23
# check the system (non-LDAP configuration files) for some
27
# guess domain based on system information
28
db_get nslcd/ldap-base
31
domain=`hostname --domain` || true
32
[ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
33
[ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true
34
[ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true
35
db_get nslcd/ldap-base
37
# if the ldap-base value doesn't seem to be preseeded, try to use the
38
# domain name to build the default base
23
# read a configuration value from the specified file
24
# (it takes care in not overwriting a previously written value)
29
# overwrite debconf value if different from config file
30
db_get "$debconf_param"
32
cfgfile_value=`sed -n 's/^'"$cfg_param"'[[:space:]]*\([^[:space:]].*[^[:space:]]\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
33
[ -n "$cfgfile_value" ] && [ "$debconf_value" != "$cfgfile_value" ] && db_set "$debconf_param" "$cfgfile_value"
38
# figure out the system's domain name
41
domain=`hostname --domain` || true
42
[ -z "$domain" ] && domain=`hostname --nis | grep '\.'` || true
43
[ -z "$domain" ] && domain=`hostname --fqdn | sed -n 's/^[^.]*\.//p'` || true
44
[ -z "$domain" ] && domain=`sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf | head -n 1` || true
48
# find a LDAP server URI by trying DNS and normal hostname lookups
51
# see if ldap server exists on localhost and is listening on ldapi://
52
if [ -e /var/run/slapd/ldapi ]
57
# try to lookup _ldap._tcp SRV records
60
server=`host -N 2 -t SRV _ldap._tcp.$domain 2> /dev/null | grep -v NXDOMAIN | awk '{print $NF}' | head -1 | sed 's/\.$//'` || true
41
searchbase=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/'` || true
42
db_set nslcd/ldap-base "$searchbase"
63
echo "ldap://$server/"
46
db_get nslcd/ldap-uris
67
# fall back to name lookups
70
# try unqualified hostname lookup
49
71
server=`getent hosts ldap` || true
50
72
[ -z "$server" ] && server=`getent hosts dirhost` || true
73
# try qualified hostname
51
74
if [ -n "$domain" ] && [ -z "$server" ]
53
76
server=`getent hosts ldap."$domain"` || true
54
77
[ -z "$server" ] && server=`getent hosts dirhost."$domain"` || true
79
# turn into URI with IP address
56
80
if [ -n "$server" ]
58
# extract ip address from host entry and quote ipv6 address
82
# extract IP address from host entry and quote IPv6 address
59
83
ip=`echo $server | sed 's/[[:space:]].*//;s/^\(.*:.*\)$/[\1]/'`
60
db_set nslcd/ldap-uris "ldap://$ip/"
89
# guess the LDAP search base by performing LDAP searches on the
94
# first try the default naming context
95
context=`ldapsearch -LLL -H "$ldap_uri" -x -b '' -s base defaultNamingContext 2>/dev/null | sed -n 's/^defaultNamingContext: //pi'` || true
101
# go over naming contexts, pick the first one with posixAccount or
102
# posixGroup objects in it
103
for context in `ldapsearch -LLL -H "$ldap_uri" -x -b '' -s base namingContexts 2>/dev/null | sed -n 's/^namingContexts: //pi'`
106
found=`ldapsearch -LLL -H "$ldap_uri" -x -b "$context" -s sub -z 1 '(|(objectClass=posixAccount)(objectclass=posixGroup))' dn 2>/dev/null` || true
115
# check the system (non-LDAP configuration files) for some
116
# reasonable defaults
119
# guess domain based on system information
121
# guess ldap server URI
122
db_get nslcd/ldap-uris
125
ldap_uri=`guess_ldap_uri "$domain"`
126
[ -n "$ldap_uri" ] && db_set nslcd/ldap-uris "$ldap_uri"
128
# only get first URI from any stored (preseeded) value
129
ldap_uri=`echo "$RET" | sed -n 's/[[:space:]].*//'`
132
db_get nslcd/ldap-base
135
# try to find the search base from the found URI
136
[ -n "$ldap_uri" ] && search_base=`query_search_base "$ldap_uri"`
137
# try to use the domain name to build the default base
138
if [ -z "$search_base" ] && [ -n "$domain" ]
140
search_base=`echo "$domain" | sed 's/^/dc=/;s/\./,dc=/g'`
142
[ -n "$search_base" ] && db_set nslcd/ldap-base "$search_base"
92
173
[ -n "$uris" ] && db_set nslcd/ldap-uris "$uris"
95
db_get nslcd/ldap-base
98
searchbase=`sed -n 's/^base[[:space:]]*\([^[:space:]]*\)[[:space:]]*$/\1/ip' "$cfgfile" | tail -n 1`
99
[ -n "$searchbase" ] && db_set nslcd/ldap-base "$searchbase"
102
db_get nslcd/ldap-binddn
105
binddn=`sed -n 's/^binddn[[:space:]]*//ip' "$cfgfile" | tail -n 1`
106
db_set nslcd/ldap-binddn "$binddn"
109
db_get nslcd/ldap-bindpw
112
bindpw=`sed -n 's/^bindpw[[:space:]]*//ip' "$cfgfile" | tail -n 1`
113
db_set nslcd/ldap-bindpw "$bindpw"
175
# read simple options
176
read_config nslcd/ldap-base base
177
read_config nslcd/ldap-binddn binddn
178
read_config nslcd/ldap-bindpw bindpw
179
read_config nslcd/ldap-sasl-mech sasl_mech
180
read_config nslcd/ldap-sasl-realm sasl_realm
181
read_config nslcd/ldap-sasl-authcid sasl_authcid
182
read_config nslcd/ldap-sasl-authzid sasl_authzid
183
read_config nslcd/ldap-sasl-secprops sasl_secprops
184
read_config nslcd/ldap-sasl-krb5-ccname krb5_ccname
115
185
# check ssl option
116
186
db_get nslcd/ldap-starttls
160
224
db_get nslcd/ldap-uris
161
225
[ -z "$RET" ] && db_set nslcd/ldap-uris "ldap://127.0.0.1/"
162
226
db_get nslcd/ldap-base
163
[ -z "$RET" ] && db_set nslcd/ldap-base "dc=example,dc=net/"
227
[ -z "$RET" ] && db_set nslcd/ldap-base "dc=example,dc=net"
166
230
# fallback for starttls option
167
231
db_get nslcd/ldap-starttls
168
232
[ -z "$RET" ] && db_set nslcd/ldap-starttls "false"
234
# deduce auth-type from available information
235
db_get nslcd/ldap-auth-type
238
db_get nslcd/ldap-sasl-mech
240
db_get nslcd/ldap-binddn
242
if [ -n "$sasl_mech" ]
244
db_set nslcd/ldap-auth-type "SASL"
245
elif [ -n "$binddn" ]
247
db_set nslcd/ldap-auth-type "simple"
249
db_set nslcd/ldap-auth-type "none"
171
254
# This is the second part of the script. In this part the configurable
172
255
# settings will be presented to the user for approval. The postinst
182
265
db_input high nslcd/ldap-uris || true
183
266
db_input high nslcd/ldap-base || true
184
267
# ask the questions, go to the next question or exit
187
270
# TODO: add error checking on options
190
# ask for login information
191
db_input medium nslcd/ldap-binddn || true
273
# ask for authentication type
274
db_input medium nslcd/ldap-auth-type || true
192
275
# ask the question, go to the next question or back
276
state="authentication"
194
277
db_go || state="server"
197
# only ask question if we have a binddn
198
db_get nslcd/ldap-binddn
201
# ask for login information
202
db_input medium nslcd/ldap-bindpw || true
280
# check which questions to ask, depending on the authentication type
281
db_get nslcd/ldap-auth-type
284
# anonymous bind, nothing to ask (clear password)
205
285
db_set nslcd/ldap-bindpw ""
289
# ask for binddn and bindpw
290
db_input medium nslcd/ldap-binddn || true
291
db_input medium nslcd/ldap-bindpw || true
295
# ask about SASL mechanism (other SASL questions depend on this)
296
db_input medium nslcd/ldap-sasl-mech || true
303
db_go || state="authtype"
307
db_get nslcd/ldap-sasl-mech
310
db_input medium nslcd/ldap-sasl-realm || true
311
if [ "$sasl_mech" != "GSSAPI" ]
313
db_input medium nslcd/ldap-sasl-authcid || true
314
db_input medium nslcd/ldap-bindpw || true
316
db_input medium nslcd/ldap-sasl-authzid || true
317
db_input medium nslcd/ldap-sasl-secprops || true
318
if [ "$sasl_mech" = "GSSAPI" ]
320
# have a default for ldap-sasl-krb5-ccname
321
db_get nslcd/ldap-sasl-krb5-ccname
322
[ -z "$RET" ] && db_set nslcd/ldap-sasl-krb5-ccname "/var/run/nslcd/nslcd.tkt"
323
db_input low nslcd/ldap-sasl-krb5-ccname || true
207
325
# ask the question, go to the next question or back
209
db_go || state="binddn"
327
db_go || state="authentication"
212
330
# check if ldaps:// URL's are used