502    esac
2503  done
2504
2505  # If a value is specified, set it, and save in mapping file too.
2506  if [ "$ANS" != "" ]; then
2507    echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE
2508  fi
2509
2510  [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}"
2511done
2512}
2513
2514
2515#
2516# Ask user the domains for which passwords should be changed
2517#
2518get_nisLDAPyppasswddDomains()
2519{
2520
2521echo "
2522# List domains for which passwords should be changed. If this is not
2523# present then the value returned by 'domainname' will be used.
2524" >> $MAP_FILE
2525
2526for DMN in ${N2L_DMN_LIST[*]}
2527do
2528  get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \
2529              "n" "nisLDAPyppasswddDomains_help"
2530
2531  if [ $? -eq 1 ]; then
2532      echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE
2533  fi
2534done
2535
2536echo "
2537#
2538#-------------------------------------------------------------------
2539#\
2540" >> $MAP_FILE
2541}
2542
2543
2544#
2545# Create NIS databaseId mappings (aliases)
2546#
2547create_nisLDAPdatabaseIdMapping()
2548{
2549echo '
2550# Associate map names with databaseIds (aliases)
2551
2552# Standard maps
2553nisLDAPdatabaseIdMapping	ethers: ethers.byaddr ethers.byname
2554nisLDAPdatabaseIdMapping	group: group.bygid group.byname
2555nisLDAPdatabaseIdMapping	hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \
2556				hosts.byaddr hosts.byname
2557# Special mapping to handle the YP_MULTI cases
2558nisLDAPdatabaseIdMapping        multihosts: \
2559				[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \
2560				hosts.byname
2561nisLDAPdatabaseIdMapping	networks: networks.byaddr networks.byname
2562nisLDAPdatabaseIdMapping	project: project.byname project.byprojid
2563nisLDAPdatabaseIdMapping	protocols: protocols.byname protocols.bynumber
2564nisLDAPdatabaseIdMapping	services: services.byname services.byservicename
2565
2566# netid.byname is built up from the hosts and passwd files using different
2567# mappings. It thus has two associated nisLDAPdatabaseIdMappings.
2568nisLDAPdatabaseIdMapping	netid.host:[number="0"] netid.byname
2569nisLDAPdatabaseIdMapping	netid.pass:[number="[1-9]*"] netid.byname
2570
2571# The next two are special databaseIds. They associate maps with databaseIds
2572# but additionally identify which maps contain password and password adjunct
2573# information for yppasswdd.
2574nisLDAPdatabaseIdMapping	passwd: passwd.byname passwd.byuid
2575
2576# mail.byaddr needs to select entries of the form x@y or x!y
2577nisLDAPdatabaseIdMapping	mail.mapping:[rf_key="*@*", rf_key="*!*"] \
2578				mail.byaddr
2579
2580# publickey.byname
2581# Each entry in publickey map consists of a network user name which
2582# may refer to a host or a user. It also contains a default entry for nobody.
2583# Hence, we need three nisLDAPdatabaseIdmappings to support the three
2584# different types of keys.
2585nisLDAPdatabaseIdMapping        keys.host:[rf_key="unix.[a-zA-Z]*@*"] \
2586				publickey.byname
2587nisLDAPdatabaseIdMapping        keys.pass:[rf_key="unix.[0-9]*@*"] \
2588				publickey.byname
2589nisLDAPdatabaseIdMapping        keys.nobody:[rf_key="nobody"] publickey.byname
2590
2591# Single standard maps. No point aliasing.
2592# mail.aliases
2593# netmasks.byaddr
2594# rpc.bynumber
2595# ypservers
2596
2597# Other maps
2598# ipnodes looks identical to hosts but maps to a different context.
2599nisLDAPdatabaseIdMapping	ipnodes:[addr="*:*"] \
2600				ipnodes.byaddr ipnodes.byname
2601# Special mapping to handle the YP_MULTI cases
2602nisLDAPdatabaseIdMapping        multiipnodes: \
2603				[addr="*:*,*"] \
2604				ipnodes.byname
2605
2606# Other single maps. No point aliasing
2607# audit_user
2608# auth_attr
2609# exec_attr
2610# prof_attr
2611# user_attr
2612# auto.home
2613# auto.master
2614# bootparams
2615# timezone.byname
2616# printers.conf.byname
2617# passwd.adjunct.byname
2618# group.adjunct.byname
2619' >> $MAP_FILE
2620
2621[ CUST_CMT_NEEDED -eq 1 ] && \
2622echo "
2623# If any custom map needs to be aliased, then it should be listed
2624# here in the following format :
2625# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...]
2626" >> $MAP_FILE
2627
2628[ CUST_MAP_NEEDED -eq 1 ] && \
2629echo "\
2630# Not aliasing non-default/custom maps as they are assumed to be
2631# simple, single maps.\
2632" >> $MAP_FILE
2633
2634for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
2635do
2636  echo "# $MAP" >> $MAP_FILE
2637done
2638
2639echo "\
2640#
2641#------------------------------------------------------------------------------
2642#
2643" >> $MAP_FILE
2644}
2645
2646
2647#
2648# Finds the domains in which the given map exists in the supplied list.
2649# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are
2650# set globally, so they can be accessed from any where.
2651# Input : $1 - map, $2 - list name (just name, not the value)
2652#
2653find_domains()
2654{
2655_MAP=$1
2656_ARRAY=$2
2657
2658let PRESENT_COUNT=0
2659PRESENT_IN_DOMAINS=""
2660
2661let count=0
2662
2663while (( $count < $N2L_DMN_CNT ))
2664do
2665
2666  # Quick and dirty way to get around unavailability of 2D array
2667  case "$_ARRAY" in
2668          ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;;
2669          DEF_MAPS ) _LIST=${DEF_MAPS[$count]}  ;;
2670         CUST_MAPS ) _LIST=${CUST_MAPS[$count]}  ;;
2671    AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]}  ;;
2672                 * ) echo "Invalid value: \"${_ARRAY}\". \c"
2673                  ;;
2674  esac
2675
2676  if present $_MAP $_LIST
2677  then
2678    let PRESENT_COUNT="$PRESENT_COUNT + 1"
2679    PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}"
2680  fi
2681  let count="count + 1"
2682done
2683
2684[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT"
2685[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS"
2686
2687return 0
2688}
2689
2690
2691#
2692# For a given map, find out which list it belongs to (PRESENT_IN_LIST),
2693# and in how many domains this map shows up (PRESENT_COUNT), and in
2694# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so
2695# they can be accessed from any where.
2696#
2697find_map_presence_details()
2698{
2699_MAP=$1
2700
2701let PRESENT_COUNT=0
2702PRESENT_IN_LIST=""
2703PRESENT_IN_DOMAINS=""
2704
2705# If the map does not exist, return right away, else
2706# find which list it belongs to.
2707# If a map exists in def or auto or cust lists, then
2708# it also exists in "all" list.
2709
2710if ! present $_MAP $ALL_DMN_ALL_MAPLIST
2711then
2712  return 1
2713
2714elif present $_MAP $ALL_DMN_DEF_MAPLIST
2715then
2716  PRESENT_IN_LIST="DEF_MAPS"
2717
2718elif present $_MAP $ALL_DMN_CUST_MAPLIST
2719then
2720  PRESENT_IN_LIST="CUST_MAPS"
2721
2722else
2723  # If map exists, and not in previous two lists,
2724  # then it has to be here only.
2725  PRESENT_IN_LIST="AUTO_CUST_MAPS"
2726fi
2727
2728# Now we know which list the map belongs to. So, we need to
2729# find which are the domains in which this map exists.
2730
2731find_domains $_MAP $PRESENT_IN_LIST
2732
2733# Since the above function sets the values of PRESENT_COUNT and
2734# PRESENT_IN_DOMAINS fields, we don't need to do anything else.
2735
2736[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST"
2737
2738return 0
2739}
2740
2741
2742#
2743# Check if the comment char is a single character, return 0 on success.
2744# Input is passed via global variable "COMMENT_CHAR"
2745#
2746valid_comment_char()
2747{
2748COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c`
2749
2750# echo adds new line character, so adjust length appropriately
2751if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then
2752  echo " Comment character has to be a blank or single character; try again."
2753  return 1
2754else
2755  return 0
2756fi
2757}
2758
2759
2760#
2761# Read the comment character for a MAP. Append in mapping file if valid.
2762# Input - $1 : MAP name
2763#
2764get_comment_char()
2765{
2766_MAP=$1
2767
2768while :
2769do
2770  get_ans "Specify the comment character for $_MAP :"
2771  COMMENT_CHAR=$ANS
2772
2773  if valid_comment_char; then
2774    break
2775  fi
2776done
2777
2778echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE
2779}
2780
2781
2782#
2783# Read a seperate comment character for a MAP for each domain and
2784# update this information in mapping file.
2785# Input - $1 : MAP name, $@ : list of domains
2786#
2787get_comment_char_per_domain()
2788{
2789_MAP=$1
2790shift
2791_DOMAIN_LIST="$@"
2792
2793for _DMN in $_DOMAIN_LIST
2794do
2795
2796  while :
2797  do
2798
2799    get_ans "Specify the comment character for $_MAP,${_DMN} :"
2800    COMMENT_CHAR=$ANS
2801
2802    if valid_comment_char; then
2803      break
2804    fi
2805
2806  done
2807  echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE
2808
2809done
2810}
2811
2812
2813#
2814# This function generates custom comment entries. The output is
2815# appended in the mapping file.
2816#
2817get_custom_nisLDAPcommentChar()
2818{
2819
2820# All the auto mounter maps are assumed to have '#' as the default comment
2821# char. But still list the non-default auto map entries here anyway. This
2822# will make it very easy in case these entries need to be changed.
2823
2824for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
2825do
2826  echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE
2827done
2828
2829if [ CUST_MAP_NEEDED -eq 1 ]; then
2830  get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \
2831              "n" "custom_map_comment_char_help"
2832
2833  if [ $? -eq 1 ]; then
2834    for MAP in ${ALL_DMN_CUST_MAPS[*]}
2835    do
2836
2837      get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \
2838                  "n" "custom_map_comment_char_help"
2839
2840      if [ $? -eq 1 ]; then
2841        find_domains $MAP CUST_MAPS
2842        if [ $PRESENT_COUNT -gt 1 ]; then
2843          echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
2844
2845          get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \
2846                      "y" "same_comment_char_help"
2847
2848          if [ $? -eq 1 ]; then
2849            get_comment_char $MAP
2850          else
2851            get_comment_char_per_domain  $MAP "$PRESENT_IN_DOMAINS"
2852          fi
2853
2854        else
2855          get_comment_char $MAP
2856        fi
2857
2858      fi
2859    done
2860  fi
2861fi
2862
2863}
2864
2865
2866# List comment character (if any) for maps
2867create_nisLDAPcommentChar()
2868{
2869
2870echo "\
2871# Specify the character representing the start of comments.
2872" >> $MAP_FILE
2873
2874[ CUST_CMT_NEEDED -eq 1 ] && echo "\
2875# The comment character represents the start of the special 'comment'
2876# field in a given NIS map. If this attribute is not present then the
2877# default comment character '#' is used. If a map cannot contain comments
2878# then the NULL ('') comment character should be specified. The format to
2879# specify the comment character is :
2880# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char'
2881" >> $MAP_FILE
2882
2883echo "\
2884nisLDAPcommentChar group : ''
2885nisLDAPcommentChar passwd : ''
2886nisLDAPcommentChar ageing.byname : ''
2887nisLDAPcommentChar audit_user : ''
2888nisLDAPcommentChar auth_attr : ''
2889nisLDAPcommentChar exec_attr : ''
2890nisLDAPcommentChar user_attr : ''
2891nisLDAPcommentChar bootparams : ''
2892" >> $MAP_FILE
2893
2894# Need to handle passwd.adjunct.byname map for multiple domain.
2895_MAP=passwd.adjunct.byname
2896if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2897then
2898  # Just put the syntax in comment form
2899  echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2900else
2901  # Find the domains in which this map exists.
2902  find_domains $_MAP DEF_MAPS
2903  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2904  then
2905    # Don't put domain info as the map is present in all of them.
2906    echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2907  else
2908    # Not every domain has this map. So, list for the ones which do.
2909    for _DMN in $PRESENT_IN_DOMAINS
2910    do
2911      echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2912    done
2913  fi
2914fi
2915# passwd.adjunct.byname done
2916
2917
2918# Need to handle group.adjunct.byname map for multiple domain.
2919_MAP=group.adjunct.byname
2920if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2921then
2922  # Just put the syntax in comment form
2923  echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2924else
2925  # Find the domains in which this map exists.
2926  find_domains $_MAP DEF_MAPS
2927  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2928  then
2929    # Don't put domain info as the map is present in all of them.
2930    echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2931  else
2932    # Not every domain has this map. So, list for the ones which do.
2933    for _DMN in $PRESENT_IN_DOMAINS
2934    do
2935      echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2936    done
2937  fi
2938fi
2939# group.adjunct.byname done
2940
2941echo "" >> $MAP_FILE
2942
2943# Ask user for comment char for custom maps
2944get_custom_nisLDAPcommentChar
2945
2946echo "
2947#
2948#------------------------------------------------------------------------------
2949#
2950" >> $MAP_FILE
2951}
2952
2953
2954#
2955# Generate secure flag entries
2956#
2957create_secure_flag_entries()
2958{
2959echo "\
2960# Specify YP_SECURE flags
2961" >> $MAP_FILE
2962
2963[ CUST_CMT_NEEDED -eq 1 ] && echo "\
2964# If a map is secure, then it needs to be mentioned here
2965# in the following format :
2966# nisLDAPmapFlags mapname : s
2967">> $MAP_FILE
2968
2969# Need to handle passwd.adjunct.byname map for multiple domain.
2970_MAP=passwd.adjunct.byname
2971if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2972then
2973  # Just put the syntax in comment form
2974  echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
2975else
2976  # Find the domains in which this map exists.
2977  find_domains $_MAP DEF_MAPS
2978  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2979  then
2980    # Don't put domain info as the map is present in all of them.
2981    echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
2982  else
2983    # Not every domain has this map. So, list for the ones which do.
2984    for _DMN in $PRESENT_IN_DOMAINS
2985    do
2986      echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE
2987    done
2988  fi
2989fi
2990
2991# Need to handle group.adjunct.byname map for multiple domain.
2992_MAP=group.adjunct.byname
2993if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2994then
2995  # Just put the syntax in comment form
2996  echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
2997else
2998  # Find the domains in which this map exists.
2999  find_domains $_MAP DEF_MAPS
3000  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3001  then
3002    # Don't put domain info as the map is present in all of them.
3003    echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
3004  else
3005    # Not every domain has this map. So, list for the ones which do.
3006    for _DMN in $PRESENT_IN_DOMAINS
3007    do
3008      echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE
3009    done
3010  fi
3011fi
3012
3013echo "" >> $MAP_FILE
3014
3015STR="any"    # Just to make the question look better.
3016while :
3017do
3018  get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \
3019              "n" "secure_flag_on_help"
3020
3021  if [ $? -eq 0 ]; then
3022    return 0
3023
3024  else
3025    get_ans "Enter the MAP name :"
3026    MAP=$ANS
3027
3028    if [[ $MAP = "" ]]; then
3029      echo " Error : BLANK map name not allowed; try again"
3030      continue
3031    fi
3032
3033    # Check if the supplied map name exists, and if yes, then
3034    # set the PRESENT attributes for further processing
3035
3036    find_map_presence_details $MAP
3037
3038    case $PRESENT_COUNT in
3039
3040      0 ) echo " Error : $MAP not found in any domain; try again"
3041          ;;
3042
3043      1 ) # The map exists in only one domain.
3044          echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3045          STR="another"    # Just to make the question look better.
3046          ;;
3047
3048      * ) # The map exists in multiple domain. Ask if this flag needs
3049          # to be set for all domains, or some specific ones.
3050
3051          echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
3052          get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \
3053                      "y" "secure_flag_all_domains_help"
3054
3055          if [ $? -eq 1 ]; then
3056            echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3057          else
3058
3059            for _DMN in $PRESENT_IN_DOMAINS
3060            do
3061
3062              get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?"
3063
3064              if [ $? -eq 1 ]; then
3065                echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE
3066              fi
3067
3068            done
3069          fi
3070          STR="another"    # Just to make the question look better.
3071          ;;
3072
3073    esac
3074
3075  fi
3076done
3077}
3078
3079
3080#
3081# Generate interdomain flag entries
3082#
3083create_interdomain_flag_entries()
3084{
3085
3086INTERDOMAIN_MAP_LIST="ipnodes
3087                       multiipnodes
3088                       hosts
3089                       multihosts
3090                       services.byservicename"
3091
3092#
3093# Simple function to avoid duplication of code
3094#
3095print_interdomain_entries()
3096{
3097for _MAP in $INTERDOMAIN_MAP_LIST
3098do
3099  echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3100done
3101}
3102
3103echo "
3104# Specify YP_INTERDOMAIN flags
3105" >> $MAP_FILE
3106
3107[ CUST_CMT_NEEDED -eq 1 ] && echo "\
3108# It is used to indicate NIS servers to use the domain name resolver for
3109# host name and address lookups for hosts not found in the maps.
3110# If set, it adds YP_INTERDOMAIN entries in these maps when converting
3111# data from LDAP to YP. It needs to be set in the following format :
3112# nisLDAPmapFlags mapname : b
3113" >> $MAP_FILE
3114
3115# List one set of entries in commented form anyway as it might help
3116# user understand what it means.
3117
3118echo "\
3119# If \$B is set in /var/yp/Makefile, then this flag should be
3120# set for following maps :\
3121" >> $MAP_FILE
3122
3123for _MAP in $INTERDOMAIN_MAP_LIST
3124do
3125  echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3126done
3127
3128# Put a blank line for indentation purpose
3129echo  >> $MAP_FILE
3130
3131get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \
3132            "n" "interdomain_flag_on_help"
3133
3134if [ $? -eq 1 ]; then
3135
3136  if [ $N2L_DMN_CNT -gt 1 ]; then
3137
3138    get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \
3139                "y" "interdomain_flag_all_domains_help"
3140
3141    if [ $? -eq 1 ]; then
3142      print_interdomain_entries
3143    else
3144
3145      for _DMN in ${N2L_DMN_LIST[*]}
3146      do
3147        get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?"
3148
3149        if [ $? -eq 1 ]; then
3150          for _MAP in $INTERDOMAIN_MAP_LIST
3151          do
3152            echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE
3153          done
3154        fi
3155
3156      done
3157    fi
3158
3159  else
3160    print_interdomain_entries
3161  fi
3162fi
3163
3164echo "
3165#
3166#------------------------------------------------------------------------------
3167#
3168" >> $MAP_FILE
3169
3170return 0
3171}
3172
3173
3174#
3175# List SECURE and INTERDOMAIN flags
3176#
3177create_nisLDAPmapFlags()
3178{
3179create_secure_flag_entries
3180create_interdomain_flag_entries
3181}
3182
3183
3184#
3185# Print one Map TTL entry in mapping file using supplied TTL.
3186#
3187print_one_map_ttl_entry()
3188{
3189_Map=$1
3190_iTtlLo=$2
3191_iTtlHi=$3
3192_runTtl=$4
3193
3194echo "\
3195nisLDAPentryTtl        ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\
3196" >> $MAP_FILE
3197
3198return 0
3199}
3200
3201
3202#
3203# Print all the maps TTL entries of same TTL
3204# values using the supplied TTL triplet.
3205#
3206print_all_same_ttl_entries()
3207{
3208_iTTLlo=$1
3209_iTTLhi=$2
3210_runTTL=$3
3211
3212for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3213            ${ALL_DMN_AUTO_CUST_MAPS[*]}
3214do
3215
3216  if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3217	[ "$_MAP" != "group.adjunct.byname" ]
3218  then
3219    print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3220
3221  else
3222
3223    # adjunct maps might not exist in all the domains.
3224    find_domains $_MAP DEF_MAPS
3225
3226    if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3227    then
3228
3229      # Don't put domain info as the map is present in all of them.
3230      print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3231
3232    else
3233
3234      for _DMN_ in $PRESENT_IN_DOMAINS
3235      do
3236        _STR="${_MAP},${_DMN_}"
3237        print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL
3238      done
3239
3240    fi
3241  fi
3242done
3243
3244return 0
3245}
3246
3247#
3248# Read the initialTTLlo. Set the value in global variable.
3249#
3250get_ittl_lo()
3251{
3252get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \
3253            "$DEF_iTTLlo" "initialTTLlo_help"
3254
3255iTTLlo=${NUM}
3256}
3257
3258
3259#
3260# Read the initialTTLhi. Set the value in global variable.
3261#
3262get_ittl_hi()
3263{
3264get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \
3265            "$DEF_iTTLhi" "initialTTLhi_help"
3266
3267iTTLhi=${NUM}
3268}
3269
3270
3271#
3272# Read the initialTTLhi. Set the value in global variable.
3273#
3274get_run_ttl()
3275{
3276get_pos_int "Runtime TTL (in seconds) (h=help):" \
3277            "$DEF_runTTL" "runningTTL_help"
3278
3279runTTL=${NUM}
3280}
3281
3282
3283#
3284# Read one TTL triplet. Set the result in global variables.
3285#
3286read_one_ttl_triplet()
3287{
3288# Just call the individual functions for each TTL.
3289
3290  get_ittl_lo
3291  get_ittl_hi
3292  get_run_ttl
3293
3294[ $DEBUG -eq 1 ] && \
3295  echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}"
3296
3297return 0
3298}
3299
3300#
3301# Takes MAP name (with or without domain name) as argument, asks
3302# user for TTL values, and appends the entry in the mapping file.
3303#
3304process_one_map_ttl_value()
3305{
3306
3307_Map_="$1"
3308
3309get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \
3310            "y" "default_different_ttl_help"
3311
3312if [ $? -eq 1 ]; then
3313  print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3314else
3315
3316  echo "Reading TTL values for $_Map_ :"
3317  read_one_ttl_triplet
3318  print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL
3319
3320fi
3321return 0
3322}
3323
3324
3325#
3326# Read only one TTL triplet for each existing MAP without asking
3327# different values for each domain and update the mapping file.
3328#
3329read_all_maps_ttl_values_no_multiple_domain_issue()
3330{
3331
3332# Need to read only one TTL triplet for each existing MAP.
3333
3334for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3335            ${ALL_DMN_AUTO_CUST_MAPS[*]}
3336do
3337
3338  if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3339	[ "$_MAP" != "group.adjunct.byname" ]
3340  then
3341    process_one_map_ttl_value $_MAP
3342
3343  else
3344
3345    # adjunct maps might not exist in all the domains.
3346    find_domains $_MAP DEF_MAPS
3347
3348    if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3349    then
3350
3351      # Don't put domain info as the map is present in all of them.
3352      process_one_map_ttl_value $_MAP
3353
3354    else
3355
3356      for _DMN_ in $PRESENT_IN_DOMAINS
3357      do
3358        _STR="${_MAP},${_DMN_}"
3359        process_one_map_ttl_value $_STR
3360      done
3361
3362    fi
3363  fi
3364done
3365
3366return 0
3367}
3368
3369
3370#
3371# Read TTL triplet for each default MAP (in database ID form) while
3372# taking care of multiple domains issue and update the mapping file.
3373#
3374read_default_maps_ttl_values_with_multi_domain_issue()
3375{
3376
3377for _MAP_ in ${DEF_TTL_MAPLIST}
3378do
3379  if [ "$_MAP_" != "passwd.adjunct.byname" ] && \
3380	[ "$_MAP_" != "group.adjunct.byname" ]
3381  then
3382
3383    for _DMN_ in ${N2L_DMN_LIST[*]}
3384    do
3385      _STR_="${_MAP_},${_DMN_}"
3386      # Now process each combination one at a time.
3387      process_one_map_ttl_value "$_STR_"
3388    done
3389
3390  else
3391    # List only those domains in which adjunct.byname exists.
3392    find_domains $_MAP_ DEF_MAPS
3393    for _DMN_ in $PRESENT_IN_DOMAINS
3394    do
3395      _STR_="${_MAP_},${_DMN_}"
3396      process_one_map_ttl_value "$_STR_"
3397    done
3398  fi
3399done
3400
3401return 0
3402}
3403
3404
3405#
3406# Read TTL triplet for each existing custom MAP while taking
3407# care of multiple domains issue and update the mapping file.
3408#
3409read_custom_maps_ttl_values_with_multi_domain_issue()
3410{
3411
3412for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]}
3413do
3414
3415  find_map_presence_details $_MAP_
3416
3417  if [ $PRESENT_COUNT -eq 1 ]; then
3418
3419    # This map exists in only one domain.
3420    # So, no need to ask for multiple domains.
3421
3422    process_one_map_ttl_value $_MAP_
3423
3424  else
3425
3426    # Handle multiple domains.
3427
3428    echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS"
3429
3430    get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3431                "y" "same_ttl_across_domains_help"
3432
3433    if [ $? -eq 1 ]; then
3434
3435      # Need to read only one TTL triplet for this MAP.
3436      process_one_map_ttl_value $_MAP_
3437
3438    else
3439
3440      # Need to ask for each domain
3441
3442      for _DMN_ in $PRESENT_IN_DOMAINS
3443      do
3444        _STR="${_MAP_},${_DMN_}"
3445
3446        # Now process each combination one at a time.
3447        process_one_map_ttl_value "$_STR"
3448
3449      done
3450    fi
3451  fi
3452done
3453
3454return 0
3455}
3456
3457
3458#
3459# List the TTL values for various MAPs
3460#
3461create_nisLDAPentryTtl()
3462{
3463
3464echo "\
3465# Associate TTLs with NIS entries derived from LDAP
3466" >> $MAP_FILE
3467
3468[ CUST_CMT_NEEDED -eq 1 ] && echo "\
3469# Each map has three TTL values which are specified in seconds.
3470# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial
3471#    TTL (in seconds) for data read from disk when the ypserv starts.
3472#
3473# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL.
3474#
3475# 3. runningTTL   (default $DEF_runTTL sec) The TTL (in seconds) for data
3476#    retrieved from LDAP while the ypserv is running.
3477#
3478# If any value is not specified, then default value is used.
3479# The format of TTL entry is :
3480# nisLDAPentryTtl   MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL
3481" >> $MAP_FILE
3482
3483# If no maps are present, just return.
3484[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0
3485
3486echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}"
3487get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \
3488            "n" "default_ttl_help"
3489
3490if [ $? -eq 0 ]; then
3491  # Default values accepted for all the maps.
3492  # So, just print all the maps with default TTL values.
3493
3494  print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3495
3496else
3497  echo "You would be allowed to enter the new TTL values."
3498  get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \
3499              "y" "non_default_same_ttl_help"
3500
3501  if [ $? -eq 1 ]; then
3502    # Need to read only one TTL triplet.
3503    # Print all the maps with new TTL triplet.
3504
3505    # read one ttl triplet
3506    echo "Enter the new TTL values :"
3507
3508    read_one_ttl_triplet
3509
3510    print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL
3511
3512  else
3513    if [ $N2L_DMN_CNT -eq 1 ]; then
3514
3515      # TTL values are different now. But we haev only one domain.
3516      # So, no need to worry about multiple domains. Need to read
3517      # only one TTL triplet for each existing MAP.
3518
3519      read_all_maps_ttl_values_no_multiple_domain_issue
3520
3521    else
3522
3523      # TTL values are different now. And we have multiple domains
3524      # too. Check if MAPS are going to have same TTL across domains.
3525      # This is just to avoid asking too many TTL triplet inputs
3526
3527      echo "You would be allowed to enter different TTL values for each map."
3528
3529      get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3530                  "y" "non_default_different_ttl_help"
3531
3532      if [ $? -eq 1 ]; then
3533
3534        # Need to read only one TTL triplet for each existing MAP.
3535        read_all_maps_ttl_values_no_multiple_domain_issue
3536
3537      else
3538
3539        # We have hit the worst case scenario. TTLs could be
3540        # different per map and per domain.
3541
3542        read_default_maps_ttl_values_with_multi_domain_issue
3543        read_custom_maps_ttl_values_with_multi_domain_issue
3544      fi
3545    fi
3546  fi
3547fi
3548
3549echo "
3550#
3551#------------------------------------------------------------------------------
3552#
3553" >> $MAP_FILE
3554
3555return 0
3556}
3557
3558
3559#
3560# The custom maps for which we do not have enough
3561# information to be able to generate specific entries,
3562# we just log the message that the user needs to take
3563# care of those entries manually.
3564#
3565ask_user_to_update_the_custom_map_entries_too()
3566{
3567
3568if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then
3569
3570  echo "
3571# Similar entries need to be created
3572# for following custom maps too :\
3573" >> $MAP_FILE
3574
3575  for _MAP in ${ALL_DMN_CUST_MAPS[*]}
3576  do
3577    echo "# $_MAP" >> $MAP_FILE
3578  done
3579fi
3580}
3581
3582
3583put_default_nisLDAPnameFields()
3584{
3585echo '
3586# Associate names with fields in the maps. Must be same for all domains.
3587nisLDAPnameFields audit_user: \
3588			("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags)
3589
3590nisLDAPnameFields auto.home: \
3591			("%s",value)
3592
3593nisLDAPnameFields auto.master: \
3594			("%s",value)
3595
3596nisLDAPnameFields auth_attr: \
3597			("%s:%s:%s:%s:%s:%s", \
3598			name, res1, res2, short_desc, long_desc, attrs )
3599
3600nisLDAPnameFields bootparams: \
3601			("%s", params)
3602
3603nisLDAPnameFields ethers: \
3604			("%s %s", addr, name)
3605
3606nisLDAPnameFields exec_attr: \
3607			("%s:%s:%s:%s:%s:%s:%s", \
3608			name, policy, type, res1, res2, id, attrs)
3609
3610nisLDAPnameFields group: \
3611			("%s:%s:%s:%s", name, passwd, gid, users)
3612' >> $MAP_FILE
3613
3614# Need to handle group.adjunct.byname map for multiple domain.
3615
3616_MAP=group.adjunct.byname
3617if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3618then
3619  # Just put the syntax in comment form
3620  echo '#nisLDAPnameFields group.adjunct.byname: \
3621#			("%s:%s", name, passwd)
3622' >> $MAP_FILE
3623else
3624  # Find the domains in which this map exists.
3625  find_domains $_MAP DEF_MAPS
3626  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3627  then
3628
3629    # Don't put domain info as the map is present in all of them.
3630    echo 'nisLDAPnameFields group.adjunct.byname: \
3631			("%s:%s", name, passwd)
3632' >> $MAP_FILE
3633  else
3634    # Not every domain has this map. So, list for the ones which do.
3635    for _DMN in $PRESENT_IN_DOMAINS
3636    do
3637      echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\
3638			(\"%s:%s\", name, passwd)
3639" >> $MAP_FILE
3640    done
3641  fi
3642fi
3643
3644echo 'nisLDAPnameFields keys.host: \
3645			("%s:%s", publicKey ,secretKey)
3646
3647nisLDAPnameFields keys.pass: \
3648			("%s:%s", publicKey ,secretKey)
3649
3650nisLDAPnameFields keys.nobody: \
3651			("%s:%s", publicKey ,secretKey)
3652
3653nisLDAPnameFields hosts: \
3654			("%a %s %s", addr, canonicalName, aliases)
3655
3656nisLDAPnameFields multihosts: \
3657			("%a %s %s", addr, canonicalName, aliases)
3658
3659nisLDAPnameFields ipnodes: \
3660			("%a %s %s", addr, canonicalName, aliases)
3661
3662nisLDAPnameFields multiipnodes: \
3663			("%a %s %s", addr, canonicalName, aliases)
3664
3665nisLDAPnameFields mail.aliases: \
3666			("%s", addresses)
3667
3668nisLDAPnameFields mail.mapping: \
3669			("%s", address)
3670
3671# memberTriples	is split into sub-fields by a latter nisLDAPsplitField
3672# attribute.
3673nisLDAPnameFields netgroup: \
3674			("%s", memberTriples)
3675
3676nisLDAPnameFields netid.host: \
3677			("%s:%s", number, data)
3678
3679nisLDAPnameFields netid.pass: \
3680			("%s:%s", number, data)
3681
3682nisLDAPnameFields netmasks.byaddr: \
3683			("%a", mask)
3684
3685nisLDAPnameFields networks: \
3686			("%s %s %s", name, number, aliases)
3687
3688nisLDAPnameFields project: \
3689			("%s:%s:%s:%s:%s:%s", \
3690			name, projID, comment, users, groups, attrs)
3691
3692nisLDAPnameFields protocols:	\
3693			("%s %s %s", name, number, aliases)
3694
3695nisLDAPnameFields rpc.bynumber:	\
3696			("%s %s %s", name, number, aliases)
3697
3698nisLDAPnameFields passwd: \
3699			("%s:%s:%s:%s:%s:%s:%s", \
3700			name, passwd, uid, gid, gecos, home, shell)
3701
3702# It is not obvious what the fields in passwd.adjunct are for. They are not
3703# the same as the shadow map. The following is based on information in:-
3704#
3705#	lib/libbc/inc/include/pwdadj.h.
3706#
3707# This file implies that these are documented in getpwaent(3) but this man page
3708# does not seem to exist.
3709#
3710# It is believed that 'min','max' and 'def' labels were reserved fields in
3711# SunOS 4.x and are now unused.  'always' and 'never' audit information is
3712# now contained in audit_user(4) so is now unused.
3713#
3714' >> $MAP_FILE
3715
3716# Need to handle passwd.adjunct.byname map for multiple domain.
3717
3718_MAP=passwd.adjunct.byname
3719if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3720then
3721  # Just put the syntax in comment form
3722  echo '#nisLDAPnameFields passwd.adjunct.byname: \
3723#			("%s:%s:%s:%s:%s:%s:%s", \
3724#			name, passwd, min, max, def, always, \
3725#			never)
3726' >> $MAP_FILE
3727else
3728  # Find the domains in which this map exists.
3729  find_domains $_MAP DEF_MAPS
3730
3731  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3732  then
3733
3734    # Don't put domain info as the map is present in all of them.
3735    echo 'nisLDAPnameFields passwd.adjunct.byname: \
3736			("%s:%s:%s:%s:%s:%s:%s", \
3737			name, passwd, min, max, def, always, \
3738			never)
3739' >> $MAP_FILE
3740  else
3741    # Not every domain has this map. So, list for the ones which do.
3742    for _DMN in $PRESENT_IN_DOMAINS
3743    do
3744      echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\
3745			(\"%s:%s:%s:%s:%s:%s:%s\", \\
3746                        name, passwd, min, max, def, always, \\
3747                        never)
3748" >> $MAP_FILE
3749    done
3750  fi
3751fi
3752
3753echo '
3754nisLDAPnameFields printers.conf.byname: \
3755			("%s:%s", names, values)
3756
3757nisLDAPnameFields prof_attr: \
3758			("%s:%s:%s:%s:%s", \
3759			name, res1, res2, desc, attrs)
3760
3761nisLDAPnameFields services: \
3762			("%s %s/%s %s", name, port, protocol, aliases)
3763
3764# This map is never created but yppasswd uses the mapping to extract password
3765# ageing information from the DIT. The password itself is not required by this
3766# mechanism so is not included in the ageing mapping.
3767nisLDAPnameFields ageing.byname: \
3768			("%s:%s:%s:%s:%s:%s:%s:%s", \
3769			name, lastchg, min, max, warn, inactive, \
3770			expire, flag)
3771
3772nisLDAPnameFields timezone.byname: \
3773			("%s %s", zoneName, hostName)
3774
3775nisLDAPnameFields user_attr: \
3776			("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs)
3777' >> $MAP_FILE
3778}
3779
3780#
3781# List namefields for non-default auto maps and custom maps.
3782#
3783put_auto_and_custom_map_nisLDAPnameFields()
3784{
3785for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
3786do
3787
3788  echo "\
3789nisLDAPnameFields ${_MAP}: \\
3790                      (\"%s\",value)
3791" >> $MAP_FILE
3792
3793done
3794}
3795
3796
3797create_nisLDAPnameFields()
3798{
3799# Put format information of "nisLDAPnameFields"
3800[ CUST_CMT_NEEDED -eq 1 ] && echo '
3801# "nisLDAPnameFields" specifies the content of entries in a NIS map
3802# and how they should be broken into named fields. It is required as,
3803# unlike NIS+, NIS maps do not store information in named fields.
3804#
3805# Following is the syntax for nisLDAPnameFields :
3806#
3807# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
3808# fieldName       = nameOrArrayName[","...]
3809# nameOrArrayName = Name of field or 'array' of repeated fields.
3810# matchspec       = \" formatString \"
3811' >> $MAP_FILE
3812
3813# List the default nameField values
3814put_default_nisLDAPnameFields
3815
3816# List the underlying assumption
3817echo "\
3818# With the assumption that all the custom maps are simple, single
3819# map (single key-value pair type), below is the nisLDAPnameFields
3820# information for all the custom and non-default auto.* maps. If
3821# this assumption is not valid, then refer to the NISLDAPmapping
3822# man page for information on how to customize this section.
3823" >> $MAP_FILE
3824
3825# List namefields for non-default auto maps and custom maps.
3826put_auto_and_custom_map_nisLDAPnameFields
3827
3828
3829echo "
3830#
3831#------------------------------------------------------------------------------
3832#
3833" >> $MAP_FILE
3834
3835return 0
3836}
3837
3838
3839#
3840# List repeated field seperators
3841#
3842create_nisLDAPrepeatedFieldSeparators()
3843{
3844
3845[ CUST_CMT_NEEDED -eq 1 ] && echo "
3846# nisLDAPrepeatedFieldSeparators : It is a character which separates
3847# the repeatable instnaces of splitable fields. It's format is :
3848#
3849# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\"
3850#               sepChar = A separator character.
3851#               Default value is space or tab.
3852" >> $MAP_FILE
3853
3854echo "\
3855#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\"
3856" >> $MAP_FILE
3857
3858}
3859
3860
3861#
3862# List split fields
3863#
3864create_nisLDAPsplitField()
3865{
3866# List the default split fields
3867
3868[ CUST_CMT_NEEDED -eq 1 ] && echo '
3869# nisLDAPsplitFields : It defines how a field, or list of fields,
3870# named by nisLDAPnameFields is split into sub fields. The original
3871# field is compared with each line of this attribute until one matches.
3872# When a match is found named sub-fields are generated. In latter
3873# operations sub-field names can be used in the same way as other
3874# field names. The format of nisLDAPsplitFields is :
3875#
3876# "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
3877# splitSpec       = "(" matchspec "," subFieldNames ")"
3878# fieldName       = Name of a field from nisLDAPnameFields
3879# subFieldNames   = subFieldname[","...]
3880# matchspec       = \" formatString \"
3881' >> $MAP_FILE
3882
3883echo '
3884nisLDAPsplitField memberTriples: \
3885			("(%s,%s,%s)", host, user, domain), \
3886			("%s", group)
3887' >> $MAP_FILE
3888
3889}
3890
3891#
3892# List split fields and repeated field separators.
3893#
3894create_split_field_and_repeatedfield_seperators()
3895{
3896
3897echo "\
3898# Specify how to break fields up into sub fields.
3899" >> $MAP_FILE
3900
3901create_nisLDAPrepeatedFieldSeparators
3902
3903create_nisLDAPsplitField
3904
3905echo "
3906#
3907#------------------------------------------------------------------------------
3908#
3909" >> $MAP_FILE
3910}
3911
3912list_default_nisLDAPobjectDN()
3913{
3914echo '
3915# Associate maps with RDNs and object classes. Base DN comes from the
3916# nisLDAPdomainContext.
3917#
3918# As supplied this file gives only the most derived objectClass for each map.
3919# For some servers it may be necessary to add "objectClass=" statements for
3920# all the superclasses. This should be done here.
3921
3922nisLDAPobjectDN	auto.home: \
3923			automountmapname=auto_home,?one? \
3924			objectClass=automount:
3925
3926nisLDAPobjectDN	auto.master: \
3927			automountmapname=auto_master,?one? \
3928			objectClass=automount:
3929
3930nisLDAPobjectDN	auth_attr: \
3931			ou=SolarisAuthAttr,?one? \
3932			objectClass=SolarisAuthAttr:
3933
3934nisLDAPobjectDN	bootparams: \
3935			ou=ethers,?one? \
3936			objectClass=bootableDevice, \
3937			bootParameter=*:\
3938			ou=ethers,?one? \
3939			objectClass=device, \
3940			objectClass=bootableDevice
3941
3942
3943nisLDAPobjectDN exec_attr:\
3944			ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3945				SolarisKernelSecurityPolicy=*:\
3946			ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3947				objectClass=SolarisProfAttr,\
3948				objectClass=top
3949
3950nisLDAPobjectDN	ethers: \
3951			ou=ethers,?one? \
3952			objectClass=ieee802Device, \
3953			macAddress=*:\
3954			ou=ethers,?one? \
3955			objectClass=device, \
3956			objectClass=ieee802Device
3957
3958nisLDAPobjectDN	group: \
3959			ou=group,?one? \
3960			objectClass=posixGroup:
3961' >> $MAP_FILE
3962
3963
3964# Need to handle group.adjunct.byname map for multiple domain.
3965
3966_MAP=group.adjunct.byname
3967if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3968then
3969  # Just put the syntax in comment form
3970  echo '#nisLDAPobjectDN group.adjunct.byname: \
3971#			ou=group,?one? \
3972#			objectClass=posixGroup:
3973' >> $MAP_FILE
3974else
3975  # Find the domains in which this map exists.
3976  find_domains $_MAP DEF_MAPS
3977  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3978  then
3979    # Don't put domain info as the map is present in all of them.
3980    echo 'nisLDAPobjectDN group.adjunct.byname: \
3981			ou=group,?one? \
3982			objectClass=posixGroup:
3983' >> $MAP_FILE
3984  else
3985    # Not every domain has this map. So, list for the ones which do.
3986    for _DMN in $PRESENT_IN_DOMAINS
3987    do
3988      echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\
3989			ou=group,?one? \\
3990			objectClass=posixGroup:
3991" >> $MAP_FILE
3992    done
3993  fi
3994fi
3995
3996
3997echo 'nisLDAPobjectDN	hosts: \
3998			ou=hosts,?one? \
3999			objectClass=ipHost:\
4000			ou=hosts,?one? \
4001			objectClass=device, \
4002			objectClass=ipHost
4003
4004nisLDAPobjectDN multihosts: \
4005			ou=hosts,?one? \
4006			objectClass=ipHost, \
4007			ipHostNumber=*.*
4008
4009nisLDAPobjectDN	ipnodes: \
4010			ou=hosts,?one? \
4011			objectClass=ipHost:\
4012			ou=hosts,?one? \
4013			objectClass=device, \
4014			objectClass=ipHost
4015
4016nisLDAPobjectDN multiipnodes: \
4017			ou=hosts,?one? \
4018			objectClass=ipHost, \
4019			ipHostNumber=*\:*
4020
4021nisLDAPobjectDN	mail.aliases: \
4022			ou=aliases,?one? \
4023			objectClass=mailGroup:
4024
4025nisLDAPobjectDN	mail.mapping: \
4026			ou=aliases,?one? \
4027			objectClass=mailGroup
4028
4029nisLDAPobjectDN	netgroup: \
4030			ou=netgroup,?one? \
4031			objectClass=nisNetgroup:
4032
4033nisLDAPobjectDN	networks: \
4034			ou=networks,?one? \
4035			objectClass=ipNetwork, \
4036			cn=*:
4037
4038# Must come after networks (or equivalent) that creates ipNetworks
4039nisLDAPobjectDN netmasks.byaddr: \
4040			ou=networks,?one? \
4041			objectClass=ipNetwork, \
4042			ipNetMaskNumber=*:
4043
4044nisLDAPobjectDN	passwd: \
4045			ou=people,?one? \
4046			objectClass=posixAccount:\
4047			ou=people,?one? \
4048			objectClass=account, \
4049			objectClass=shadowAccount, \
4050			objectClass=posixAccount
4051' >> $MAP_FILE
4052
4053
4054# Need to handle passwd.adjunct.byname map for multiple domain.
4055
4056_MAP=passwd.adjunct.byname
4057if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4058then
4059  # Just put the syntax in comment form
4060  echo '#nisLDAPobjectDN passwd.adjunct.byname: \
4061#			ou=people,?one? \
4062#			objectClass=posixAccount:\
4063#			ou=people,?one? \
4064#			objectClass=account, \
4065#			objectClass=shadowAccount, \
4066#			objectClass=posixAccount
4067' >> $MAP_FILE
4068else
4069  # Find the domains in which this map exists.
4070  find_domains $_MAP DEF_MAPS
4071  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4072  then
4073    # Don't put domain info as the map is present in all of them.
4074    echo 'nisLDAPobjectDN passwd.adjunct.byname: \
4075			ou=people,?one? \
4076			objectClass=posixAccount:\
4077			ou=people,?one? \
4078			objectClass=account, \
4079			objectClass=shadowAccount, \
4080			objectClass=posixAccount
4081' >> $MAP_FILE
4082  else
4083    # Not every domain has this map. So, list for the ones which do.
4084    for _DMN in $PRESENT_IN_DOMAINS
4085    do
4086      echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\
4087			ou=people,?one? \\
4088			objectClass=posixAccount:\\
4089			ou=people,?one? \\
4090			objectClass=account, \\
4091			objectClass=shadowAccount, \\
4092			objectClass=posixAccount
4093" >> $MAP_FILE
4094    done
4095  fi
4096fi
4097
4098
4099echo '# Must follow passwd
4100nisLDAPobjectDN netid.pass: \
4101			ou=people,?one? \
4102			objectClass=posixAccount
4103
4104# Must follow hosts
4105nisLDAPobjectDN netid.host: \
4106			ou=hosts,?one? \
4107			objectClass=ipHost
4108
4109nisLDAPobjectDN	printers.conf.byname: \
4110			ou=printers,?one? \
4111				objectClass=printerService:\
4112			ou=printers,?one? \
4113				objectClass=sunPrinter, \
4114				objectClass=printerService, \
4115				objectClass=printerLPR, \
4116				objectClass=printerAbstract
4117
4118nisLDAPobjectDN prof_attr:\
4119			ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4120				SolarisAttrLongDesc=*:\
4121			ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4122				objectClass=SolarisExecAttr,\
4123				objectClass=top
4124nisLDAPobjectDN project: \
4125			ou=project,?one? \
4126			objectClass=SolarisProject:
4127
4128nisLDAPobjectDN	protocols: \
4129			ou=protocols,?one? \
4130			objectClass=ipProtocol:
4131
4132nisLDAPobjectDN rpc.bynumber: \
4133			ou=rpc,?one? \
4134			objectClass=oncRpc:
4135
4136nisLDAPobjectDN	services.byname: \
4137			ou=services,?one? \
4138			objectClass=ipService:
4139
4140# Because services.byservicename contains keys of form both 'name'
4141# and 'name/protocol' we generate the DIT just from services.byname.
4142# Hence, write-disabled for services.byservicename
4143nisLDAPobjectDN	services.byservicename: \
4144			ou=services,?one? \
4145			objectClass=ipService
4146
4147# This map is never created but yppasswd uses the mapping to extract password
4148# aging information from the DIT.
4149nisLDAPobjectDN	ageing.byname: \
4150			ou=people,?one? \
4151			objectClass=shadowAccount:
4152
4153# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap
4154nisLDAPobjectDN	timezone.byname: \
4155			ou=Timezone,?one? \
4156			objectClass=nisplusTimeZoneData:
4157
4158nisLDAPobjectDN	user_attr: \
4159			ou=people,?one? \
4160			objectClass=SolarisUserAttr:
4161
4162# Must come after passwd (or equivalent) that creates posixAccounts
4163nisLDAPobjectDN	audit_user: \
4164			ou=people,?one? \
4165			objectClass=SolarisAuditUser:
4166
4167# Must come after hosts + passwd.
4168nisLDAPobjectDN keys.host: \
4169			ou=hosts,?one? \
4170			objectClass=NisKeyObject:
4171
4172nisLDAPobjectDN keys.pass: \
4173			ou=people,?one? \
4174			objectClass=NisKeyObject:
4175
4176nisLDAPobjectDN keys.nobody: \
4177			ou=people,?one? \
4178			objectClass=NisKeyObject:\
4179			ou=people,?one? \
4180			objectClass=account, \
4181			objectClass=NisKeyObject
4182
4183nisLDAPobjectDN ypservers: \
4184			ou=ypservers,?one? \
4185			objectClass=device:
4186' >> $MAP_FILE
4187}
4188
4189# List all the non-default auto.* and custom maps.
4190list_auto_custom_nisLDAPobjectDN()
4191{
4192
4193# auto.* entries are easy.
4194if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4195  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4196
4197  for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4198  do
4199
4200    # We need to find one container for each auto.* map.
4201    # Assume that each auto.* maps's container is auto_*.
4202
4203    _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"`
4204
4205    echo "\
4206nisLDAPobjectDN ${_MAP}: \\
4207                      automountmapname=${_MAP_UNDERSCORE},?one? \\
4208                      objectClass=automount:
4209" >> $MAP_FILE
4210  done
4211fi
4212
4213# Since we do not have enough information to generate
4214# entries for other custom maps, best we can do is to
4215# log this map names and ask user to take care of them.
4216
4217ask_user_to_update_the_custom_map_entries_too
4218
4219}
4220
4221
4222#
4223# List association of maps with RDNs and object classes.
4224#
4225create_nisLDAPobjectDN()
4226{
4227
4228[ CUST_CMT_NEEDED -eq 1 ] && echo '
4229# nisLDAPobjectDN : It specifies the connection between group of NIS
4230# maps and the LDAP directory. This attribute also defines the 'order'
4231# of the NIS maps. When NIS maps are bulk copied to or from the DIT
4232# they are processed in the same order as related nisLDAPobjectDN
4233# attributes appear in /var/yp/NISLDAPmapping.
4234# The format of "nisLDAPobjectDN" is :
4235#
4236# mapName[" "...] ":" objectDN *( ";" objectDN )
4237#
4238# where:
4239#
4240# objectDN        = readObjectSpec [":"[writeObjectSpec]]
4241# readObjectSpec  = [baseAndScope [filterAttrValList]]
4242# writeObjectSpec = [baseAndScope [attrValList]]
4243# baseAndScope    = [baseDN] ["?" [scope]]
4244# filterAttrValList = ["?" [filter | attrValList]]]
4245# scope           = "base" | "one" | "sub"
4246# attrValList     = attribute "=" value
4247#                       *("," attribute "=" value)
4248' >> $MAP_FILE
4249
4250# List all the default entries anyway.
4251list_default_nisLDAPobjectDN
4252
4253# List all the non-default auto.* and custom maps.
4254list_auto_custom_nisLDAPobjectDN
4255
4256}
4257
4258#
4259# List all the default nisLDAPattributeFromField entries
4260#
4261list_default_nisLDAPattributeFromField()
4262{
4263echo '
4264# Describe how named fields are mapped to DIT entries.
4265
4266# audit_user
4267nisLDAPattributeFromField audit_user: \
4268			dn=("uid=%s,", rf_key ), \
4269			SolarisAuditAlways=alwaysAuditFlags, \
4270			SolarisAuditNever=neverAuditFlags
4271
4272# auto.home
4273nisLDAPattributeFromField auto.home: \
4274			dn=("automountKey=%s,", rf_key ), \
4275			automountKey=rf_key, \
4276			automountInformation=value
4277
4278# auto.master
4279nisLDAPattributeFromField auto.master: \
4280			dn=("automountKey=%s,", rf_key ), \
4281			automountKey=rf_key, \
4282			automountInformation=value
4283
4284# auth_attr
4285nisLDAPattributeFromField auth_attr: \
4286			dn=("cn=%s,", rf_key ), \
4287			cn=name, \
4288			SolarisAttrReserved1=res1, \
4289			SolarisAttrReserved2=res2, \
4290			SolarisAttrShortDesc=short_desc, \
4291			SolarisAttrLongDesc=long_desc, \
4292			SolarisAttrKeyValue=attrs
4293
4294# exec_attr. Because of the messy NIS keys special handling is required here
4295nisLDAPattributeFromField exec_attr: \
4296			dn=("cn=%s+SolarisKernelSecurityPolicy=%s\
4297				+SolarisProfileType=%s+SolarisProfileID=%s,", \
4298				name, policy,type,id), \
4299			("%s:*", cn)=rf_key, \
4300			("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \
4301			("*:*:%s", SolarisProfileId)=rf_key, \
4302			solarisProfileType=type, \
4303			solarisAttrReserved1=res1, \
4304			SolarisAttrReserved2=res2, \
4305			solarisAttrKeyValue=attrs
4306
4307# ethers
4308nisLDAPattributeFromField ethers.byname: \
4309			dn=("cn=%s,", rf_key ), \
4310			macAddress=addr
4311nisLDAPattributeFromField ethers.byaddr: \
4312			dn=("cn=%s,", name ), \
4313			macAddress=rf_key
4314nisLDAPattributeFromField ethers: \
4315			cn=name, \
4316			description=rf_comment
4317
4318# bootparams. Must be done after ethers
4319nisLDAPattributeFromField bootparams: \
4320			dn=("cn=%s,", rf_key ), \
4321			cn=rf_key, \
4322			(bootParameter)=(params, " ")
4323' >> $MAP_FILE
4324
4325# group syntax is different when group.adjunct map is present.
4326# So, need to handle the various possibilities
4327
4328_MAP=group.adjunct.byname
4329
4330if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4331then
4332
4333  # Just put the group.adjunct syntax in comment form
4334
4335  echo '# group
4336nisLDAPattributeFromField group.byname: \
4337			dn=("cn=%s,", rf_key ), \
4338                        gidNumber=gid
4339nisLDAPattributeFromField group.bygid: \
4340		        dn=("cn=%s,", name ), \
4341                        gidNumber=rf_key
4342nisLDAPattributeFromField group: \
4343                        cn=name, \
4344                        userPassword=("{crypt}%s",passwd), \
4345                        (memberUid)=(users, ",")
4346
4347#
4348# If you are using group.adjunct, comment the group section above
4349# and uncomment the following group and group.adjunct sections
4350#
4351# group
4352#nisLDAPattributeFromField group.byname: \
4353#			dn=("cn=%s,", rf_key ), \
4354#			gidNumber=gid
4355#nisLDAPattributeFromField group.bygid: \
4356#			dn=("cn=%s,", name ), \
4357#			gidNumber=rf_key
4358#nisLDAPattributeFromField group: \
4359#			cn=name, \
4360#			(memberUid)=(users, ",")
4361
4362# group.adjunct
4363#nisLDAPattributeFromField group.adjunct.byname: \
4364#			dn=("cn=%s,", rf_key ), \
4365#			cn=name, \
4366#			userPassword=("{crypt}%s",passwd)
4367' >> $MAP_FILE
4368
4369else
4370
4371  # Find the domains in which group.adjunct map exists.
4372  find_domains $_MAP DEF_MAPS
4373
4374  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4375  then
4376
4377    # All the domains have group.adjunct map.
4378
4379    echo '# group
4380#nisLDAPattributeFromField group.byname: \
4381#			dn=("cn=%s,", rf_key ), \
4382#			gidNumber=gid
4383#nisLDAPattributeFromField group.bygid: \
4384#			dn=("cn=%s,", name ), \
4385#			gidNumber=rf_key
4386#nisLDAPattributeFromField group: \
4387#			cn=name, \
4388#			userPassword=("{crypt}%s",passwd), \
4389#			(memberUid)=(users, ",")
4390
4391# If you are not using group.adjunct, uncomment the group section above
4392# and comment the following group and group.adjunct sections
4393#
4394# group
4395nisLDAPattributeFromField group.byname: \
4396			dn=("cn=%s,", rf_key ), \
4397			gidNumber=gid
4398nisLDAPattributeFromField group.bygid: \
4399			dn=("cn=%s,", name ), \
4400			gidNumber=rf_key
4401nisLDAPattributeFromField group: \
4402			cn=name, \
4403			(memberUid)=(users, ",")
4404
4405# group.adjunct
4406nisLDAPattributeFromField group.adjunct.byname: \
4407			dn=("cn=%s,", rf_key ), \
4408			cn=name, \
4409			userPassword=("{crypt}%s",passwd)
4410' >> $MAP_FILE
4411
4412  else
4413    # Not every domain has group.adjunct map.
4414
4415    # First put the password syntax with domain name for domains
4416    # in which group.adjunct exists.
4417
4418    echo "# group" >> $MAP_FILE
4419
4420    for _DMN in $PRESENT_IN_DOMAINS
4421    do
4422
4423      echo "\
4424# domain-specific group
4425nisLDAPattributeFromField group.byname,${_DMN}: \\
4426			dn=(\"cn=%s,\", rf_key ), \\
4427			gidNumber=gid
4428nisLDAPattributeFromField group.bygid,${_DMN}: \\
4429			dn=(\"cn=%s,\", name ), \\
4430			gidNumber=rf_key
4431nisLDAPattributeFromField group,${_DMN}: \\
4432			cn=name, \\
4433			(memberUid)=(users, \",\")
4434" >> $MAP_FILE
4435    done
4436
4437    # Now put the other group syntax. We do not need to
4438    # append the domain name here.
4439
4440    echo '
4441nisLDAPattributeFromField group.byname: \
4442			dn=("cn=%s,", rf_key ), \
4443			gidNumber=gid
4444nisLDAPattributeFromField group.bygid: \
4445			dn=("cn=%s,", name ), \
4446			gidNumber=rf_key
4447nisLDAPattributeFromField group: \
4448			cn=name, \
4449			userPassword=("{crypt}%s",passwd), \
4450			(memberUid)=(users, ",")
4451' >> $MAP_FILE
4452
4453    # Now we need to put the group.adjunct syntax for domains
4454    # in which this map exists.
4455
4456    echo "# group.adjunct" >> $MAP_FILE
4457
4458    for _DMN in $PRESENT_IN_DOMAINS
4459    do
4460
4461      echo "\
4462nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\
4463			dn=(\"cn=%s,\", rf_key ), \\
4464			cn=name, \\
4465			userPassword=(\"{crypt}%s\",passwd)
4466" >> $MAP_FILE
4467    done
4468
4469  fi
4470
4471fi
4472
4473
4474echo '
4475# hosts
4476# Cannot forward map hosts.byname key as the YP_MULTI entries will not work.
4477nisLDAPattributeFromField hosts.byname: \
4478                        cn=rf_searchkey
4479nisLDAPattributeFromField hosts.byaddr: \
4480                        ipHostNumber=rf_searchipkey
4481nisLDAPattributeFromField hosts: \
4482                        ipHostNumber=addr, \
4483			dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4484                        cn=canonicalName, \
4485                        (cn)=(aliases, " "), \
4486                        description=rf_comment
4487
4488nisLDAPattributeFromField multihosts: \
4489			("YP_MULTI_%s", cn)=rf_searchkey
4490
4491# ipnodes
4492# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work.
4493nisLDAPattributeFromField ipnodes.byname: \
4494                        cn=rf_searchkey
4495nisLDAPattributeFromField ipnodes.byaddr: \
4496                        ipHostNumber=rf_searchipkey
4497nisLDAPattributeFromField ipnodes: \
4498                        ipHostNumber=addr, \
4499			dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4500			cn=canonicalName, \
4501                        (cn)=(aliases, " "), \
4502                        description=rf_comment
4503
4504nisLDAPattributeFromField multiipnodes: \
4505			("YP_MULTI_%s", cn)=rf_searchkey
4506
4507#mail.aliases
4508nisLDAPattributeFromField mail.aliases: \
4509			dn=("mail=%s,", rf_key), \
4510			mail=rf_key, \
4511			(mgrprfc822mailmember)=(addresses, ",")
4512
4513#mail.mapping
4514#Commented out because all NIS->LDAP mappings are done by mail.aliases
4515#nisLDAPattributeFromField mail.mapping: \
4516#			dn=("mail=%s,", address), \
4517#			mail=address, \
4518#			mgrprfc822mailmember=rf_key
4519nisLDAPattributeFromField mail.mapping: \
4520			mgrprfc822mailmember=rf_searchkey
4521
4522# netgroup.
4523#
4524# Only need to create DIT entries for netgroup. This contains a superset of
4525# the information in netgroup.byhost and netgroup.byuser
4526nisLDAPattributeFromField netgroup: \
4527			dn=("cn=%s,", rf_key ), \
4528			(memberNisNetgroup)=group, \
4529			(nisNetgroupTriple)= \
4530					("(%s,%s,%s)", host, user, domain), \
4531			cn=rf_key, \
4532			description=rf_comment
4533
4534# netid.pass
4535#
4536# Commented out because, unless remote domains (and thus /etc/netid) is
4537# supported, all NIS->LDAP mappings are set up from passwd.
4538#nisLDAPattributeFromField netid.pass: \
4539#			("unix.%s@*", uidNumber)=rf_key, \
4540#			(gidNumber)=("%s", (data), " "), \
4541#			description=rf_comment
4542nisLDAPattributeFromField netid.pass: \
4543			("unix.%s@*", uidNumber)=rf_searchkey
4544
4545# netid.host
4546#
4547# Commented out because, unless remote domains (and thus /etc/netid) is
4548# supported, all NIS->LDAP mappings are set up from hosts.
4549#nisLDAPattributeFromField netid.host: \
4550#			dn=("cn=%s+ipHostNumber=%s,", data, \
4551#			        ldap:ipHostNumber:?one?("cn=%s", data)), \
4552#			ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \
4553#			("unix.%s@*", cn)=rf_key, \
4554#			description=rf_comment
4555nisLDAPattributeFromField netid.host: \
4556			("unix.%s@*", cn)=rf_searchkey
4557
4558# netmasks.byaddr
4559nisLDAPattributeFromField netmasks.byaddr: \
4560			dn=("ipNetworkNumber=%s,", rf_ipkey ), \
4561			ipNetworkNumber=rf_ipkey, \
4562			ipNetmaskNumber=mask, \
4563			description=rf_comment
4564
4565# networks.
4566nisLDAPattributeFromField networks.byname: \
4567			dn=("ipNetworkNumber=%s,", number ), \
4568			cn=name, \
4569			cn=rf_key
4570nisLDAPattributeFromField networks.byaddr: \
4571			dn=("ipNetworkNumber=%s,", rf_key ), \
4572			cn=name
4573nisLDAPattributeFromField networks: \
4574			(cn)=(aliases, " "), \
4575			ipNetworkNumber=number, \
4576			description=rf_comment
4577' >> $MAP_FILE
4578
4579
4580# passwd syntax is different when passwd.adjunct map is present.
4581# So, need to handle the various possibilities
4582
4583_MAP=passwd.adjunct.byname
4584
4585if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4586then
4587
4588  # Just put the passwd.adjunct syntax in comment form
4589
4590  echo '# passwd
4591nisLDAPattributeFromField passwd.byname: \
4592			dn=("uid=%s,", rf_key ), \
4593			uid=rf_key, \
4594			uidNumber=uid
4595nisLDAPattributeFromField passwd.byuid: \
4596			dn=("uid=%s,", name ), \
4597			uidNumber=rf_key, \
4598			uid=name
4599nisLDAPattributeFromField passwd: \
4600			cn=name, \
4601			userPassword=("{crypt}%s",passwd), \
4602			gidNumber=gid, \
4603			gecos=gecos, \
4604			homeDirectory=home, \
4605			loginShell=shell
4606
4607#
4608# If you are using passwd.adjunct, comment the passwd section above
4609# and uncomment the following passwd and passwd.adjunct sections
4610#
4611# passwd
4612#nisLDAPattributeFromField passwd.byname: \
4613#			dn=("uid=%s,", rf_key ), \
4614#			uid=rf_key, \
4615#			uidNumber=uid
4616#nisLDAPattributeFromField passwd.byuid: \
4617#			dn=("uid=%s,", name ), \
4618#			uidNumber=rf_key, \
4619#			uid=name
4620#nisLDAPattributeFromField passwd: \
4621#			cn=name, \
4622#			gidNumber=gid, \
4623#			gecos=gecos, \
4624#			homeDirectory=home, \
4625#			loginShell=shell
4626
4627# passwd.adjunct
4628#nisLDAPattributeFromField passwd.adjunct.byname: \
4629#			dn=("uid=%s,", rf_key ), \
4630#			uid=name, \
4631#			userPassword=("{crypt}%s",passwd)
4632' >> $MAP_FILE
4633
4634else
4635
4636  # Find the domains in which passwd.adjunct map exists.
4637  find_domains $_MAP DEF_MAPS
4638
4639  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4640  then
4641
4642    # All the domains have passwd.adjunct map. So, put the right
4643    # passwd syntax and comment-in the passwd.adjunct syntax.
4644
4645
4646    echo '# passwd
4647#nisLDAPattributeFromField passwd.byname: \
4648#			dn=("uid=%s,", rf_key ), \
4649#			uid=rf_key, \
4650#			uidNumber=uid
4651#nisLDAPattributeFromField passwd.byuid: \
4652#			dn=("uid=%s,", name ), \
4653#			uidNumber=rf_key, \
4654#			uid=name
4655#nisLDAPattributeFromField passwd: \
4656#			cn=name, \
4657#			userPassword=("{crypt}%s",passwd), \
4658#			gidNumber=gid, \
4659#			gecos=gecos, \
4660#			homeDirectory=home, \
4661#			loginShell=shell
4662
4663# If you are not using passwd.adjunct, uncomment the passwd section above
4664# and comment the following passwd and passwd.adjunct sections
4665#
4666# passwd
4667nisLDAPattributeFromField passwd.byname: \
4668			dn=("uid=%s,", rf_key ), \
4669			uid=rf_key, \
4670			uidNumber=uid
4671nisLDAPattributeFromField passwd.byuid: \
4672			dn=("uid=%s,", name ), \
4673			uidNumber=rf_key, \
4674			uid=name
4675nisLDAPattributeFromField passwd: \
4676			cn=name, \
4677			gidNumber=gid, \
4678			gecos=gecos, \
4679			homeDirectory=home, \
4680			loginShell=shell
4681
4682# passwd.adjunct
4683nisLDAPattributeFromField passwd.adjunct.byname: \
4684			dn=("uid=%s,", rf_key ), \
4685			uid=name, \
4686			userPassword=("{crypt}%s",passwd)
4687' >> $MAP_FILE
4688
4689  else
4690    # Not every domain has passwd.adjunct map.
4691
4692    # First put the password syntax with domain name for domains
4693    # in which passwd.adjunct exists.
4694
4695    echo "# passwd" >> $MAP_FILE
4696
4697    for _DMN in $PRESENT_IN_DOMAINS
4698    do
4699
4700      echo "\
4701nisLDAPattributeFromField passwd.byname,${_DMN}: \\
4702			dn=(\"uid=%s,\", rf_key ), \\
4703			uid=rf_key, \\
4704			uidNumber=uid
4705nisLDAPattributeFromField passwd.byuid,${_DMN}: \\
4706			dn=(\"uid=%s,\", name ), \\
4707			uidNumber=rf_key, \\
4708			uid=name
4709nisLDAPattributeFromField passwd,${_DMN}: \\
4710			cn=name, \\
4711			gidNumber=gid, \\
4712			gecos=gecos, \\
4713			homeDirectory=home, \\
4714			loginShell=shell
4715" >> $MAP_FILE
4716    done
4717
4718    # Now put the other passwd syntax. We do not need to
4719    # append the domain name here.
4720
4721    echo '
4722nisLDAPattributeFromField passwd.byname: \
4723			dn=("uid=%s,", rf_key ), \
4724			uid=rf_key, \
4725			uidNumber=uid
4726nisLDAPattributeFromField passwd.byuid: \
4727			dn=("uid=%s,", name ), \
4728			uidNumber=rf_key, \
4729			uid=name
4730nisLDAPattributeFromField passwd: \
4731			cn=name, \
4732			userPassword=("{crypt}%s",passwd), \
4733			gidNumber=gid, \
4734			gecos=gecos, \
4735			homeDirectory=home, \
4736			loginShell=shell
4737' >> $MAP_FILE
4738
4739    # Now we need to put the passwd.adjunct syntax for domains
4740    # in which this map exists.
4741
4742    echo "# passwd.adjunct" >> $MAP_FILE
4743
4744    for _DMN in $PRESENT_IN_DOMAINS
4745    do
4746
4747      echo "\
4748nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\
4749			dn=(\"uid=%s,\", rf_key ), \\
4750			uid=name, \\
4751			userPassword=(\"{crypt}%s\",passwd)
4752" >> $MAP_FILE
4753    done
4754
4755  fi
4756
4757fi
4758
4759echo '
4760# This map is never created but yppasswd uses the mapping to extract password
4761# aging information from the DIT.
4762nisLDAPattributeFromField ageing.byname: \
4763			dn=("uid=%s,", rf_key ), \
4764			uid=name, \
4765			shadowLastChange=lastchg, \
4766			shadowMin=min, \
4767			shadowMax=max, \
4768			shadowWarning=warn, \
4769			shadowInactive=inactive, \
4770			shadowExpire=expire, \
4771			shadowFlag=flag
4772
4773# printers.conf.byname
4774nisLDAPattributeFromField printers.conf.byname: \
4775			dn=("printer-uri=%s,", rf_key ), \
4776			printer-name=rf_key, \
4777			(printer-aliases)=(names, "|"), \
4778			sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \
4779			(sun-printer-kvp)=(values,":"), \
4780			description=rf_comment
4781
4782# prof_attr
4783nisLDAPattributeFromField prof_attr: \
4784			dn=("cn=%s,", rf_key ), \
4785			cn=name, \
4786			SolarisAttrReserved1=res1, \
4787			SolarisAttrReserved2=res2, \
4788			SolarisAttrLongDesc=desc, \
4789			SolarisAttrKeyValue=attrs
4790
4791# project
4792nisLDAPattributeFromField project.byname: \
4793			dn=("SolarisProjectName=%s,", rf_key )
4794nisLDAPattributeFromField project.byprojid: \
4795			dn=("SolarisProjectName=%s,", name ), \
4796			SolarisProjectID=rf_searchkey
4797nisLDAPattributeFromField project: \
4798			SolarisProjectName=name, \
4799			SolarisProjectID=projID, \
4800			(memberUid)=(users, ","), \
4801			(memberGid)=(groups, ","), \
4802			(SolarisProjectAttr)=(attrs, ";"), \
4803			description=comment
4804
4805# protocols
4806nisLDAPattributeFromField protocols.byname: \
4807                        ipProtocolNumber=number, \
4808                        cn=rf_searchkey
4809nisLDAPattributeFromField protocols.bynumber: \
4810                        ipProtocolNumber=rf_key, \
4811                        description=rf_comment
4812nisLDAPattributeFromField protocols: \
4813			dn=("cn=%s,", name ), \
4814                        (cn)=(aliases, " "), \
4815			cn=name
4816
4817# rpc.bynumber
4818nisLDAPattributeFromField rpc.bynumber: \
4819			dn=("cn=%s,", name ), \
4820			oncRpcNumber=rf_key, \
4821                        (cn)=(aliases, " "), \
4822			cn=name, \
4823			description=rf_comment
4824
4825# services
4826# services.byservicename rule is only used to speed single search
4827nisLDAPattributeFromField services.byservicename: \
4828			("%s/%s", cn, ipServiceProtocol) = rf_searchkey
4829
4830nisLDAPattributeFromField services.byname: \
4831			dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \
4832     			("*/%s", ipServiceProtocol)=rf_key, \
4833     			("%s/*", ipServicePort)=rf_key, \
4834                        (cn)=(aliases, " "), \
4835			cn=name, \
4836                        description=rf_comment
4837
4838# timezone.byname
4839nisLDAPattributeFromField timezone.byname: \
4840			dn=("cn=%s,", rf_key ), \
4841			cn=hostName, \
4842			nisplusTimeZone=zoneName, \
4843			description=comment
4844
4845# user_attr
4846nisLDAPattributeFromField user_attr: \
4847			dn=("uid=%s,", rf_key ), \
4848			uid=rf_key, \
4849			SolarisUserAttr=qualifier, \
4850			SolarisUserReserved1=res1, \
4851			SolarisUserReserved2=res2, \
4852			SolarisAttrKeyValue=attrs
4853
4854# publickey.byname
4855nisLDAPattributeFromField keys.host: \
4856			dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \
4857			nisPublicKey=publicKey, \
4858			nisSecretKey=secretKey
4859
4860nisLDAPattributeFromField keys.pass: \
4861			dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \
4862			nisPublicKey=publicKey, \
4863			nisSecretKey=secretKey
4864
4865nisLDAPattributeFromField keys.nobody: \
4866			dn=("uid=%s,",yp:rf_key), \
4867			cn=rf_key, \
4868			nisPublicKey=publicKey, \
4869			nisSecretKey=secretKey
4870
4871# ypservers. This derived from IPlanet implementation not RFC.
4872nisLDAPattributeFromField ypservers: \
4873			dn=("cn=%s,", rf_key), \
4874			cn=rf_key
4875' >> $MAP_FILE
4876}
4877
4878#
4879# List all the non-default auto.* and custom maps.
4880#
4881list_auto_and_custom_nisLDAPattributeFromField()
4882{
4883
4884# auto.* entries are easy.
4885if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4886  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4887fi
4888
4889for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4890do
4891  echo "\
4892# ${_MAP}
4893nisLDAPattributeFromField ${_MAP}: \\
4894                        dn=(\"automountKey=%s,\", rf_key ), \\
4895                        automountKey=rf_key, \\
4896                        automountInformation=value
4897" >> $MAP_FILE
4898done
4899
4900# Since we do not have enough information to generate
4901# entries for other custom maps, best we can do is to
4902# log this map names and ask user to take care of them.
4903
4904ask_user_to_update_the_custom_map_entries_too
4905
4906}
4907
4908
4909#
4910# List mapping of named fields to DIT entries
4911#
4912create_nisLDAPattributeFromField()
4913{
4914
4915[ CUST_CMT_NEEDED -eq 1 ] && echo '
4916# nisLDAPattributeFromField : It specifies how an LDAP attribute
4917# value is derived from a NIS entries field values.
4918#
4919# The format of nisLDAPattributeFromField entry is :
4920# mapName ":" fieldattrspec *("," fieldattrspec )
4921' >> $MAP_FILE
4922
4923# List all the default entries anyway.
4924list_default_nisLDAPattributeFromField
4925
4926# List all the non-default auto.* and custom maps.
4927list_auto_and_custom_nisLDAPattributeFromField
4928
4929echo "
4930#
4931#------------------------------------------------------------------------------
4932#
4933" >> $MAP_FILE
4934}
4935
4936
4937#
4938# List all the default nisLDAPattributeFromField entries
4939#
4940list_default_nisLDAPfieldFromAttribute()
4941{
4942echo '
4943# Describe how named fields are mapped from DIT entries.
4944
4945# audit_user
4946nisLDAPfieldFromAttribute audit_user: \
4947			("uid=%s,*", rf_key)=dn, \
4948			("uid=%s,*", name)=dn, \
4949			alwaysAuditFlags=SolarisAuditAlways, \
4950			neverAuditFlags=SolarisAuditNever
4951
4952# auto.home
4953nisLDAPfieldFromAttribute auto.home: \
4954			rf_key=automountKey, \
4955			value=automountInformation
4956
4957# auto.master
4958nisLDAPfieldFromAttribute auto.master: \
4959			rf_key=automountKey, \
4960			value=automountInformation
4961
4962# auth_attr
4963nisLDAPfieldFromAttribute auth_attr: \
4964			rf_key=cn, \
4965			name=cn, \
4966			res1=SolarisAttrReserved1, \
4967			res2=SolarisAttrReserved2, \
4968			short_desc=SolarisAttrShortDesc, \
4969			long_desc=SolarisAttrLongDesc, \
4970			attrs=SolarisAttrKeyValue
4971
4972# Exec_attr. Because of messy NIS keys special handlind is required here
4973nisLDAPfieldFromAttribute exec_attr: \
4974			rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \
4975				solarisProfileId), \
4976			name=cn, \
4977			policy=SolarisKernelSecurityPolicy, \
4978			type=SolarisProfileType, \
4979			res1=SolarisAttrReserved1, \
4980			res2=SolarisAttrReserved2, \
4981			id=SolarisProfileId, \
4982			attrs=SolarisAttrKeyValue
4983
4984
4985# ethers
4986nisLDAPfieldFromAttribute ethers.byname: \
4987			rf_key=cn
4988nisLDAPfieldFromAttribute ethers.byaddr: \
4989			rf_key=macAddress
4990nisLDAPfieldFromAttribute ethers: \
4991			name=cn, \
4992			addr=macAddress, \
4993			rf_comment=description
4994
4995# bootparams. Must be done after ethers
4996nisLDAPfieldFromAttribute bootparams: \
4997			rf_key=cn, \
4998			params=("%s ", (bootParameter), " ")
4999' >> $MAP_FILE
5000
5001# group syntax is different when group.adjunct map is present.
5002# So, need to handle the various possibilities
5003
5004_MAP=group.adjunct.byname
5005
5006if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5007then
5008
5009  # Just put the group.adjunct syntax in comment form
5010
5011  echo '# group
5012nisLDAPfieldFromAttribute group.byname: \
5013			rf_key=cn
5014nisLDAPfieldFromAttribute group.bygid: \
5015                        rf_key=gidNumber
5016nisLDAPfieldFromAttribute group: \
5017                        gid=gidNumber, \
5018                        name=cn, \
5019			("{crypt}%s", passwd)=userPassword, \
5020			users=("%s,", (memberUid), ",")
5021
5022#
5023# If you are using group.adjunct, comment the group section above
5024# and uncomment the following group and group.adjunct section
5025#
5026# group
5027#nisLDAPfieldFromAttribute group.byname: \
5028#			rf_key=cn
5029#nisLDAPfieldFromAttribute group.bygid: \
5030#			rf_key=gidNumber
5031#nisLDAPfieldFromAttribute group: \
5032#			gid=gidNumber, \
5033#			name=cn, \
5034#			passwd=("#$%s", cn), \
5035#			users=("%s,", (memberUid), ",")
5036
5037# group.adjunct
5038#nisLDAPfieldFromAttribute group.adjunct.byname: \
5039#			rf_key=cn, \
5040#			name=cn, \
5041#			("{crypt}%s", passwd)=userPassword
5042' >> $MAP_FILE
5043
5044else
5045
5046  # Find the domains in which group.adjunct map exists.
5047  find_domains $_MAP DEF_MAPS
5048
5049  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5050  then
5051
5052    # All the domains have group.adjunct map.
5053
5054
5055    echo '# group
5056#nisLDAPfieldFromAttribute group.byname: \
5057#			rf_key=cn
5058#nisLDAPfieldFromAttribute group.bygid: \
5059#                        rf_key=gidNumber
5060#nisLDAPfieldFromAttribute group: \
5061#                        gid=gidNumber, \
5062#                        name=cn, \
5063#			("{crypt}%s", passwd)=userPassword, \
5064#			users=("%s,", (memberUid), ",")
5065
5066#
5067# If you are not using group.adjunct, comment the group section above
5068# and uncomment the following group and group.adjunct sections
5069#
5070# group
5071nisLDAPfieldFromAttribute group.byname: \
5072			rf_key=cn
5073nisLDAPfieldFromAttribute group.bygid: \
5074			rf_key=gidNumber
5075nisLDAPfieldFromAttribute group: \
5076			gid=gidNumber, \
5077			name=cn, \
5078			passwd=("#$%s", cn), \
5079			users=("%s,", (memberUid), ",")
5080
5081#
5082# group.adjunct
5083nisLDAPfieldFromAttribute group.adjunct.byname: \
5084			rf_key=cn, \
5085			name=cn, \
5086			("{crypt}%s", passwd)=userPassword
5087' >> $MAP_FILE
5088
5089  else
5090    # Not every domain has group.adjunct map.
5091
5092    echo "# group" >> $MAP_FILE
5093
5094    for _DMN in $PRESENT_IN_DOMAINS
5095    do
5096
5097      echo "\
5098nisLDAPfieldFromAttribute group.byname,${_DMN}: \\
5099			rf_key=cn
5100nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\
5101			rf_key=gidNumber
5102nisLDAPfieldFromAttribute group,${_DMN}: \\
5103			gid=gidNumber, \\
5104			name=cn, \\
5105			passwd=(\"#$%s\", cn), \\
5106			users=(\"%s,\", (memberUid), \",\")
5107" >> $MAP_FILE
5108    done
5109
5110    # Now put the generic group syntax. We do not need to
5111    # append the domain name here.
5112
5113    echo '
5114nisLDAPfieldFromAttribute group.byname: \
5115			rf_key=cn
5116nisLDAPfieldFromAttribute group.bygid: \
5117                        rf_key=gidNumber
5118nisLDAPfieldFromAttribute group: \
5119                        gid=gidNumber, \
5120                        name=cn, \
5121			("{crypt}%s", passwd)=userPassword, \
5122			users=("%s,", (memberUid), ",")
5123' >> $MAP_FILE
5124
5125    # Now we need to put the group.adjunct syntax for domains
5126    # in which this map exists.
5127
5128    echo "#
5129# group.adjunct
5130# " >> $MAP_FILE
5131
5132    for _DMN in $PRESENT_IN_DOMAINS
5133    do
5134
5135      echo "\
5136nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\
5137			rf_key=cn, \\
5138			name=cn, \\
5139			(\"{crypt}%s\", passwd)=userPassword
5140" >> $MAP_FILE
5141
5142    done
5143
5144  fi
5145
5146fi
5147
5148echo '
5149# hosts
5150nisLDAPfieldFromAttribute hosts.byaddr: \
5151                        rf_ipkey=ipHostNumber
5152nisLDAPfieldFromAttribute hosts.byname: \
5153			(rf_key)=(cn)
5154nisLDAPfieldFromAttribute hosts: \
5155			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5156                        addr=ipHostNumber, \
5157			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5158                        rf_comment=description
5159
5160nisLDAPfieldFromAttribute multihosts: \
5161			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5162			(rf_key)=("YP_MULTI_%s", cn), \
5163			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5164			rf_comment=description, \
5165			(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5166				(ipHostNumber=*.*))", yp:canonicalName)), \
5167			addr=("%s,", (yp:tmp), ",")
5168
5169# ipnodes
5170nisLDAPfieldFromAttribute ipnodes.byaddr: \
5171                        rf_ipkey=ipHostNumber
5172nisLDAPfieldFromAttribute ipnodes.byname: \
5173			("cn=%s+ipHostNumber=*", rf_key)=dn
5174nisLDAPfieldFromAttribute ipnodes: \
5175			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5176                        addr=ipHostNumber, \
5177			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5178                        rf_comment=description
5179
5180nisLDAPfieldFromAttribute multiipnodes: \
5181			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5182			(rf_key)=("YP_MULTI_%s", cn), \
5183			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5184			rf_comment=description, \
5185			(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5186				(ipHostNumber=*:*))", yp:canonicalName)), \
5187			addr=("%s,", (yp:tmp), ",")
5188
5189#mail.aliases
5190nisLDAPfieldFromAttribute mail.aliases: \
5191			rf_key=mail, \
5192			addresses= ("%s,", (mgrprfc822mailmember), ","), \
5193			rf_comment=description
5194
5195#mail.mapping
5196nisLDAPfieldFromAttribute mail.mapping: \
5197			rf_key=mgrprfc822mailmember, \
5198			address=mail, \
5199			rf_comment=description
5200
5201# netgroup.
5202nisLDAPfieldFromAttribute netgroup: \
5203			rf_key=cn, \
5204			(group)=(memberNisNetgroup), \
5205			("(%s,%s,%s)", host, user, domain)= \
5206						(nisNetgroupTriple), \
5207			rf_comment=description
5208
5209# netid.pass
5210nisLDAPfieldFromAttribute netid.pass: \
5211			number=uidNumber, \
5212			(tmp)=("%s", gidNumber:ou=group,?one?\
5213				("memberUid=%s", ldap:uid)), \
5214			sgid=("%s,", (yp:tmp) - gidNumber, ","), \
5215			data=("%s,%s", gidNumber, yp:sgid), \
5216			data=gidNumber, \
5217			(rf_key)=("unix.%s@%s", yp:number, yp:rf_domain)
5218
5219# netid.host
5220nisLDAPfieldFromAttribute netid.host: \
5221			("cn=%s+ipHostNumber=*", data)=dn, \
5222			number=("0"), \
5223			(rf_key)=("unix.%s@%s", yp:data, yp:rf_domain)
5224
5225# netmasks.byaddr
5226nisLDAPfieldFromAttribute netmasks.byaddr: \
5227			("ipNetworkNumber=%s,*", rf_ipkey)=dn, \
5228			mask=ipNetmaskNumber, \
5229			rf_comment=description
5230
5231# networks.
5232nisLDAPfieldFromAttribute networks.byname: \
5233			(rf_key)=(cn)
5234nisLDAPfieldFromAttribute networks.byaddr: \
5235			("ipNetworkNumber=%s,*", rf_key)=dn
5236nisLDAPfieldFromAttribute networks: \
5237			name=cn, \
5238			aliases=("%s ", (cn) - yp:name, " "), \
5239			number=ipNetworkNumber, \
5240			rf_comment=description
5241' >> $MAP_FILE
5242
5243# passwd syntax is different when passwd.adjunct map is present.
5244# So, need to handle the various possibilities
5245
5246_MAP=passwd.adjunct.byname
5247
5248if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5249then
5250
5251  # Just put the passwd.adjunct syntax in comment form
5252
5253  echo '# passwd
5254nisLDAPfieldFromAttribute passwd.byname: \
5255			rf_key=uid
5256nisLDAPfieldFromAttribute passwd.byuid: \
5257			rf_key=uidNumber
5258nisLDAPfieldFromAttribute passwd: \
5259			name=uid, \
5260			uid=uidNumber, \
5261			("{crypt}%s", passwd)=userPassword, \
5262			gid=gidNumber, \
5263			gecos=gecos, \
5264			home=homeDirectory, \
5265			shell=loginShell
5266
5267#
5268# If you are using passwd.adjunct, comment the passwd section above
5269# and uncomment the following passwd and passwd.adjunct sections
5270#
5271# passwd
5272#nisLDAPfieldFromAttribute passwd.byname: \
5273#			rf_key=uid
5274#nisLDAPfieldFromAttribute passwd.byuid: \
5275#			rf_key=uidNumber
5276#nisLDAPfieldFromAttribute passwd: \
5277#			name=uid, \
5278#			uid=uidNumber, \
5279#			passwd=("##%s", uid), \
5280#			gid=gidNumber, \
5281#			gecos=gecos, \
5282#			home=homeDirectory, \
5283#			shell=loginShell
5284
5285# passwd.adjunct
5286#nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5287#			rf_key=uid, \
5288#			name=uid, \
5289#			("{crypt}%s", passwd)=userPassword
5290' >> $MAP_FILE
5291
5292else
5293
5294  # Find the domains in which passwd.adjunct map exists.
5295  find_domains $_MAP DEF_MAPS
5296
5297  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5298  then
5299
5300    # All the domains have passwd.adjunct map. So, put the right
5301    # passwd syntax and comment-in the passwd.adjunct syntax.
5302
5303
5304    echo '# passwd
5305#nisLDAPfieldFromAttribute passwd.byname: \
5306#			rf_key=uid
5307#nisLDAPfieldFromAttribute passwd.byuid: \
5308#			rf_key=uidNumber
5309#nisLDAPfieldFromAttribute passwd: \
5310#			name=uid, \
5311#			uid=uidNumber, \
5312#			("{crypt}%s", passwd)=userPassword, \
5313#			gid=gidNumber, \
5314#			gecos=gecos, \
5315#			home=homeDirectory, \
5316#			shell=loginShell
5317
5318#
5319# If you are not using passwd.adjunct, uncomment the passwd section
5320# above and comment the following passwd and passwd.adjunct sections
5321#
5322# passwd
5323nisLDAPfieldFromAttribute passwd.byname: \
5324			rf_key=uid
5325nisLDAPfieldFromAttribute passwd.byuid: \
5326			rf_key=uidNumber
5327nisLDAPfieldFromAttribute passwd: \
5328			name=uid, \
5329			uid=uidNumber, \
5330			passwd=("##%s", uid), \
5331			gid=gidNumber, \
5332			gecos=gecos, \
5333			home=homeDirectory, \
5334			shell=loginShell
5335
5336#
5337# passwd.adjunct Must follow passwd
5338#
5339nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5340			rf_key=uid, \
5341			name=uid, \
5342			("{crypt}%s", passwd)=userPassword
5343' >> $MAP_FILE
5344
5345  else
5346    # Not every domain has passwd.adjunct map.
5347
5348    # First put the password syntax with domain name for domains
5349    # in which passwd.adjunct exists.
5350
5351    echo "# passwd" >> $MAP_FILE
5352
5353    for _DMN in $PRESENT_IN_DOMAINS
5354    do
5355
5356      echo "\
5357nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\
5358			rf_key=uid
5359nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\
5360			rf_key=uidNumber
5361nisLDAPfieldFromAttribute passwd,${_DMN}: \\
5362			name=uid, \\
5363			uid=uidNumber, \\
5364			passwd=(\"##%s\", uid), \\
5365			gid=gidNumber, \\
5366			gecos=gecos, \\
5367			home=homeDirectory, \\
5368			shell=loginShell
5369" >> $MAP_FILE
5370    done
5371
5372    # Now put the other passwd syntax. We do not need to
5373    # append the domain name here.
5374
5375    echo '
5376nisLDAPfieldFromAttribute passwd.byname: \
5377			rf_key=uid
5378nisLDAPfieldFromAttribute passwd.byuid: \
5379			rf_key=uidNumber
5380nisLDAPfieldFromAttribute passwd: \
5381			name=uid, \
5382			uid=uidNumber, \
5383			("{crypt}%s", passwd)=userPassword, \
5384			gid=gidNumber, \
5385			gecos=gecos, \
5386			home=homeDirectory, \
5387			shell=loginShell
5388' >> $MAP_FILE
5389
5390    # Now we need to put the passwd.adjunct syntax for domains
5391    # in which this map exists.
5392
5393    echo "#
5394# passwd.adjunct Must follow passwd
5395# " >> $MAP_FILE
5396
5397    for _DMN in $PRESENT_IN_DOMAINS
5398    do
5399
5400      echo "\
5401nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\
5402			rf_key=uid, \\
5403			name=uid, \\
5404			(\"{crypt}%s\", passwd)=userPassword
5405" >> $MAP_FILE
5406
5407    done
5408
5409  fi
5410
5411fi
5412
5413echo '
5414# This map is never created but yppasswd uses the mapping to extract password
5415# ageing information from the DIT.
5416nisLDAPfieldFromAttribute ageing.byname: \
5417			rf_key=uid, \
5418			name=uid, \
5419			lastchg=shadowLastChange, \
5420			min=shadowMin, \
5421			max=shadowMax, \
5422			warn=shadowWarning, \
5423			inactive=shadowInactive, \
5424			expire=shadowExpire, \
5425			flag=shadowFlag
5426
5427# printers.conf.byname
5428nisLDAPfieldFromAttribute printers.conf.byname: \
5429			rf_key=printer-uri, \
5430			names=("%s|", (printer-aliases), "|"), \
5431			bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \
5432			kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \
5433			values=("%s:%s", yp:bsdaddr, yp:kvps), \
5434			values=("%s:", yp:bsdaddr), \
5435			values=yp:kvps, \
5436                        rf_comment=description
5437
5438# prof_attr
5439nisLDAPfieldFromAttribute prof_attr: \
5440			rf_key=cn, \
5441			name=cn, \
5442			res1=SolarisAttrReserved1, \
5443			res2=SolarisAttrReserved2, \
5444			desc=SolarisAttrLongDesc, \
5445			attrs=SolarisAttrKeyValue
5446
5447# project
5448nisLDAPfieldFromAttribute project.byname: \
5449			rf_key=SolarisProjectName
5450nisLDAPfieldFromAttribute project.byprojid: \
5451			rf_key=SolarisProjectID
5452nisLDAPfieldFromAttribute project: \
5453			name=SolarisProjectName, \
5454			projID=SolarisProjectID, \
5455			comment=description, \
5456			users=("%s,", (memberUid), ","), \
5457			groups=("%s,", (memberGid), ","), \
5458			attrs=("%s;", (SolarisProjectAttr), ";")
5459
5460# protocols
5461nisLDAPfieldFromAttribute protocols.byname: \
5462			("cn=%s,*", rf_key)=dn, \
5463			(rf_key)=(cn)
5464nisLDAPfieldFromAttribute protocols.bynumber: \
5465                        rf_key=ipProtocolNumber, \
5466                        rf_comment=description
5467nisLDAPfieldFromAttribute protocols: \
5468			("cn=%s,*", name)=dn, \
5469                        number=ipProtocolNumber, \
5470                        aliases=("%s ", (cn) - yp:name, " ")
5471
5472# rpc.bynumber
5473nisLDAPfieldFromAttribute rpc.bynumber: \
5474			rf_key=oncRpcNumber, \
5475			number=oncRpcNumber, \
5476			("cn=%s,*", name)=dn, \
5477                        aliases=("%s ", (cn) - yp:name, " "), \
5478			rf_comment=description
5479
5480# services
5481nisLDAPfieldFromAttribute services.byname: \
5482			rf_key = ("%s/%s", ipServicePort, ipServiceProtocol)
5483nisLDAPfieldFromAttribute services.byservicename: \
5484			(rf_key)=("%s/%s", cn, ipServiceProtocol), \
5485			(rf_key)=(cn)
5486nisLDAPfieldFromAttribute services: \
5487			("cn=%s+ipServiceProtocol=*", name)=dn, \
5488     			protocol=ipServiceProtocol, \
5489     			port=ipServicePort, \
5490                        aliases=("%s ", (cn) - yp:name, " "), \
5491                        rf_comment=description
5492
5493# timezone.byname
5494nisLDAPfieldFromAttribute timezone.byname: \
5495			rf_key=cn, \
5496			hostName=cn, \
5497			zoneName=nisplusTimeZone, \
5498			rf_comment=description
5499
5500# user_attr
5501nisLDAPfieldFromAttribute user_attr: \
5502			("uid=%s,*", rf_key)=dn, \
5503			("uid=%s,*", user)=dn, \
5504			qualifier=SolarisUserAttr, \
5505			res1=SolarisUserReserved1, \
5506			res2=SolarisUserReserved2, \
5507			attrs=SolarisAttrKeyValue
5508
5509# publickey.byname
5510nisLDAPfieldFromAttribute keys.host: \
5511			("cn=%s+ipHostNumber=*", cname)=dn, \
5512			rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \
5513			publicKey=nisPublicKey, \
5514			secretKey=nisSecretKey
5515
5516nisLDAPfieldFromAttribute keys.pass: \
5517			rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \
5518			publicKey=nisPublicKey, \
5519			secretKey=nisSecretKey
5520
5521nisLDAPfieldFromAttribute keys.nobody: \
5522			rf_key=uid, \
5523			publicKey=nisPublicKey, \
5524			secretKey=nisSecretKey
5525
5526# ypservers. This derived from IPlanet implementation not RFC.
5527nisLDAPfieldFromAttribute ypservers: \
5528			rf_key=cn
5529' >> $MAP_FILE
5530}
5531
5532
5533#
5534# List all the non-default auto.* and custom maps.
5535#
5536list_auto_and_custom_nisLDAPfieldFromAttribute()
5537{
5538
5539# auto.* entries are easy.
5540if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
5541  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
5542fi
5543
5544for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
5545do
5546  echo "\
5547# ${_MAP}
5548nisLDAPfieldFromAttribute ${_MAP}: \\
5549                        rf_key=automountKey, \\
5550                        value=automountInformation
5551" >> $MAP_FILE
5552done
5553
5554# Since we do not have enough information to generate
5555# entries for other custom maps, best we can do is to
5556# log this map names and ask user to take care of them.
5557
5558ask_user_to_update_the_custom_map_entries_too
5559
5560}
5561
5562
5563#
5564# List mapping of named fields from DIT entries
5565#
5566create_nisLDAPfieldFromAttribute()
5567{
5568
5569[ CUST_CMT_NEEDED -eq 1 ] && echo '
5570# nisLDAPfieldFromAttribute : It specifies how a NIS entries
5571# field values  are derived from LDAP attribute values.
5572#
5573# The format of nisLDAPfieldFromAttribute is :
5574# mapName ":" fieldattrspec *("," fieldattrspec)
5575' >> $MAP_FILE
5576
5577# List all the default entries anyway.
5578list_default_nisLDAPfieldFromAttribute
5579
5580# List all the non-default auto.* and custom maps.
5581list_auto_and_custom_nisLDAPfieldFromAttribute
5582
5583echo "
5584#
5585#------------------------------------------------------------------------------
5586#
5587" >> $MAP_FILE
5588}
5589
5590
5591
5592# Main function for creating the mapping file
5593create_mapping_file()
5594{
5595# Ask user the list of domains to be served by N2L
5596create_n2l_domain_list
5597
5598# If there are no N2L domains or none selected, then exit
5599if [ $N2L_DMN_CNT -eq 0 ]; then
5600  echo "There are no domains to serve. No mapping file generated."
5601  return 1
5602fi
5603
5604while :
5605do
5606  get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}"
5607
5608  # If help continue, otherwise break.
5609  case "$ANS" in
5610    [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;;
5611                         * ) break ;;
5612  esac
5613done
5614
5615MAP_FILE=${ANS}
5616[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE
5617
5618# Backup existing mapping file if selected
5619check_back_mapping_file
5620
5621# To prevent from leaving a partial mapping file in case some error
5622# or signal takes place which might result in machine starting in N2L
5623# mode at next reboot, store the output being generated in a temporary
5624# file first, and move it at the final destination only at the end if
5625# everything goes fine.
5626
5627_MAP_FILE=$MAP_FILE
5628MAP_FILE=${TMPDIR}/${TMPMAP}.$$
5629
5630echo "Generating mapping file temporarily as \"${MAP_FILE}\""
5631
5632# Place copyright information
5633put_mapping_file_copyright_info
5634
5635
5636# Prepare various map lists for each domain
5637create_map_lists
5638
5639# List domains and contexts
5640get_nisLDAPdomainContext
5641
5642# List domains for which passwords should be changed
5643get_nisLDAPyppasswddDomains
5644
5645# List databaseId mappings (aliases)
5646create_nisLDAPdatabaseIdMapping
5647
5648# List comment character for maps
5649create_nisLDAPcommentChar
5650
5651# List SECURE and INTERDOMAIN flags
5652create_nisLDAPmapFlags
5653
5654# List TTL values
5655 create_nisLDAPentryTtl
5656
5657# List name fields
5658create_nisLDAPnameFields
5659
5660# List split fields and repeated fields seperators.
5661create_split_field_and_repeatedfield_seperators
5662
5663# List association of maps with RDNs and object classes.
5664create_nisLDAPobjectDN
5665
5666# List mapping of named fields to DIT entries
5667create_nisLDAPattributeFromField
5668
5669# List mapping of named fields from DIT entries
5670create_nisLDAPfieldFromAttribute
5671
5672
5673# We are done, so move back the mapping file from temp. location
5674# to actual location.
5675# In case the mapping file name has a directory component which does
5676# not exist, then create it now, otherwise 'mv' will return error.
5677
5678DIR_TO_CREATE=`dirname ${_MAP_FILE}`
5679mkdir -p ${DIR_TO_CREATE}
5680
5681echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)"
5682mv $MAP_FILE $_MAP_FILE
5683
5684# Revert back the mapping file name in case needed.
5685MAP_FILE=$_MAP_FILE
5686echo "Finished creation of mapping file ( $MAP_FILE )"
5687
5688}
5689
5690
5691#
5692# Main function for creating config file (ypserv)
5693#
5694process_config_file()
5695{
5696# Ask for confirmation if the file name is not specified.
5697
5698if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then
5699  display_msg no_config_file_name_specified
5700
5701  get_confirm_nodef "Do you want to create the config file (y/n) ?"
5702
5703  [ $? -eq 0 ] && return 0
5704
5705  while :
5706  do
5707    get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}"
5708
5709    # If help continue, otherwise break.
5710    case "$ANS" in
5711      [Hh] | help | Help | \?) display_msg new_config_file_name_help ;;
5712                           * ) break ;;
5713    esac
5714  done
5715
5716  CONFIG_FILE=${ANS}
5717  [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE
5718
5719fi
5720
5721# Backup existing config file if selected
5722check_back_config_file
5723
5724# Create config file
5725create_config_file
5726}
5727
5728
5729#
5730# Main function for creating mapping file (NISLDAPmapping)
5731#
5732process_mapping_file()
5733{
5734# Ask for confirmation if the file name is not specified.
5735
5736if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then
5737  display_msg no_mapping_file_name_specified
5738
5739  get_confirm_nodef "Do you want to create the mapping file (y/n) ?"
5740
5741  [ $? -eq 0 ] && return 0
5742
5743
5744fi
5745
5746# Create mapping file
5747create_mapping_file
5748}
5749
5750###########################################
5751###########	   MAIN		###########
5752###########################################
5753
5754PROG=`basename $0`	# Program name
5755ABS_PROG=$0		# absolute path needed
5756
5757# Only superuser should be able to run this script.
5758is_root_user
5759if [ $? -ne 0 ]; then
5760  echo "ERROR : Only root can run $PROG"
5761  exit 1
5762fi
5763
5764# Initialize things
5765init
5766
5767# Parse command line arguments.
5768parse_arg $*
5769
5770# Create config file (ypserv)
5771process_config_file
5772
5773# Create mapping file (NISLDAPmapping).
5774process_mapping_file
5775
5776# Cleanup temp files and directories unless debug.
5777[ $DEBUG -eq 0 ] && cleanup
5778
5779exit 0
5780