xref: /titanic_52/usr/src/cmd/ypcmd/yp2lscripts/inityp2l.sh (revision 355b4669e025ff377602b6fc7caaf30dbc218371)
1#! /usr/bin/ksh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License, Version 1.0 only
7# (the "License").  You may not use this file except in compliance
8# with the License.
9#
10# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11# or http://www.opensolaris.org/os/licensing.
12# See the License for the specific language governing permissions
13# and limitations under the License.
14#
15# When distributing Covered Code, include this CDDL HEADER in each
16# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17# If applicable, add the following below this CDDL HEADER, with the
18# fields enclosed by brackets "[]" replaced with your own identifying
19# information: Portions Copyright [yyyy] [name of copyright owner]
20#
21# CDDL HEADER END
22#
23#
24# ident	"%Z%%M%	%I%	%E% SMI"
25#
26# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# inityp2l -- Utility to generate YP (NIS) to LDAP
30#             configuration file (/etc/default/ypserv)
31#             and mapping file (/var/yp/NISLDAPmapping)
32#
33
34
35
36#
37# Displays message corresponding to the argument tag passed.
38#
39display_msg()
40{
41    case "$1" in
42    usage) cat <<EOF
43
44 $PROG:  [ -m mapping_file ] [ -c config_file ]
45   m <mapping_file> Name of the generated NISLDAP mapping file
46                    Default is /var/yp/NISLDAPmapping
47   c <config_file>  Name of the generated ypserv configuration file
48                    Default is /etc/default/ypserv
49
50EOF
51    ;;
52    no_config_file_name_specified) cat <<EOF
53
54You have not specified the config file name. You still have the
55option to skip creating this file, specify a config file name, or
56continue creating it with the default file name (${CONFIG_FILE}).
57
58EOF
59    ;;
60    no_mapping_file_name_specified) cat <<EOF
61
62You have not specified the mapping file name. You still have the
63option to skip creating this file, specify a mapping file name, or
64continue creating it with the default file name (${MAP_FILE}).
65
66EOF
67    ;;
68    new_config_file_name_help) cat <<EOF
69
70You can either specify a new file name, or accept the default
71config file name (${CONFIG_FILE}). 
72
73It is recommended not to use the default file name since this
74script just helps with rapid creation of a config file. You
75should examine it's content before using it.
76
77EOF
78    ;;
79    new_mapping_file_name_help) cat <<EOF
80
81You can either specify a new file name, or accept the default
82mapping file name (${MAP_FILE}). 
83
84It is recommended not to use the default file name since this
85script just helps with rapid creation of a mapping file. You
86should examine it's content before using it. And if there are
87custom maps, then their entries in the mapping file need to be
88customized too.
89
90Also, creation of default mapping file would cause NIS components
91to work in NIS to LDAP (N2L), rather than traditional NIS, mode
92when next restarted.
93
94EOF
95    ;;
96    backup_config_file) cat <<EOF
97
98The config file "${CONFIG_FILE}" already exists. It is strongly
99recommended that you BACKUP this file before running $PROG.
100
101However, even if you continue, you would be given the option to
102back up this file before it gets overwritten.
103
104EOF
105    ;;
106    backup_mapping_file) cat <<EOF
107
108The mapping file "${MAP_FILE}" already exists. It is strongly
109recommended that you BACKUP this file before running $PROG.
110
111However, even if you continue, you would be given the option to
112back up this file before it gets overwritten.
113
114EOF
115    ;;
116    warn_n2l_mode) cat <<EOF
117
118Warning : Creation of default mapping file (`basename $MAP_FILE`)
119          at default location (`dirname $MAP_FILE`) would cause NIS
120          components to work in NIS to LDAP (N2L) mode, rather than
121          traditional NIS mode, when next restarted.
122
123          "$PROG" assists with rapid creation of a simple N2L mapping
124          file. The user should examine it's content before using it.
125          For custom maps, this file needs to be customized which can
126          be done using standard text editors.
127
128EOF
129    ;;
130    config_auth_method_menu) cat <<EOF
131    The following are the supported Authentication Methods -
132      1  none
133      2  simple
134      3  sasl/cram-md5
135      4  sasl/digest-md5
136EOF
137    ;;
138    auth_method_menu) cat <<EOF
139    The following are the supported Authentication Methods -
140      1  simple
141      2  sasl/cram-md5
142      3  sasl/digest-md5
143EOF
144    ;;
145    tls_method_menu) cat <<EOF
146    The following are the supported TLS Methods -
147      1  none
148      2  ssl
149EOF
150    ;;
151    retrieve_error_action_menu) cat <<EOF
152    The following are the supported actions -
153      1  use_cached
154      2  fail
155EOF
156    ;;
157    store_error_action_menu) cat <<EOF
158    The following are the supported actions -
159      1  retry
160      2  fail
161EOF
162    ;;
163    sorry) cat <<EOF
164
165HELP - No help is available for this topic.
166
167EOF
168    ;;
169    backup_config_file_cont_help) cat <<EOF
170
171HELP - Since $PROG will overwrite the existing config file, it is
172       strongly recommended that you backup this file prior to
173       running this utility.
174
175       However, even if you continue, you would be given the option
176       to back up this file before it gets overwritten.
177
178EOF
179    ;;
180    backup_config_file_help) cat <<EOF
181
182HELP - If you choose to backup the existing config file, it would be
183       saved with current date and time suffix in yymmdd.HH.MM.SS format.
184
185EOF
186    ;;
187    backup_mapping_file_cont_help) cat <<EOF
188
189HELP - Since $PROG will overwrite the existing mapping file, it is
190       strongly recommended that you backup this file prior to running
191       this utility.
192
193       However, even if you continue, you would be given the option to
194       back up this file before it gets overwritten.
195
196EOF
197    ;;
198    backup_mapping_file_help) cat <<EOF
199
200HELP - If you choose to backup the existing mapping file, it would be
201       saved with current date and time suffix in yymmdd.HH.MM.SS format.
202
203EOF
204    ;;
205    warn_n2l_mode_help) cat <<EOF
206
207HELP - It is strongly recommended that the mapping file is created at
208       non-default location (other than `dirname $MAP_FILE`). After this,
209       it's content should be verified, custom maps should be handled,
210       and if NIS components are desired to run in NIS to LDAP (N2L),
211       then only it should be copied at the default location.
212
213EOF
214    ;;
215    nisLDAPconfigDN_help) cat <<EOF
216
217HELP - The DN which stores the configuration information in LDAP.
218       There is no default value for this field. Leave empty or
219       undefined to get this information from config file (ypserv).
220
221EOF
222    ;;
223    nisLDAPconfigPreferredServerList_help) cat <<EOF
224
225HELP - List of directory servers to provide the configuration
226       information. There is no default. The preferred servers
227       must be entered IN THE ORDER you wish to have them contacted.
228       The preferred server list is a space separated list of IP
229       addresses. Providing port numbers is optional, and when not
230       supplied, port 389 is assumed. For an LDAP server running
231       on this machine, at port 389, use "127.0.0.1:389".
232
233EOF
234    ;;
235    auth_help) cat <<EOF
236
237HELP - The authentication method to be used to obtain information
238       from LDAP server. The supported methods are provided in menu.
239
240EOF
241    ;;
242    tls_help) cat <<EOF
243
244HELP - The transport layer security used for connection to the LDAP
245       server. In order to successfully use transport layer security,
246       the server must also support the chosen values. The supported
247       methods are provided in menu. Default is "$DEF_TLS".
248
249EOF
250    ;;
251    TLSCertificateDBPath_help) cat <<EOF
252
253HELP - The absolute path name of the file containing the certificate
254       database. The default value is "$DEF_TLSCertificateDBPath"
255
256EOF
257    ;;
258    nisLDAPconfigProxyUser_help) cat <<EOF
259
260HELP - The bind DN of the proxy user used to obtain configuration
261       information. There is no default value. If the value ends
262       with a comma, the value of the nisLDAPconfigDN attribute
263       is appended.
264
265EOF
266    ;;
267    ProxyPassword_warn) cat <<EOF
268
269Warning : In order to avoid having this password publicly visible
270          on the machine, the password should appear only in the
271          configuration file, and the file should have an appropriate
272          owner, group, and file mode.
273
274          So, once this file is ready, please modify appropriately
275          to make sure this file is well protected.
276
277EOF
278    ;;
279    preferredServerList_help) cat <<EOF
280
281HELP - List of directory servers for mapping data to/from LDAP.
282       There is no default. The preferred servers must be entered
283       IN THE ORDER you wish to have them contacted. The preferred
284       server list is a space separated list of IP addresses.
285       Providing port numbers is optional, and when not supplied,
286       port 389 is assumed. For an LDAP server running on this
287       machine, at port 389, use "127.0.0.1:389".
288
289EOF
290    ;;
291    nisLDAPproxyUser_help) cat <<EOF
292
293HELP - The bind DN of the proxy user the ypserv to read or write
294       from or to LDAP. Assumed to have the appropriate permission
295       to read and modify LDAP data. There is no default value. If
296       the value ends with a comma, the value of the context for
297       the current domain (as defined by a nisLDAPdomainContext
298       attribute (NISLDAPmapping(4))) is appended.
299
300EOF
301    ;;
302    nisLDAPbindTimeout_help) cat <<EOF
303
304HELP - The amount of time in seconds after which an LDAP bind operation
305       will timeout. Default is $DEF_nisLDAPbindTimeout seconds.
306       Decimal values are allowed.
307
308EOF
309    ;;
310    nisLDAPsearchTimeout_help) cat <<EOF
311
312HELP - The amount of time in seconds after which an LDAP search operation
313       will timeout. Default is $DEF_nisLDAPsearchTimeout seconds.
314       Decimal values are allowed.
315
316EOF
317    ;;
318    nisLDAPmodifyTimeout_help) cat <<EOF
319
320HELP - The amount of time in seconds after which an LDAP modify operation
321       will timeout. Default is $DEF_nisLDAPmodifyTimeout seconds.
322       Decimal values are allowed.
323
324EOF
325    ;;
326    nisLDAPaddTimeout_help) cat <<EOF
327
328HELP - The amount of time in seconds after which an LDAP add operation
329       will timeout. Default is $DEF_nisLDAPaddTimeout seconds.
330       Decimal values are allowed.
331
332EOF
333    ;;
334    nisLDAPdeleteTimeout_help) cat <<EOF
335
336HELP - The amount of time in seconds after which an LDAP delete operation
337       will timeout. Default is $DEF_nisLDAPdeleteTimeout seconds.
338       Decimal values are allowed.
339
340EOF
341    ;;
342    nisLDAPsearchTimeLimit_help) cat <<EOF
343
344HELP - Establish a value for the LDAP_OPT_TIMELIMIT option, which
345       suggests a time limit for the search operation on the LDAP
346       server. The server may impose its own constraints on possible
347       values. See your LDAP server documentation. The default is the
348       nisLDAPsearchTimeout ($DEF_nisLDAPsearchTimeout seconds) value.
349       Only integer values are allowed.
350
351       Since the nisLDAPsearchTimeout limits the amount of time the
352       client ypserv will wait for completion of a search operation,
353       setting the nisLDAPsearchTimeLimit larger than the
354       nisLDAPsearchTimeout is not recommended.
355
356EOF
357    ;;
358    nisLDAPsearchSizeLimit_help) cat <<EOF
359
360HELP - Establish a value for the LDAP_OPT_SIZELIMIT option, which
361       suggests a size limit, in bytes, for the search results on
362       the LDAP server. The server may impose its own constraints
363       on possible values. See your LDAP server documentation. The
364       default is $DEF_nisLDAPsearchSizeLimit, which means unlimited.
365       Only integer values are allowed.
366
367EOF
368    ;;
369    nisLDAPfollowReferral_help) cat <<EOF
370
371HELP - Determines if the ypserv should follow referrals or not.
372       Recognized values are yes and no. Default is $DEF_nisLDAPfollowReferral.
373
374EOF
375    ;;
376    nisLDAPretrieveErrorAction_help) cat <<EOF
377
378HELP - If an error occurs while trying to retrieve an entry from
379       LDAP, one of the following actions can be selected:
380
381       use_cached : Retry the retrieval the number of time specified
382                    by nisLDAPretrieveErrorAttempts, with the
383                    nisLDAPretrieveErrorTimeout value controlling
384                    the wait between each attempt.
385
386                    If all attempts fail then log a warning and
387                    return the value currently in the cache to the
388                    client.  This is the default value.
389
390       fail       : Proceed as for 'use_cached' but if all attempts
391                    fail return a YPERR_YPERR error to the client.
392
393EOF
394    ;;
395    nisLDAPretrieveErrorAttempts_help) cat <<EOF
396
397HELP - The number of times a failed retrieval should be retried.
398       The default is unlimited. Note while retries are made, the
399       NIS daemon will be prevented from servicing further requests.
400       Hence, values other than 1 should be used with caution.
401
402EOF
403    ;;
404    nisLDAPretrieveErrorTimeout_help) cat <<EOF
405
406HELP - The timeout (in seconds) between each new attempt to retrieve
407       LDAP data. Default is $DEF_nisLDAPretrieveErrorTimeout seconds.
408
409EOF
410    ;;
411    nisLDAPstoreErrorAction_help) cat <<EOF
412
413HELP - If an error occurs while trying to store data to the LDAP
414       repository, one of the following actions can be selected :
415
416       retry : Retry operation nisLDAPstoreErrorAttempts times with
417               nisLDAPstoreErrorTimeout seconds between each attempt.
418               Note while retries are made the NIS daemon will be
419               prevented from servicing further requests. Use with
420               caution. This is the default value.
421
422       fail  : Return YPERR_YPERR error to the client.
423
424EOF
425    ;;
426    nisLDAPstoreErrorAttempts_help) cat <<EOF
427
428HELP - The number of times a failed attempt to store data to the
429       LDAP repository should be retried. The default is unlimited.
430
431       The value for nisLDAPstoreErrorAttempts is ignored unless
432       nisLDAPstoreErrorAction=retry.
433
434EOF
435    ;;
436    nisLDAPstoreErrorTimeout_help) cat <<EOF
437
438HELP - The timeout (in seconds) between each new attempt to store
439       LDAP data. Default is $DEF_nisLDAPstoreErrorTimeout seconds.
440
441       The value for nisLDAPstoreErrorTimeout is ignored unless
442       nisLDAPstoreErrorAction=retry.
443
444EOF
445    ;;
446    selectDomain4N2L_help) cat <<EOF
447
448HELP - Whether this domain needs to be served by YP to LDAP transition
449       solution. The default is no in which case the data in this
450       domain would not be taken care for transitioning to LDAP.
451
452EOF
453    ;;
454    generate_comment_info_for_cust_map_help) cat <<EOF
455
456HELP - If selected, this script will try to add relevant comments
457       in the mapping file which might help in customizing the
458       mapping information for custom maps.
459
460EOF
461    ;;
462    generate_mapping_info_for_cust_map_help) cat <<EOF
463
464HELP - If selected, this script will try to generate mapping
465       information for this map assuming it is a "simple" map.
466
467       A map is assumed to be "simple" if each entry of this map
468       has only one "key value" entry in YP, and if each map entry
469       can be represented as a single DIT string in the LDAP server.
470
471       If this map is not a simple map and you do want to store it
472       in LDAP, you have two options :
473
474       1 - Answer yes, and this script would generate the mapping
475           information for this map assuming it is a simple map.
476           And once the execution of the script is over, you can
477           customize the mapping information by hand editing the
478           mapping file.
479
480       2 - Answer no, and this script would not generate mapping
481           info for this map. And once the execution of the script
482           is over, you can include the customized mapping
483           information by hand editing the mapping file.
484
485EOF
486    ;;
487    nisLDAPdomainContext_help) cat <<EOF
488
489HELP - This parameter defines the context (default location) in
490       the directory tree at which all the name service entries
491       for this particular domain would be stored.
492
493EOF
494    ;;
495    nisLDAPyppasswddDomains_help) cat <<EOF
496
497HELP - Lists the domains for which password changes should be
498       made.  If this is not present then the value returned by
499       'domainname' will be used.
500
501       NIS password change requests do not specify the domains in
502       which any given password should be changed. (In traditional
503       NIS this information is effectively hard coded in the NIS
504       makefile.)
505
506EOF
507    ;;
508    custom_map_comment_char_help) cat <<EOF
509
510HELP - If selected, it will allow you to specify a character which
511       would represent the start of the special 'comment' field in
512       a given NIS map. If this attribute is not present then the
513       default comment character '#' is used.
514
515       If a map cannot contain comments then the blank comment
516       character ('') should be specified (just hit the return key).
517
518EOF
519    ;;
520    same_comment_char_help) cat <<EOF
521
522HELP - If selected, for a given map, it will allow you to specify
523       a common comment character for all the domains.
524
525       Or else by selecting NO, for the same map, you would be
526       given the option to specify different comment character
527       for different domains.
528
529EOF
530    ;;
531    secure_flag_on_help) cat <<EOF
532
533HELP - Secure flag is set on maps which are generated with
534       "makedbm -s". When converting data from LDAP to YP,
535       it adds YP_SECURE entries.
536       
537EOF
538    ;;
539    secure_flag_all_domains_help) cat <<EOF
540
541HELP - If selected, it will allow you to set the secure flag on
542       for this map for all the domains.
543
544       Or else by selecting NO, you would be given the option to
545       set this flag, for the same map, on per domain basis.
546
547EOF
548    ;;
549    interdomain_flag_on_help) cat <<EOF
550
551HELP - Interdomain flag is set on a set of maps which are generated
552       with "makedbm -b". It signals NIS servers to use the domain
553       name resolver for host name and address lookups for hosts
554       not found in the maps.
555
556       If selected, it adds YP_INTERDOMAIN entries in these maps
557       when converting data from LDAP to YP.
558       
559EOF
560    ;;
561    interdomain_flag_all_domains_help) cat <<EOF
562
563HELP - If selected, it will allow you to set the interdomain flag
564       on for all the domains.
565
566       Or else by selecting NO, you would be given the option to
567       set this flag on per domain basis.
568
569EOF
570    ;;
571    initialTTLlo_help) cat <<EOF
572
573HELP - The lower limit for the initial TTL (in seconds) for data
574       read from disk when the ypserv starts. If initialTTLhi also
575       is specified, the actual initialTTL will be randomly selected
576       from the interval initialTTLlo to initialTTLhi (inclusive).
577
578       Leaving the field empty yields the default value of $DEF_iTTLlo.
579
580EOF
581    ;;
582    initialTTLhi_help) cat <<EOF
583
584HELP - The upper limit for the initial TTL (in seconds).
585       If left empty, defaults to "$DEF_iTTLhi".
586
587EOF
588    ;;
589    runningTTL_help) cat <<EOF
590
591HELP - The TTL (in seconds) for data retrieved from LDAP while the
592       ypserv is running. If left empty, defaults to "$DEF_runTTL".
593
594EOF
595    ;;
596    default_ttl_help) cat <<EOF
597
598HELP - The default TTL value for each map is set to :
599       ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}
600
601       Select yes if you want to change the current TTL value.
602
603EOF
604    ;;
605    non_default_same_ttl_help) cat <<EOF
606
607HELP - Select yes if you want to set a new TTL value, but want
608       to keep it same for all the maps.
609      
610EOF
611    ;;
612    non_default_different_ttl_help) cat <<EOF
613
614HELP - Select yes if you want to set TTL value for each map, but
615       want to keep it same for all the domains.
616      
617EOF
618    ;;
619    default_different_ttl_help) cat <<EOF
620
621HELP - Select yes if you want to accept the default TTL
622       value for this map.
623      
624EOF
625    ;;
626    same_ttl_across_domains_help) cat <<EOF
627
628HELP - Select yes if you want to set TTL value for the map,
629       but want to keep it same for all the domains.
630
631EOF
632    ;;
633
634    esac
635}
636
637#
638# Echo the message passed only if DEBUG is set.
639# Reduces the line width significantly.
640#
641d_echo()
642{
643[ DEBUG -eq 1 ] && echo $@
644}
645
646
647#
648# get_ans(): gets an answer from the user.
649#		$1  instruction/comment/description/question
650#		$2  default value
651#
652get_ans()
653{
654    if [ -z "$2" ]
655    then
656	echo "$1 \c"
657    else
658	echo "$1 [$2] \c"
659    fi
660
661    read ANS
662    if [ -z "$ANS" ]
663    then
664	ANS=$2
665    fi
666}
667
668
669#
670# get_ans_req(): gets an answer (required) from the user, NULL value not allowed.
671#		$@  instruction/comment/description/question
672#
673get_ans_req()
674{
675    ANS=""                  # Set ANS to NULL.
676    while [ "$ANS" = "" ]
677    do
678	get_ans "$@"
679	[ "$ANS" = "" ] && echo "NULL value not allowed!"
680    done
681}
682
683
684#
685# get_integer(): Querys and verifies that number entered is integer.
686#                Function will repeat prompt user for integer value.
687#                $1  Message text.
688#                $2  default value.
689#                $3  Help argument.
690#
691get_integer()
692{
693    ANS=""                  # Set ANS to NULL.
694    NUM=""
695
696    get_ans "$1" "$2"
697
698    # Verify that value is integer.
699    while not_integer $ANS
700    do
701	case "$ANS" in
702	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
703	    * ) echo "Invalid value: \"${ANS}\". \c"
704	     ;;
705	esac
706
707	# Get a new value.
708	get_ans "Enter an integer value:" "$2"
709    done
710    NUM=$ANS
711}
712
713
714#
715# get_number(): Querys and verifies that number entered is numeric.
716#               Function will repeat prompt user for numeric value.
717#               $1  Message text.
718#	        $2  default value.
719#               $3  Help argument.
720#
721get_number()
722{
723    ANS=""                  # Set ANS to NULL.
724    NUM=""
725
726    get_ans "$1" "$2"
727
728    # Verify that value is numeric.
729    while not_numeric $ANS
730    do
731	case "$ANS" in
732	    [Hh] | help | Help | \?) display_msg ${3:-sorry} ;;
733	    * ) echo "Invalid value: \"${ANS}\". \c"
734	     ;;
735	esac
736
737	# Get a new value.
738	get_ans "Enter a numeric value:" "$2"
739    done
740    NUM=$ANS
741}
742
743
744#
745# get_pos_int(): Only allows positive integer.
746#
747#                   $1 - Prompt message.
748#                   $2 - Default value (require).
749#                   $3 - Optional help argument.
750get_pos_int()
751{
752    while :
753    do
754	get_integer "$1" "$2" "$3"
755
756	if [ $ANS -lt 0 ]; then
757	    echo "Invalid number: please enter a positive integer."
758	else
759	    break      # Positive integer
760	fi
761    done
762}
763
764
765#
766# get_pos_num(): Only allows positive number.
767#
768#                   $1 - Prompt message.
769#                   $2 - Default value (require).
770#                   $3 - Optional help argument.
771get_pos_num()
772{
773    while :
774    do
775	get_number "$1" "$2" "$3"
776
777	if [ $ANS -lt 0 ]; then
778	    echo "Invalid number: please enter a positive number."
779	else
780	    break      # Positive number
781	fi
782    done
783}
784
785
786#
787#
788# get_passwd(): Reads a password from the user and verify with second.
789#		$@  instruction/comment/description/question
790#
791get_passwd()
792{
793    [ $DEBUG -eq 1 ] && echo "In get_passwd()"
794
795    # Temporary PASSWD variables
796    _PASS1=""
797    _PASS2=""
798
799    # Handle signals, so that echo can be turned back on if Ctrl-C.
800    trap "/usr/bin/stty echo; exit" 1 2 3 6 15
801
802    /usr/bin/stty -echo     # Turn echo OFF
803
804    # Endless loop that continues until passwd and re-entered passwd
805    # match.
806    while :
807    do
808	ANS=""                  # Set ANS to NULL.
809
810	# Don't allow NULL for first try.
811	while [ "$ANS" = "" ]
812	do
813	    get_ans "$@"
814	    [ "$ANS" = "" ] && echo "" && echo "NULL passwd not allowed!"
815	done
816	_PASS1=$ANS         # Store first try.
817
818	# Get second try.
819	echo ""
820	get_ans "Re-enter passwd:"
821	_PASS2=$ANS
822
823	# Test if passwords are identical.
824	if [ "$_PASS1" = "$_PASS2" ]; then
825	    break
826	fi
827
828	# Move cursor down to next line and print ERROR message.
829	echo ""
830	echo "ERROR: passwords don't match; try again."
831    done
832
833    /usr/bin/stty echo      # Turn echo ON
834
835    # Removed signal handler
836    trap 1 2 3 6 15
837
838    echo ""
839}
840
841
842#
843# get_passwd_nochk(): Reads a password from the user w/o check.
844#		$@  instruction/comment/description/question
845#
846get_passwd_nochk()
847{
848    [ $DEBUG -eq 1 ] && echo "In get_passwd_nochk()"
849
850    # Handle signals, so that echo can be turned back on if Ctrl-C.
851    trap "/usr/bin/stty echo; exit" 1 2 3 6 15
852
853    /usr/bin/stty -echo     # Turn echo OFF
854
855    get_ans "$@"
856
857    /usr/bin/stty echo      # Turn echo ON
858
859    # Removed signal handler
860    trap 1 2 3 6 15
861
862    echo ""
863}
864
865
866#
867# get_confirm(): Get confirmation from the user. (Y/Yes or N/No)
868#                $1 - Message
869#                $2 - default value.
870#
871get_confirm()
872{
873    _ANSWER=
874
875    while :
876    do
877	# Display Internal ERROR if $2 not set.
878	if [ -z "$2" ]; then
879	    echo "INTERNAL ERROR: get_confirm requires 2 args, 3rd is optional."
880	    exit 2
881	fi
882
883	# Display prompt.
884	echo "$1 [$2] \c"
885
886	# Get the ANSWER.
887	read _ANSWER
888	if [ "$_ANSWER" = "" ] && [ -n "$2" ] ; then
889	    _ANSWER=$2
890	fi
891	case "$_ANSWER" in
892	    [Yy] | yes | Yes | YES) return 1 ;;
893	    [Nn] | no  | No  | NO)  return 0 ;;
894	    [Hh] | help | Help | \?) display_msg ${3:-sorry};;
895	    * ) echo "Please enter y or n."  ;;
896	esac
897    done
898}
899
900
901#
902# get_confirm_nodef(): Get confirmation from the user. (Y/Yes or N/No)
903#                      No default value supported. Returns 1 for yes.
904#
905get_confirm_nodef()
906{
907    _ANSWER=
908
909    while :
910    do
911	echo "$@ \c"
912	read _ANSWER
913	case "$_ANSWER" in
914	    [Yy] | yes | Yes | YES) return 1 ;;
915	    [Nn] | no  | No  | NO)  return 0 ;;
916	    * ) echo "Please enter y or n."  ;;
917	esac
918    done
919}
920
921
922#
923# is_integer(): Tells if a string is numeric integer.
924#    0 = Integer
925#    1 = NOT Integer
926#
927is_integer()
928{
929    # Check for parameter.
930    if [ $# -ne 1 ]; then
931	return 1
932    fi
933
934    # Determine if integer.
935    expr "$1" + 1 > /dev/null 2>&1
936
937    if [ $? -ge 2 ]; then
938	return 1
939    fi
940
941    # Made it here, it's Numeric.
942    return 0
943}
944
945
946#
947# not_integer(): Reverses the return values of is_integer.  Useful
948#                for if and while statements that want to test for
949#                non-integer data.
950#    0 = NOT Integer
951#    1 = Integer
952#
953not_integer()
954{
955    is_integer $1
956    if [ $? -eq 0 ]; then
957       return 1
958    else
959       return 0
960    fi
961}
962
963
964#
965# is_numeric(): Tells if a string is numeric.
966#    0 = Numeric
967#    1 = NOT Numeric
968#
969is_numeric()
970{
971    # Check for parameter.
972    if [ $# -ne 1 ]; then
973	return 1
974    fi
975
976    # Determine if numeric.
977    let _NUM="$1 + 1" > /dev/null 2>&1
978
979    if [ $? -eq 0 ]; then
980	return 0
981    fi
982
983}
984
985
986#
987# not_numeric(): Reverses the return values of is_numeric.  Useful
988#                for if and while statements that want to test for
989#                non-numeric data.
990#    0 = NOT Numeric
991#    1 = Numeric
992#
993not_numeric()
994{
995    is_numeric $1
996    if [ $? -eq 0 ]; then
997       return 1
998    else
999       return 0
1000    fi
1001}
1002
1003
1004#
1005# domain_2_dc(): Convert a domain name into dc string.
1006#    $1  .. Domain name.
1007#
1008domain_2_dc()
1009{
1010    _DOM=$1           # Domain parameter.
1011    _DOM_2_DC=""      # Return value from function.
1012    _FIRST=1          # Flag for first time.
1013
1014    export _DOM_2_DC  # Make visible for others.
1015
1016    # Convert "."'s to spaces for "for" loop.
1017    domtmp="`echo ${_DOM} | tr '.' ' '`"
1018    for i in $domtmp; do
1019	if [ $_FIRST -eq 1 ]; then
1020	    _DOM_2_DC="dc=${i}"
1021	    _FIRST=0
1022	else
1023	    _DOM_2_DC="${_DOM_2_DC},dc=${i}"
1024	fi
1025    done
1026}
1027
1028
1029#
1030# is_root_user(): Check to see if logged in as super user.
1031#
1032is_root_user()
1033{
1034    case `id` in
1035	uid=0\(root\)*) return 0 ;;
1036	* )             return 1 ;;
1037    esac
1038}
1039
1040
1041#
1042# parse_arg(): Parses the command line arguments and sets the
1043#              appropriate variables.
1044#
1045parse_arg()
1046{
1047    while getopts ":dm:c:" ARG
1048    do
1049	case $ARG in
1050	    d)      DEBUG=1;;
1051
1052	    m)      MAP_FILE=$OPTARG
1053	            MAPPING_FILE_SPECIFIED=1;;
1054
1055	    c)      CONFIG_FILE=$OPTARG
1056                    CONFIG_FILE_SPECIFIED=1;;
1057
1058	    \?)	    echo "**ERROR: Invalid option '$OPTARG'"
1059		    display_msg usage
1060		    exit 1;;
1061	esac
1062    done
1063
1064    shift `expr $OPTIND - 1`
1065    if [ $# -gt 0 ]; then
1066        echo "**ERROR: wrong usage "
1067        display_msg usage
1068        exit 1
1069    fi
1070}
1071
1072
1073#
1074# present() : Checks if the first argument exists in the
1075#            argument list. Returns 0 if found, else 1.
1076#
1077present ()
1078{
1079_ELEMENT=$1
1080
1081shift
1082ARG_LIST=$@
1083
1084for item in $ARG_LIST
1085do
1086  [ "$_ELEMENT" = "$item" ] && return 0
1087done
1088
1089# If reached here, then the clement does not exist
1090return 1
1091}
1092
1093
1094#
1095# remove() : Returns a new string after removing the first
1096#            argument in the argument list.
1097#
1098remove ()
1099{
1100_ELEMENT=$1
1101
1102shift
1103ARG_LIST=$@
1104
1105NEW_LIST=""
1106
1107for item in $ARG_LIST
1108do
1109  [ "$_ELEMENT" != "$item" ] && NEW_LIST="$NEW_LIST $item"
1110done
1111
1112echo $NEW_LIST
1113return 0
1114}
1115
1116
1117#
1118# merge_lists() : Returns a list after merging elements
1119#                 (uniquely) supplied in the argument list.
1120#
1121merge_lists()
1122{
1123MERGED_LIST=""
1124
1125for _VAR in "$@"
1126do
1127  if ! present $_VAR $MERGED_LIST; then
1128    MERGED_LIST="$MERGED_LIST $_VAR"
1129  fi
1130done
1131
1132echo $MERGED_LIST
1133return 0
1134}
1135
1136
1137#
1138# init(): initializes variables and options
1139#
1140init()
1141{
1142# General variables.
1143DEBUG=0             		# Set Debug OFF
1144
1145MAPPING_FILE_SPECIFIED=0	# No file name passed
1146CONFIG_FILE_SPECIFIED=0		# No file name passed
1147
1148# Prevent others from snooping
1149umask 077
1150
1151# Set default config and mapping files.
1152DEFAULT_MAP_FILE="/var/yp/NISLDAPmapping"
1153DEFAULT_CONFIG_FILE="/etc/default/ypserv"
1154
1155MAP_FILE="$DEFAULT_MAP_FILE"
1156CONFIG_FILE="$DEFAULT_CONFIG_FILE"
1157
1158# Set and create TMPDIR. Use a safe place to discourage hackers.
1159TMPDIR="/var/yp/inityp2l"
1160
1161# Temporary file names to be used to prevent system starting in
1162# N2L mode in case something goes wrong during file creation.
1163TMPCONF="ypserv-tmp"
1164TMPMAP="NISLDAPmapping-tmp"
1165
1166# Remove if the temp directory has been leftover
1167[ -d "$TMPDIR" ] && rm -rf $TMPDIR
1168mkdir $TMPDIR
1169if [ $? -ne 0 ]; then
1170  echo ERROR : Failed to create temp directory $TMPDIR
1171  exit 1
1172fi
1173
1174# Initialize the default NIS maps.
1175DEFAULT_NIS_MAPS="passwd.byname
1176                  passwd.byuid
1177                  group.byname
1178                  group.bygid
1179                  hosts.byaddr
1180                  hosts.byname
1181                  ipnodes.byaddr
1182                  ipnodes.byname
1183                  ethers.byaddr
1184                  ethers.byname
1185                  networks.byaddr
1186                  networks.byname
1187                  rpc.bynumber
1188                  services.byname
1189                  services.byservicename
1190                  printers.conf.byname
1191                  project.byname
1192                  project.byprojid
1193                  protocols.byname
1194                  protocols.bynumber
1195                  netgroup
1196                  netgroup.byuser
1197                  netgroup.byhost
1198                  bootparams
1199                  mail.aliases
1200                  mail.byaddr
1201                  publickey.byname
1202                  netid.byname
1203                  netmasks.byaddr
1204                  passwd.adjunct.byname
1205                  group.adjunct.byname
1206                  timezone.byname
1207                  auth_attr
1208                  exec_attr
1209                  prof_attr
1210                  user_attr
1211                  audit_user
1212                  auto.master
1213                  auto.home
1214                  ypservers"
1215
1216set -A DEF_NIS_MAP_ARRAY $DEFAULT_NIS_MAPS
1217
1218# The default TTL maps in database ID format.
1219DEF_TTL_MAPLIST="audit_user
1220                 auto.home
1221                 auto.master
1222                 auth_attr
1223                 bootparams
1224                 ethers
1225                 exec_attr
1226                 group
1227                 group.adjunct.byname
1228                 keys.host
1229                 keys.pass
1230                 keys.nobody
1231                 hosts
1232                 multihosts
1233                 ipnodes
1234                 multiipnodes
1235                 netgroup
1236                 networks
1237                 passwd
1238                 passwd.adjunct.byname
1239                 printers.conf.byname
1240                 prof_attr
1241                 project
1242                 protocols
1243                 services
1244                 mail.aliases
1245                 mail.mapping
1246                 netid.host
1247                 netid.pass
1248                 netmasks.byaddr
1249                 rpc.bynumber
1250                 ageing.byname
1251                 timezone.byname
1252                 user_attr
1253                 ypservers"
1254
1255
1256# Initialize default values for config parameters.
1257
1258configDN_flag=0
1259DEF_nisLDAPconfigDN=""
1260DEF_TLS=none
1261DEF_TLSCertificateDBPath=/var/yp/cert7.db
1262DEF_nisLDAPbindTimeout=15
1263DEF_nisLDAPsearchTimeout=180
1264DEF_nisLDAPmodifyTimeout=15
1265DEF_nisLDAPaddTimeout=15
1266DEF_nisLDAPdeleteTimeout=15
1267DEF_nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeout}
1268DEF_nisLDAPsearchSizeLimit=0
1269DEF_nisLDAPfollowReferral=no
1270DEF_nisLDAPretrieveErrorAction=use_cached
1271
1272# The default is unlimited, but since it prevents the NIS daemon,
1273# from servicing further requests, set 1 as the suggested value.
1274SUG_nisLDAPretrieveErrorAttempts=1
1275DEF_nisLDAPretrieveErrorTimeout=15
1276DEF_nisLDAPstoreErrorAction=retry
1277
1278# The default is unlimited, but set 1 as the suggested value.
1279SUG_nisLDAPstoreErrorAttempts=1
1280DEF_nisLDAPstoreErrorTimeout=15
1281
1282# Default TTL values (in seconds) for NIS MAPS for mapping file.
1283DEF_iTTLlo=1800
1284DEF_iTTLhi=5400
1285DEF_runTTL=3600
1286
1287}
1288
1289
1290#
1291# config_auth_menu_handler(): Enter the authentication method
1292#                             for config server.
1293#
1294config_auth_menu_handler()
1295{
1296    # Display Auth menu
1297    display_msg config_auth_method_menu
1298
1299    # Get a Valid choice.
1300    while :
1301    do
1302	# Display appropriate prompt and get answer.
1303        get_ans_req "    Choose one Authentication Method (h=help):"
1304
1305	# Determine choice.
1306	_MENU_CHOICE=$ANS
1307	case "$_MENU_CHOICE" in
1308	    1) _AUTHMETHOD="none"
1309		break ;;
1310	    2) _AUTHMETHOD="simple"
1311		break ;;
1312	    3) _AUTHMETHOD="sasl/cram-md5"
1313		break ;;
1314	    4) _AUTHMETHOD="sasl/digest-md5"
1315		break ;;
1316	    h) display_msg auth_help ;;
1317	    *) echo "Please enter 1-4, or h=help." ;;
1318	esac
1319    done
1320}
1321
1322
1323#
1324# auth_menu_handler(): Enter the Authentication method for LDAP server.
1325#
1326auth_menu_handler()
1327{
1328    # Display Auth menu
1329    display_msg auth_method_menu
1330
1331    # Get a Valid choice.
1332    while :
1333    do
1334	# Display appropriate prompt and get answer.
1335        get_ans_req "    Choose one Authentication Method (h=help):"
1336
1337	# Determine choice.
1338	_MENU_CHOICE=$ANS
1339	case "$_MENU_CHOICE" in
1340	    1) _AUTHMETHOD="simple"
1341		break ;;
1342	    2) _AUTHMETHOD="sasl/cram-md5"
1343		break ;;
1344	    3) _AUTHMETHOD="sasl/digest-md5"
1345		break ;;
1346	    h) display_msg auth_help ;;
1347	    *) echo "Please enter 1-3, or h=help." ;;
1348	esac
1349    done
1350}
1351
1352
1353#
1354# tls_menu_handler(): Enter the transport layer security
1355#
1356tls_menu_handler()
1357{
1358    # Display TLS menu
1359    display_msg tls_method_menu
1360
1361    # Get a Valid choice.
1362    while :
1363    do
1364	# Display appropriate prompt and get answer.
1365	# Default value is "none".
1366
1367        get_ans "    Choose one Transport Layer Security Method (h=help):" "1"
1368
1369	# Determine choice.
1370	_MENU_CHOICE=$ANS
1371	case "$_MENU_CHOICE" in
1372	    1) _TLSMETHOD="none"
1373		break ;;
1374	    2) _TLSMETHOD="ssl"
1375		break ;;
1376	    h) display_msg tls_help ;;
1377	    *) echo "Please enter 1, 2, or h=help." ;;
1378	esac
1379    done
1380}
1381
1382
1383#
1384# retrieve_error_action_menu_handler(): Enter the retrieve error action
1385#
1386retrieve_error_action_menu_handler()
1387{
1388    # Display retrieve error action menu
1389    display_msg retrieve_error_action_menu
1390
1391    # Get a Valid choice.
1392    while :
1393    do
1394	# Display appropriate prompt and get answer. use_cached is default
1395        get_ans "    Choose one retrieval error action (h=help):" "1"
1396
1397	# Determine choice.
1398	_MENU_CHOICE=$ANS
1399	case "$_MENU_CHOICE" in
1400	    1) _RET_ERR_ACT="use_cached"
1401		break ;;
1402	    2) _RET_ERR_ACT="fail"
1403		break ;;
1404	    h) display_msg nisLDAPretrieveErrorAction_help ;;
1405	    *) echo "Please enter 1, 2, or h=help." ;;
1406	esac
1407    done
1408}
1409
1410
1411#
1412# store_error_action_menu_handler(): Enter the store error action
1413#
1414store_error_action_menu_handler()
1415{
1416    # Display store error action menu
1417    display_msg store_error_action_menu
1418
1419    # Get a Valid choice.
1420    while :
1421    do
1422	# Display appropriate prompt and get answer. retry is default
1423        get_ans "    Choose one store error action (h=help):" "1"
1424
1425	# Determine choice.
1426	_MENU_CHOICE=$ANS
1427	case "$_MENU_CHOICE" in
1428	    1) _STOR_ERR_ACT="retry"
1429		break ;;
1430	    2) _STOR_ERR_ACT="fail"
1431		break ;;
1432	    h) display_msg nisLDAPstoreErrorAction_help ;;
1433	    *) echo "Please enter 1, 2, or h=help." ;;
1434	esac
1435    done
1436}
1437
1438
1439#
1440# cleanup(): Remove the TMPDIR and all files in it.
1441#
1442cleanup()
1443{
1444[ $DEBUG -eq 1 ] && echo "In cleanup()"
1445
1446# Leave the temp directory if debug is set
1447[ $DEBUG -eq 0 ] && rm -rf $TMPDIR
1448}
1449
1450
1451# Save existing config file if elected
1452check_back_config_file()
1453{
1454if [ -f $CONFIG_FILE ]; then
1455  display_msg backup_config_file
1456
1457  get_confirm "Do you wish to continue (y/n/h)?" \
1458              "n" "backup_config_file_cont_help"
1459
1460  if [ $? -eq 0 ]; then    # if No, cleanup and exit.
1461    cleanup ; exit 1
1462  fi
1463
1464  get_confirm "Do you wish to backup the config file "${CONFIG_FILE}" (y/n/h)?" \
1465              "y" "backup_config_file_help"
1466
1467  if [ $? -eq 1 ]; then    # Save the old config file with timestamp
1468
1469    # SCCS converts '% H %' (without spaces) in current date during putback.
1470    # So use some other combination.
1471    SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1472
1473    cp -p $CONFIG_FILE ${CONFIG_FILE}-${SUFFIX}
1474    echo "  Saved existing $CONFIG_FILE as ${CONFIG_FILE}-${SUFFIX}"
1475  fi
1476fi
1477}
1478
1479
1480# Save existing mapping file if elected
1481check_back_mapping_file()
1482{
1483if [ -f $MAP_FILE ]; then
1484  display_msg backup_mapping_file
1485
1486  get_confirm "Do you wish to continue (y/n/h)?" \
1487              "n" "backup_mapping_file_cont_help"
1488
1489  if [ $? -eq 0 ]; then    # if No, cleanup and exit.
1490    cleanup ; exit 1
1491  fi
1492
1493  get_confirm "Do you wish to backup the map file "${MAP_FILE}" (y/n/h)?" \
1494                   "y" "backup_mapping_file_help"
1495
1496  if [ $? -eq 1 ]; then    # if Yes, save the old map file with timestamp
1497
1498    # SCCS converts '% H %' (without spaces) in current date during putback.
1499    # So use some other combination.
1500    SUFFIX=`date '+%d%h%Y.%H:%M:%S'`
1501
1502    cp -p $MAP_FILE ${MAP_FILE}-${SUFFIX}
1503    echo "  Saved existing $MAP_FILE as ${MAP_FILE}-${SUFFIX}"
1504  fi
1505
1506else
1507  if [ "$MAP_FILE" = "$DEFAULT_MAP_FILE" ]; then
1508    display_msg warn_n2l_mode
1509
1510    get_confirm "Do you wish to continue (y/n/h)?" \
1511                "n" "warn_n2l_mode_help"
1512
1513    if [ $? -eq 0 ]; then
1514      cleanup ; exit 1
1515    fi
1516  fi
1517fi
1518}
1519
1520
1521put_config_file_copyright_info()
1522{
1523
1524# Start with an emptty file, so don't append, but overwrite here.
1525# Just change the name, but keep the same date and version number
1526# as in the ident string of this script.
1527
1528grep "ident	\"@(#)$PROG" $ABS_PROG | \
1529      sed "s/${PROG}/${NEW_NAME}/g" > $CONFIG_FILE
1530
1531echo "\
1532#
1533# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
1534# Use is subject to license terms.
1535#\
1536" >> $MAP_FILE
1537}
1538
1539
1540get_nisLDAPconfigDN()
1541{
1542while :
1543do
1544
1545get_ans "DN for configuration information (h=help):"
1546
1547# If help continue, otherwise break.
1548case "$ANS" in
1549  [Hh] | help | Help | \?) display_msg nisLDAPconfigDN_help ;;
1550                       * ) break ;;
1551esac
1552done
1553
1554nisLDAPconfigDN="${ANS}"
1555
1556# Store in config file only if a non-default value is specified.
1557if [ "$ANS" != "${DEF_nisLDAPconfigDN}" ]; then
1558  echo "nisLDAPconfigDN=${ANS}" >> $CONFIG_FILE
1559fi
1560
1561# Ask remaining config server related questions only if this
1562# DN is set. So, if a value is specified, set a flag.
1563
1564[ "$ANS" != "" ] && configDN_flag=1
1565}
1566
1567
1568get_nisLDAPconfigPreferredServerList()
1569{
1570while :
1571do
1572
1573get_ans_req "Preferred server list for configuration information (h=help):"
1574
1575# If help continue, otherwise break.
1576case "$ANS" in
1577  [Hh] | help | Help | \?) display_msg nisLDAPconfigPreferredServerList_help ;;
1578                       * ) break ;;
1579esac
1580done
1581
1582nisLDAPconfigPreferredServerList=${ANS}
1583echo "nisLDAPconfigPreferredServerList=${ANS}" >> $CONFIG_FILE
1584}
1585
1586
1587get_nisLDAPconfigAuthenticationMethod()
1588{
1589_AUTHMETHOD=""
1590
1591echo "Select the Authentication Method for configuration server :"
1592config_auth_menu_handler
1593
1594nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}
1595echo "nisLDAPconfigAuthenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1596}
1597
1598
1599get_nisLDAPconfigTLS()
1600{
1601_TLSMETHOD=""
1602
1603echo "Select the Transport Layer Security (TLS) for configuration server :"
1604tls_menu_handler
1605
1606nisLDAPconfigTLS=${_TLSMETHOD}
1607
1608# Store in config file only if a non-default value is specified.
1609if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1610    echo "nisLDAPconfigTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1611fi
1612}
1613
1614
1615get_nisLDAPconfigTLSCertificateDBPath()
1616{
1617while :
1618do
1619
1620get_ans "TLS Certificate DB for configuration server (h=help):"\
1621            "${DEF_TLSCertificateDBPath}"
1622
1623# If help continue, otherwise break.
1624case "$ANS" in
1625  [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1626                       * ) break ;;
1627esac
1628done
1629
1630nisLDAPconfigTLSCertificateDBPath=${ANS}
1631
1632# Store in config file only if a non-default value is specified.
1633if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1634  echo "nisLDAPconfigTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1635fi
1636}
1637
1638
1639get_nisLDAPconfigProxyUser()
1640{
1641while :
1642do
1643
1644get_ans_req "Proxy user bind DN to obtain configuration information (h=help):"
1645# If help continue, otherwise break.
1646case "$ANS" in
1647  [Hh] | help | Help | \?) display_msg nisLDAPconfigProxyUser_help ;;
1648                       * ) break ;;
1649esac
1650done
1651
1652nisLDAPconfigProxyUser=${ANS}
1653echo "nisLDAPconfigProxyUser=${ANS}" >> $CONFIG_FILE
1654}
1655
1656
1657get_nisLDAPconfigProxyPassword()
1658{
1659get_passwd "Proxy user password to obtain configuration information :"
1660nisLDAPconfigProxyPassword=${ANS}
1661
1662echo "nisLDAPconfigProxyPassword=${ANS}" >> $CONFIG_FILE
1663
1664display_msg ProxyPassword_warn
1665}
1666
1667
1668get_preferredServerList()
1669{
1670while :
1671do
1672
1673get_ans_req "Preferred server list for mapping data to/from LDAP (h=help):"
1674
1675# If help continue, otherwise break.
1676case "$ANS" in
1677  [Hh] | help | Help | \?) display_msg preferredServerList_help ;;
1678                       * ) break ;;
1679esac
1680done
1681
1682preferredServerList=${ANS}
1683echo "preferredServerList=${ANS}" >> $CONFIG_FILE
1684}
1685
1686
1687get_authenticationMethod()
1688{
1689_AUTHMETHOD=""
1690
1691echo "Select the Authentication Method for mapping data to/from LDAP :"
1692auth_menu_handler
1693
1694authenticationMethod=${_AUTHMETHOD}
1695echo "authenticationMethod=${_AUTHMETHOD}" >> $CONFIG_FILE
1696}
1697
1698
1699get_nisLDAPTLS()
1700{
1701_TLSMETHOD=""
1702
1703echo "Select the Transport Layer Security (TLS) for mapping data to/from LDAP :"
1704tls_menu_handler
1705
1706nisLDAPTLS=${_TLSMETHOD}
1707
1708# Store in config file only if a non-default value is specified.
1709if [ "${_TLSMETHOD}" != "${DEF_TLS}" ]; then
1710    echo "nisLDAPTLS=${_TLSMETHOD}" >> $CONFIG_FILE
1711fi
1712}
1713
1714
1715get_nisLDAPTLSCertificateDBPath()
1716{
1717while :
1718do
1719
1720get_ans "TLS Certificate DB for LDAP data server (h=help):"\
1721        "${DEF_nisLDAPTLSCertificateDBPath}"
1722
1723# If help continue, otherwise break.
1724case "$ANS" in
1725  [Hh] | help | Help | \?) display_msg TLSCertificateDBPath_help ;;
1726                       * ) break ;;
1727esac
1728done
1729
1730nisLDAPTLSCertificateDBPath=${ANS}
1731
1732# Store in config file only if a non-default value is specified.
1733if [ "$ANS" != "${DEF_TLSCertificateDBPath}" ]; then
1734  echo "nisLDAPTLSCertificateDBPath=${ANS}" >> $CONFIG_FILE
1735fi
1736}
1737
1738
1739get_nisLDAPproxyUser()
1740{
1741while :
1742do
1743
1744get_ans_req "Proxy user bind DN to read/write data from/to LDAP (h=help):"
1745
1746# If help continue, otherwise break.
1747case "$ANS" in
1748  [Hh] | help | Help | \?) display_msg nisLDAPproxyUser_help ;;
1749                       * ) break ;;
1750esac
1751done
1752
1753nisLDAPproxyUser=${ANS}
1754echo "nisLDAPproxyUser=${ANS}" >> $CONFIG_FILE
1755}
1756
1757
1758get_nisLDAPproxyPassword()
1759{
1760get_passwd "Proxy user password to read/write data from/to LDAP :"
1761nisLDAPproxyPassword=${ANS}
1762
1763echo "nisLDAPproxyPassword=${ANS}" >> $CONFIG_FILE
1764
1765display_msg ProxyPassword_warn
1766}
1767
1768
1769get_nisLDAPbindTimeout()
1770{
1771get_pos_int "Timeout value (in seconds) for LDAP bind operation (h=help):" \
1772              "${DEF_nisLDAPbindTimeout}" "nisLDAPbindTimeout_help"
1773
1774nisLDAPbindTimeout=${NUM}
1775
1776# Store in config file only if a non-default value is specified.
1777if [ $NUM -ne ${DEF_nisLDAPbindTimeout} ]; then
1778  echo "nisLDAPbindTimeout=${NUM}" >> $CONFIG_FILE
1779fi
1780}
1781
1782
1783get_nisLDAPsearchTimeout()
1784{
1785get_pos_int "Timeout value (in seconds) for LDAP search operation (h=help):" \
1786            "${DEF_nisLDAPsearchTimeout}" "nisLDAPsearchTimeout_help"
1787
1788nisLDAPsearchTimeout=${NUM}
1789
1790# Store in config file only if a non-default value is specified.
1791if [ $NUM -ne ${DEF_nisLDAPsearchTimeout} ]; then
1792  echo "nisLDAPsearchTimeout=${NUM}" >> $CONFIG_FILE
1793fi
1794}
1795
1796
1797get_nisLDAPmodifyTimeout()
1798{
1799get_pos_int "Timeout value (in seconds) for LDAP modify operation (h=help):" \
1800            "${DEF_nisLDAPmodifyTimeout}" "nisLDAPmodifyTimeout_help"
1801
1802nisLDAPmodifyTimeout=${NUM}
1803
1804# Store in config file only if a non-default value is specified.
1805if [ $NUM -ne ${DEF_nisLDAPmodifyTimeout} ]; then
1806  echo "nisLDAPmodifyTimeout=${NUM}" >> $CONFIG_FILE
1807fi
1808}
1809
1810
1811get_nisLDAPaddTimeout()
1812{
1813get_pos_int "Timeout value (in seconds) for LDAP add operation (h=help):" \
1814            "${DEF_nisLDAPaddTimeout}" "nisLDAPaddTimeout_help"
1815
1816nisLDAPaddTimeout=${NUM}
1817
1818# Store in config file only if a non-default value is specified.
1819if [ $NUM -ne ${DEF_nisLDAPaddTimeout} ]; then
1820  echo "nisLDAPaddTimeout=${NUM}" >> $CONFIG_FILE
1821fi
1822}
1823
1824
1825get_nisLDAPdeleteTimeout()
1826{
1827get_pos_int "Timeout value (in seconds) for LDAP delete operation (h=help):" \
1828            "${DEF_nisLDAPdeleteTimeout}" "nisLDAPdeleteTimeout_help"
1829
1830nisLDAPdeleteTimeout=${NUM}
1831
1832# Store in config file only if a non-default value is specified.
1833if [ $NUM -ne ${DEF_nisLDAPdeleteTimeout} ]; then
1834  echo "nisLDAPdeleteTimeout=${NUM}" >> $CONFIG_FILE
1835fi
1836}
1837
1838
1839get_nisLDAPsearchTimeLimit()
1840{
1841get_pos_int "Time limit (in seconds) for search operation on LDAP server (h=help):" \
1842            "${DEF_nisLDAPsearchTimeLimit}" "nisLDAPsearchTimeLimit_help"
1843
1844nisLDAPsearchTimeLimit=${NUM}
1845
1846# Store in config file only if a non-default value is specified.
1847if [ $NUM -ne ${DEF_nisLDAPsearchTimeLimit} ]; then
1848  echo "nisLDAPsearchTimeLimit=${NUM}" >> $CONFIG_FILE
1849fi
1850}
1851
1852
1853get_nisLDAPsearchSizeLimit()
1854{
1855get_pos_int "Size limit (in bytes) for search operation on LDAP server (h=help):" \
1856            "${DEF_nisLDAPsearchSizeLimit}" "nisLDAPsearchSizeLimit_help"
1857
1858nisLDAPsearchSizeLimit=${NUM}
1859
1860# Store in config file only if a non-default value is specified.
1861if [ $NUM -ne ${DEF_nisLDAPsearchSizeLimit} ]; then
1862  echo "nisLDAPsearchSizeLimit=${NUM}" >> $CONFIG_FILE
1863fi
1864}
1865
1866
1867get_nisLDAPfollowReferral()
1868{
1869get_confirm "Should the ypserv follow LDAP referrals (y/n/h):" \
1870            "n" "nisLDAPfollowReferral_help"
1871
1872if [ $? -eq 1 ]; then
1873  _ANS="yes"
1874else
1875  _ANS="no"
1876fi
1877
1878# Store in config file only if a non-default value is specified.
1879if [ "${_ANS}" != "${DEF_nisLDAPfollowReferral}" ]; then
1880  echo "nisLDAPfollowReferral=${_ANS}" >> $CONFIG_FILE
1881fi
1882}
1883
1884
1885get_nisLDAPretrieveErrorAction()
1886{
1887_RET_ERR_ACT=""
1888
1889echo "Select the action to be taken in case of LDAP retrieval error :"
1890retrieve_error_action_menu_handler
1891
1892nisLDAPretrieveErrorAction=${_RET_ERR_ACT}
1893
1894# Store in config file only if a non-default value is specified.
1895if [ "${_RET_ERR_ACT}" != "${DEF_nisLDAPretrieveErrorAction}" ]; then
1896    echo "nisLDAPretrieveErrorAction=${_RET_ERR_ACT}" >> $CONFIG_FILE
1897fi
1898}
1899
1900
1901get_nisLDAPretrieveErrorAttempts()
1902{
1903
1904get_pos_int "Number of attempts in case of LDAP retrieval error (h=help):" \
1905            "$SUG_nisLDAPretrieveErrorAttempts" \
1906            "nisLDAPretrieveErrorAttempts_help"
1907
1908nisLDAPretrieveErrorAttempts=${NUM}
1909
1910echo "nisLDAPretrieveErrorAttempts=${NUM}" >> $CONFIG_FILE
1911}
1912
1913
1914get_nisLDAPretrieveErrorTimeout()
1915{
1916# if nisLDAPretrieveErrorAttempts=0, then no point in asking
1917# for timeout vales as it is ignored anyway.
1918
1919[ $nisLDAPretrieveErrorAttempts -eq 0 ] && return 0
1920
1921get_pos_int "Timeout (in seconds) between each new attempt to retrieve LDAP data (h=help):"\
1922            "${DEF_nisLDAPretrieveErrorTimeout}" \
1923            "nisLDAPretrieveErrorTimeout_help"
1924
1925nisLDAPretrieveErrorTimeout=${NUM}
1926
1927# Store in config file only if a non-default value is specified.
1928if [ $NUM -ne ${DEF_nisLDAPretrieveErrorTimeout} ]; then
1929  echo "nisLDAPretrieveErrorTimeout=${NUM}" >> $CONFIG_FILE
1930fi
1931}
1932
1933
1934get_nisLDAPstoreErrorAction()
1935{
1936_STOR_ERR_ACT=""
1937
1938echo "Select the action to be taken in case of LDAP store error :"
1939store_error_action_menu_handler
1940
1941nisLDAPstoreErrorAction=${_STOR_ERR_ACT}
1942
1943# Store in config file only if a non-default value is specified.
1944if [ "${_STOR_ERR_ACT}" != "${DEF_nisLDAPstoreErrorAction}" ]; then
1945    echo "nisLDAPstoreErrorAction=${_STOR_ERR_ACT}" >> $CONFIG_FILE
1946fi
1947}
1948
1949
1950get_nisLDAPstoreErrorAttempts()
1951{
1952
1953# if nisLDAPstoreErrorAction="fail", then no point in asking
1954# for no. of attempts or timeout vales as they are ignored.
1955
1956[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1957
1958get_pos_int "Number of attempts in case of LDAP store error (h=help):" \
1959            "$SUG_nisLDAPstoreErrorAttempts" \
1960            "nisLDAPstoreErrorAttempts_help"
1961
1962nisLDAPstoreErrorAttempts=${NUM}
1963
1964echo "nisLDAPstoreErrorAttempts=${NUM}" >> $CONFIG_FILE
1965}
1966
1967
1968get_nisLDAPstoreErrorTimeout()
1969{
1970
1971# if nisLDAPstoreErrorAction="fail", then no point in asking
1972# for no. of attempts or timeout vales as they are ignored.
1973
1974[ "$nisLDAPstoreErrorAction" = "fail" ] && return 0
1975
1976# Similarly, if nisLDAPstoreErrorAttempts=0, ignore this question.
1977
1978[ $nisLDAPstoreErrorAttempts -eq 0 ] && return 0
1979
1980get_pos_int "Timeout (in seconds) between each new attempt to write LDAP data (h=help):"\
1981            "${DEF_nisLDAPstoreErrorTimeout}" \
1982            "nisLDAPstoreErrorTimeout_help"
1983
1984nisLDAPstoreErrorTimeout=${NUM}
1985
1986# Store in config file only if a non-default value is specified.
1987if [ $NUM -ne ${DEF_nisLDAPstoreErrorTimeout} ]; then
1988  echo "nisLDAPstoreErrorTimeout=${NUM}" >> $CONFIG_FILE
1989fi
1990}
1991
1992
1993
1994create_config_file()
1995{
1996
1997# To prevent from leaving a partial config file in case some error or
1998# signal takes place, store the output being generated in a temporary
1999# file first, and move it at the final destination only at the end if
2000# everything goes fine.
2001
2002_CONFIG_FILE=$CONFIG_FILE
2003CONFIG_FILE=${TMPDIR}/${TMPCONF}.$$
2004
2005echo "Generating config file temporarily as \"${CONFIG_FILE}\""
2006
2007# Truncate the file before we append anything.
2008# Place copyright information
2009put_config_file_copyright_info
2010
2011# Filter out all the YP domains in /var/yp
2012# The list of domains is stored in list "VARYP_DMN_LIST"
2013
2014echo "\
2015#
2016# Configuration file for ypserv(1M); see ypserv(4) for more information,
2017# and NISLDAPmapping(4) for configuration of NIS to LDAP mapping.
2018
2019# Unless otherwise noted, commented lines show default values.
2020" >> $CONFIG_FILE
2021
2022echo "\
2023# Where to look for configuration information in LDAP. Leave empty or
2024# undefined to use this file, in which case the values of the other
2025# 'nisLdapConfig*' attributes are ignored.
2026#
2027#nisLDAPconfigDN=\
2028" >> $CONFIG_FILE
2029
2030get_nisLDAPconfigDN
2031
2032echo "
2033
2034# Server(s) for configuration information. There is no default;
2035# use the value on the line below for an LDAP server running on
2036# this machine, at port 389.
2037#nisLDAPconfigPreferredServerList=127.0.0.1:389\
2038" >> $CONFIG_FILE
2039
2040[ $configDN_flag -eq 1 ] && get_nisLDAPconfigPreferredServerList
2041
2042echo "
2043
2044# Authentication method(s) to obtain configuration information.
2045#\
2046" >> $CONFIG_FILE
2047
2048[ $configDN_flag -eq 1 ] && get_nisLDAPconfigAuthenticationMethod
2049
2050echo "
2051
2052# Transport layer security for configuration information
2053#
2054#nisLDAPconfigTLS=${DEF_TLS}\
2055" >> $CONFIG_FILE
2056
2057[ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLS
2058
2059echo "
2060
2061# Certificate DB for transport layer security
2062#
2063#nisLDAPconfigTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2064" >> $CONFIG_FILE
2065
2066# ask for Certificate DB only if SSL is set
2067if [ "${nisLDAPconfigTLS}" = "ssl" ]; then
2068  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigTLSCertificateDBPath
2069fi
2070
2071echo "
2072
2073# Proxy user(s) to obtain configuration information. The line below
2074# is an example of the format.
2075#
2076#nisLDAPconfigProxyUser=cn=nisAdmin,ou=People,\
2077" >> $CONFIG_FILE
2078
2079# Ask proxy user bind DN only if needed.
2080if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2081  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyUser
2082fi
2083
2084echo "
2085
2086# Password for proxy user. Must be supplied if the authentication method
2087# requires a password. If a password appears in this file, it should be
2088# protected appropriately against access by unauthorized users.
2089#
2090#nisLDAPconfigProxyPassword=\
2091" >> $CONFIG_FILE
2092
2093if [ "${nisLDAPconfigAuthenticationMethod}" != "none" ]; then
2094  [ $configDN_flag -eq 1 ] && get_nisLDAPconfigProxyPassword
2095fi
2096
2097echo "
2098
2099# Server list for mapping data to/from LDAP. There is no default;
2100# use the value on the line below for an LDAP server running on
2101# this machine, at port 389.
2102#preferredServerList=127.0.0.1:389\
2103" >> $CONFIG_FILE
2104
2105get_preferredServerList
2106
2107echo "
2108
2109# Authentication method for mapping data to/from LDAP
2110#\
2111" >> $CONFIG_FILE
2112
2113get_authenticationMethod
2114
2115echo "
2116
2117# Transport layer security for mapping data to/from LDAP.
2118#
2119#nisLDAPTLS=${DEF_TLS}\
2120" >> $CONFIG_FILE
2121
2122get_nisLDAPTLS
2123
2124echo "
2125
2126# Certificate DB for transport layer security
2127#
2128#nisLDAPTLSCertificateDBPath=${DEF_TLSCertificateDBPath}\
2129" >> $CONFIG_FILE
2130
2131# ask for Certificate DB only if SSL is set
2132if [ "${nisLDAPTLS}" = "ssl" ]; then
2133  get_nisLDAPTLSCertificateDBPath
2134fi
2135
2136echo "
2137
2138# Proxy user for ypserv. Assumed to have appropriate permission to read
2139# and/or create or modify LDAP data. The line below is an example of the
2140# format.
2141#
2142#nisLDAPproxyUser=cn=nisAdmin,ou=People,\
2143" >> $CONFIG_FILE
2144
2145# Ask proxy user bind DN only if needed.
2146if [ "${authenticationMethod}" != "none" ]; then
2147  get_nisLDAPproxyUser
2148fi
2149
2150echo "
2151
2152# Password for proxy user. Must be supplied if the authentication method
2153# requires a password. If a password appears in this file, it should be
2154# protected appropriately against unauthorized access.
2155#
2156#nisLDAPproxyPassword=\
2157" >> $CONFIG_FILE
2158
2159if [ "${authenticationMethod}" != "none" ]; then
2160  get_nisLDAPproxyPassword
2161fi
2162
2163echo "
2164
2165# Timeouts and time/size limits for LDAP operations.
2166#
2167#nisLDAPbindTimeout=${DEF_nisLDAPbindTimeout}\
2168" >> $CONFIG_FILE
2169
2170get_nisLDAPbindTimeout
2171
2172echo "
2173#nisLDAPsearchTimeout=${DEF_nisLDAPsearchTimeout}\
2174" >> $CONFIG_FILE
2175
2176get_nisLDAPsearchTimeout
2177
2178echo "
2179#nisLDAPmodifyTimeout=${DEF_nisLDAPmodifyTimeout}\
2180" >> $CONFIG_FILE
2181
2182get_nisLDAPmodifyTimeout
2183
2184echo "
2185#nisLDAPaddTimeout=${DEF_nisLDAPaddTimeout}\
2186" >> $CONFIG_FILE
2187
2188get_nisLDAPaddTimeout
2189
2190echo "
2191#nisLDAPdeleteTimeout=${DEF_nisLDAPdeleteTimeout}\
2192" >> $CONFIG_FILE
2193
2194get_nisLDAPdeleteTimeout
2195
2196echo "
2197#nisLDAPsearchTimeLimit=${DEF_nisLDAPsearchTimeLimit}\
2198" >> $CONFIG_FILE
2199
2200get_nisLDAPsearchTimeLimit
2201
2202echo "
2203#nisLDAPsearchSizeLimit=${DEF_nisLDAPsearchSizeLimit}\
2204" >> $CONFIG_FILE
2205
2206get_nisLDAPsearchSizeLimit
2207
2208echo "
2209
2210# Should the ypserv follow LDAP referrals ?
2211#
2212#nisLDAPfollowReferral=${DEF_nisLDAPfollowReferral}\
2213" >> $CONFIG_FILE
2214
2215get_nisLDAPfollowReferral
2216
2217echo "
2218
2219# Action, number of attempts, and timeout following an LDAP retrieval error
2220#
2221#nisLDAPretrieveErrorAction=${DEF_nisLDAPretrieveErrorAction}\
2222" >> $CONFIG_FILE
2223
2224get_nisLDAPretrieveErrorAction
2225
2226echo "
2227#nisLDAPretrieveErrorAttempts=\
2228" >> $CONFIG_FILE
2229
2230get_nisLDAPretrieveErrorAttempts
2231
2232echo "
2233#nisLDAPretrieveErrorTimeout=${DEF_nisLDAPretrieveErrorTimeout}\
2234" >> $CONFIG_FILE
2235
2236get_nisLDAPretrieveErrorTimeout
2237
2238echo "
2239
2240# Action, number of attempts, and timeout following an LDAP store error
2241#
2242#nisLDAPstoreErrorAction=${DEF_nisLDAPstoreErrorAction}\
2243" >> $CONFIG_FILE
2244
2245get_nisLDAPstoreErrorAction
2246
2247echo "
2248#nisLDAPstoreErrorAttempts=\
2249" >> $CONFIG_FILE
2250
2251get_nisLDAPstoreErrorAttempts
2252
2253echo "
2254#nisLDAPstoreErrorTimeout=${DEF_nisLDAPstoreErrorTimeout}\
2255" >> $CONFIG_FILE
2256
2257get_nisLDAPstoreErrorTimeout
2258
2259
2260# We are done, so move back the config file from temp. location
2261# to actual location.
2262# In case the config file name has a directory component which does
2263# not exist, then create it now, otherwise 'mv' will return error.
2264
2265DIR_TO_CREATE=`dirname ${_CONFIG_FILE}`
2266mkdir -p ${DIR_TO_CREATE}
2267
2268echo "Moving output from temporary file ($CONFIG_FILE) to actual file ($_CONFIG_FILE)"
2269mv $CONFIG_FILE $_CONFIG_FILE
2270
2271# Revert back the config file name in case needed.
2272CONFIG_FILE=$_CONFIG_FILE
2273echo "Finished creation of config file ( $_CONFIG_FILE )"
2274
2275}
2276
2277
2278put_mapping_file_copyright_info()
2279{
2280
2281# Start with an emptty file, so don't append, but overwrite here.
2282# Just change the name and add the word pragma, but keep the same
2283# date and version number as in the ident string of this script.
2284
2285grep "ident	\"@(#)$PROG" $ABS_PROG | \
2286      sed "s/ ident/pragma ident/g" | \
2287      sed "s/${PROG}/${NEW_NAME}/g" > $MAP_FILE
2288
2289echo "\
2290#
2291# Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
2292# Use is subject to license terms.
2293#
2294#-------------------------------------------------------------------
2295#\
2296" >> $MAP_FILE
2297}
2298
2299
2300#
2301# Filter out all the YP domains in /var/yp
2302# The list of domains is stored in list "VARYP_DMN_LIST"
2303#
2304create_all_var_yp_domain_list()
2305{
2306VARYP_DMN_LIST=""
2307
2308for entry in /var/yp/*
2309do
2310  DMN=`basename $entry`
2311  if [ -d "/var/yp/$DMN" ] && [ -f "/var/yp/binding/$DMN/ypservers" ]
2312  then
2313    VARYP_DMN_LIST="$VARYP_DMN_LIST $DMN"
2314  fi
2315done
2316
2317# d_echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2318[ $DEBUG -eq 1 ] && echo VARYP_DMN_LIST = "$VARYP_DMN_LIST"
2319}
2320
2321
2322#
2323# Ask user which domains would be served by N2L
2324# The list of N2L domains is stored in global array
2325# "N2L_DMN_LIST" and number of domains in N2L_DMN_CNT
2326#
2327create_n2l_domain_list()
2328{
2329# First make a list of all the domains in /var/yp
2330create_all_var_yp_domain_list
2331
2332# Now identify those to be served by N2L
2333let count=0
2334
2335for DMN in $VARYP_DMN_LIST
2336do
2337  get_confirm "Do you want to store maps from ${DMN} domain to LDAP (y/n/h):" \
2338              "n" "selectDomain4N2L_help"
2339
2340  if [ $? -eq 1 ]; then
2341    N2L_DMN_LIST[count]=$DMN
2342    let count="count + 1"
2343  fi
2344
2345done
2346N2L_DMN_CNT=$count
2347
2348[ $DEBUG -eq 1 ] && echo N2L_DMN_LIST=${N2L_DMN_LIST[*]}
2349[ $DEBUG -eq 1 ] && echo N2L_DMN_CNT=$N2L_DMN_CNT
2350}
2351
2352
2353#
2354# Make various lists for different types of maps for each N2L domain
2355# and ask user if mapping information and comments need to be generated
2356# for custom maps.
2357#
2358# This function looks big, but since KSH does not support 2-D arrays, or
2359# two level of dereferencing, it forced to have so many lists and arrays.
2360# Lists are better for adding or removing elements, and arrays are better
2361# for accessing with index and in knowing the no. of elements.
2362#
2363create_map_lists()
2364{
2365# Initialize them with no maps.
2366ALL_DMN_ALL_MAPLIST=""
2367ALL_DMN_DEF_MAPLIST=""
2368ALL_DMN_CUST_MAPLIST=""
2369ALL_DMN_AUTO_CUST_MAPLIST=""
2370
2371# Default to don't generate custom mapping info or comment info.
2372CUST_MAP_NEEDED=0
2373CUST_CMT_NEEDED=0
2374
2375let count=0
2376
2377while (( $count < $N2L_DMN_CNT ))
2378do
2379  DMN=${N2L_DMN_LIST[count]}
2380  MAPDIR=/var/yp/${DMN}
2381
2382  # Initialize per domain lists to NULL.
2383  ALL_MAPLIST=""
2384  DEF_MAPLIST=""
2385  CUST_MAPLIST=""
2386  AUTO_CUST_MAPLIST=""
2387
2388  for dbmfile in $MAPDIR/*.dir
2389  do
2390    MAP=`basename $dbmfile .dir`
2391
2392    # Ignore N2L maps (those with "LDAP_" prefix and ageing.byname)
2393    if [[ $MAP != LDAP_* ]] && [[ $MAP != "" ]] && \
2394       [ -f $MAPDIR/${MAP}.pag ] && [[ $MAP != ageing.byname ]]
2395    then
2396      ALL_MAPLIST="$ALL_MAPLIST $MAP"
2397
2398      if present $MAP $DEFAULT_NIS_MAPS
2399      then
2400        DEF_MAPLIST="$DEF_MAPLIST $MAP"
2401
2402      elif [[ $MAP = auto.* ]]
2403      then
2404        AUTO_CUST_MAPLIST="$AUTO_CUST_MAPLIST $MAP"
2405
2406      else
2407        # If we reached here, means it is custom map.
2408        get_confirm "Do you want the mapping information to be generated for \"$MAP\" map of $DMN domain (y/n/h)?" \
2409                    "n" "generate_mapping_info_for_cust_map_help"
2410
2411        if [ $? -eq 1 ]
2412        then
2413          CUST_MAPLIST="$CUST_MAPLIST $MAP"
2414        else
2415          # If a customer map is not desired, then delete it from
2416          # all maplist too.
2417          ALL_MAPLIST=$(remove $MAP $ALL_MAPLIST)
2418        fi
2419
2420      fi
2421
2422    fi
2423
2424  done
2425
2426  # Make ALL_DMN lists as they are very helpful in checking if a map exists.
2427  ALL_DMN_ALL_MAPLIST=$(merge_lists $ALL_DMN_ALL_MAPLIST $ALL_MAPLIST)
2428  ALL_DMN_DEF_MAPLIST=$(merge_lists $ALL_DMN_DEF_MAPLIST $DEF_MAPLIST)
2429  ALL_DMN_CUST_MAPLIST=$(merge_lists $ALL_DMN_CUST_MAPLIST $CUST_MAPLIST)
2430  ALL_DMN_AUTO_CUST_MAPLIST=$(merge_lists $ALL_DMN_AUTO_CUST_MAPLIST \
2431                                          $AUTO_CUST_MAPLIST)
2432
2433  # Store per domain lists in arrays.
2434  ALL_MAPS[$count]="$ALL_MAPLIST"
2435  DEF_MAPS[$count]="$DEF_MAPLIST"
2436  CUST_MAPS[$count]="$CUST_MAPLIST"
2437  AUTO_CUST_MAPS[$count]="$AUTO_CUST_MAPLIST"
2438
2439  [ $DEBUG -eq 1 ] && echo ALL_MAPS[$DMN] = ${ALL_MAPS[$count]}
2440  [ $DEBUG -eq 1 ] && echo DEF_MAPS[$DMN] = ${DEF_MAPS[$count]}
2441  [ $DEBUG -eq 1 ] && echo CUST_MAPS[$DMN] = ${CUST_MAPS[$count]}
2442  [ $DEBUG -eq 1 ] && echo AUTO_CUST_MAPS[$DMN] = ${AUTO_CUST_MAPS[$count]}
2443
2444  let count="count + 1"
2445done
2446
2447[ $DEBUG -eq 1 ] && echo ALL_DMN_ALL_MAPLIST = $ALL_DMN_ALL_MAPLIST
2448[ $DEBUG -eq 1 ] && echo ALL_DMN_DEF_MAPLIST = $ALL_DMN_DEF_MAPLIST
2449[ $DEBUG -eq 1 ] && echo ALL_DMN_CUST_MAPLIST = $ALL_DMN_CUST_MAPLIST
2450[ $DEBUG -eq 1 ] && echo ALL_DMN_AUTO_CUST_MAPLIST = $ALL_DMN_AUTO_CUST_MAPLIST
2451
2452# Store all domain lists in array too.
2453set -A ALL_DMN_ALL_MAPS $ALL_DMN_ALL_MAPLIST
2454set -A ALL_DMN_DEF_MAPS $ALL_DMN_DEF_MAPLIST
2455set -A ALL_DMN_CUST_MAPS $ALL_DMN_CUST_MAPLIST
2456set -A ALL_DMN_AUTO_CUST_MAPS $ALL_DMN_AUTO_CUST_MAPLIST
2457
2458# A positive customer map count implies custom mapping information
2459# is required. Set this flag.
2460[ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ] && CUST_MAP_NEEDED=1
2461
2462# Give bit of info, and ask if comments need to be placed in mapping file
2463echo "
2464  This script can place relevant information regarding custom
2465  maps at appropriate places in the mapping file which can be
2466  helpful in customizing this file.
2467"
2468
2469get_confirm "Do you want such information to be generated (y/n/h)?" \
2470            "n" "generate_comment_info_for_cust_map_help"
2471
2472[ $? -eq 1 ] && CUST_CMT_NEEDED=1
2473
2474[ $DEBUG -eq 1 ] && echo CUST_MAP_NEEDED = $CUST_MAP_NEEDED
2475[ $DEBUG -eq 1 ] && echo CUST_CMT_NEEDED = $CUST_CMT_NEEDED
2476
2477}
2478
2479
2480#
2481# Ask user the context for each (N2l) domain
2482#
2483get_nisLDAPdomainContext()
2484{
2485echo "
2486# List domains and contexts
2487" >> $MAP_FILE
2488
2489for DMN in ${N2L_DMN_LIST[*]}
2490do
2491  while :
2492  do
2493    # Convert to domain in dc format for default choice
2494    domain_2_dc $DMN
2495
2496    get_ans "Enter the naming context for $DMN domain (h=help):"\
2497            "$_DOM_2_DC"
2498
2499    # If help continue, otherwise break.
2500    case "$ANS" in
2501      [Hh] | help | Help | \?) display_msg nisLDAPdomainContext_help ;;
2502                           * ) break ;;
2503    esac
2504  done
2505
2506  # If a value is specified, set it, and save in mapping file too.
2507  if [ "$ANS" != "" ]; then
2508    echo "nisLDAPdomainContext $DMN : ${ANS}" >> $MAP_FILE
2509  fi
2510
2511  [ $DEBUG -eq 1 ] && echo "nisLDAPdomainContext $DMN : ${ANS}"
2512done
2513}
2514
2515
2516#
2517# Ask user the domains for which passwords should be changed
2518#
2519get_nisLDAPyppasswddDomains()
2520{
2521
2522echo "
2523# List domains for which passwords should be changed. If this is not
2524# present then the value returned by 'domainname' will be used.
2525" >> $MAP_FILE
2526
2527for DMN in ${N2L_DMN_LIST[*]}
2528do
2529  get_confirm "Enable password changes for ${DMN} domain (y/n/h)? " \
2530              "n" "nisLDAPyppasswddDomains_help"
2531
2532  if [ $? -eq 1 ]; then
2533      echo "nisLDAPyppasswddDomains $DMN" >> $MAP_FILE
2534  fi
2535done
2536
2537echo "
2538#
2539#-------------------------------------------------------------------
2540#\
2541" >> $MAP_FILE
2542}
2543
2544
2545#
2546# Create NIS databaseId mappings (aliases)
2547#
2548create_nisLDAPdatabaseIdMapping()
2549{
2550echo '
2551# Associate map names with databaseIds (aliases)
2552
2553# Standard maps
2554nisLDAPdatabaseIdMapping	ethers: ethers.byaddr ethers.byname
2555nisLDAPdatabaseIdMapping	group: group.bygid group.byname
2556nisLDAPdatabaseIdMapping	hosts:[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*"] \
2557				hosts.byaddr hosts.byname
2558# Special mapping to handle the YP_MULTI cases
2559nisLDAPdatabaseIdMapping        multihosts: \
2560				[addr="[0-9]*.[0-9]*.[0-9]*.[0-9]*,*"] \
2561				hosts.byname
2562nisLDAPdatabaseIdMapping	networks: networks.byaddr networks.byname
2563nisLDAPdatabaseIdMapping	project: project.byname project.byprojid
2564nisLDAPdatabaseIdMapping	protocols: protocols.byname protocols.bynumber
2565nisLDAPdatabaseIdMapping	services: services.byname services.byservicename
2566
2567# netid.byname is built up from the hosts and passwd files using different
2568# mappings. It thus has two associated nisLDAPdatabaseIdMappings.
2569nisLDAPdatabaseIdMapping	netid.host:[number="0"] netid.byname
2570nisLDAPdatabaseIdMapping	netid.pass:[number="[1-9]*"] netid.byname
2571
2572# The next two are special databaseIds. They associate maps with databaseIds
2573# but additionally identify which maps contain password and password adjunct
2574# information for yppasswdd.
2575nisLDAPdatabaseIdMapping	passwd: passwd.byname passwd.byuid
2576
2577# mail.byaddr needs to select entries of the form x@y or x!y
2578nisLDAPdatabaseIdMapping	mail.mapping:[rf_key="*@*", rf_key="*!*"] \
2579				mail.byaddr
2580
2581# publickey.byname
2582# Each entry in publickey map consists of a network user name which
2583# may refer to a host or a user. It also contains a default entry for nobody.
2584# Hence, we need three nisLDAPdatabaseIdmappings to support the three
2585# different types of keys.
2586nisLDAPdatabaseIdMapping        keys.host:[rf_key="unix.[a-zA-Z]*@*"] \
2587				publickey.byname
2588nisLDAPdatabaseIdMapping        keys.pass:[rf_key="unix.[0-9]*@*"] \
2589				publickey.byname
2590nisLDAPdatabaseIdMapping        keys.nobody:[rf_key="nobody"] publickey.byname
2591
2592# Single standard maps. No point aliasing.
2593# mail.aliases
2594# netmasks.byaddr
2595# rpc.bynumber
2596# ypservers
2597
2598# Other maps
2599# ipnodes looks identical to hosts but maps to a different context.
2600nisLDAPdatabaseIdMapping	ipnodes:[addr="*:*"] \
2601				ipnodes.byaddr ipnodes.byname
2602# Special mapping to handle the YP_MULTI cases
2603nisLDAPdatabaseIdMapping        multiipnodes: \
2604				[addr="*:*,*"] \
2605				ipnodes.byname
2606
2607# Other single maps. No point aliasing
2608# audit_user
2609# auth_attr
2610# exec_attr
2611# prof_attr
2612# user_attr
2613# auto.home
2614# auto.master
2615# bootparams
2616# timezone.byname
2617# printers.conf.byname
2618# passwd.adjunct.byname
2619# group.adjunct.byname
2620' >> $MAP_FILE
2621
2622[ CUST_CMT_NEEDED -eq 1 ] && \
2623echo "
2624# If any custom map needs to be aliased, then it should be listed
2625# here in the following format :
2626# nisLDAPdatabaseIdMapping databaseId ":" ["["indexlist"]"] mapname[" "...]
2627" >> $MAP_FILE
2628
2629[ CUST_MAP_NEEDED -eq 1 ] && \
2630echo "\
2631# Not aliasing non-default/custom maps as they are assumed to be
2632# simple, single maps.\
2633" >> $MAP_FILE
2634
2635for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
2636do
2637  echo "# $MAP" >> $MAP_FILE
2638done
2639
2640echo "\
2641#
2642#------------------------------------------------------------------------------
2643#
2644" >> $MAP_FILE
2645}
2646
2647
2648#
2649# Finds the domains in which the given map exists in the supplied list.
2650# Sets result in PRESENT_COUNT and PRESENT_IN_DOMAINS. These fields are
2651# set globally, so they can be accessed from any where.
2652# Input : $1 - map, $2 - list name (just name, not the value)
2653#
2654find_domains()
2655{
2656_MAP=$1
2657_ARRAY=$2
2658
2659let PRESENT_COUNT=0
2660PRESENT_IN_DOMAINS=""
2661
2662let count=0
2663
2664while (( $count < $N2L_DMN_CNT ))
2665do
2666
2667  # Quick and dirty way to get around unavailability of 2D array
2668  case "$_ARRAY" in
2669          ALL_MAPS ) _LIST=${ALL_MAPS[$count]} ;;
2670          DEF_MAPS ) _LIST=${DEF_MAPS[$count]}  ;;
2671         CUST_MAPS ) _LIST=${CUST_MAPS[$count]}  ;;
2672    AUTO_CUST_MAPS ) _LIST=${AUTO_CUST_MAPS[$count]}  ;;
2673                 * ) echo "Invalid value: \"${_ARRAY}\". \c"
2674                  ;;
2675  esac
2676
2677  if present $_MAP $_LIST
2678  then
2679    let PRESENT_COUNT="$PRESENT_COUNT + 1"
2680    PRESENT_IN_DOMAINS="$PRESENT_IN_DOMAINS ${N2L_DMN_LIST[count]}"
2681  fi
2682  let count="count + 1"
2683done
2684
2685[ $DEBUG -eq 1 ] && echo "PRESENT_COUNT = $PRESENT_COUNT"
2686[ $DEBUG -eq 1 ] && echo "PRESENT_IN_DOMAINS = $PRESENT_IN_DOMAINS"
2687
2688return 0
2689}
2690
2691
2692#
2693# For a given map, find out which list it belongs to (PRESENT_IN_LIST),
2694# and in how many domains this map shows up (PRESENT_COUNT), and in
2695# which ones (PRESENT_IN_DOMAINS). These fields are set globally, so
2696# they can be accessed from any where.
2697#
2698find_map_presence_details()
2699{
2700_MAP=$1
2701
2702let PRESENT_COUNT=0
2703PRESENT_IN_LIST=""
2704PRESENT_IN_DOMAINS=""
2705
2706# If the map does not exist, return right away, else
2707# find which list it belongs to.
2708# If a map exists in def or auto or cust lists, then
2709# it also exists in "all" list.
2710
2711if ! present $_MAP $ALL_DMN_ALL_MAPLIST
2712then
2713  return 1
2714
2715elif present $_MAP $ALL_DMN_DEF_MAPLIST
2716then
2717  PRESENT_IN_LIST="DEF_MAPS"
2718
2719elif present $_MAP $ALL_DMN_CUST_MAPLIST
2720then
2721  PRESENT_IN_LIST="CUST_MAPS"
2722
2723else
2724  # If map exists, and not in previous two lists,
2725  # then it has to be here only.
2726  PRESENT_IN_LIST="AUTO_CUST_MAPS"
2727fi
2728
2729# Now we know which list the map belongs to. So, we need to
2730# find which are the domains in which this map exists.
2731
2732find_domains $_MAP $PRESENT_IN_LIST
2733
2734# Since the above function sets the values of PRESENT_COUNT and
2735# PRESENT_IN_DOMAINS fields, we don't need to do anything else.
2736
2737[ $DEBUG -eq 1 ] && echo "PRESENT_IN_LIST = $PRESENT_IN_LIST"
2738
2739return 0
2740}
2741
2742
2743#
2744# Check if the comment char is a single character, return 0 on success.
2745# Input is passed via global variable "COMMENT_CHAR"
2746#
2747valid_comment_char()
2748{
2749COMMENT_CHAR_LENGTH=`echo "${COMMENT_CHAR}" | wc -c`
2750
2751# echo adds new line character, so adjust length appropriately
2752if [ $COMMENT_CHAR_LENGTH -gt 2 ]; then
2753  echo " Comment character has to be a blank or single character; try again."
2754  return 1
2755else
2756  return 0
2757fi
2758}
2759
2760
2761#
2762# Read the comment character for a MAP. Append in mapping file if valid.
2763# Input - $1 : MAP name
2764#
2765get_comment_char()
2766{
2767_MAP=$1
2768
2769while :
2770do
2771  get_ans "Specify the comment character for $_MAP :"
2772  COMMENT_CHAR=$ANS
2773
2774  if valid_comment_char; then
2775    break
2776  fi
2777done
2778
2779echo "nisLDAPcommentChar $_MAP : '${COMMENT_CHAR}'" >> $MAP_FILE
2780}
2781
2782
2783#
2784# Read a seperate comment character for a MAP for each domain and
2785# update this information in mapping file.
2786# Input - $1 : MAP name, $@ : list of domains
2787#
2788get_comment_char_per_domain()
2789{
2790_MAP=$1
2791shift
2792_DOMAIN_LIST="$@"
2793
2794for _DMN in $_DOMAIN_LIST
2795do
2796
2797  while :
2798  do
2799
2800    get_ans "Specify the comment character for $_MAP,${_DMN} :"
2801    COMMENT_CHAR=$ANS
2802
2803    if valid_comment_char; then
2804      break
2805    fi
2806
2807  done
2808  echo "nisLDAPcommentChar $_MAP,${_DMN} : '${COMMENT_CHAR}'" >> $MAP_FILE
2809
2810done
2811}
2812
2813
2814#
2815# This function generates custom comment entries. The output is
2816# appended in the mapping file.
2817#
2818get_custom_nisLDAPcommentChar()
2819{
2820
2821# All the auto mounter maps are assumed to have '#' as the default comment
2822# char. But still list the non-default auto map entries here anyway. This
2823# will make it very easy in case these entries need to be changed.
2824
2825for MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
2826do
2827  echo "nisLDAPcommentChar $MAP : '#'" >> $MAP_FILE
2828done
2829
2830if [ CUST_MAP_NEEDED -eq 1 ]; then
2831  get_confirm "Do you wish to specify the comment character for any custom map (y/n/h)?" \
2832              "n" "custom_map_comment_char_help"
2833
2834  if [ $? -eq 1 ]; then
2835    for MAP in ${ALL_DMN_CUST_MAPS[*]}
2836    do
2837
2838      get_confirm "Do you wish to specify comment character for \"$MAP\" (y/n/h)?" \
2839                  "n" "custom_map_comment_char_help"
2840
2841      if [ $? -eq 1 ]; then
2842        find_domains $MAP CUST_MAPS
2843        if [ $PRESENT_COUNT -gt 1 ]; then
2844          echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
2845
2846          get_confirm "For \"$MAP\", should the same comment character be set for all the domains (y/n/h)?" \
2847                      "y" "same_comment_char_help"
2848
2849          if [ $? -eq 1 ]; then
2850            get_comment_char $MAP
2851          else
2852            get_comment_char_per_domain  $MAP "$PRESENT_IN_DOMAINS"
2853          fi
2854
2855        else
2856          get_comment_char $MAP
2857        fi
2858
2859      fi
2860    done
2861  fi
2862fi
2863
2864}
2865
2866
2867# List comment character (if any) for maps
2868create_nisLDAPcommentChar()
2869{
2870
2871echo "\
2872# Specify the character representing the start of comments.
2873" >> $MAP_FILE
2874
2875[ CUST_CMT_NEEDED -eq 1 ] && echo "\
2876# The comment character represents the start of the special 'comment'
2877# field in a given NIS map. If this attribute is not present then the
2878# default comment character '#' is used. If a map cannot contain comments
2879# then the NULL ('') comment character should be specified. The format to
2880# specify the comment character is :
2881# nisLDAPcommentChar MAP[,DOMAIN] : 'single_comment_char'
2882" >> $MAP_FILE
2883
2884echo "\
2885nisLDAPcommentChar group : ''
2886nisLDAPcommentChar passwd : ''
2887nisLDAPcommentChar ageing.byname : ''
2888nisLDAPcommentChar audit_user : ''
2889nisLDAPcommentChar auth_attr : ''
2890nisLDAPcommentChar exec_attr : ''
2891nisLDAPcommentChar user_attr : ''
2892nisLDAPcommentChar bootparams : ''
2893" >> $MAP_FILE
2894
2895# Need to handle passwd.adjunct.byname map for multiple domain.
2896_MAP=passwd.adjunct.byname
2897if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2898then
2899  # Just put the syntax in comment form
2900  echo "#nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2901else
2902  # Find the domains in which this map exists.
2903  find_domains $_MAP DEF_MAPS
2904  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2905  then
2906    # Don't put domain info as the map is present in all of them.
2907    echo "nisLDAPcommentChar passwd.adjunct.byname: ''" >> $MAP_FILE
2908  else
2909    # Not every domain has this map. So, list for the ones which do.
2910    for _DMN in $PRESENT_IN_DOMAINS
2911    do
2912      echo "nisLDAPcommentChar passwd.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2913    done
2914  fi
2915fi
2916# passwd.adjunct.byname done
2917
2918
2919# Need to handle group.adjunct.byname map for multiple domain.
2920_MAP=group.adjunct.byname
2921if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2922then
2923  # Just put the syntax in comment form
2924  echo "#nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2925else
2926  # Find the domains in which this map exists.
2927  find_domains $_MAP DEF_MAPS
2928  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2929  then
2930    # Don't put domain info as the map is present in all of them.
2931    echo "nisLDAPcommentChar group.adjunct.byname: ''" >> $MAP_FILE
2932  else
2933    # Not every domain has this map. So, list for the ones which do.
2934    for _DMN in $PRESENT_IN_DOMAINS
2935    do
2936      echo "nisLDAPcommentChar group.adjunct.byname,${_DMN}: ''" >> $MAP_FILE
2937    done
2938  fi
2939fi
2940# group.adjunct.byname done
2941
2942echo "" >> $MAP_FILE
2943
2944# Ask user for comment char for custom maps
2945get_custom_nisLDAPcommentChar
2946
2947echo "
2948#
2949#------------------------------------------------------------------------------
2950#
2951" >> $MAP_FILE
2952}
2953
2954
2955#
2956# Generate secure flag entries
2957#
2958create_secure_flag_entries()
2959{
2960echo "\
2961# Specify YP_SECURE flags
2962" >> $MAP_FILE
2963
2964[ CUST_CMT_NEEDED -eq 1 ] && echo "\
2965# If a map is secure, then it needs to be mentioned here
2966# in the following format :
2967# nisLDAPmapFlags mapname : s
2968">> $MAP_FILE
2969
2970echo "\
2971# nisLDAPmapFlags audit_user : s
2972" >> $MAP_FILE
2973
2974# Need to handle passwd.adjunct.byname map for multiple domain.
2975_MAP=passwd.adjunct.byname
2976if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2977then
2978  # Just put the syntax in comment form
2979  echo "#nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
2980else
2981  # Find the domains in which this map exists.
2982  find_domains $_MAP DEF_MAPS
2983  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
2984  then
2985    # Don't put domain info as the map is present in all of them.
2986    echo "nisLDAPmapFlags passwd.adjunct.byname : s" >> $MAP_FILE
2987  else
2988    # Not every domain has this map. So, list for the ones which do.
2989    for _DMN in $PRESENT_IN_DOMAINS
2990    do
2991      echo "nisLDAPmapFlags passwd.adjunct.byname,${_DMN} : s" >> $MAP_FILE
2992    done
2993  fi
2994fi
2995
2996# Need to handle group.adjunct.byname map for multiple domain.
2997_MAP=group.adjunct.byname
2998if ! present $_MAP $ALL_DMN_DEF_MAPLIST
2999then
3000  # Just put the syntax in comment form
3001  echo "#nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
3002else
3003  # Find the domains in which this map exists.
3004  find_domains $_MAP DEF_MAPS
3005  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3006  then
3007    # Don't put domain info as the map is present in all of them.
3008    echo "nisLDAPmapFlags group.adjunct.byname : s" >> $MAP_FILE
3009  else
3010    # Not every domain has this map. So, list for the ones which do.
3011    for _DMN in $PRESENT_IN_DOMAINS
3012    do
3013      echo "nisLDAPmapFlags group.adjunct.byname,${_DMN} : s" >> $MAP_FILE
3014    done
3015  fi
3016fi
3017
3018echo "" >> $MAP_FILE
3019
3020STR="any"    # Just to make the question look better.
3021while :
3022do
3023  get_confirm "Do you wish to set the secure flag for $STR map (y/n/h)?" \
3024              "n" "secure_flag_on_help"
3025
3026  if [ $? -eq 0 ]; then
3027    return 0
3028
3029  else
3030    get_ans "Enter the MAP name :"
3031    MAP=$ANS
3032
3033    if [[ $MAP = "" ]]; then
3034      echo " Error : BLANK map name not allowed; try again"
3035      continue
3036    fi
3037
3038    # Check if the supplied map name exists, and if yes, then
3039    # set the PRESENT attributes for further processing
3040
3041    find_map_presence_details $MAP
3042
3043    case $PRESENT_COUNT in
3044
3045      0 ) echo " Error : $MAP not found in any domain; try again"
3046          ;;
3047
3048      1 ) # The map exists in only one domain.
3049          echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3050          STR="another"    # Just to make the question look better.
3051          ;;
3052
3053      * ) # The map exists in multiple domain. Ask if this flag needs
3054          # to be set for all domains, or some specific ones.
3055
3056          echo "Map \"$MAP\" is present in these domains : $PRESENT_IN_DOMAINS"
3057          get_confirm "For this map, do you wish to set this flag for all the domains (y/n/h)?" \
3058                      "y" "secure_flag_all_domains_help"
3059
3060          if [ $? -eq 1 ]; then
3061            echo "nisLDAPmapFlags $MAP : s" >> $MAP_FILE
3062          else
3063
3064            for _DMN in $PRESENT_IN_DOMAINS
3065            do
3066
3067              get_confirm_nodef "Set secure flag for $MAP,${_DMN} (y/n)?"
3068
3069              if [ $? -eq 1 ]; then
3070                echo "nisLDAPmapFlags $MAP,${_DMN} : s" >> $MAP_FILE
3071              fi
3072
3073            done
3074          fi
3075          STR="another"    # Just to make the question look better.
3076          ;;
3077
3078    esac
3079
3080  fi
3081done
3082}
3083
3084
3085#
3086# Generate interdomain flag entries
3087#
3088create_interdomain_flag_entries()
3089{
3090
3091INTERDOMAIN_MAP_LIST="ipnodes
3092                       multiipnodes
3093                       hosts
3094                       multihosts
3095                       services.byservicename"
3096
3097#
3098# Simple function to avoid duplication of code
3099#
3100print_interdomain_entries()
3101{
3102for _MAP in $INTERDOMAIN_MAP_LIST
3103do
3104  echo "nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3105done
3106}
3107
3108echo "
3109# Specify YP_INTERDOMAIN flags
3110" >> $MAP_FILE
3111
3112[ CUST_CMT_NEEDED -eq 1 ] && echo "\
3113# It is used to indicate NIS servers to use the domain name resolver for
3114# host name and address lookups for hosts not found in the maps.
3115# If set, it adds YP_INTERDOMAIN entries in these maps when converting
3116# data from LDAP to YP. It needs to be set in the following format :
3117# nisLDAPmapFlags mapname : b
3118" >> $MAP_FILE
3119
3120# List one set of entries in commented form anyway as it might help
3121# user understand what it means.
3122
3123echo "\
3124# If \$B is set in /var/yp/Makefile, then this flag should be
3125# set for following maps :\
3126" >> $MAP_FILE
3127
3128for _MAP in $INTERDOMAIN_MAP_LIST
3129do
3130  echo "# nisLDAPmapFlags ${_MAP} : b" >> $MAP_FILE
3131done
3132
3133# Put a blank line for indentation purpose
3134echo  >> $MAP_FILE
3135
3136get_confirm "Do you wish to set the \"interdomain\" flag for any domain (y/n/h)?" \
3137            "n" "interdomain_flag_on_help"
3138
3139if [ $? -eq 1 ]; then
3140
3141  if [ $N2L_DMN_CNT -gt 1 ]; then
3142
3143    get_confirm "Should \"interdomain\" flag be set for all domain (y/n/h)?" \
3144                "y" "interdomain_flag_all_domains_help"
3145
3146    if [ $? -eq 1 ]; then
3147      print_interdomain_entries
3148    else
3149
3150      for _DMN in ${N2L_DMN_LIST[*]}
3151      do
3152        get_confirm_nodef "Set interdomain flag for ${_DMN} (y/n)?"
3153
3154        if [ $? -eq 1 ]; then
3155          for _MAP in $INTERDOMAIN_MAP_LIST
3156          do
3157            echo "nisLDAPmapFlags ${_MAP},${_DMN} : b" >> $MAP_FILE
3158          done
3159        fi
3160
3161      done
3162    fi
3163
3164  else
3165    print_interdomain_entries
3166  fi
3167fi
3168
3169echo "
3170#
3171#------------------------------------------------------------------------------
3172#
3173" >> $MAP_FILE
3174
3175return 0
3176}
3177
3178
3179#
3180# List SECURE and INTERDOMAIN flags
3181#
3182create_nisLDAPmapFlags()
3183{
3184create_secure_flag_entries
3185create_interdomain_flag_entries
3186}
3187
3188
3189#
3190# Print one Map TTL entry in mapping file using supplied TTL.
3191#
3192print_one_map_ttl_entry()
3193{
3194_Map=$1
3195_iTtlLo=$2
3196_iTtlHi=$3
3197_runTtl=$4
3198
3199echo "\
3200nisLDAPentryTtl        ${_Map}:${_iTtlLo}:${_iTtlHi}:${_runTtl}\
3201" >> $MAP_FILE
3202
3203return 0
3204}
3205
3206
3207#
3208# Print all the maps TTL entries of same TTL
3209# values using the supplied TTL triplet.
3210#
3211print_all_same_ttl_entries()
3212{
3213_iTTLlo=$1
3214_iTTLhi=$2
3215_runTTL=$3
3216
3217for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3218            ${ALL_DMN_AUTO_CUST_MAPS[*]}
3219do
3220
3221  if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3222	[ "$_MAP" != "group.adjunct.byname" ]
3223  then
3224    print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3225
3226  else
3227
3228    # adjunct maps might not exist in all the domains.
3229    find_domains $_MAP DEF_MAPS
3230
3231    if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3232    then
3233
3234      # Don't put domain info as the map is present in all of them.
3235      print_one_map_ttl_entry $_MAP $_iTTLlo $_iTTLhi $_runTTL
3236
3237    else
3238
3239      for _DMN_ in $PRESENT_IN_DOMAINS
3240      do
3241        _STR="${_MAP},${_DMN_}"
3242        print_one_map_ttl_entry $_STR $_iTTLlo $_iTTLhi $_runTTL
3243      done
3244
3245    fi
3246  fi
3247done
3248
3249return 0
3250}
3251
3252#
3253# Read the initialTTLlo. Set the value in global variable.
3254#
3255get_ittl_lo()
3256{
3257get_pos_int "Lower limit for initial TTL (in seconds) (h=help):" \
3258            "$DEF_iTTLlo" "initialTTLlo_help"
3259
3260iTTLlo=${NUM}
3261}
3262
3263
3264#
3265# Read the initialTTLhi. Set the value in global variable.
3266#
3267get_ittl_hi()
3268{
3269get_pos_int "Higher limit for initial TTL (in seconds) (h=help):" \
3270            "$DEF_iTTLhi" "initialTTLhi_help"
3271
3272iTTLhi=${NUM}
3273}
3274
3275
3276#
3277# Read the initialTTLhi. Set the value in global variable.
3278#
3279get_run_ttl()
3280{
3281get_pos_int "Runtime TTL (in seconds) (h=help):" \
3282            "$DEF_runTTL" "runningTTL_help"
3283
3284runTTL=${NUM}
3285}
3286
3287
3288#
3289# Read one TTL triplet. Set the result in global variables.
3290#
3291read_one_ttl_triplet()
3292{
3293# Just call the individual functions for each TTL.
3294
3295  get_ittl_lo
3296  get_ittl_hi
3297  get_run_ttl
3298
3299[ $DEBUG -eq 1 ] && \
3300  echo "TTL = ${iTTLlo}:${iTTLhi}:${runTTL}"
3301
3302return 0
3303}
3304
3305#
3306# Takes MAP name (with or without domain name) as argument, asks
3307# user for TTL values, and appends the entry in the mapping file.
3308#
3309process_one_map_ttl_value()
3310{
3311
3312_Map_="$1"
3313
3314get_confirm "Retain the default TTL values [$DEF_iTTLlo:$DEF_iTTLhi:$DEF_runTTL] for \"$_Map_\" (y/n/h) ?" \
3315            "y" "default_different_ttl_help"
3316
3317if [ $? -eq 1 ]; then
3318  print_one_map_ttl_entry $_Map_ $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3319else
3320
3321  echo "Reading TTL values for $_Map_ :"
3322  read_one_ttl_triplet
3323  print_one_map_ttl_entry $_Map_ $iTTLlo $iTTLhi $runTTL
3324
3325fi
3326return 0
3327}
3328
3329
3330#
3331# Read only one TTL triplet for each existing MAP without asking
3332# different values for each domain and update the mapping file.
3333#
3334read_all_maps_ttl_values_no_multiple_domain_issue()
3335{
3336
3337# Need to read only one TTL triplet for each existing MAP.
3338
3339for _MAP in ${DEF_TTL_MAPLIST} ${ALL_DMN_CUST_MAPS[*]} \
3340            ${ALL_DMN_AUTO_CUST_MAPS[*]}
3341do
3342
3343  if [ "$_MAP" != "passwd.adjunct.byname" ] && \
3344	[ "$_MAP" != "group.adjunct.byname" ]
3345  then
3346    process_one_map_ttl_value $_MAP
3347
3348  else
3349
3350    # adjunct maps might not exist in all the domains.
3351    find_domains $_MAP DEF_MAPS
3352
3353    if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3354    then
3355
3356      # Don't put domain info as the map is present in all of them.
3357      process_one_map_ttl_value $_MAP
3358
3359    else
3360
3361      for _DMN_ in $PRESENT_IN_DOMAINS
3362      do
3363        _STR="${_MAP},${_DMN_}"
3364        process_one_map_ttl_value $_STR
3365      done
3366
3367    fi
3368  fi
3369done
3370
3371return 0
3372}
3373
3374
3375#
3376# Read TTL triplet for each default MAP (in database ID form) while
3377# taking care of multiple domains issue and update the mapping file.
3378#
3379read_default_maps_ttl_values_with_multi_domain_issue()
3380{
3381
3382for _MAP_ in ${DEF_TTL_MAPLIST}
3383do
3384  if [ "$_MAP_" != "passwd.adjunct.byname" ] && \
3385	[ "$_MAP_" != "group.adjunct.byname" ]
3386  then
3387
3388    for _DMN_ in ${N2L_DMN_LIST[*]}
3389    do
3390      _STR_="${_MAP_},${_DMN_}"
3391      # Now process each combination one at a time.
3392      process_one_map_ttl_value "$_STR_"
3393    done
3394
3395  else
3396    # List only those domains in which adjunct.byname exists.
3397    find_domains $_MAP_ DEF_MAPS
3398    for _DMN_ in $PRESENT_IN_DOMAINS
3399    do
3400      _STR_="${_MAP_},${_DMN_}"
3401      process_one_map_ttl_value "$_STR_"
3402    done
3403  fi
3404done
3405
3406return 0
3407}
3408
3409
3410#
3411# Read TTL triplet for each existing custom MAP while taking
3412# care of multiple domains issue and update the mapping file.
3413#
3414read_custom_maps_ttl_values_with_multi_domain_issue()
3415{
3416
3417for _MAP_ in ${ALL_DMN_CUST_MAPS[*]} ${ALL_DMN_AUTO_CUST_MAPS[*]}
3418do
3419
3420  find_map_presence_details $_MAP_
3421
3422  if [ $PRESENT_COUNT -eq 1 ]; then
3423
3424    # This map exists in only one domain.
3425    # So, no need to ask for multiple domains.
3426
3427    process_one_map_ttl_value $_MAP_
3428
3429  else
3430
3431    # Handle multiple domains.
3432
3433    echo "Map \"${_MAP_}\" is present in these domains : $PRESENT_IN_DOMAINS"
3434
3435    get_confirm "For this map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3436                "y" "same_ttl_across_domains_help"
3437
3438    if [ $? -eq 1 ]; then
3439
3440      # Need to read only one TTL triplet for this MAP.
3441      process_one_map_ttl_value $_MAP_
3442
3443    else
3444
3445      # Need to ask for each domain
3446
3447      for _DMN_ in $PRESENT_IN_DOMAINS
3448      do
3449        _STR="${_MAP_},${_DMN_}"
3450
3451        # Now process each combination one at a time.
3452        process_one_map_ttl_value "$_STR"
3453
3454      done
3455    fi
3456  fi
3457done
3458
3459return 0
3460}
3461
3462
3463#
3464# List the TTL values for various MAPs
3465#
3466create_nisLDAPentryTtl()
3467{
3468
3469echo "\
3470# Associate TTLs with NIS entries derived from LDAP
3471" >> $MAP_FILE
3472
3473[ CUST_CMT_NEEDED -eq 1 ] && echo "\
3474# Each map has three TTL values which are specified in seconds.
3475# 1. initialTTLlo (default $DEF_iTTLlo sec) The lower limit for the initial
3476#    TTL (in seconds) for data read from disk when the ypserv starts.
3477#
3478# 2. initialTTLhi (default $DEF_iTTLhi sec) The upper limit for initial TTL.
3479#
3480# 3. runningTTL   (default $DEF_runTTL sec) The TTL (in seconds) for data
3481#    retrieved from LDAP while the ypserv is running.
3482#
3483# If any value is not specified, then default value is used.
3484# The format of TTL entry is :
3485# nisLDAPentryTtl   MAP[,DOMAIN]:initialTTLlo:initialTTLhi:runningTTL
3486" >> $MAP_FILE
3487
3488# If no maps are present, just return.
3489[ ${#ALL_DMN_ALL_MAPS[*]} -eq 0 ] && return 0
3490
3491echo "The default TTL for each map is set to ${DEF_iTTLlo}:${DEF_iTTLhi}:${DEF_runTTL}"
3492get_confirm "Do you wish to change the TTL values for any map (y/n/h) ?" \
3493            "n" "default_ttl_help"
3494
3495if [ $? -eq 0 ]; then
3496  # Default values accepted for all the maps.
3497  # So, just print all the maps with default TTL values.
3498
3499  print_all_same_ttl_entries $DEF_iTTLlo $DEF_iTTLhi $DEF_runTTL
3500
3501else
3502  echo "You would be allowed to enter the new TTL values."
3503  get_confirm "Do you wish to use the same TTL values for all the maps (y/n/h) ?" \
3504              "y" "non_default_same_ttl_help"
3505
3506  if [ $? -eq 1 ]; then
3507    # Need to read only one TTL triplet.
3508    # Print all the maps with new TTL triplet.
3509
3510    # read one ttl triplet
3511    echo "Enter the new TTL values :"
3512
3513    read_one_ttl_triplet
3514
3515    print_all_same_ttl_entries $iTTLlo $iTTLhi $runTTL
3516
3517  else
3518    if [ $N2L_DMN_CNT -eq 1 ]; then
3519
3520      # TTL values are different now. But we haev only one domain.
3521      # So, no need to worry about multiple domains. Need to read
3522      # only one TTL triplet for each existing MAP.
3523
3524      read_all_maps_ttl_values_no_multiple_domain_issue
3525
3526    else
3527
3528      # TTL values are different now. And we have multiple domains
3529      # too. Check if MAPS are going to have same TTL across domains.
3530      # This is just to avoid asking too many TTL triplet inputs
3531
3532      echo "You would be allowed to enter different TTL values for each map."
3533
3534      get_confirm "For a given map, do you wish to use the same TTL values for all the domains (y/n/h) ?" \
3535                  "y" "non_default_different_ttl_help"
3536
3537      if [ $? -eq 1 ]; then
3538
3539        # Need to read only one TTL triplet for each existing MAP.
3540        read_all_maps_ttl_values_no_multiple_domain_issue
3541
3542      else
3543
3544        # We have hit the worst case scenario. TTLs could be
3545        # different per map and per domain.
3546
3547        read_default_maps_ttl_values_with_multi_domain_issue
3548        read_custom_maps_ttl_values_with_multi_domain_issue
3549      fi
3550    fi
3551  fi
3552fi
3553
3554echo "
3555#
3556#------------------------------------------------------------------------------
3557#
3558" >> $MAP_FILE
3559
3560return 0
3561}
3562
3563
3564#
3565# The custom maps for which we do not have enough
3566# information to be able to generate specific entries,
3567# we just log the message that the user needs to take
3568# care of those entries manually.
3569#
3570ask_user_to_update_the_custom_map_entries_too()
3571{
3572
3573if [ ${#ALL_DMN_CUST_MAPS[*]} -gt 0 ]; then
3574
3575  echo "
3576# Similar entries need to be created
3577# for following custom maps too :\
3578" >> $MAP_FILE
3579
3580  for _MAP in ${ALL_DMN_CUST_MAPS[*]}
3581  do
3582    echo "# $_MAP" >> $MAP_FILE
3583  done
3584fi
3585}
3586
3587
3588put_default_nisLDAPnameFields()
3589{
3590echo '
3591# Associate names with fields in the maps. Must be same for all domains.
3592nisLDAPnameFields audit_user: \
3593			("%s:%s:%s", name, alwaysAuditFlags, neverAuditFlags)
3594
3595nisLDAPnameFields auto.home: \
3596			("%s",value)
3597
3598nisLDAPnameFields auto.master: \
3599			("%s",value)
3600
3601nisLDAPnameFields auth_attr: \
3602			("%s:%s:%s:%s:%s:%s", \
3603			name, res1, res2, short_desc, long_desc, attrs )
3604
3605nisLDAPnameFields bootparams: \
3606			("%s", params)
3607
3608nisLDAPnameFields ethers: \
3609			("%s %s", addr, name)
3610
3611nisLDAPnameFields exec_attr: \
3612			("%s:%s:%s:%s:%s:%s:%s", \
3613			name, policy, type, res1, res2, id, attrs)
3614
3615nisLDAPnameFields group: \
3616			("%s:%s:%s:%s", name, passwd, gid, users)
3617' >> $MAP_FILE
3618
3619# Need to handle group.adjunct.byname map for multiple domain.
3620
3621_MAP=group.adjunct.byname
3622if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3623then
3624  # Just put the syntax in comment form
3625  echo '#nisLDAPnameFields group.adjunct.byname: \
3626#			("%s:%s", name, passwd)
3627' >> $MAP_FILE
3628else
3629  # Find the domains in which this map exists.
3630  find_domains $_MAP DEF_MAPS
3631  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3632  then
3633
3634    # Don't put domain info as the map is present in all of them.
3635    echo 'nisLDAPnameFields group.adjunct.byname: \
3636			("%s:%s", name, passwd)
3637' >> $MAP_FILE
3638  else
3639    # Not every domain has this map. So, list for the ones which do.
3640    for _DMN in $PRESENT_IN_DOMAINS
3641    do
3642      echo "nisLDAPnameFields group.adjunct.byname,${_DMN}: \\
3643			(\"%s:%s\", name, passwd)
3644" >> $MAP_FILE
3645    done
3646  fi
3647fi
3648
3649echo 'nisLDAPnameFields keys.host: \
3650			("%s:%s", publicKey ,secretKey)
3651
3652nisLDAPnameFields keys.pass: \
3653			("%s:%s", publicKey ,secretKey)
3654
3655nisLDAPnameFields keys.nobody: \
3656			("%s:%s", publicKey ,secretKey)
3657
3658nisLDAPnameFields hosts: \
3659			("%a %s %s", addr, canonicalName, aliases)
3660
3661nisLDAPnameFields multihosts: \
3662			("%a %s %s", addr, canonicalName, aliases)
3663
3664nisLDAPnameFields ipnodes: \
3665			("%a %s %s", addr, canonicalName, aliases)
3666
3667nisLDAPnameFields multiipnodes: \
3668			("%a %s %s", addr, canonicalName, aliases)
3669
3670nisLDAPnameFields mail.aliases: \
3671			("%s", addresses)
3672
3673nisLDAPnameFields mail.mapping: \
3674			("%s", address)
3675
3676# memberTriples	is split into sub-fields by a latter nisLDAPsplitField
3677# attribute.
3678nisLDAPnameFields netgroup: \
3679			("%s", memberTriples)
3680
3681nisLDAPnameFields netid.host: \
3682			("%s:%s", number, data)
3683
3684nisLDAPnameFields netid.pass: \
3685			("%s:%s", number, data)
3686
3687nisLDAPnameFields netmasks.byaddr: \
3688			("%a", mask)
3689
3690nisLDAPnameFields networks: \
3691			("%s %s %s", name, number, aliases)
3692
3693nisLDAPnameFields project: \
3694			("%s:%s:%s:%s:%s:%s", \
3695			name, projID, comment, users, groups, attrs)
3696
3697nisLDAPnameFields protocols:	\
3698			("%s %s %s", name, number, aliases)
3699
3700nisLDAPnameFields rpc.bynumber:	\
3701			("%s %s %s", name, number, aliases)
3702
3703nisLDAPnameFields passwd: \
3704			("%s:%s:%s:%s:%s:%s:%s", \
3705			name, passwd, uid, gid, gecos, home, shell)
3706
3707# It is not obvious what the fields in passwd.adjunct are for. They are not
3708# the same as the shadow map. The following is based on information in:-
3709#
3710#	lib/libbc/inc/include/pwdadj.h.
3711#
3712# This file implies that these are documented in getpwaent(3) but this man page
3713# does not seem to exist.
3714#
3715# It is believed that 'min','max' and 'def' labels were reserved fields in
3716# SunOS 4.x and are now unused.  'always' and 'never' audit information is
3717# now contained in audit_user(4) so is now unused.
3718#
3719' >> $MAP_FILE
3720
3721# Need to handle passwd.adjunct.byname map for multiple domain.
3722
3723_MAP=passwd.adjunct.byname
3724if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3725then
3726  # Just put the syntax in comment form
3727  echo '#nisLDAPnameFields passwd.adjunct.byname: \
3728#			("%s:%s:%s:%s:%s:%s:%s", \
3729#			name, passwd, min, max, def, always, \
3730#			never)
3731' >> $MAP_FILE
3732else
3733  # Find the domains in which this map exists.
3734  find_domains $_MAP DEF_MAPS
3735
3736  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3737  then
3738
3739    # Don't put domain info as the map is present in all of them.
3740    echo 'nisLDAPnameFields passwd.adjunct.byname: \
3741			("%s:%s:%s:%s:%s:%s:%s", \
3742			name, passwd, min, max, def, always, \
3743			never)
3744' >> $MAP_FILE
3745  else
3746    # Not every domain has this map. So, list for the ones which do.
3747    for _DMN in $PRESENT_IN_DOMAINS
3748    do
3749      echo "nisLDAPnameFields passwd.adjunct.byname,${_DMN}: \\
3750			(\"%s:%s:%s:%s:%s:%s:%s\", \\
3751                        name, passwd, min, max, def, always, \\
3752                        never)
3753" >> $MAP_FILE
3754    done
3755  fi
3756fi
3757
3758echo '
3759nisLDAPnameFields printers.conf.byname: \
3760			("%s:%s", names, values)
3761
3762nisLDAPnameFields prof_attr: \
3763			("%s:%s:%s:%s:%s", \
3764			name, res1, res2, desc, attrs)
3765
3766nisLDAPnameFields services: \
3767			("%s %s/%s %s", name, port, protocol, aliases)
3768
3769# This map is never created but yppasswd uses the mapping to extract password
3770# ageing information from the DIT. The password itself is not required by this
3771# mechanism so is not included in the ageing mapping.
3772nisLDAPnameFields ageing.byname: \
3773			("%s:%s:%s:%s:%s:%s:%s:%s", \
3774			name, lastchg, min, max, warn, inactive, \
3775			expire, flag)
3776
3777nisLDAPnameFields timezone.byname: \
3778			("%s %s", zoneName, hostName)
3779
3780nisLDAPnameFields user_attr: \
3781			("%s:%s:%s:%s:%s", user, qualifier, res1, res2, attrs)
3782' >> $MAP_FILE
3783}
3784
3785#
3786# List namefields for non-default auto maps and custom maps.
3787#
3788put_auto_and_custom_map_nisLDAPnameFields()
3789{
3790for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]} ${ALL_DMN_CUST_MAPS[*]}
3791do
3792
3793  echo "\
3794nisLDAPnameFields ${_MAP}: \\
3795                      (\"%s\",value)
3796" >> $MAP_FILE
3797
3798done
3799}
3800
3801
3802create_nisLDAPnameFields()
3803{
3804# Put format information of "nisLDAPnameFields"
3805[ CUST_CMT_NEEDED -eq 1 ] && echo '
3806# "nisLDAPnameFields" specifies the content of entries in a NIS map
3807# and how they should be broken into named fields. It is required as,
3808# unlike NIS+, NIS maps do not store information in named fields.
3809#
3810# Following is the syntax for nisLDAPnameFields :
3811#
3812# "nisLDAPnameFields" mapName ":" "(" matchspec "," fieldNames ")"
3813# fieldName       = nameOrArrayName[","...]
3814# nameOrArrayName = Name of field or 'array' of repeated fields.
3815# matchspec       = \" formatString \"
3816' >> $MAP_FILE
3817
3818# List the default nameField values
3819put_default_nisLDAPnameFields
3820
3821# List the underlying assumption
3822echo "\
3823# With the assumption that all the custom maps are simple, single
3824# map (single key-value pair type), below is the nisLDAPnameFields
3825# information for all the custom and non-default auto.* maps. If
3826# this assumption is not valid, then refer to the NISLDAPmapping
3827# man page for information on how to customize this section.
3828" >> $MAP_FILE
3829
3830# List namefields for non-default auto maps and custom maps.
3831put_auto_and_custom_map_nisLDAPnameFields
3832
3833
3834echo "
3835#
3836#------------------------------------------------------------------------------
3837#
3838" >> $MAP_FILE
3839
3840return 0
3841}
3842
3843
3844#
3845# List repeated field seperators
3846#
3847create_nisLDAPrepeatedFieldSeparators()
3848{
3849
3850[ CUST_CMT_NEEDED -eq 1 ] && echo "
3851# nisLDAPrepeatedFieldSeparators : It is a character which separates
3852# the repeatable instnaces of splitable fields. It's format is :
3853#
3854# nisLDAPrepeatedFieldSeparators fieldName \"sepChar[...]\"
3855#               sepChar = A separator character.
3856#               Default value is space or tab.
3857" >> $MAP_FILE
3858
3859echo "\
3860#nisLDAPrepeatedFieldSeparators memberTriples: \" \t\"
3861" >> $MAP_FILE
3862
3863}
3864
3865
3866#
3867# List split fields
3868#
3869create_nisLDAPsplitField()
3870{
3871# List the default split fields
3872
3873[ CUST_CMT_NEEDED -eq 1 ] && echo '
3874# nisLDAPsplitFields : It defines how a field, or list of fields,
3875# named by nisLDAPnameFields is split into sub fields. The original
3876# field is compared with each line of this attribute until one matches.
3877# When a match is found named sub-fields are generated. In latter
3878# operations sub-field names can be used in the same way as other
3879# field names. The format of nisLDAPsplitFields is :
3880#
3881# "nisLDAPsplitFields" fieldName ":" splitSpec[","...]
3882# splitSpec       = "(" matchspec "," subFieldNames ")"
3883# fieldName       = Name of a field from nisLDAPnameFields
3884# subFieldNames   = subFieldname[","...]
3885# matchspec       = \" formatString \"
3886' >> $MAP_FILE
3887
3888echo '
3889nisLDAPsplitField memberTriples: \
3890			("(%s,%s,%s)", host, user, domain), \
3891			("%s", group)
3892' >> $MAP_FILE
3893
3894}
3895
3896#
3897# List split fields and repeated field separators.
3898#
3899create_split_field_and_repeatedfield_seperators()
3900{
3901
3902echo "\
3903# Specify how to break fields up into sub fields.
3904" >> $MAP_FILE
3905
3906create_nisLDAPrepeatedFieldSeparators
3907
3908create_nisLDAPsplitField
3909
3910echo "
3911#
3912#------------------------------------------------------------------------------
3913#
3914" >> $MAP_FILE
3915}
3916
3917list_default_nisLDAPobjectDN()
3918{
3919echo '
3920# Associate maps with RDNs and object classes. Base DN comes from the
3921# nisLDAPdomainContext.
3922#
3923# As supplied this file gives only the most derived objectClass for each map.
3924# For some servers it may be necessary to add "objectClass=" statements for
3925# all the superclasses. This should be done here.
3926
3927nisLDAPobjectDN	auto.home: \
3928			automountmapname=auto_home,?one? \
3929			objectClass=automount:
3930
3931nisLDAPobjectDN	auto.master: \
3932			automountmapname=auto_master,?one? \
3933			objectClass=automount:
3934
3935nisLDAPobjectDN	auth_attr: \
3936			ou=SolarisAuthAttr,?one? \
3937			objectClass=SolarisAuthAttr:
3938
3939nisLDAPobjectDN	bootparams: \
3940			ou=ethers,?one? \
3941			objectClass=bootableDevice, \
3942			bootParameter=*:\
3943			ou=ethers,?one? \
3944			objectClass=device, \
3945			objectClass=bootableDevice
3946
3947
3948nisLDAPobjectDN exec_attr:\
3949			ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3950				SolarisKernelSecurityPolicy=*:\
3951			ou=SolarisProfAttr,?one?objectClass=SolarisExecAttr,\
3952				objectClass=SolarisProfAttr,\
3953				objectClass=top
3954
3955nisLDAPobjectDN	ethers: \
3956			ou=ethers,?one? \
3957			objectClass=ieee802Device, \
3958			macAddress=*:\
3959			ou=ethers,?one? \
3960			objectClass=device, \
3961			objectClass=ieee802Device
3962
3963nisLDAPobjectDN	group: \
3964			ou=group,?one? \
3965			objectClass=posixGroup:
3966' >> $MAP_FILE
3967
3968
3969# Need to handle group.adjunct.byname map for multiple domain.
3970
3971_MAP=group.adjunct.byname
3972if ! present $_MAP $ALL_DMN_DEF_MAPLIST
3973then
3974  # Just put the syntax in comment form
3975  echo '#nisLDAPobjectDN group.adjunct.byname: \
3976#			ou=group,?one? \
3977#			objectClass=posixGroup:
3978' >> $MAP_FILE
3979else
3980  # Find the domains in which this map exists.
3981  find_domains $_MAP DEF_MAPS
3982  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
3983  then
3984    # Don't put domain info as the map is present in all of them.
3985    echo 'nisLDAPobjectDN group.adjunct.byname: \
3986			ou=group,?one? \
3987			objectClass=posixGroup:
3988' >> $MAP_FILE
3989  else
3990    # Not every domain has this map. So, list for the ones which do.
3991    for _DMN in $PRESENT_IN_DOMAINS
3992    do
3993      echo "nisLDAPobjectDN group.adjunct.byname,${_DMN}: \\
3994			ou=group,?one? \\
3995			objectClass=posixGroup:
3996" >> $MAP_FILE
3997    done
3998  fi
3999fi
4000
4001
4002echo 'nisLDAPobjectDN	hosts: \
4003			ou=hosts,?one? \
4004			objectClass=ipHost:\
4005			ou=hosts,?one? \
4006			objectClass=device, \
4007			objectClass=ipHost
4008
4009nisLDAPobjectDN multihosts: \
4010			ou=hosts,?one? \
4011			objectClass=ipHost, \
4012			ipHostNumber=*.*
4013
4014nisLDAPobjectDN	ipnodes: \
4015			ou=hosts,?one? \
4016			objectClass=ipHost:\
4017			ou=hosts,?one? \
4018			objectClass=device, \
4019			objectClass=ipHost
4020
4021nisLDAPobjectDN multiipnodes: \
4022			ou=hosts,?one? \
4023			objectClass=ipHost, \
4024			ipHostNumber=*\:*
4025
4026nisLDAPobjectDN	mail.aliases: \
4027			ou=aliases,?one? \
4028			objectClass=mailGroup:
4029
4030nisLDAPobjectDN	mail.mapping: \
4031			ou=aliases,?one? \
4032			objectClass=mailGroup
4033
4034nisLDAPobjectDN	netgroup: \
4035			ou=netgroup,?one? \
4036			objectClass=nisNetgroup:
4037
4038nisLDAPobjectDN	networks: \
4039			ou=networks,?one? \
4040			objectClass=ipNetwork, \
4041			cn=*:
4042
4043# Must come after networks (or equivalent) that creates ipNetworks
4044nisLDAPobjectDN netmasks.byaddr: \
4045			ou=networks,?one? \
4046			objectClass=ipNetwork, \
4047			ipNetMaskNumber=*:
4048
4049nisLDAPobjectDN	passwd: \
4050			ou=people,?one? \
4051			objectClass=posixAccount:\
4052			ou=people,?one? \
4053			objectClass=account, \
4054			objectClass=shadowAccount, \
4055			objectClass=posixAccount
4056' >> $MAP_FILE
4057
4058
4059# Need to handle passwd.adjunct.byname map for multiple domain.
4060
4061_MAP=passwd.adjunct.byname
4062if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4063then
4064  # Just put the syntax in comment form
4065  echo '#nisLDAPobjectDN passwd.adjunct.byname: \
4066#			ou=people,?one? \
4067#			objectClass=posixAccount:\
4068#			ou=people,?one? \
4069#			objectClass=account, \
4070#			objectClass=shadowAccount, \
4071#			objectClass=posixAccount
4072' >> $MAP_FILE
4073else
4074  # Find the domains in which this map exists.
4075  find_domains $_MAP DEF_MAPS
4076  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4077  then
4078    # Don't put domain info as the map is present in all of them.
4079    echo 'nisLDAPobjectDN passwd.adjunct.byname: \
4080			ou=people,?one? \
4081			objectClass=posixAccount:\
4082			ou=people,?one? \
4083			objectClass=account, \
4084			objectClass=shadowAccount, \
4085			objectClass=posixAccount
4086' >> $MAP_FILE
4087  else
4088    # Not every domain has this map. So, list for the ones which do.
4089    for _DMN in $PRESENT_IN_DOMAINS
4090    do
4091      echo "nisLDAPobjectDN passwd.adjunct.byname,${_DMN}: \\
4092			ou=people,?one? \\
4093			objectClass=posixAccount:\\
4094			ou=people,?one? \\
4095			objectClass=account, \\
4096			objectClass=shadowAccount, \\
4097			objectClass=posixAccount
4098" >> $MAP_FILE
4099    done
4100  fi
4101fi
4102
4103
4104echo '# Must follow passwd
4105nisLDAPobjectDN netid.pass: \
4106			ou=people,?one? \
4107			objectClass=posixAccount
4108
4109# Must follow hosts
4110nisLDAPobjectDN netid.host: \
4111			ou=hosts,?one? \
4112			objectClass=ipHost
4113
4114nisLDAPobjectDN	printers.conf.byname: \
4115			ou=printers,?one? \
4116				objectClass=printerService:\
4117			ou=printers,?one? \
4118				objectClass=sunPrinter, \
4119				objectClass=printerService, \
4120				objectClass=printerLPR, \
4121				objectClass=printerAbstract
4122
4123nisLDAPobjectDN prof_attr:\
4124			ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4125				SolarisAttrLongDesc=*:\
4126			ou=SolarisProfAttr,?one?objectClass=SolarisProfAttr,\
4127				objectClass=SolarisExecAttr,\
4128				objectClass=top
4129nisLDAPobjectDN project: \
4130			ou=project,?one? \
4131			objectClass=SolarisProject:
4132
4133nisLDAPobjectDN	protocols: \
4134			ou=protocols,?one? \
4135			objectClass=ipProtocol:
4136
4137nisLDAPobjectDN rpc.bynumber: \
4138			ou=rpc,?one? \
4139			objectClass=oncRpc:
4140
4141nisLDAPobjectDN	services.byname: \
4142			ou=services,?one? \
4143			objectClass=ipService:
4144
4145# Because services.byservicename contains keys of form both 'name'
4146# and 'name/protocol' we generate the DIT just from services.byname.
4147# Hence, write-disabled for services.byservicename
4148nisLDAPobjectDN	services.byservicename: \
4149			ou=services,?one? \
4150			objectClass=ipService
4151
4152# This map is never created but yppasswd uses the mapping to extract password
4153# aging information from the DIT.
4154nisLDAPobjectDN	ageing.byname: \
4155			ou=people,?one? \
4156			objectClass=shadowAccount:
4157
4158# Using nisplusTimeZoneData objectClass for compatibility with nis+2ldap
4159nisLDAPobjectDN	timezone.byname: \
4160			ou=Timezone,?one? \
4161			objectClass=nisplusTimeZoneData:
4162
4163nisLDAPobjectDN	user_attr: \
4164			ou=people,?one? \
4165			objectClass=SolarisUserAttr:
4166
4167# Must come after passwd (or equivalent) that creates posixAccounts
4168nisLDAPobjectDN	audit_user: \
4169			ou=people,?one? \
4170			objectClass=SolarisAuditUser:
4171
4172# Must come after hosts + passwd.
4173nisLDAPobjectDN keys.host: \
4174			ou=hosts,?one? \
4175			objectClass=NisKeyObject:
4176
4177nisLDAPobjectDN keys.pass: \
4178			ou=people,?one? \
4179			objectClass=NisKeyObject:
4180
4181nisLDAPobjectDN keys.nobody: \
4182			ou=people,?one? \
4183			objectClass=NisKeyObject:\
4184			ou=people,?one? \
4185			objectClass=account, \
4186			objectClass=NisKeyObject
4187
4188nisLDAPobjectDN ypservers: \
4189			ou=ypservers,?one? \
4190			objectClass=device:
4191' >> $MAP_FILE
4192}
4193
4194# List all the non-default auto.* and custom maps.
4195list_auto_custom_nisLDAPobjectDN()
4196{
4197
4198# auto.* entries are easy.
4199if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4200  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4201
4202  for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4203  do
4204
4205    # We need to find one container for each auto.* map.
4206    # Assume that each auto.* maps's container is auto_*.
4207
4208    _MAP_UNDERSCORE=`echo $_MAP | sed "s/auto\./auto_/"`
4209
4210    echo "\
4211nisLDAPobjectDN ${_MAP}: \\
4212                      automountmapname=${_MAP_UNDERSCORE},?one? \\
4213                      objectClass=automount:
4214" >> $MAP_FILE
4215  done
4216fi
4217
4218# Since we do not have enough information to generate
4219# entries for other custom maps, best we can do is to
4220# log this map names and ask user to take care of them.
4221
4222ask_user_to_update_the_custom_map_entries_too
4223
4224}
4225
4226
4227#
4228# List association of maps with RDNs and object classes.
4229#
4230create_nisLDAPobjectDN()
4231{
4232
4233[ CUST_CMT_NEEDED -eq 1 ] && echo '
4234# nisLDAPobjectDN : It specifies the connection between group of NIS
4235# maps and the LDAP directory. This attribute also defines the 'order'
4236# of the NIS maps. When NIS maps are bulk copied to or from the DIT
4237# they are processed in the same order as related nisLDAPobjectDN
4238# attributes appear in /var/yp/NISLDAPmapping.
4239# The format of "nisLDAPobjectDN" is :
4240#
4241# mapName[" "...] ":" objectDN *( ";" objectDN )
4242#
4243# where:
4244#
4245# objectDN        = readObjectSpec [":"[writeObjectSpec]]
4246# readObjectSpec  = [baseAndScope [filterAttrValList]]
4247# writeObjectSpec = [baseAndScope [attrValList]]
4248# baseAndScope    = [baseDN] ["?" [scope]]
4249# filterAttrValList = ["?" [filter | attrValList]]]
4250# scope           = "base" | "one" | "sub"
4251# attrValList     = attribute "=" value
4252#                       *("," attribute "=" value)
4253' >> $MAP_FILE
4254
4255# List all the default entries anyway.
4256list_default_nisLDAPobjectDN
4257
4258# List all the non-default auto.* and custom maps.
4259list_auto_custom_nisLDAPobjectDN
4260
4261}
4262
4263#
4264# List all the default nisLDAPattributeFromField entries
4265#
4266list_default_nisLDAPattributeFromField()
4267{
4268echo '
4269# Describe how named fields are mapped to DIT entries.
4270
4271# audit_user
4272nisLDAPattributeFromField audit_user: \
4273			dn=("uid=%s,", rf_key ), \
4274			SolarisAuditAlways=alwaysAuditFlags, \
4275			SolarisAuditNever=neverAuditFlags
4276
4277# auto.home
4278nisLDAPattributeFromField auto.home: \
4279			dn=("automountKey=%s,", rf_key ), \
4280			automountKey=rf_key, \
4281			automountInformation=value
4282
4283# auto.master
4284nisLDAPattributeFromField auto.master: \
4285			dn=("automountKey=%s,", rf_key ), \
4286			automountKey=rf_key, \
4287			automountInformation=value
4288
4289# auth_attr
4290nisLDAPattributeFromField auth_attr: \
4291			dn=("cn=%s,", rf_key ), \
4292			cn=name, \
4293			SolarisAttrReserved1=res1, \
4294			SolarisAttrReserved2=res2, \
4295			SolarisAttrShortDesc=short_desc, \
4296			SolarisAttrLongDesc=long_desc, \
4297			SolarisAttrKeyValue=attrs
4298
4299# exec_attr. Because of the messy NIS keys special handling is required here
4300nisLDAPattributeFromField exec_attr: \
4301			dn=("cn=%s+SolarisKernelSecurityPolicy=%s\
4302				+SolarisProfileType=%s+SolarisProfileID=%s,", \
4303				name, policy,type,id), \
4304			("%s:*", cn)=rf_key, \
4305			("*:%s:*", SolarisKernelSecurityPolicy)=rf_key, \
4306			("*:*:%s", SolarisProfileId)=rf_key, \
4307			solarisProfileType=type, \
4308			solarisAttrReserved1=res1, \
4309			SolarisAttrReserved2=res2, \
4310			solarisAttrKeyValue=attrs
4311
4312# ethers
4313nisLDAPattributeFromField ethers.byname: \
4314			dn=("cn=%s,", rf_key ), \
4315			macAddress=addr
4316nisLDAPattributeFromField ethers.byaddr: \
4317			dn=("cn=%s,", name ), \
4318			macAddress=rf_key
4319nisLDAPattributeFromField ethers: \
4320			cn=name, \
4321			description=rf_comment
4322
4323# bootparams. Must be done after ethers
4324nisLDAPattributeFromField bootparams: \
4325			dn=("cn=%s,", rf_key ), \
4326			cn=rf_key, \
4327			(bootParameter)=(params, " ")
4328' >> $MAP_FILE
4329
4330# group syntax is different when group.adjunct map is present.
4331# So, need to handle the various possibilities
4332
4333_MAP=group.adjunct.byname
4334
4335if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4336then
4337
4338  # Just put the group.adjunct syntax in comment form
4339
4340  echo '# group
4341nisLDAPattributeFromField group.byname: \
4342			dn=("cn=%s,", rf_key ), \
4343                        gidNumber=gid
4344nisLDAPattributeFromField group.bygid: \
4345		        dn=("cn=%s,", name ), \
4346                        gidNumber=rf_key
4347nisLDAPattributeFromField group: \
4348                        cn=name, \
4349                        userPassword=("{crypt}%s",passwd), \
4350                        (memberUid)=(users, ",")
4351
4352#
4353# If you are using group.adjunct, comment the group section above
4354# and uncomment the following group and group.adjunct sections
4355#
4356# group
4357#nisLDAPattributeFromField group.byname: \
4358#			dn=("cn=%s,", rf_key ), \
4359#			gidNumber=gid
4360#nisLDAPattributeFromField group.bygid: \
4361#			dn=("cn=%s,", name ), \
4362#			gidNumber=rf_key
4363#nisLDAPattributeFromField group: \
4364#			cn=name, \
4365#			(memberUid)=(users, ",")
4366
4367# group.adjunct
4368#nisLDAPattributeFromField group.adjunct.byname: \
4369#			dn=("cn=%s,", rf_key ), \
4370#			cn=name, \
4371#			userPassword=("{crypt}%s",passwd)
4372' >> $MAP_FILE
4373
4374else
4375
4376  # Find the domains in which group.adjunct map exists.
4377  find_domains $_MAP DEF_MAPS
4378
4379  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4380  then
4381
4382    # All the domains have group.adjunct map.
4383
4384    echo '# group
4385#nisLDAPattributeFromField group.byname: \
4386#			dn=("cn=%s,", rf_key ), \
4387#			gidNumber=gid
4388#nisLDAPattributeFromField group.bygid: \
4389#			dn=("cn=%s,", name ), \
4390#			gidNumber=rf_key
4391#nisLDAPattributeFromField group: \
4392#			cn=name, \
4393#			userPassword=("{crypt}%s",passwd), \
4394#			(memberUid)=(users, ",")
4395
4396# If you are not using group.adjunct, uncomment the group section above
4397# and comment the following group and group.adjunct sections
4398#
4399# group
4400nisLDAPattributeFromField group.byname: \
4401			dn=("cn=%s,", rf_key ), \
4402			gidNumber=gid
4403nisLDAPattributeFromField group.bygid: \
4404			dn=("cn=%s,", name ), \
4405			gidNumber=rf_key
4406nisLDAPattributeFromField group: \
4407			cn=name, \
4408			(memberUid)=(users, ",")
4409
4410# group.adjunct
4411nisLDAPattributeFromField group.adjunct.byname: \
4412			dn=("cn=%s,", rf_key ), \
4413			cn=name, \
4414			userPassword=("{crypt}%s",passwd)
4415' >> $MAP_FILE
4416
4417  else
4418    # Not every domain has group.adjunct map.
4419
4420    # First put the password syntax with domain name for domains
4421    # in which group.adjunct exists.
4422
4423    echo "# group" >> $MAP_FILE
4424
4425    for _DMN in $PRESENT_IN_DOMAINS
4426    do
4427
4428      echo "\
4429# domain-specific group
4430nisLDAPattributeFromField group.byname,${_DMN}: \\
4431			dn=(\"cn=%s,\", rf_key ), \\
4432			gidNumber=gid
4433nisLDAPattributeFromField group.bygid,${_DMN}: \\
4434			dn=(\"cn=%s,\", name ), \\
4435			gidNumber=rf_key
4436nisLDAPattributeFromField group,${_DMN}: \\
4437			cn=name, \\
4438			(memberUid)=(users, \",\")
4439" >> $MAP_FILE
4440    done
4441
4442    # Now put the other group syntax. We do not need to
4443    # append the domain name here.
4444
4445    echo '
4446nisLDAPattributeFromField group.byname: \
4447			dn=("cn=%s,", rf_key ), \
4448			gidNumber=gid
4449nisLDAPattributeFromField group.bygid: \
4450			dn=("cn=%s,", name ), \
4451			gidNumber=rf_key
4452nisLDAPattributeFromField group: \
4453			cn=name, \
4454			userPassword=("{crypt}%s",passwd), \
4455			(memberUid)=(users, ",")
4456' >> $MAP_FILE
4457
4458    # Now we need to put the group.adjunct syntax for domains
4459    # in which this map exists.
4460
4461    echo "# group.adjunct" >> $MAP_FILE
4462
4463    for _DMN in $PRESENT_IN_DOMAINS
4464    do
4465
4466      echo "\
4467nisLDAPattributeFromField group.adjunct.byname,${_DMN}: \\
4468			dn=(\"cn=%s,\", rf_key ), \\
4469			cn=name, \\
4470			userPassword=(\"{crypt}%s\",passwd)
4471" >> $MAP_FILE
4472    done
4473
4474  fi
4475
4476fi
4477
4478
4479echo '
4480# hosts
4481# Cannot forward map hosts.byname key as the YP_MULTI entries will not work.
4482nisLDAPattributeFromField hosts.byname: \
4483                        cn=rf_searchkey
4484nisLDAPattributeFromField hosts.byaddr: \
4485                        ipHostNumber=rf_searchipkey
4486nisLDAPattributeFromField hosts: \
4487                        ipHostNumber=addr, \
4488			dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4489                        cn=canonicalName, \
4490                        (cn)=(aliases, " "), \
4491                        description=rf_comment
4492
4493nisLDAPattributeFromField multihosts: \
4494			("YP_MULTI_%s", cn)=rf_searchkey
4495
4496# ipnodes
4497# Cannot forward map ipnodes.byname key as the YP_MULTI entries will not work.
4498nisLDAPattributeFromField ipnodes.byname: \
4499                        cn=rf_searchkey
4500nisLDAPattributeFromField ipnodes.byaddr: \
4501                        ipHostNumber=rf_searchipkey
4502nisLDAPattributeFromField ipnodes: \
4503                        ipHostNumber=addr, \
4504			dn=("cn=%s+ipHostNumber=%s,", canonicalName, addr), \
4505			cn=canonicalName, \
4506                        (cn)=(aliases, " "), \
4507                        description=rf_comment
4508
4509nisLDAPattributeFromField multiipnodes: \
4510			("YP_MULTI_%s", cn)=rf_searchkey
4511
4512#mail.aliases
4513nisLDAPattributeFromField mail.aliases: \
4514			dn=("mail=%s,", rf_key), \
4515			mail=rf_key, \
4516			(mgrprfc822mailmember)=(addresses, ",")
4517
4518#mail.mapping
4519#Commented out because all NIS->LDAP mappings are done by mail.aliases
4520#nisLDAPattributeFromField mail.mapping: \
4521#			dn=("mail=%s,", address), \
4522#			mail=address, \
4523#			mgrprfc822mailmember=rf_key
4524nisLDAPattributeFromField mail.mapping: \
4525			mgrprfc822mailmember=rf_searchkey
4526
4527# netgroup.
4528#
4529# Only need to create DIT entries for netgroup. This contains a superset of
4530# the information in netgroup.byhost and netgroup.byuser
4531nisLDAPattributeFromField netgroup: \
4532			dn=("cn=%s,", rf_key ), \
4533			(memberNisNetgroup)=group, \
4534			(nisNetgroupTriple)= \
4535					("(%s,%s,%s)", host, user, domain), \
4536			cn=rf_key, \
4537			description=rf_comment
4538
4539# netid.pass
4540#
4541# Commented out because, unless remote domains (and thus /etc/netid) is
4542# supported, all NIS->LDAP mappings are set up from passwd.
4543#nisLDAPattributeFromField netid.pass: \
4544#			("unix.%s@*", uidNumber)=rf_key, \
4545#			(gidNumber)=("%s", (data), " "), \
4546#			description=rf_comment
4547nisLDAPattributeFromField netid.pass: \
4548			("unix.%s@*", uidNumber)=rf_searchkey
4549
4550# netid.host
4551#
4552# Commented out because, unless remote domains (and thus /etc/netid) is
4553# supported, all NIS->LDAP mappings are set up from hosts.
4554#nisLDAPattributeFromField netid.host: \
4555#			dn=("cn=%s+ipHostNumber=%s,", data, \
4556#			        ldap:ipHostNumber:?one?("cn=%s", data)), \
4557#			ipHostNumber=ldap:ipHostNumber:?one?("cn=%s", data), \
4558#			("unix.%s@*", cn)=rf_key, \
4559#			description=rf_comment
4560nisLDAPattributeFromField netid.host: \
4561			("unix.%s@*", cn)=rf_searchkey
4562
4563# netmasks.byaddr
4564nisLDAPattributeFromField netmasks.byaddr: \
4565			dn=("ipNetworkNumber=%s,", rf_ipkey ), \
4566			ipNetworkNumber=rf_ipkey, \
4567			ipNetmaskNumber=mask, \
4568			description=rf_comment
4569
4570# networks.
4571nisLDAPattributeFromField networks.byname: \
4572			dn=("ipNetworkNumber=%s,", number ), \
4573			cn=name, \
4574			cn=rf_key
4575nisLDAPattributeFromField networks.byaddr: \
4576			dn=("ipNetworkNumber=%s,", rf_key ), \
4577			cn=name
4578nisLDAPattributeFromField networks: \
4579			(cn)=(aliases, " "), \
4580			ipNetworkNumber=number, \
4581			description=rf_comment
4582' >> $MAP_FILE
4583
4584
4585# passwd syntax is different when passwd.adjunct map is present.
4586# So, need to handle the various possibilities
4587
4588_MAP=passwd.adjunct.byname
4589
4590if ! present $_MAP $ALL_DMN_DEF_MAPLIST
4591then
4592
4593  # Just put the passwd.adjunct syntax in comment form
4594
4595  echo '# passwd
4596nisLDAPattributeFromField passwd.byname: \
4597			dn=("uid=%s,", rf_key ), \
4598			uid=rf_key, \
4599			uidNumber=uid
4600nisLDAPattributeFromField passwd.byuid: \
4601			dn=("uid=%s,", name ), \
4602			uidNumber=rf_key, \
4603			uid=name
4604nisLDAPattributeFromField passwd: \
4605			cn=name, \
4606			userPassword=("{crypt}%s",passwd), \
4607			gidNumber=gid, \
4608			gecos=gecos, \
4609			homeDirectory=home, \
4610			loginShell=shell
4611
4612#
4613# If you are using passwd.adjunct, comment the passwd section above
4614# and uncomment the following passwd and passwd.adjunct sections
4615#
4616# passwd
4617#nisLDAPattributeFromField passwd.byname: \
4618#			dn=("uid=%s,", rf_key ), \
4619#			uid=rf_key, \
4620#			uidNumber=uid
4621#nisLDAPattributeFromField passwd.byuid: \
4622#			dn=("uid=%s,", name ), \
4623#			uidNumber=rf_key, \
4624#			uid=name
4625#nisLDAPattributeFromField passwd: \
4626#			cn=name, \
4627#			gidNumber=gid, \
4628#			gecos=gecos, \
4629#			homeDirectory=home, \
4630#			loginShell=shell
4631
4632# passwd.adjunct
4633#nisLDAPattributeFromField passwd.adjunct.byname: \
4634#			dn=("uid=%s,", rf_key ), \
4635#			uid=name, \
4636#			userPassword=("{crypt}%s",passwd)
4637' >> $MAP_FILE
4638
4639else
4640
4641  # Find the domains in which passwd.adjunct map exists.
4642  find_domains $_MAP DEF_MAPS
4643
4644  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
4645  then
4646
4647    # All the domains have passwd.adjunct map. So, put the right
4648    # passwd syntax and comment-in the passwd.adjunct syntax.
4649
4650
4651    echo '# passwd
4652#nisLDAPattributeFromField passwd.byname: \
4653#			dn=("uid=%s,", rf_key ), \
4654#			uid=rf_key, \
4655#			uidNumber=uid
4656#nisLDAPattributeFromField passwd.byuid: \
4657#			dn=("uid=%s,", name ), \
4658#			uidNumber=rf_key, \
4659#			uid=name
4660#nisLDAPattributeFromField passwd: \
4661#			cn=name, \
4662#			userPassword=("{crypt}%s",passwd), \
4663#			gidNumber=gid, \
4664#			gecos=gecos, \
4665#			homeDirectory=home, \
4666#			loginShell=shell
4667
4668# If you are not using passwd.adjunct, uncomment the passwd section above
4669# and comment the following passwd and passwd.adjunct sections
4670#
4671# passwd
4672nisLDAPattributeFromField passwd.byname: \
4673			dn=("uid=%s,", rf_key ), \
4674			uid=rf_key, \
4675			uidNumber=uid
4676nisLDAPattributeFromField passwd.byuid: \
4677			dn=("uid=%s,", name ), \
4678			uidNumber=rf_key, \
4679			uid=name
4680nisLDAPattributeFromField passwd: \
4681			cn=name, \
4682			gidNumber=gid, \
4683			gecos=gecos, \
4684			homeDirectory=home, \
4685			loginShell=shell
4686
4687# passwd.adjunct
4688nisLDAPattributeFromField passwd.adjunct.byname: \
4689			dn=("uid=%s,", rf_key ), \
4690			uid=name, \
4691			userPassword=("{crypt}%s",passwd)
4692' >> $MAP_FILE
4693
4694  else
4695    # Not every domain has passwd.adjunct map.
4696
4697    # First put the password syntax with domain name for domains
4698    # in which passwd.adjunct exists.
4699
4700    echo "# passwd" >> $MAP_FILE
4701
4702    for _DMN in $PRESENT_IN_DOMAINS
4703    do
4704
4705      echo "\
4706nisLDAPattributeFromField passwd.byname,${_DMN}: \\
4707			dn=(\"uid=%s,\", rf_key ), \\
4708			uid=rf_key, \\
4709			uidNumber=uid
4710nisLDAPattributeFromField passwd.byuid,${_DMN}: \\
4711			dn=(\"uid=%s,\", name ), \\
4712			uidNumber=rf_key, \\
4713			uid=name
4714nisLDAPattributeFromField passwd,${_DMN}: \\
4715			cn=name, \\
4716			gidNumber=gid, \\
4717			gecos=gecos, \\
4718			homeDirectory=home, \\
4719			loginShell=shell
4720" >> $MAP_FILE
4721    done
4722
4723    # Now put the other passwd syntax. We do not need to
4724    # append the domain name here.
4725
4726    echo '
4727nisLDAPattributeFromField passwd.byname: \
4728			dn=("uid=%s,", rf_key ), \
4729			uid=rf_key, \
4730			uidNumber=uid
4731nisLDAPattributeFromField passwd.byuid: \
4732			dn=("uid=%s,", name ), \
4733			uidNumber=rf_key, \
4734			uid=name
4735nisLDAPattributeFromField passwd: \
4736			cn=name, \
4737			userPassword=("{crypt}%s",passwd), \
4738			gidNumber=gid, \
4739			gecos=gecos, \
4740			homeDirectory=home, \
4741			loginShell=shell
4742' >> $MAP_FILE
4743
4744    # Now we need to put the passwd.adjunct syntax for domains
4745    # in which this map exists.
4746
4747    echo "# passwd.adjunct" >> $MAP_FILE
4748
4749    for _DMN in $PRESENT_IN_DOMAINS
4750    do
4751
4752      echo "\
4753nisLDAPattributeFromField passwd.adjunct.byname,${_DMN}: \\
4754			dn=(\"uid=%s,\", rf_key ), \\
4755			uid=name, \\
4756			userPassword=(\"{crypt}%s\",passwd)
4757" >> $MAP_FILE
4758    done
4759
4760  fi
4761
4762fi
4763
4764echo '
4765# This map is never created but yppasswd uses the mapping to extract password
4766# aging information from the DIT.
4767nisLDAPattributeFromField ageing.byname: \
4768			dn=("uid=%s,", rf_key ), \
4769			uid=name, \
4770			shadowLastChange=lastchg, \
4771			shadowMin=min, \
4772			shadowMax=max, \
4773			shadowWarning=warn, \
4774			shadowInactive=inactive, \
4775			shadowExpire=expire, \
4776			shadowFlag=flag
4777
4778# printers.conf.byname
4779nisLDAPattributeFromField printers.conf.byname: \
4780			dn=("printer-uri=%s,", rf_key ), \
4781			printer-name=rf_key, \
4782			(printer-aliases)=(names, "|"), \
4783			sun-printer-bsdaddr=(values, "*bsdaddr=%s:*"), \
4784			(sun-printer-kvp)=(values,":"), \
4785			description=rf_comment
4786
4787# prof_attr
4788nisLDAPattributeFromField prof_attr: \
4789			dn=("cn=%s,", rf_key ), \
4790			cn=name, \
4791			SolarisAttrReserved1=res1, \
4792			SolarisAttrReserved2=res2, \
4793			SolarisAttrLongDesc=desc, \
4794			SolarisAttrKeyValue=attrs
4795
4796# project
4797nisLDAPattributeFromField project.byname: \
4798			dn=("SolarisProjectName=%s,", rf_key )
4799nisLDAPattributeFromField project.byprojid: \
4800			dn=("SolarisProjectName=%s,", name ), \
4801			SolarisProjectID=rf_searchkey
4802nisLDAPattributeFromField project: \
4803			SolarisProjectName=name, \
4804			SolarisProjectID=projID, \
4805			(memberUid)=(users, ","), \
4806			(memberGid)=(groups, ","), \
4807			(SolarisProjectAttr)=(attrs, ";"), \
4808			description=comment
4809
4810# protocols
4811nisLDAPattributeFromField protocols.byname: \
4812                        ipProtocolNumber=number, \
4813                        cn=rf_searchkey
4814nisLDAPattributeFromField protocols.bynumber: \
4815                        ipProtocolNumber=rf_key, \
4816                        description=rf_comment
4817nisLDAPattributeFromField protocols: \
4818			dn=("cn=%s,", name ), \
4819                        (cn)=(aliases, " "), \
4820			cn=name
4821
4822# rpc.bynumber
4823nisLDAPattributeFromField rpc.bynumber: \
4824			dn=("cn=%s,", name ), \
4825			oncRpcNumber=rf_key, \
4826                        (cn)=(aliases, " "), \
4827			cn=name, \
4828			description=rf_comment
4829
4830# services
4831# services.byservicename rule is only used to speed single search
4832nisLDAPattributeFromField services.byservicename: \
4833			("%s/%s", cn, ipServiceProtocol) = rf_searchkey
4834
4835nisLDAPattributeFromField services.byname: \
4836			dn=("cn=%s+ipServiceProtocol=%s,", name, protocol ), \
4837     			("*/%s", ipServiceProtocol)=rf_key, \
4838     			("%s/*", ipServicePort)=rf_key, \
4839                        (cn)=(aliases, " "), \
4840			cn=name, \
4841                        description=rf_comment
4842
4843# timezone.byname
4844nisLDAPattributeFromField timezone.byname: \
4845			dn=("cn=%s,", rf_key ), \
4846			cn=hostName, \
4847			nisplusTimeZone=zoneName, \
4848			description=comment
4849
4850# user_attr
4851nisLDAPattributeFromField user_attr: \
4852			dn=("uid=%s,", rf_key ), \
4853			uid=rf_key, \
4854			SolarisUserAttr=qualifier, \
4855			SolarisUserReserved1=res1, \
4856			SolarisUserReserved2=res2, \
4857			SolarisAttrKeyValue=attrs
4858
4859# publickey.byname
4860nisLDAPattributeFromField keys.host: \
4861			dn=("%s", ldap:dn:?one?("cn=%s", (yp:rf_key, "unix.%s@*"))), \
4862			nisPublicKey=publicKey, \
4863			nisSecretKey=secretKey
4864
4865nisLDAPattributeFromField keys.pass: \
4866			dn=("%s", ldap:dn:?one?("uidNumber=%s", (yp:rf_key, "unix.%s@*"))), \
4867			nisPublicKey=publicKey, \
4868			nisSecretKey=secretKey
4869
4870nisLDAPattributeFromField keys.nobody: \
4871			dn=("uid=%s,",yp:rf_key), \
4872			cn=rf_key, \
4873			nisPublicKey=publicKey, \
4874			nisSecretKey=secretKey
4875
4876# ypservers. This derived from IPlanet implementation not RFC.
4877nisLDAPattributeFromField ypservers: \
4878			dn=("cn=%s,", rf_key), \
4879			cn=rf_key
4880' >> $MAP_FILE
4881}
4882
4883#
4884# List all the non-default auto.* and custom maps.
4885#
4886list_auto_and_custom_nisLDAPattributeFromField()
4887{
4888
4889# auto.* entries are easy.
4890if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
4891  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
4892fi
4893
4894for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
4895do
4896  echo "\
4897# ${_MAP}
4898nisLDAPattributeFromField ${_MAP}: \\
4899                        dn=(\"automountKey=%s,\", rf_key ), \\
4900                        automountKey=rf_key, \\
4901                        automountInformation=value
4902" >> $MAP_FILE
4903done
4904
4905# Since we do not have enough information to generate
4906# entries for other custom maps, best we can do is to
4907# log this map names and ask user to take care of them.
4908
4909ask_user_to_update_the_custom_map_entries_too
4910
4911}
4912
4913
4914#
4915# List mapping of named fields to DIT entries
4916#
4917create_nisLDAPattributeFromField()
4918{
4919
4920[ CUST_CMT_NEEDED -eq 1 ] && echo '
4921# nisLDAPattributeFromField : It specifies how an LDAP attribute
4922# value is derived from a NIS entries field values.
4923#
4924# The format of nisLDAPattributeFromField entry is :
4925# mapName ":" fieldattrspec *("," fieldattrspec )
4926' >> $MAP_FILE
4927
4928# List all the default entries anyway.
4929list_default_nisLDAPattributeFromField
4930
4931# List all the non-default auto.* and custom maps.
4932list_auto_and_custom_nisLDAPattributeFromField
4933
4934echo "
4935#
4936#------------------------------------------------------------------------------
4937#
4938" >> $MAP_FILE
4939}
4940
4941
4942#
4943# List all the default nisLDAPattributeFromField entries
4944#
4945list_default_nisLDAPfieldFromAttribute()
4946{
4947echo '
4948# Describe how named fields are mapped from DIT entries.
4949
4950# audit_user
4951nisLDAPfieldFromAttribute audit_user: \
4952			("uid=%s,*", rf_key)=dn, \
4953			("uid=%s,*", name)=dn, \
4954			alwaysAuditFlags=SolarisAuditAlways, \
4955			neverAuditFlags=SolarisAuditNever
4956
4957# auto.home
4958nisLDAPfieldFromAttribute auto.home: \
4959			rf_key=automountKey, \
4960			value=automountInformation
4961
4962# auto.master
4963nisLDAPfieldFromAttribute auto.master: \
4964			rf_key=automountKey, \
4965			value=automountInformation
4966
4967# auth_attr
4968nisLDAPfieldFromAttribute auth_attr: \
4969			rf_key=cn, \
4970			name=cn, \
4971			res1=SolarisAttrReserved1, \
4972			res2=SolarisAttrReserved2, \
4973			short_desc=SolarisAttrShortDesc, \
4974			long_desc=SolarisAttrLongDesc, \
4975			attrs=SolarisAttrKeyValue
4976
4977# Exec_attr. Because of messy NIS keys special handlind is required here
4978nisLDAPfieldFromAttribute exec_attr: \
4979			rf_key=("%s:%s:%s",cn,SolarisKernelSecurityPolicy, \
4980				solarisProfileId), \
4981			name=cn, \
4982			policy=SolarisKernelSecurityPolicy, \
4983			type=SolarisProfileType, \
4984			res1=SolarisAttrReserved1, \
4985			res2=SolarisAttrReserved2, \
4986			id=SolarisProfileId, \
4987			attrs=SolarisAttrKeyValue
4988
4989
4990# ethers
4991nisLDAPfieldFromAttribute ethers.byname: \
4992			rf_key=cn
4993nisLDAPfieldFromAttribute ethers.byaddr: \
4994			rf_key=macAddress
4995nisLDAPfieldFromAttribute ethers: \
4996			name=cn, \
4997			addr=macAddress, \
4998			rf_comment=description
4999
5000# bootparams. Must be done after ethers
5001nisLDAPfieldFromAttribute bootparams: \
5002			rf_key=cn, \
5003			params=("%s ", (bootParameter), " ")
5004' >> $MAP_FILE
5005
5006# group syntax is different when group.adjunct map is present.
5007# So, need to handle the various possibilities
5008
5009_MAP=group.adjunct.byname
5010
5011if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5012then
5013
5014  # Just put the group.adjunct syntax in comment form
5015
5016  echo '# group
5017nisLDAPfieldFromAttribute group.byname: \
5018			rf_key=cn
5019nisLDAPfieldFromAttribute group.bygid: \
5020                        rf_key=gidNumber
5021nisLDAPfieldFromAttribute group: \
5022                        gid=gidNumber, \
5023                        name=cn, \
5024			("{crypt}%s", passwd)=userPassword, \
5025			users=("%s,", (memberUid), ",")
5026
5027#
5028# If you are using group.adjunct, comment the group section above
5029# and uncomment the following group and group.adjunct section
5030#
5031# group
5032#nisLDAPfieldFromAttribute group.byname: \
5033#			rf_key=cn
5034#nisLDAPfieldFromAttribute group.bygid: \
5035#			rf_key=gidNumber
5036#nisLDAPfieldFromAttribute group: \
5037#			gid=gidNumber, \
5038#			name=cn, \
5039#			passwd=("#$%s", cn), \
5040#			users=("%s,", (memberUid), ",")
5041
5042# group.adjunct
5043#nisLDAPfieldFromAttribute group.adjunct.byname: \
5044#			rf_key=cn, \
5045#			name=cn, \
5046#			("{crypt}%s", passwd)=userPassword
5047' >> $MAP_FILE
5048
5049else
5050
5051  # Find the domains in which group.adjunct map exists.
5052  find_domains $_MAP DEF_MAPS
5053
5054  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5055  then
5056
5057    # All the domains have group.adjunct map.
5058
5059
5060    echo '# group
5061#nisLDAPfieldFromAttribute group.byname: \
5062#			rf_key=cn
5063#nisLDAPfieldFromAttribute group.bygid: \
5064#                        rf_key=gidNumber
5065#nisLDAPfieldFromAttribute group: \
5066#                        gid=gidNumber, \
5067#                        name=cn, \
5068#			("{crypt}%s", passwd)=userPassword, \
5069#			users=("%s,", (memberUid), ",")
5070
5071#
5072# If you are not using group.adjunct, comment the group section above
5073# and uncomment the following group and group.adjunct sections
5074#
5075# group
5076nisLDAPfieldFromAttribute group.byname: \
5077			rf_key=cn
5078nisLDAPfieldFromAttribute group.bygid: \
5079			rf_key=gidNumber
5080nisLDAPfieldFromAttribute group: \
5081			gid=gidNumber, \
5082			name=cn, \
5083			passwd=("#$%s", cn), \
5084			users=("%s,", (memberUid), ",")
5085
5086#
5087# group.adjunct
5088nisLDAPfieldFromAttribute group.adjunct.byname: \
5089			rf_key=cn, \
5090			name=cn, \
5091			("{crypt}%s", passwd)=userPassword
5092' >> $MAP_FILE
5093
5094  else
5095    # Not every domain has group.adjunct map.
5096
5097    echo "# group" >> $MAP_FILE
5098
5099    for _DMN in $PRESENT_IN_DOMAINS
5100    do
5101
5102      echo "\
5103nisLDAPfieldFromAttribute group.byname,${_DMN}: \\
5104			rf_key=cn
5105nisLDAPfieldFromAttribute group.bygid,${_DMN}: \\
5106			rf_key=gidNumber
5107nisLDAPfieldFromAttribute group,${_DMN}: \\
5108			gid=gidNumber, \\
5109			name=cn, \\
5110			passwd=(\"#$%s\", cn), \\
5111			users=(\"%s,\", (memberUid), \",\")
5112" >> $MAP_FILE
5113    done
5114
5115    # Now put the generic group syntax. We do not need to
5116    # append the domain name here.
5117
5118    echo '
5119nisLDAPfieldFromAttribute group.byname: \
5120			rf_key=cn
5121nisLDAPfieldFromAttribute group.bygid: \
5122                        rf_key=gidNumber
5123nisLDAPfieldFromAttribute group: \
5124                        gid=gidNumber, \
5125                        name=cn, \
5126			("{crypt}%s", passwd)=userPassword, \
5127			users=("%s,", (memberUid), ",")
5128' >> $MAP_FILE
5129
5130    # Now we need to put the group.adjunct syntax for domains
5131    # in which this map exists.
5132
5133    echo "#
5134# group.adjunct
5135# " >> $MAP_FILE
5136
5137    for _DMN in $PRESENT_IN_DOMAINS
5138    do
5139
5140      echo "\
5141nisLDAPfieldFromAttribute group.adjunct.byname,${_DMN}: \\
5142			rf_key=cn, \\
5143			name=cn, \\
5144			(\"{crypt}%s\", passwd)=userPassword
5145" >> $MAP_FILE
5146
5147    done
5148
5149  fi
5150
5151fi
5152
5153echo '
5154# hosts
5155nisLDAPfieldFromAttribute hosts.byaddr: \
5156                        rf_ipkey=ipHostNumber
5157nisLDAPfieldFromAttribute hosts.byname: \
5158			(rf_key)=(cn)
5159nisLDAPfieldFromAttribute hosts: \
5160			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5161                        addr=ipHostNumber, \
5162			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5163                        rf_comment=description
5164
5165nisLDAPfieldFromAttribute multihosts: \
5166			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5167			(rf_key)=("YP_MULTI_%s", cn), \
5168			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5169			rf_comment=description, \
5170			(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5171				(ipHostNumber=*.*))", yp:canonicalName)), \
5172			addr=("%s,", (yp:tmp), ",")
5173
5174# ipnodes
5175nisLDAPfieldFromAttribute ipnodes.byaddr: \
5176                        rf_ipkey=ipHostNumber
5177nisLDAPfieldFromAttribute ipnodes.byname: \
5178			("cn=%s+ipHostNumber=*", rf_key)=dn
5179nisLDAPfieldFromAttribute ipnodes: \
5180			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5181                        addr=ipHostNumber, \
5182			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5183                        rf_comment=description
5184
5185nisLDAPfieldFromAttribute multiipnodes: \
5186			("cn=%s+ipHostNumber=*", canonicalName)=dn, \
5187			(rf_key)=("YP_MULTI_%s", cn), \
5188			aliases=("%s ", (cn) - yp:canonicalName, " "), \
5189			rf_comment=description, \
5190			(tmp)=("%s", ipHostNumber:?one?("(&(cn=%s) \
5191				(ipHostNumber=*:*))", yp:canonicalName)), \
5192			addr=("%s,", (yp:tmp), ",")
5193
5194#mail.aliases
5195nisLDAPfieldFromAttribute mail.aliases: \
5196			rf_key=mail, \
5197			addresses= ("%s,", (mgrprfc822mailmember), ","), \
5198			rf_comment=description
5199
5200#mail.mapping
5201nisLDAPfieldFromAttribute mail.mapping: \
5202			rf_key=mgrprfc822mailmember, \
5203			address=mail, \
5204			rf_comment=description
5205
5206# netgroup.
5207nisLDAPfieldFromAttribute netgroup: \
5208			rf_key=cn, \
5209			(group)=(memberNisNetgroup), \
5210			("(%s,%s,%s)", host, user, domain)= \
5211						(nisNetgroupTriple), \
5212			rf_comment=description
5213
5214# netid.pass
5215nisLDAPfieldFromAttribute netid.pass: \
5216			number=uidNumber, \
5217			(tmp)=("%s", gidNumber:ou=group,?one?\
5218				("memberUid=%s", ldap:uid)), \
5219			sgid=("%s,", (yp:tmp) - gidNumber, ","), \
5220			data=("%s,%s", gidNumber, yp:sgid), \
5221			data=gidNumber, \
5222			(rf_key)=("unix.%s@%s", yp:number, yp:rf_domain)
5223
5224# netid.host
5225nisLDAPfieldFromAttribute netid.host: \
5226			("cn=%s+ipHostNumber=*", data)=dn, \
5227			number=("0"), \
5228			(rf_key)=("unix.%s@%s", yp:data, yp:rf_domain)
5229
5230# netmasks.byaddr
5231nisLDAPfieldFromAttribute netmasks.byaddr: \
5232			("ipNetworkNumber=%s,*", rf_ipkey)=dn, \
5233			mask=ipNetmaskNumber, \
5234			rf_comment=description
5235
5236# networks.
5237nisLDAPfieldFromAttribute networks.byname: \
5238			(rf_key)=(cn)
5239nisLDAPfieldFromAttribute networks.byaddr: \
5240			("ipNetworkNumber=%s,*", rf_key)=dn
5241nisLDAPfieldFromAttribute networks: \
5242			name=cn, \
5243			aliases=("%s ", (cn) - yp:name, " "), \
5244			number=ipNetworkNumber, \
5245			rf_comment=description
5246' >> $MAP_FILE
5247
5248# passwd syntax is different when passwd.adjunct map is present.
5249# So, need to handle the various possibilities
5250
5251_MAP=passwd.adjunct.byname
5252
5253if ! present $_MAP $ALL_DMN_DEF_MAPLIST
5254then
5255
5256  # Just put the passwd.adjunct syntax in comment form
5257
5258  echo '# passwd
5259nisLDAPfieldFromAttribute passwd.byname: \
5260			rf_key=uid
5261nisLDAPfieldFromAttribute passwd.byuid: \
5262			rf_key=uidNumber
5263nisLDAPfieldFromAttribute passwd: \
5264			name=uid, \
5265			uid=uidNumber, \
5266			("{crypt}%s", passwd)=userPassword, \
5267			gid=gidNumber, \
5268			gecos=gecos, \
5269			home=homeDirectory, \
5270			shell=loginShell
5271
5272#
5273# If you are using passwd.adjunct, comment the passwd section above
5274# and uncomment the following passwd and passwd.adjunct sections
5275#
5276# passwd
5277#nisLDAPfieldFromAttribute passwd.byname: \
5278#			rf_key=uid
5279#nisLDAPfieldFromAttribute passwd.byuid: \
5280#			rf_key=uidNumber
5281#nisLDAPfieldFromAttribute passwd: \
5282#			name=uid, \
5283#			uid=uidNumber, \
5284#			passwd=("##%s", uid), \
5285#			gid=gidNumber, \
5286#			gecos=gecos, \
5287#			home=homeDirectory, \
5288#			shell=loginShell
5289
5290# passwd.adjunct
5291#nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5292#			rf_key=uid, \
5293#			name=uid, \
5294#			("{crypt}%s", passwd)=userPassword
5295' >> $MAP_FILE
5296
5297else
5298
5299  # Find the domains in which passwd.adjunct map exists.
5300  find_domains $_MAP DEF_MAPS
5301
5302  if [ $PRESENT_COUNT -eq $N2L_DMN_CNT ]
5303  then
5304
5305    # All the domains have passwd.adjunct map. So, put the right
5306    # passwd syntax and comment-in the passwd.adjunct syntax.
5307
5308
5309    echo '# passwd
5310#nisLDAPfieldFromAttribute passwd.byname: \
5311#			rf_key=uid
5312#nisLDAPfieldFromAttribute passwd.byuid: \
5313#			rf_key=uidNumber
5314#nisLDAPfieldFromAttribute passwd: \
5315#			name=uid, \
5316#			uid=uidNumber, \
5317#			("{crypt}%s", passwd)=userPassword, \
5318#			gid=gidNumber, \
5319#			gecos=gecos, \
5320#			home=homeDirectory, \
5321#			shell=loginShell
5322
5323#
5324# If you are not using passwd.adjunct, uncomment the passwd section
5325# above and comment the following passwd and passwd.adjunct sections
5326#
5327# passwd
5328nisLDAPfieldFromAttribute passwd.byname: \
5329			rf_key=uid
5330nisLDAPfieldFromAttribute passwd.byuid: \
5331			rf_key=uidNumber
5332nisLDAPfieldFromAttribute passwd: \
5333			name=uid, \
5334			uid=uidNumber, \
5335			passwd=("##%s", uid), \
5336			gid=gidNumber, \
5337			gecos=gecos, \
5338			home=homeDirectory, \
5339			shell=loginShell
5340
5341#
5342# passwd.adjunct Must follow passwd
5343#
5344nisLDAPfieldFromAttribute passwd.adjunct.byname: \
5345			rf_key=uid, \
5346			name=uid, \
5347			("{crypt}%s", passwd)=userPassword
5348' >> $MAP_FILE
5349
5350  else
5351    # Not every domain has passwd.adjunct map.
5352
5353    # First put the password syntax with domain name for domains
5354    # in which passwd.adjunct exists.
5355
5356    echo "# passwd" >> $MAP_FILE
5357
5358    for _DMN in $PRESENT_IN_DOMAINS
5359    do
5360
5361      echo "\
5362nisLDAPfieldFromAttribute passwd.byname,${_DMN}: \\
5363			rf_key=uid
5364nisLDAPfieldFromAttribute passwd.byuid,${_DMN}: \\
5365			rf_key=uidNumber
5366nisLDAPfieldFromAttribute passwd,${_DMN}: \\
5367			name=uid, \\
5368			uid=uidNumber, \\
5369			passwd=(\"##%s\", uid), \\
5370			gid=gidNumber, \\
5371			gecos=gecos, \\
5372			home=homeDirectory, \\
5373			shell=loginShell
5374" >> $MAP_FILE
5375    done
5376
5377    # Now put the other passwd syntax. We do not need to
5378    # append the domain name here.
5379
5380    echo '
5381nisLDAPfieldFromAttribute passwd.byname: \
5382			rf_key=uid
5383nisLDAPfieldFromAttribute passwd.byuid: \
5384			rf_key=uidNumber
5385nisLDAPfieldFromAttribute passwd: \
5386			name=uid, \
5387			uid=uidNumber, \
5388			("{crypt}%s", passwd)=userPassword, \
5389			gid=gidNumber, \
5390			gecos=gecos, \
5391			home=homeDirectory, \
5392			shell=loginShell
5393' >> $MAP_FILE
5394
5395    # Now we need to put the passwd.adjunct syntax for domains
5396    # in which this map exists.
5397
5398    echo "#
5399# passwd.adjunct Must follow passwd
5400# " >> $MAP_FILE
5401
5402    for _DMN in $PRESENT_IN_DOMAINS
5403    do
5404
5405      echo "\
5406nisLDAPfieldFromAttribute passwd.adjunct.byname,${_DMN}: \\
5407			rf_key=uid, \\
5408			name=uid, \\
5409			(\"{crypt}%s\", passwd)=userPassword
5410" >> $MAP_FILE
5411
5412    done
5413
5414  fi
5415
5416fi
5417
5418echo '
5419# This map is never created but yppasswd uses the mapping to extract password
5420# ageing information from the DIT.
5421nisLDAPfieldFromAttribute ageing.byname: \
5422			rf_key=uid, \
5423			name=uid, \
5424			lastchg=shadowLastChange, \
5425			min=shadowMin, \
5426			max=shadowMax, \
5427			warn=shadowWarning, \
5428			inactive=shadowInactive, \
5429			expire=shadowExpire, \
5430			flag=shadowFlag
5431
5432# printers.conf.byname
5433nisLDAPfieldFromAttribute printers.conf.byname: \
5434			rf_key=printer-uri, \
5435			names=("%s|", (printer-aliases), "|"), \
5436			bsdaddr=("bsdaddr=%s", sun-printer-bsdaddr), \
5437			kvps=("%s:", (sun-printer-kvp) - yp:bsdaddr), \
5438			values=("%s:%s", yp:bsdaddr, yp:kvps), \
5439			values=("%s:", yp:bsdaddr), \
5440			values=yp:kvps, \
5441                        rf_comment=description
5442
5443# prof_attr
5444nisLDAPfieldFromAttribute prof_attr: \
5445			rf_key=cn, \
5446			name=cn, \
5447			res1=SolarisAttrReserved1, \
5448			res2=SolarisAttrReserved2, \
5449			desc=SolarisAttrLongDesc, \
5450			attrs=SolarisAttrKeyValue
5451
5452# project
5453nisLDAPfieldFromAttribute project.byname: \
5454			rf_key=SolarisProjectName
5455nisLDAPfieldFromAttribute project.byprojid: \
5456			rf_key=SolarisProjectID
5457nisLDAPfieldFromAttribute project: \
5458			name=SolarisProjectName, \
5459			projID=SolarisProjectID, \
5460			comment=description, \
5461			users=("%s,", (memberUid), ","), \
5462			groups=("%s,", (memberGid), ","), \
5463			attrs=("%s;", (SolarisProjectAttr), ";")
5464
5465# protocols
5466nisLDAPfieldFromAttribute protocols.byname: \
5467			("cn=%s,*", rf_key)=dn, \
5468			(rf_key)=(cn)
5469nisLDAPfieldFromAttribute protocols.bynumber: \
5470                        rf_key=ipProtocolNumber, \
5471                        rf_comment=description
5472nisLDAPfieldFromAttribute protocols: \
5473			("cn=%s,*", name)=dn, \
5474                        number=ipProtocolNumber, \
5475                        aliases=("%s ", (cn) - yp:name, " ")
5476
5477# rpc.bynumber
5478nisLDAPfieldFromAttribute rpc.bynumber: \
5479			rf_key=oncRpcNumber, \
5480			number=oncRpcNumber, \
5481			("cn=%s,*", name)=dn, \
5482                        aliases=("%s ", (cn) - yp:name, " "), \
5483			rf_comment=description
5484
5485# services
5486nisLDAPfieldFromAttribute services.byname: \
5487			rf_key = ("%s/%s", ipServicePort, ipServiceProtocol)
5488nisLDAPfieldFromAttribute services.byservicename: \
5489			(rf_key)=("%s/%s", cn, ipServiceProtocol), \
5490			(rf_key)=(cn)
5491nisLDAPfieldFromAttribute services: \
5492			("cn=%s+ipServiceProtocol=*", name)=dn, \
5493     			protocol=ipServiceProtocol, \
5494     			port=ipServicePort, \
5495                        aliases=("%s ", (cn) - yp:name, " "), \
5496                        rf_comment=description
5497
5498# timezone.byname
5499nisLDAPfieldFromAttribute timezone.byname: \
5500			rf_key=cn, \
5501			hostName=cn, \
5502			zoneName=nisplusTimeZone, \
5503			rf_comment=description
5504
5505# user_attr
5506nisLDAPfieldFromAttribute user_attr: \
5507			("uid=%s,*", rf_key)=dn, \
5508			("uid=%s,*", user)=dn, \
5509			qualifier=SolarisUserAttr, \
5510			res1=SolarisUserReserved1, \
5511			res2=SolarisUserReserved2, \
5512			attrs=SolarisAttrKeyValue
5513
5514# publickey.byname
5515nisLDAPfieldFromAttribute keys.host: \
5516			("cn=%s+ipHostNumber=*", cname)=dn, \
5517			rf_key=("unix.%s@%s", yp:cname, yp:rf_domain), \
5518			publicKey=nisPublicKey, \
5519			secretKey=nisSecretKey
5520
5521nisLDAPfieldFromAttribute keys.pass: \
5522			rf_key=("unix.%s@%s", uidNumber, yp:rf_domain), \
5523			publicKey=nisPublicKey, \
5524			secretKey=nisSecretKey
5525
5526nisLDAPfieldFromAttribute keys.nobody: \
5527			rf_key=uid, \
5528			publicKey=nisPublicKey, \
5529			secretKey=nisSecretKey
5530
5531# ypservers. This derived from IPlanet implementation not RFC.
5532nisLDAPfieldFromAttribute ypservers: \
5533			rf_key=cn
5534' >> $MAP_FILE
5535}
5536
5537
5538#
5539# List all the non-default auto.* and custom maps.
5540#
5541list_auto_and_custom_nisLDAPfieldFromAttribute()
5542{
5543
5544# auto.* entries are easy.
5545if [ ${#ALL_DMN_AUTO_CUST_MAPS[*]} -gt 0 ]; then
5546  echo "# Non-default custom auto maps (auto.*)\n" >> $MAP_FILE
5547fi
5548
5549for _MAP in ${ALL_DMN_AUTO_CUST_MAPS[*]}
5550do
5551  echo "\
5552# ${_MAP}
5553nisLDAPfieldFromAttribute ${_MAP}: \\
5554                        rf_key=automountKey, \\
5555                        value=automountInformation
5556" >> $MAP_FILE
5557done
5558
5559# Since we do not have enough information to generate
5560# entries for other custom maps, best we can do is to
5561# log this map names and ask user to take care of them.
5562
5563ask_user_to_update_the_custom_map_entries_too
5564
5565}
5566
5567
5568#
5569# List mapping of named fields from DIT entries
5570#
5571create_nisLDAPfieldFromAttribute()
5572{
5573
5574[ CUST_CMT_NEEDED -eq 1 ] && echo '
5575# nisLDAPfieldFromAttribute : It specifies how a NIS entries
5576# field values  are derived from LDAP attribute values.
5577#
5578# The format of nisLDAPfieldFromAttribute is :
5579# mapName ":" fieldattrspec *("," fieldattrspec)
5580' >> $MAP_FILE
5581
5582# List all the default entries anyway.
5583list_default_nisLDAPfieldFromAttribute
5584
5585# List all the non-default auto.* and custom maps.
5586list_auto_and_custom_nisLDAPfieldFromAttribute
5587
5588echo "
5589#
5590#------------------------------------------------------------------------------
5591#
5592" >> $MAP_FILE
5593}
5594
5595
5596
5597# Main function for creating the mapping file
5598create_mapping_file()
5599{
5600# Ask user the list of domains to be served by N2L
5601create_n2l_domain_list
5602
5603# If there are no N2L domains or none selected, then exit
5604if [ $N2L_DMN_CNT -eq 0 ]; then
5605  echo "There are no domains to serve. No mapping file generated."
5606  return 1
5607fi
5608
5609while :
5610do
5611  get_ans "Enter the mapping file name (h=help):" "${MAP_FILE}"
5612
5613  # If help continue, otherwise break.
5614  case "$ANS" in
5615    [Hh] | help | Help | \?) display_msg new_mapping_file_name_help ;;
5616                         * ) break ;;
5617  esac
5618done
5619
5620MAP_FILE=${ANS}
5621[ $DEBUG -eq 1 ] && MAP_FILE = $MAP_FILE
5622
5623# Backup existing mapping file if selected
5624check_back_mapping_file
5625
5626# To prevent from leaving a partial mapping file in case some error
5627# or signal takes place which might result in machine starting in N2L
5628# mode at next reboot, store the output being generated in a temporary
5629# file first, and move it at the final destination only at the end if
5630# everything goes fine.
5631
5632_MAP_FILE=$MAP_FILE
5633MAP_FILE=${TMPDIR}/${TMPMAP}.$$
5634
5635echo "Generating mapping file temporarily as \"${MAP_FILE}\""
5636
5637# Place copyright information
5638put_mapping_file_copyright_info
5639
5640
5641# Prepare various map lists for each domain
5642create_map_lists
5643
5644# List domains and contexts
5645get_nisLDAPdomainContext
5646
5647# List domains for which passwords should be changed
5648get_nisLDAPyppasswddDomains
5649
5650# List databaseId mappings (aliases)
5651create_nisLDAPdatabaseIdMapping
5652
5653# List comment character for maps
5654create_nisLDAPcommentChar
5655
5656# List SECURE and INTERDOMAIN flags
5657create_nisLDAPmapFlags
5658
5659# List TTL values
5660 create_nisLDAPentryTtl
5661
5662# List name fields
5663create_nisLDAPnameFields
5664
5665# List split fields and repeated fields seperators.
5666create_split_field_and_repeatedfield_seperators
5667
5668# List association of maps with RDNs and object classes.
5669create_nisLDAPobjectDN
5670
5671# List mapping of named fields to DIT entries
5672create_nisLDAPattributeFromField
5673
5674# List mapping of named fields from DIT entries
5675create_nisLDAPfieldFromAttribute
5676
5677
5678# We are done, so move back the mapping file from temp. location
5679# to actual location.
5680# In case the mapping file name has a directory component which does
5681# not exist, then create it now, otherwise 'mv' will return error.
5682
5683DIR_TO_CREATE=`dirname ${_MAP_FILE}`
5684mkdir -p ${DIR_TO_CREATE}
5685
5686echo "Moving output from temporary file ($MAP_FILE) to actual file ($_MAP_FILE)"
5687mv $MAP_FILE $_MAP_FILE
5688
5689# Revert back the mapping file name in case needed.
5690MAP_FILE=$_MAP_FILE
5691echo "Finished creation of mapping file ( $MAP_FILE )"
5692
5693}
5694
5695
5696#
5697# Main function for creating config file (ypserv)
5698#
5699process_config_file()
5700{
5701# Ask for confirmation if the file name is not specified.
5702
5703if [ $CONFIG_FILE_SPECIFIED -eq 0 ]; then
5704  display_msg no_config_file_name_specified
5705
5706  get_confirm_nodef "Do you want to create the config file (y/n) ?"
5707
5708  [ $? -eq 0 ] && return 0
5709
5710  while :
5711  do
5712    get_ans "Enter the config file name (h=help):" "${CONFIG_FILE}"
5713
5714    # If help continue, otherwise break.
5715    case "$ANS" in
5716      [Hh] | help | Help | \?) display_msg new_config_file_name_help ;;
5717                           * ) break ;;
5718    esac
5719  done
5720
5721  CONFIG_FILE=${ANS}
5722  [ $DEBUG -eq 1 ] && CONFIG_FILE = $CONFIG_FILE
5723
5724fi
5725
5726# Backup existing config file if selected
5727check_back_config_file
5728
5729# Create config file
5730create_config_file
5731}
5732
5733
5734#
5735# Main function for creating mapping file (NISLDAPmapping)
5736#
5737process_mapping_file()
5738{
5739# Ask for confirmation if the file name is not specified.
5740
5741if [ $MAPPING_FILE_SPECIFIED -eq 0 ]; then
5742  display_msg no_mapping_file_name_specified
5743
5744  get_confirm_nodef "Do you want to create the mapping file (y/n) ?"
5745
5746  [ $? -eq 0 ] && return 0
5747
5748
5749fi
5750
5751# Create mapping file
5752create_mapping_file
5753}
5754
5755###########################################
5756###########	   MAIN		###########
5757###########################################
5758
5759PROG=`basename $0`	# Program name
5760ABS_PROG=$0		# absolute path needed
5761
5762# Only superuser should be able to run this script.
5763is_root_user
5764if [ $? -ne 0 ]; then
5765  echo "ERROR : Only root can run $PROG"
5766  exit 1
5767fi
5768
5769# Initialize things
5770init
5771
5772# Parse command line arguments.
5773parse_arg $*
5774
5775# Create config file (ypserv)
5776process_config_file
5777
5778# Create mapping file (NISLDAPmapping).
5779process_mapping_file
5780
5781# Cleanup temp files and directories unless debug.
5782[ $DEBUG -eq 0 ] && cleanup
5783
5784exit 0
5785