Compare commits

..

3 Commits

15 changed files with 129 additions and 732 deletions

1
debian/compat vendored Normal file
View File

@ -0,0 +1 @@
7

14
debian/control vendored Normal file
View File

@ -0,0 +1,14 @@
Source: eole-cadolesldap
Section: web
Priority: optional
Maintainer: CADOLES <contact@cadoles.com>
Build-Depends: debhelper (>= 7.0.50)
Standards-Version: 3.8.4
Homepage: https://forge.cadoles.com/Cadoles/cadolesldap
Vcs-Git: https://forge.cadoles.com/Cadoles/cadolesldap.git
Vcs-Browser: https://forge.cadoles.com/Cadoles/cadolesldap.git
Package: eole-cadolesldap
Architecture: all
Depends: ${misc:Depends}, eole-annuaire
Description: Templates cadolesldap.

44
debian/copyright vendored Normal file
View File

@ -0,0 +1,44 @@
Format: http://dep.debian.net/deps/dep5
Upstream-Name: {PROJECT}
Source: {URL}
Files: *
Copyright: YEAR {UPSTREAM} {AUTHOR} <{MAIL}>
License: {UPSTREAM LICENSE}
Files: debian/*
Copyright: Cadoles <contact@cadoles.com>
License: CeCILL-2
License: {UPSTREAM LICENSE}
{TEXT OF THE LICENSE}
License: CeCILL-2
This software is governed by the CeCILL-2 license under French law and
abiding by the rules of distribution of free software. You can use,
modify and or redistribute the software under the terms of the CeCILL-2
license as circulated by CEA, CNRS and INRIA at the following URL
"http://www.cecill.info";.
.
As a counterpart to the access to the source code and rights to copy,
modify and redistribute granted by the license, users are provided only
with a limited warranty and the software's author, the holder of the
economic rights, and the successive licensors have only limited
liability.
.
In this respect, the user's attention is drawn to the risks associated
with loading, using, modifying and/or developing or reproducing the
software by the user in light of its specific status of free software,
that may mean that it is complicated to manipulate, and that also
therefore means that it is reserved for developers and experienced
professionals having in-depth computer knowledge. Users are therefore
encouraged to load and test the software's suitability as regards their
requirements in conditions enabling the security of their systems and/or
data to be ensured and, more generally, to use and operate it in the
same conditions as regards security.
.
The fact that you are presently reading this means that you have had
knowledge of the CeCILL-2 license and that you accept its terms.
.
On Eole systems, the complete text of the CeCILL-2 License can be found
in '/usr/share/common-licenses/CeCILL-2-en'.

3
debian/gbp.conf vendored Normal file
View File

@ -0,0 +1,3 @@
# Set per distribution debian tag
[DEFAULT]
debian-tag = debian/envole/%(version)s

20
debian/rules vendored Executable file
View File

@ -0,0 +1,20 @@
#!/usr/bin/make -f
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
%:
dh $@
override_dh_install:
dh_install -peole-draaf --exclude=slapd.conf.patch \
--exclude=cas.inc.php.tmpl.patch \
--exclude=25-bdd-admin \
--exclude=25_bdd_server.xml
dh_install -pdraaf-apps
dh_install -pdraaf-lemontheme
dh_install -pdraaf-envoletheme
dh_install -pdraaf-ldap
dh_install -pdraaf-patchsso
dh_install -pdraaf-bdd

1
debian/source/format vendored Normal file
View File

@ -0,0 +1 @@
3.0 (native)

View File

@ -6,39 +6,24 @@
<variables>
<family name='CADOLES LDAP'>
<variable name="activer_admin_passfile" exists='True' redefine='True' hidden='True'><value>oui</value></variable>
<variable name="activer_admin_passfile" redefine='True' hidden='True'><value>oui</value></variable>
<variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'>
<value>oui</value>
</variable>
<variable type='string' name='cadolesldap_basedn' description="Base DN de l'annuaire" mandatory='True'/>
<variable type='password' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
<variable type='string' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
<variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01" mandatory='True'><value>niveau01</value></variable>
<variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02" mandatory='True'><value>niveau02</value></variable>
<variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='False'/>
<variable type='oui/non' name='cadolesldap_create_reader' description="Créer un utilisateur de lecture dans l'annuaire">
<value>oui</value>
</variable>
<variable type='string' name='cadolesldap_reader' description="Nom de l'utilisateur de lecture">
<value>cadoles-reader</value>
</variable>
<variable type='password' name='cadolesldap_reader_pass' description="Mot de passe de l'utilisateur de lecture"/>
<variable type='oui/non' name='cadolesldap_create_writer' description="Créer un utilisateur avec des droits d'écriture dans l'annuaire">
<value>non</value>
</variable>
<variable type='string' name='cadolesldap_writer' description="Nom de l'utilisateur d'écriture">
<value>cadoles-writer</value>
</variable>
<variable type='password' name='cadolesldap_writer_pass' description="Mot de passe de l'utilisateur d'écriture"/>
</family>
</variables>
<constraints>
<condition name='disabled_if_in' source='activer_cadolesldap'>
<condition name='hidden_if_in' source='activer_cadolesldap'>
<param>non</param>
<target type='filelist'>cadolesldap</target>
<target type='variable'>cadolesldap_pwdadmin</target>
@ -50,18 +35,6 @@
</condition>
<condition name='disabled_if_in' source="cadolesldap_create_reader">
<param>non</param>
<target type='variable'>cadolesldap_reader</target>
<target type='variable'>cadolesldap_reader_pass</target>
</condition>
<condition name='disabled_if_in' source="cadolesldap_create_writer">
<param>non</param>
<target type='variable'>cadolesldap_writer</target>
<target type='variable'>cadolesldap_writer_pass</target>
</condition>
<fill name='concat' target='cadolesldap_organization'>
<param type='eole'>libelle_etab</param>
</fill>

View File

@ -1,50 +1,26 @@
--- distrib/slapd.conf 2019-06-04 11:18:04.000000000 +0200
+++ modif/slapd.conf 2021-01-12 11:06:19.496162295 +0100
@@ -23,11 +23,19 @@
+++ modif/slapd.conf 2020-03-24 09:10:44.724586266 +0100
@@ -23,6 +23,7 @@
%elif %%ldap_schema == 'zephir'
include /etc/ldap/schema/openldap.schema
%end if
+include /etc/ldap/schema/cadoles.schema
## Support du TLS
+%if %%cert_type == "manuel"
+TLSCertificateFile %%server_cert
+TLSCertificateKeyFile %%server_key
+TLSCACertificateFile %%server_pem
+%else
TLSCertificateFile /etc/ldap/ssl/certs/openldap.crt
TLSCertificateKeyFile /etc/ldap/ssl/private/openldap.key
TLSCACertificateFile /etc/ssl/certs/ca.crt
+%end if
+
TLSVerifyClient never
TLSCipherSuite SECURE256:+SIGN-ALL:-VERS-SSL3.0:!AES-128-CBC:!3DES-CBC:!DES-CBC:!ARCFOUR-128:!ARCFOUR-40:!RC2-40:!CAMELLIA-128-CBC:!NULL
@@ -46,6 +54,7 @@
@@ -46,6 +47,7 @@
%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
moduleload syncprov
%end if
+moduleload memberof
# Sample security restrictions
# Require integrity protection (prevent hijacking)
@@ -80,6 +89,7 @@
# compatibilite EAD1 et appli PHP
allow bind_v2
+allow bind_anon_dn
database bdb
# The base of your directory
@@ -216,6 +226,10 @@
syncprov-sessionlog 100
%end if
+overlay memberof
+memberof-group-oc cadolesGroup
+memberof-member-ad cadolesMember
+
@@ -219,3 +221,7 @@
%if %%ldap_replication_client == 'oui'
include /etc/ldap/replication.conf
%end if
+
+overlay memberof
+memberof-group-oc cadolesGroup
+memberof-member-ad cadolesMember

View File

@ -131,6 +131,5 @@ objectclass ( 2.16.840.1.113732.3.1.4
NAME 'cadolesGroup'
DESC 'Descirption Groupe Cadoles'
SUP top AUXILIARY
MAY ( cadolesMember $
mail
MAY ( cadolesMember
) )

View File

@ -1,96 +0,0 @@
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.1
schemaIdGuid:: BS9z8eJKvYZ+lS8OJgeC1g==
cn: cadolesPerson
name: cadolesPerson
lDAPDisplayName: cadolesPerson
description: Description Personne Cadoles
subClassOf: top
objectClassCategory: 3
mayContain: givensName
mayContain: usualname
mayContain: birthdate
mayContain: birthcountry
mayContain: birthplace
mayContain: gender
mayContain: job
mayContain: position
mayContain: belongingpopulation
mayContain: authlevel
defaultObjectCategory: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.2
schemaIdGuid:: 7pJbNueSjwpq7TsL2aiW1w==
cn: cadolesSiren
name: cadolesSiren
lDAPDisplayName: cadolesSiren
description: Siren
subClassOf: top
objectClassCategory: 3
mayContain: siren
mayContain: niveau01
defaultObjectCategory: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.3
schemaIdGuid:: BOOf/nwBuCFehtpsyYrLjA==
cn: cadolesSiret
name: cadolesSiret
lDAPDisplayName: cadolesSiret
description: Siret
subClassOf: top
objectClassCategory: 3
mayContain: siret
mayContain: postalAddress
mayContain: niveau02
defaultObjectCategory: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.4
schemaIdGuid:: IPc/rPzhpAjekHrvXgdI8w==
cn: cadolesGroup
name: cadolesGroup
lDAPDisplayName: cadolesGroup
description: Descirption Groupe Cadoles
subClassOf: top
objectClassCategory: 3
mayContain: cadolesMember
defaultObjectCategory: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}

View File

@ -1,299 +0,0 @@
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=givensName,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.101
schemaIdGuid:: Jlbt5wmATVMcWKBhHjDO6Q==
cn: givensName
name: givensName
lDAPDisplayName: givensName
description:: UHLDqW5vbXMgQWdlbnQ=
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=usualname,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.102
schemaIdGuid:: ZHr974ZZzNma8pHl9aaLKA==
cn: usualname
name: usualname
lDAPDisplayName: usualname
description: Nom Usage
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=birthdate,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.103
schemaIdGuid:: wkZpNuM104JsF2zMxq3fnw==
cn: birthdate
name: birthdate
lDAPDisplayName: birthdate
description: Date de Naissance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=birthcountry,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.104
schemaIdGuid:: +ReayhtKgycw+f1WmyUFjA==
cn: birthcountry
name: birthcountry
lDAPDisplayName: birthcountry
description: Code INSEE Pays de Naissance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=birthplace,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.105
schemaIdGuid:: PWA2lFufaLT7V426mHUTEA==
cn: birthplace
name: birthplace
lDAPDisplayName: birthplace
description: Code INSEE Lieu de Naissance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=gender,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.106
schemaIdGuid:: SLktEEb4rGlIyy5Eo9Shjg==
cn: gender
name: gender
lDAPDisplayName: gender
description: Sexe de la Personne
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=job,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.107
schemaIdGuid:: nhVCGzIC/Fdk2uAMDGHfFA==
cn: job
name: job
lDAPDisplayName: job
description:: TcOpdGllcg==
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=position,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.108
schemaIdGuid:: j0OPKDBf7J/iPToHdwF0ZQ==
cn: position
name: position
lDAPDisplayName: position
description:: Rm9uY3Rpb24gcmVsYXRpdmUgw6AgVW5pdMOpIE9yZ2FuaXNhdGlvbm5lbGxl
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=belongingpopulation,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.109
schemaIdGuid:: KVMi+GCSzkYHccfbRnCmaQ==
cn: belongingpopulation
name: belongingpopulation
lDAPDisplayName: belongingpopulation
description: Population Appartenance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=authlevel,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.110
schemaIdGuid:: i7mCIv1VtoKwDOwX8hHs4A==
cn: authlevel
name: authlevel
lDAPDisplayName: authlevel
description:: Tml2ZWF1IEF1dGhlbnRpZmljYXRpb24gRGVtYW5kw6k=
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=siren,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.111
schemaIdGuid:: yWAVXrzf61bqVFmttTCMoQ==
cn: siren
name: siren
lDAPDisplayName: siren
description: Identifiant Entreprise
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=siret,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.112
schemaIdGuid:: xuETMsIWjPkNn9PP6XH2Hw==
cn: siret
name: siret
lDAPDisplayName: siret
description: Identifiant Etablissement
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesMember,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.113
schemaIdGuid:: jKgWUFwz5KWM4Fkbbiuw6Q==
cn: cadolesMember
name: cadolesMember
lDAPDisplayName: cadolesMember
description: Membres du groupe
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: FALSE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=niveau01,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.114
schemaIdGuid:: ax677pNcedcU/lJbaV61rg==
cn: niveau01
name: niveau01
lDAPDisplayName: niveau01
description: Label Entreprise
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=niveau02,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.115
schemaIdGuid:: caUDcwXPL7LKxotwqD4LsQ==
cn: niveau02
name: niveau02
lDAPDisplayName: niveau02
description: Label Etablissement
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE

View File

@ -1,69 +0,0 @@
#!/bin/bash
#
# Initialisation of LDAP Directory
#
#
# Run command as particular user
#
function runAs() {
USER=${1}
shift
CMD="su ${USER} -s /bin/bash -c ${@}"
eval ${CMD}
return ${?}
}
function addLDAPschema()
{
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
USER="openldap"
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
service slapd stop
runAs ${USER} ${CMD}
result=$((result+${?}))
service slapd start
return ${result}
}
function addADSchema()
{
/usr/share/eole/sbin/cadoles_add_schema.sh
return ${?}
}
function main()
{
MODE=${1}
result=0
if [[ ${MODE} == "instance" ]]
then
if [[ $(CreoleGet eole_module) == "seth" ]]
then
addADSchema
return ${?}
else
addLDAPschema
return ${?}
fi
fi
}
if [[ $(CreoleGet eole_module eolebase) != "seth" ]]
then
exit 0
fi
if [[ $(CreoleGet activer_cadolesldap non) == "oui" ]]
then
main $@
exit ${?}
else
exit 0
fi

View File

@ -17,49 +17,27 @@ function runAs() {
return ${?}
}
function addLDAPschema()
{
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
USER="openldap"
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
service slapd stop
runAs ${USER} ${CMD}
result=$((result+${?}))
service slapd start
return ${result}
}
function addADSchema()
{
/usr/share/eole/sbin/cadoles_add_schema.sh
return ${?}
}
function main()
{
MODE=${1}
result=0
MODE=${1}
result=0
if [[ ${MODE} == "instance" ]]
then
if [[ $(CreoleGet eole_module) == "seth" ]]
then
addADSchema
return ${?}
else
addLDAPschema
return ${?}
fi
fi
if [[ ${MODE} == "instance" ]]
then
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
USER="openldap"
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
service slapd stop
runAs ${USER} ${CMD}
result=$((result+${?}))
service slapd start
return ${result}
fi
}
if [[ $(CreoleGet eole_module eolebase) == "seth" ]]
then
exit 0
fi
if [[ $(CreoleGet activer_cadolesldap non) == "oui" ]]
then
main $@

View File

@ -1,93 +0,0 @@
#!/bin/bash
set -e
if [[ ! -e /etc/eole/samba4-vars.conf ]]
then
exit 0
fi
. /etc/eole/samba4-vars.conf
function updateSchemaDN()
{
STR=${1}
DN=${2}
FILE=${3}
sed -i -e "s/${STR}/${DN}/g" ${FILE}
return ${?}
}
function user_exists() {
local username="${1}"
samba-tool user show "${username}" > /dev/null 2>&1
return ${?}
}
DN="$(CreoleGet cadolesldap_basedn)"
BASEDN="CN=Schema,CN=Configuration,${DN}"
INITDIR="/etc/cadolesldap/init"
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $BASEDN CN=siren CN | grep "returned.*records")
if [ "$RETURNED" = "# returned 0 records" ]; then
# Import schema
SCHEMAS="cadoles.schema cadoles.schema-2"
PRIVATE_DIR=/etc/eole/private
for schema in $SCHEMAS
do
updateSchemaDN "{DNCONFIG}" "${DN}" /etc/ldap/schema/eole/${schema}.ldif
if [[ $? -ne 0 ]]
then
echo "Error updating DN for ${schema}"
break
fi
ldbmodify -H /var/lib/samba/private/sam.ldb /etc/ldap/schema/eole/${schema}.ldif --option="dsdb:schema update allowed"=true
if [[ $? -ne 0 ]]
then
echo "Error updating Schema ${schema} !!"
break
fi
done
fi
lv1=$(CreoleGet cadolesldap_niveau01name )
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $DN OU=${lv1} OU | grep "#.* entries")
if [ "$RETURNED" = "# 0 entries" ]; then
ldbmodify -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesldap.ldif
if [[ -e ${INITDIR}/cadolesindex.ldif ]]
then
ldbmodify --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesindex.ldif
fi
if [[ $(CreoleGet cadolesldap_create_reader non) == "oui" ]]
then
user=$(CreoleGet cadolesldap_reader)
password=$(CreoleGet cadolesldap_reader_pass)
if ! user_exists ${user}
then
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
samba-tool user create --random-password $user
samba-tool user setexpiry $user --noexpiry
samba-tool user setpassword $user --newpassword="${password}"
fi
fi
if [[ $(CreoleGet cadolesldap_create_writer non) == "oui" ]]
then
user=$(CreoleGet cadolesldap_writer)
password=$(CreoleGet cadolesldap_writer_pass)
if ! user_exists ${user}
then
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
samba-tool user create --random-password $user
samba-tool user setexpiry $user --noexpiry
samba-tool group addmembers 'Domain Admins' $user
samba-tool user setpassword $user --newpassword="${password}"
fi
fi
fi
exit 0

View File

@ -1,121 +1,66 @@
%import pyeole.ssha
# Entrée 3: ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 3: ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: %%cadolesldap_organization
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: %%cadolesldap_niveau01branche
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: posixGroup
objectclass: top
%if %%eole_module == "seth"
objectclass: group
%else
objectclass: sambaGroupMapping
%end if
objectclass: cadolesGroup
objectclass: cadolesSiren
cn: %%cadolesldap_niveau01name
gidnumber: 1
memberuid: admin
%if %%eole_module != "seth"
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%end if
%if %%eole_module != "seth"
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
sambagrouptype: 2
sambasid: 1
%end if
%if not %%is_empty(%%cadolesldap_niveau01siren)
siren: %%cadolesldap_niveau01siren
%else
siren: %%cadolesldap_niveau01name
%end if
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: %%cadolesldap_niveau02branche
ou: %%%%cadolesldap_niveau02branche
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entrée 8: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 8: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: organizationalUnit
objectclass: top
ou: users
%if %%eole_module == "seth"
# Entrée 9: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%else
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%end if
%if %%eole_module == "seth"
changetype: add
%end if
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
objectclass: top
objectclass: person
objectclass: organizationalPerson
%if %%eole_module == "seth"
objectclass: user
%end if
objectclass: inetOrgPerson
objectclass: cadolesPerson
objectclass: cadolesSiren
objectclass: cadolesSiret
authlevel: simple
uid: admin
cn: admin
cn: %%cadolesldap_organization
sn: %%cadolesldap_organization
displayname: Administrateur %%cadolesldap_organization
givenname: Administrateur
%if not %%is_empty(%%system_mail_to)
mail: %%system_mail_to
%end if
%if not %%is_empty(%%cadolesldap_niveau01siren)
siren: %%cadolesldap_niveau01siren
%else
siren: %%cadolesldap_niveau01name
%end if
niveau01: %%cadolesldap_niveau01name
userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin)
%if %%eole_module == "seth"
# FIXME CadolesMember ...
# Entrée 9bis: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
#dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
#changetype: add
#cadolesMember: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%end if