}
+#------------------------------------------------
+update_public_sshkeys() {
+
+ local key_file="$1"
+ local uid=
+ local filter=
+ local cmd=
+ local dn=
+ local cn=
+ local key=
+ local line=
+ local out=
+ local oifs="${IFS}"
+
+ local -a keys_to_have=()
+ local -a object_classes=()
+ local -a existing_keys=()
+ local -a keys_to_add=()
+
+ empty_line
+ uid=$( basename "${key_file}" .pub )
+ debug "Checking SSH keys of uid '${CYAN}${uid}${NORMAL}' ..."
+
+ debug "Searching for DN of uid '${CYAN}${uid}${NORMAL}' ..."
+ filter="(&(objectClass=*)(uid=${uid}))"
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${DPX_PEOPLE_SEARCH_BASE}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"${filter}\" dn | grep '^dn:' | sed -e 's/^dn:[ ][ ]*//i' | head -n 1"
+ # debug "Executing: ${cmd}"
+ dn=$( eval ${cmd} )
+
+ if [[ -z "${dn}" ]] ; then
+ warn "Did not found DN of uid '${YELLOW}${uid}${NORMAL}'."
+ return 0
+ fi
+ debug "Found DN of '${CYAN}${uid}${NORMAL}': ${CYAN}${dn}${NORMAL}."
+
+ IFS="
+"
+
+ debug "Searching for Common name of uid '${CYAN}${uid}${NORMAL}' ..."
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"(objectClass=*)\" cn | grep -i '^cn:' | head -n 1"
+ # debug "Executing: ${cmd}"
+ value=$( eval ${cmd} )
+ if [[ -n "${value}" ]] ; then
+ if echo "${value}" | grep -q -i "^cn::" ; then
+ cn=$( printf "${value}" | sed -e 's/^cn::[ ][ ]*//i' | base64 -d )
+ else
+ cn=$( printf "${value}" | sed -e 's/^cn:[ ][ ]*//i' )
+ fi
+ debug "Found Common name of uid '${CYAN}${uid}${NORMAL}': '${CYAN}${cn}${NORMAL}'."
+ else
+ warn "Did not found Common name of uid '${YELLOW}${uid}${NORMAL}'."
+ cn="${uid}"
+ fi
+
+ debug "Reading configured keys from file '${CYAN}${key_file}${NORMAL}' ..."
+ for line in $( cat "${key_file}" | sort -i ) ; do
+ if echo "${line}" | grep -q -P '^\s*(#|$)' ; then
+ continue
+ fi
+ keys_to_have+=( "${line}" )
+ done
+ IFS="${oifs}"
+ if [[ "${#keys_to_have[*]}" == "0" ]] ; then
+ info "No public keys defined for user ${CYAN}${cn}${NORMAL}."
+ return 0
+ fi
+ debug "Found ${CYAN}${#keys_to_have[*]} SSH keys${NORMAL} to have."
+
+ debug "Reading existing SSH keys for Common name ${CYAN}${cn}${NORMAL} ..."
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"(objectClass=*)\" objectClass sshPublicKey | grep -E -i '^(objectClass|sshPublicKey):'"
+ debug "Executing: ${cmd}"
+ out==$( eval ${cmd} || true )
+
+ local has_ldap_public_key="n"
+ if echo "${out}" | grep -i '^objectClass:' | grep -q -i -w 'ldapPublicKey' ; then
+ has_ldap_public_key="y"
+ fi
+
+ IFS="
+"
+
+ for key in $( echo "${out}" | grep -i '^sshPublicKey:' | sed -e 's/^sshPublicKey:[ ][ ]*//i' | sort -i ) ; do
+ existing_keys+=( "${key}" )
+ done
+ IFS="${oifs}"
+ debug "Found ${CYAN}${#existing_keys[*]} existing SSH keys${NORMAL}."
+
+ local key1=
+ local key1_lc=
+ local key2=
+ local key2_lc=
+ local found=
+ for key1 in "${keys_to_have[@]}" ; do
+ found="n"
+ key1_lc=$( echo "${key1}" | tr '[:upper:]' '[:lower:]' )
+ for key2 in "${existing_keys[@]}" ; do
+ key2_lc=$( echo "${key2}" | tr '[:upper:]' '[:lower:]' )
+ if [[ "${key1_lc}" == "${key2_lc}" ]] ; then
+ found="y"
+ break
+ fi
+ done
+ if [[ "${found}" == "n" ]] ; then
+ keys_to_add+=( "${key1}" )
+ fi
+ done
+
+ if [[ "${has_ldap_public_key}" == "y" && "${#keys_to_add[*]}" == "0" ]] ; then
+ info "No changes on public SSH keys necessary for user ${CYAN}${cn}${NORMAL}."
+ return 0
+ fi
+
+ cat > "${LDIF_FILE}" <<-EOF
+ dn: ${dn}
+ changetype: modify
+ EOF
+
+ if [[ "${has_ldap_public_key}" == "n" ]] ; then
+ info "Adding objectClass ${CYAN}ldapPublicKey${NORMAL} to user ${CYAN}${cn}${NORMAL} ..."
+ cat >> "${LDIF_FILE}" <<-EOF
+ add: objectClass
+ objectClass: ldapPublicKey
+ -
+ EOF
+ fi
+
+ if [[ "${#keys_to_add[*]}" -gt 0 ]] ; then
+ info "Adding ${CYAN}${#keys_to_add[*]} public SSH key(s)${NORMAL} to user ${CYAN}${cn}${NORMAL} ..."
+
+ echo "add: sshPublicKey" >> "${LDIF_FILE}"
+ for key in "${keys_to_add[@]}" ; do
+ cat >> "${LDIF_FILE}" <<-EOF
+ sshPublicKey: ${key}
+ EOF
+ done
+ echo "-" >> "${LDIF_FILE}"
+ fi
+
+ echo '' >> "${LDIF_FILE}"
+ if [[ "${VERBOSE}" == "y" ]] ; then
+ debug "Resulting LDIF:"
+ cat "${LDIF_FILE}"
+ fi
+
+ cmd="ldapmodify -H \"${LDAP_URL}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\""
+ cmd+=" -f \"$( readlink -f "${LDIF_FILE}" )\""
+ # debug "Executing: ${cmd}"
+ if [[ "${SIMULATE}" != "y" ]] ; then
+ eval $cmd
+ fi
+ debug "Done."
+}
+
+#------------------------------------------------
+update_all_public_sshkeys() {
+
+ empty_line
+ draw_line
+ info "Updating public SSH keys of users ..."
+
+ local key_dir="ssh_keys"
+ if [[ ! -d "${key_dir}" ]] ; then
+ error "Directory for public SSH keys '${RED}${key_dir}${NORMAL}' not found."
+ exit 8
+ fi
+
+ local key_file=
+
+ for key_file in "${key_dir}"/*.pub ; do
+ update_public_sshkeys "${key_file}"
+ done
+
+}
+
#------------------------------------------------
main() {
trap cleanup_tmp_file INT TERM EXIT ABRT
update_passwords
- # update_all_mailhosts
+ update_all_mailhosts
+ update_all_public_sshkeys
+ empty_line
+ info "Finished."
}
projects / pixelpark / ldap-migration.git / commitdiff