Fixing LDAP URL and credential file in scripts.

diff --git a/scripts/check-ldap-passwd b/scripts/check-ldap-passwd
index 9cf2dde875977426de7d8f7b4fafc6208558a60c..7089c24abf9b70bab4a26b241d49021941533fb6 100755 (executable)
--- a/scripts/check-ldap-passwd
+++ b/scripts/check-ldap-passwd
@@ -124,7 +124,7 @@ main() {
     local result=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\" "
+    cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\" "
     cmd_base+="-x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\""
 
     local filter="(&(|(uid=${OBJECT_TOKEN})(mail=${OBJECT_TOKEN}))(userPassword=*))"

diff --git a/scripts/functions.rc b/scripts/functions.rc
index f44977d3460f9df25699b693bebaad84de0c10de..cb6621588425cc0714cb205cdfc52bf6fd2e0c1c 100644 (file)
--- a/scripts/functions.rc
+++ b/scripts/functions.rc
@@ -45,15 +45,17 @@ DESCRIPTION="${DESCRIPTION:-Failing script description}"
 
 # LDAP Defaults
 LDAP_USR="cn=admin"
-LDAP_PWD_FILE="${HOME}/.private/ldap-admin-wonl.txt"
+LDAP_PWD_FILE="${HOME}/.private/dirsrv-prd-dpx-admin-pwd-wonl.txt"
 LDAP_BASE="o=isp"
 LDAP_HOST="ldap.pixelpark.com"
-LDAP_PORT=389
+LDAP_PORT=
+LDAP_SSL="y"
+LDAP_URL=
 
 # shellcheck disable=SC2034
 LDAP_STD_OPTS_SHORT="D:y:H:P:b:"
 # shellcheck disable=SC2034
-LDAP_STD_OPTS_LONG="bind-dn:,password-file:,ldap-host:,ldap-port:,base-dn:"
+LDAP_STD_OPTS_LONG="bind-dn:,password-file:,ldap-host:,ldap-port:,base-dn:,no-ldap-ssl"
 
 # shellcheck disable=SC2034
 LDAP_USAGE_MSG=$( cat <<-EOF
@@ -66,9 +68,10 @@ LDAP_USAGE_MSG=$( cat <<-EOF
                -H|--ldap-host HOSTNAME
                                The hostname or IP address of the LDAP-Server (Default: '${LDAP_HOST}').
                -P|--ldap-port PORT
-                               The port number of the LDAP-Server (Default: ${LDAP_PORT}).
+                               The port number of the LDAP-Server, if it is not the standard port.
                -b|--base-dn SEARCH_BASE
                                The starting point for the LDAP search (Default: '${LDAP_BASE}')
+               --no-ldap-ssl   Disable LDAPS on all LDAP actions.
        EOF
     )
 
@@ -241,6 +244,10 @@ eval_ldap_options() {
                     shift
                     shift
                     ;;
+                --no-ldap-ssl)
+                    LDAP_SSL='n'
+                    shift
+                    ;;
                 --) shift
                     break
                     ;;
@@ -269,6 +276,18 @@ eval_ldap_options() {
         exit 3
     fi
 
+    if [[ "${LDAP_SSL}" == "n" ]] ; then
+        LDAP_URL="ldap://${LDAP_HOST}"
+        if [[ -n "${LDAP_PORT}" && "${LDAP_PORT}" != "389" ]] ; then
+            LDAP_URL+=":${LDAP_PORT}"
+        fi
+    else
+        LDAP_URL="ldaps://${LDAP_HOST}"
+        if [[ -n "${LDAP_PORT}" && "${LDAP_PORT}" != "636" ]] ; then
+            LDAP_URL+=":${LDAP_PORT}"
+        fi
+    fi
+
 }
 
 #------------------------------------------------------------------------------

diff --git a/scripts/get-ldap-dn b/scripts/get-ldap-dn
index fd33120cdfa04cddc8ef7043cafb5402b0728f19..db3be9792a759d52837afe5200f03487751fdb9d 100755 (executable)
--- a/scripts/get-ldap-dn
+++ b/scripts/get-ldap-dn
@@ -131,7 +131,7 @@ main() {
     local filter=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd_base+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
 
     for token in "${TOKENS[@]}" ; do

diff --git a/scripts/get-ldap-info b/scripts/get-ldap-info
index 33baf6d86706144eb9ed621e62294cfb0b734a07..3ec16c7edec7c20524637bcae799d9d240539e99 100755 (executable)
--- a/scripts/get-ldap-info
+++ b/scripts/get-ldap-info
@@ -128,7 +128,7 @@ main() {
     local result=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+    cmd_base+="-H \"${LDAP_URL}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
 
     for token in "${TOKENS[@]}" ; do
 

diff --git a/scripts/get-ldap-mail b/scripts/get-ldap-mail
index e9fcdfcb60538a5519d057f823812573c933828f..817b33351dc6293ecb62ff11acc232d71e7f7d0b 100755 (executable)
--- a/scripts/get-ldap-mail
+++ b/scripts/get-ldap-mail
@@ -136,7 +136,7 @@ main() {
     local filter=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd_base+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
 
     for token in "${TOKENS[@]}" ; do

diff --git a/scripts/get-ldap-membership b/scripts/get-ldap-membership
index cf1bb329c7bb2bfc2169beb79b7c6669fb004905..c79dc9732c4217d772f003db7d7653f72aa48d44 100755 (executable)
--- a/scripts/get-ldap-membership
+++ b/scripts/get-ldap-membership
@@ -131,7 +131,7 @@ get_dn() {
 
     info "Getting DN of LDAP-Object with E-Mail address or UID '${CYAN}${user_id}${NORMAL}' ..."
 
-    cmd="ldapsearch -LLL -o ldif-wrap=no -h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd="ldapsearch -LLL -o ldif-wrap=no -H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" \"${filter}\" dn"
     debug "Executing: ${cmd}"
     for line in $( eval ${cmd} | grep -i '^dn:' | sed -e 's/^dn:[      ]*//i' ) ; do
@@ -155,7 +155,7 @@ search_memberships() {
     ldap_filter_oclass+=")"
 
     local filter="(&${ldap_filter_oclass}(|(uniqueMember=${dn})(member=${dn})))"
-    cmd="ldapsearch -LLL -o ldif-wrap=no -h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd="ldapsearch -LLL -o ldif-wrap=no -H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" \"${filter}\""
     cmd+=" dn cn description mail mailAlternateAddress mailEquivalentAddress"
     debug "Executing: ${cmd}"