From 1e525f76e693ada38fecb57eabb7d07fe8501bc2 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Thu, 3 Nov 2022 10:58:32 +0100
Subject: [PATCH] Fixing LDAP URL and credential file in scripts.

---
 scripts/check-ldap-passwd   |  2 +-
 scripts/functions.rc        | 27 +++++++++++++++++++++++----
 scripts/get-ldap-dn         |  2 +-
 scripts/get-ldap-info       |  2 +-
 scripts/get-ldap-mail       |  2 +-
 scripts/get-ldap-membership |  4 ++--
 6 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/scripts/check-ldap-passwd b/scripts/check-ldap-passwd
index 9cf2dde..7089c24 100755
--- a/scripts/check-ldap-passwd
+++ b/scripts/check-ldap-passwd
@@ -124,7 +124,7 @@ main() {
     local result=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\" "
+    cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\" "
     cmd_base+="-x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\""
 
     local filter="(&(|(uid=${OBJECT_TOKEN})(mail=${OBJECT_TOKEN}))(userPassword=*))"
diff --git a/scripts/functions.rc b/scripts/functions.rc
index f44977d..cb66215 100644
--- a/scripts/functions.rc
+++ b/scripts/functions.rc
@@ -45,15 +45,17 @@ DESCRIPTION="${DESCRIPTION:-Failing script description}"
 
 # LDAP Defaults
 LDAP_USR="cn=admin"
-LDAP_PWD_FILE="${HOME}/.private/ldap-admin-wonl.txt"
+LDAP_PWD_FILE="${HOME}/.private/dirsrv-prd-dpx-admin-pwd-wonl.txt"
 LDAP_BASE="o=isp"
 LDAP_HOST="ldap.pixelpark.com"
-LDAP_PORT=389
+LDAP_PORT=
+LDAP_SSL="y"
+LDAP_URL=
 
 # shellcheck disable=SC2034
 LDAP_STD_OPTS_SHORT="D:y:H:P:b:"
 # shellcheck disable=SC2034
-LDAP_STD_OPTS_LONG="bind-dn:,password-file:,ldap-host:,ldap-port:,base-dn:"
+LDAP_STD_OPTS_LONG="bind-dn:,password-file:,ldap-host:,ldap-port:,base-dn:,no-ldap-ssl"
 
 # shellcheck disable=SC2034
 LDAP_USAGE_MSG=$( cat <<-EOF
@@ -66,9 +68,10 @@ LDAP_USAGE_MSG=$( cat <<-EOF
 	        -H|--ldap-host HOSTNAME
 	                        The hostname or IP address of the LDAP-Server (Default: '${LDAP_HOST}').
 	        -P|--ldap-port PORT
-	                        The port number of the LDAP-Server (Default: ${LDAP_PORT}).
+	                        The port number of the LDAP-Server, if it is not the standard port.
 	        -b|--base-dn SEARCH_BASE
 	                        The starting point for the LDAP search (Default: '${LDAP_BASE}')
+	        --no-ldap-ssl   Disable LDAPS on all LDAP actions.
 	EOF
     )
 
@@ -241,6 +244,10 @@ eval_ldap_options() {
                     shift
                     shift
                     ;;
+                --no-ldap-ssl)
+                    LDAP_SSL='n'
+                    shift
+                    ;;
                 --) shift
                     break
                     ;;
@@ -269,6 +276,18 @@ eval_ldap_options() {
         exit 3
     fi
 
+    if [[ "${LDAP_SSL}" == "n" ]] ; then
+        LDAP_URL="ldap://${LDAP_HOST}"
+        if [[ -n "${LDAP_PORT}" && "${LDAP_PORT}" != "389" ]] ; then
+            LDAP_URL+=":${LDAP_PORT}"
+        fi
+    else
+        LDAP_URL="ldaps://${LDAP_HOST}"
+        if [[ -n "${LDAP_PORT}" && "${LDAP_PORT}" != "636" ]] ; then
+            LDAP_URL+=":${LDAP_PORT}"
+        fi
+    fi
+
 }
 
 #------------------------------------------------------------------------------
diff --git a/scripts/get-ldap-dn b/scripts/get-ldap-dn
index fd33120..db3be97 100755
--- a/scripts/get-ldap-dn
+++ b/scripts/get-ldap-dn
@@ -131,7 +131,7 @@ main() {
     local filter=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd_base+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
 
     for token in "${TOKENS[@]}" ; do
diff --git a/scripts/get-ldap-info b/scripts/get-ldap-info
index 33baf6d..3ec16c7 100755
--- a/scripts/get-ldap-info
+++ b/scripts/get-ldap-info
@@ -128,7 +128,7 @@ main() {
     local result=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+    cmd_base+="-H \"${LDAP_URL}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
 
     for token in "${TOKENS[@]}" ; do
 
diff --git a/scripts/get-ldap-mail b/scripts/get-ldap-mail
index e9fcdfc..817b333 100755
--- a/scripts/get-ldap-mail
+++ b/scripts/get-ldap-mail
@@ -136,7 +136,7 @@ main() {
     local filter=
 
     local cmd_base="ldapsearch -LLL -o ldif-wrap=no "
-    cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd_base+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
 
     for token in "${TOKENS[@]}" ; do
diff --git a/scripts/get-ldap-membership b/scripts/get-ldap-membership
index cf1bb32..c79dc97 100755
--- a/scripts/get-ldap-membership
+++ b/scripts/get-ldap-membership
@@ -131,7 +131,7 @@ get_dn() {
 
     info "Getting DN of LDAP-Object with E-Mail address or UID '${CYAN}${user_id}${NORMAL}' ..."
 
-    cmd="ldapsearch -LLL -o ldif-wrap=no -h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd="ldapsearch -LLL -o ldif-wrap=no -H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" \"${filter}\" dn"
     debug "Executing: ${cmd}"
     for line in $( eval ${cmd} | grep -i '^dn:' | sed -e 's/^dn:[ 	]*//i' ) ; do
@@ -155,7 +155,7 @@ search_memberships() {
     ldap_filter_oclass+=")"
 
     local filter="(&${ldap_filter_oclass}(|(uniqueMember=${dn})(member=${dn})))"
-    cmd="ldapsearch -LLL -o ldif-wrap=no -h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\""
+    cmd="ldapsearch -LLL -o ldif-wrap=no -H \"${LDAP_URL}\" -b \"${LDAP_BASE}\""
     cmd+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" \"${filter}\""
     cmd+=" dn cn description mail mailAlternateAddress mailEquivalentAddress"
     debug "Executing: ${cmd}"
-- 
2.39.5