From a6eeb05ca9611dd30d618eac54b9d2a4599a0f3c Mon Sep 17 00:00:00 2001
From: Daniel Dehennin <daniel.dehennin@ac-dijon.fr>
Date: Wed, 14 Oct 2020 13:19:05 +0200
Subject: [PATCH] Smooth the configuration of LemonLDAP::NG on Scribe

Ref: #30852
---
 dicos/71_lemonldap_ng_scribe.xml              | 57 +++++++++++++++++++
 .../98-lemonldap-ng-scribe-register-hosts     | 45 +++++++++++++++
 2 files changed, 102 insertions(+)
 create mode 100644 dicos/71_lemonldap_ng_scribe.xml
 create mode 100644 postservice/98-lemonldap-ng-scribe-register-hosts

diff --git a/dicos/71_lemonldap_ng_scribe.xml b/dicos/71_lemonldap_ng_scribe.xml
new file mode 100644
index 0000000..121f980
--- /dev/null
+++ b/dicos/71_lemonldap_ng_scribe.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="utf-8"?>
+<creole>
+
+    <files />
+
+    <variables />
+
+    <constraints>
+
+        <fill name='calc_multi_condition' target='activer_sso'>
+            <param>oui</param>
+            <param type='eole' name='condition_1'>activerLemon</param>
+            <param name='match'>distant</param>
+            <param name='default_mismatch'>local</param>
+        </fill>
+
+        <condition name='frozen_if_in' source='activerLemon'>
+            <param>oui</param>
+            <target type='variable'>activer_sso</target>
+        </condition>
+
+        <auto name='calc_multi_condition' target='ldapScheme'>
+            <param>oui</param>
+            <param type='eole' name='condition_1'>ldap_tls</param>
+            <param name='match'>ldaps</param>
+            <param name='default_mismatch'>ldap</param>
+        </auto>
+
+        <auto name='calc_val' target='ldapServer'>
+            <param type='eole'>adresse_ip_ldap</param>
+        </auto>
+
+        <auto name='calc_val' target='ldapServerPort'>
+            <param type='eole'>ldap_port</param>
+        </auto>
+
+        <auto name='calc_val' target='ldapUserBaseDN'>
+            <param type='eole'>ldap_base_dn</param>
+        </auto>
+
+        <auto name='calc_val' target='ldapBindUserDN'>
+            <param type='eole'>ldap_reader</param>
+        </auto>
+
+        <auto name='calc_val' target='ldapBindUserPassword'>
+            <param type='eole'>ldap_reader_passfile</param>
+        </auto>
+
+        <auto name='calc_val' target='casFolder'>
+            <param type='eole'>eolesso_cas_folder</param>
+        </auto>
+
+    </constraints>
+
+    <help />
+
+</creole>
diff --git a/postservice/98-lemonldap-ng-scribe-register-hosts b/postservice/98-lemonldap-ng-scribe-register-hosts
new file mode 100644
index 0000000..eda1aa7
--- /dev/null
+++ b/postservice/98-lemonldap-ng-scribe-register-hosts
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+[ "$(CreoleGet activerLemon non)" = 'oui' ] || exit 0
+
+[ -f /usr/lib/eole/eolead.sh ] || exit 0
+
+. /usr/lib/eole/eolead.sh
+# ScribeAD/HorusAD
+. $CONTAINER_ROOTFS/etc/eole/samba4-vars.conf
+DNS_IP="${CONTAINER_IP}"
+CONTAINER_EXEC='lxc-attach -n addc --'
+
+EXT_IP=$(CreoleGet adresse_ip_eth0)
+
+for service in manager auth reload
+do
+    fqdn=$(CreoleGet "${service}WebName")
+    service_addr=$(dig "@${DNS_IP}" "${fqdn}" +short)
+    if [ "${service_addr}" != "${EXT_IP}" ]
+    then
+        ${CONTAINER_EXEC} kinit "${AD_HOST_NAME^^}@${AD_REALM^^}" -k -t "${AD_HOST_KEYTAB_FILE}"
+        if [ -n "${service_addr}" ]
+        then
+            echo -n "Suppression de l’enregistrement DNS '${fqdn} IN A ${service_addr}' : "
+            $CONTAINER_EXEC samba-tool \
+                            dns \
+                            delete \
+                            "${AD_HOST_NAME}.${AD_REALM}" \
+                            "${AD_REALM}" \
+                            "${fqdn}" A "${service_addr}" \
+                            -k 1
+        fi
+
+        echo -n "Ajout de l’enregistrement DNS '${fqdn} IN A ${EXT_IP}' : "
+        $CONTAINER_EXEC samba-tool \
+                        dns \
+                        add \
+                        "${AD_HOST_NAME}.${AD_REALM}" \
+                        "${AD_REALM}" \
+                        "${fqdn}" A "${EXT_IP}" \
+                        -k 1
+    fi
+done
+
+exit 0