#!/bin/ksh # # Copyright 12/13/99 Sun Microsystems, Inc. All Rights Reserved # # automatically updates the nis.mapping file with all the maps present on the # system # unset ENV trapfunc() { mv /var/yp/Makefile.preinstall /var/yp/Makefile >/dev/null 2>&1 rm -f /tmp/sed.$$ /var/yp/Makefile.$$ /etc/opt/SUNWconn/ldap/current/dsserv.conf.$$ stty echo domainname `cat /etc/defaultdomain` echo "Installation aborted" exit 1 } trap trapfunc INT QUIT stop_dsyppasswd() { pid=`ps -fe | grep lib/dsyppasswdd | grep -v grep|awk '{print $2}'` if [ -n "$pid" ] then echo "Stopping NIS password daemon (dsyppasswdd)..." kill -TERM ${pid} fi } create_mapping() { MAP_NAME=$1 cat <<% >>$MAP_NAME.tmpmap # # $MAP_NAME map # Table: $MAP_NAME Common: MAP_NAME=$MAP_NAME CASE_SENSITIVE=yes Dynamic: LINE =>\$nisKeyT \$nisValueT nisKeyT=\$NIS_KEY MATCH_FILTER=(&(objectClass=nisSunObject)(sunNisKey=\$nisKeyT)) ALL_FILTER=(&(objectClass=nisSunObject)(sunNisKey=*)) DC_NAMING=split(\$DOMAIN_NAME, ".", "dc=", ",", left2right) rootTreeT=ou=Services,\$NAMING_CONTEXT||ou=Services,\$DC_NAMING BASE_DN=ou=\$MAP_NAME,\$rootTreeT Export: Build: NIS_KEY=\$sunNisKey NIS_VALUE=\$nisMapEntry LINE=\$sunNisKey \$nisMapEntry Import: Extract: LINE =>\$nisKeyT \$nisValueT Condense: trimNisValueT=trim(\$nisValueT) CaseNisKeyT =dprint(\$nisKeyT) Build: dn=cn="\$CaseNisKeyT",\$BASE_DN sunNisKey=\$nisKeyT nisMapEntry=\$trimNisValueT nisMapName=\$MAP_NAME objectClass=nisSunObject % } change_nis_mapping() { MAPPING_FILE=/etc/opt/SUNWconn/ldap/current/mapping/nis.mapping TMP_MAP=$MAPPING_FILE.tmp sed "s/DOMAIN_NAME=.*/DOMAIN_NAME=$NIS_DOMAIN/;s/ADMIN_SUFFIX=.*/ADMIN_SUFFIX=ou=admin,ou=Services,$NAMING_CONTEXT/;/BEGIN AUTOMATICALLY GENERATED MAPPING/,/END AUTOMATICALLY GENERATED MAPPING/d" <$MAPPING_FILE >$TMP_MAP KNOWN_MAPS=`grep MAP_NAME= $TMP_MAP | grep -v \# | sed "s/.*=//;s/\$//;s/\.by.*//"` KNOWN_MAPS=`echo $KNOWN_MAPS | sed "s/ /|/g"` MAP_LIST=`for i in $* ; do echo $i; done | egrep -v "$KNOWN_MAPS"` if [ "$MAP_LIST" != "" ] then for i in $MAP_LIST do echo "Creating mapping for $i" create_mapping $i done cat <<% >>$TMP_MAP # BEGIN AUTOMATICALLY GENERATED MAPPING # This part of the file is replaced automatically # please place your maps before this line or after the end line % cat *.tmpmap >>$TMP_MAP rm -- *.tmpmap fi cat <<% >>$TMP_MAP # This part of the file is replaced automatically # please place your maps after the end line # END AUTOMATICALLY GENERATED MAPPING % mv $TMP_MAP $MAPPING_FILE echo "Mapping file update completed" } disable_nis_plugin() { NIS_CONF=/etc/opt/SUNWconn/ldap/current/nis.conf LDAPPATH=`grep -i "^ldappath" $NIS_CONF | awk '{ print $2}'` NETSCAPE_PORT=`grep -i "^ldapport" $NIS_CONF | awk '{ print $2}'` if [ -z "$NETSCAPE_PORT" ] then NETSCAPE_PORT=389 fi NETSCAPE_CONF=$LDAPPATH/slapd-`uname -n`/config/slapd.conf ADMIN_DN=`grep ^rootdn $NETSCAPE_CONF | sed "s/^rootdn * *//"` ADMIN_DN=`ask "Please enter the dn of the Directory Manager" "$ADMIN_DN"` ADMIN_PW=`passwdAsk "Please enter the Directory Manager password" ""` dsypdecl -s if [ -n "$LDAPPATH" ] then cd $LDAPPATH/shared/bin ./ldapmodify -c -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -p $NETSCAPE_PORT << % dn:cn=nis-plugin,cn=plugins,cn=config changetype:delete dn:cn=sunNisKey,cn=index,cn=config,cn=ldbm changetype:delete % fi cd /var/yp mv Makefile.pre-SUNWdsnis Makefile echo "\nNIS directory extension for Solaris has been disabled\n" echo "Please stop and start the LDAP Server as soon as possible\n" } passwdAsk() { ok=0 while [ $ok -eq 0 ] do echo "$1: \c" > /dev/tty stty -echo read p1 echo > /dev/tty echo "Re-enter password: \c" > /dev/tty read p2 echo > /dev/tty if [ "$p1" != "" -a "$p1" = "$p2" ] then ok=1 else echo "Passwords don't match or null password" > /dev/tty ok=0 fi stty echo done echo $p1 } ask() { OK=n while [ "$OK" = n ] do echo >/dev/tty echo "$1 [$2]: \c" >/dev/tty read ans if [ "$ans" = "" ] then ans=$2 else if [ "$2" = "y" -o "$2" = "n" ] then case $ans in "Y"|"y"|"YES"|"yes"|"Yes") ans=y;; "N"|"n"|"NO"|"no"|"No") ans=n;; esac fi fi if [ "$ans" = y -o "$ans" = n ] then OK=y else echo $ans >/dev/tty echo "is this correct (y/n) [y] \c" >/dev/tty read OK case $OK in ""|"Y"|"y"|"YES"|"yes"|"Yes") OK=y;; "N"|"n"|"NO"|"no"|"No") OK=n;; esac fi done echo $ans } CURDIR=`pwd` BASEDIR=$(pkgparam SUNWdsnis BASEDIR) PATH=$BASEDIR/SUNWconn/ldap/sbin:$BASEDIR/SUNWconn/ldap/bin:$BASEDIR/SUNWconn/ldap/lib:/usr/ccs/bin:/bin:$PATH export PATH USAGE="Usage :\n dsypinstall [-u]\n dsypinstall : enable the LDAP-NIS synchronization\n dsypinstall -u : disable the LDAP-NIS synchronization" set -- `getopt u $*` if [ $? != 0 ] then echo $USAGE exit 2 fi for i in $* do case $i in -u) rm -f /etc/rc2.d/S72dsyp disable_nis_plugin /etc/init.d/dsyp stop exit; shift;; --) shift; break;; esac done echo "" echo "This script initializes the NIS extension for the Netscape/iPlanet" echo "Directory server" echo "" echo "Before running this script, make sure your directory server meets the " echo "following pre-requisite:" echo "" echo " - Netscape Directory Server 4.1 or 4.11 is installed and running" echo " - Solaris NIS server is installed, configured and running" echo "" echo "This script performs the following actions:" echo " - Adds the NIS schema to the LDAP server configuration" echo " - Adds the NIS plugin to the LDAP server configuration" echo " - Configures the NIS extension" echo " - Modifies the NIS Makefile" echo " - Restarts the LDAP server" echo " - If wanted, imports current NIS data into the LDAP directory" echo "" if [ $(ask "Do you want to continue" y) = "n" ] then exit 1 fi if [ ! -f /etc/defaultdomain ] then /usr/sbin/sysidnis fi NIS_DOMAIN=`domainname` if [ ! -f /var/yp/Makefile ] then # # no server was installed before # take the default one # cp $BASEDIR/SUNWconn/ldap/default/yp/Makefile.tmp /var/yp/Makefile else if [ ! -f /var/yp/Makefile.pre-SUNWdsnis ] then cp /var/yp/Makefile /var/yp/Makefile.pre-SUNWdsnis fi fi cp /var/yp/Makefile /var/yp/Makefile.$$ cp /var/yp/Makefile /var/yp/Makefile.preinstall # # get the domain they want to work with # echo NETSCAPE_PATH="/usr/netscape/server4/" NETSCAPE_PATH=`ask "Enter the installation directory of the directory server\n" $NETSCAPE_PATH` NETSCAPE_CONF=$NETSCAPE_PATH/slapd-`uname -n`/config/slapd.conf NETSCAPE_START=$NETSCAPE_PATH/slapd-`uname -n`/start-slapd NETSCAPE_STOP=$NETSCAPE_PATH/slapd-`uname -n`/stop-slapd ADMIN_DN=`grep ^rootdn $NETSCAPE_CONF | sed "s/^rootdn * *//"` ADMIN_DN=`ask "Please enter the dn of the Directory Manager" "$ADMIN_DN"` ADMIN_PW=`passwdAsk "Please enter the Directory Manager password" ""` NETSCAPE_PORT=`grep ^port $NETSCAPE_CONF | sed "s/^port * *//"` NETSCAPE_PORT=`ask "Enter the port number of the LDAP server to update the LDAP schema" $NETSCAPE_PORT` cd $NETSCAPE_PATH/shared/bin # # check that the LDAP server is running # and that it has permissions to update NIS database (root) # ./ldapsearch -p $NETSCAPE_PORT -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -s base -b "cn=config" objectclass=* | grep "^nsslapd-localuser" > /tmp/slap_user if [ $? = 0 ] then if [ `awk '{ print $2}' /tmp/slap_user` != "root" ] then echo "dsypinstall failed (LDAP server must be running as root)" rm /tmp/slap_user rm /var/yp/Makefile.$$ rm /var/yp/Makefile.preinstall exit 1 fi else echo "dsypinstall failed (LDAP server is not running)" rm /var/yp/Makefile.$$ rm /var/yp/Makefile.preinstall exit 1 fi echo NIS_DOMAIN=`ask "Please enter the NIS domain managed by this server\n" $NIS_DOMAIN` if [ ! -d /var/yp/$NIS_DOMAIN ] then echo "ypserv NIS server should be configured on this machine before running" echo "this script. Failure to contact a NIS server for domain $NIS_DOMAIN" echo "may block this procedure." echo "In that case install the ypserv NIS server and restart this procedure" if [ $(ask "Do you want to continue" y) = "n" ] then exit 1 fi fi # # Check that this domain is ok for the dsserv config if we want to use # dc naming # # MAPPING_FILE=/etc/opt/SUNWconn/ldap/current/mapping/nis.mapping NAMING_CONTEXT=`egrep "^[ ]*NAMING_CONTEXT" $MAPPING_FILE | sed "s/[ ]*NAMING_CONTEXT=//"` if [ "$NAMING_CONTEXT" = "" ] then NAMING_CONTEXT=`echo $NIS_DOMAIN | sed "s/^/dc=/;s/\./,dc=/g"` fi # # test if NAMING_CONTEXT is a child of any defined datastore (we have suppressed the # spaces for a pseudo normalization, aliases normalization is not done) # NAMING_CONFIGURED=0 NEED_RESTART=0 EXISTING_NAMING_CONTEXTS=`./ldapsearch -p $NETSCAPE_PORT -s base -b "" objectclass=* namingcontexts | grep namingcontexts | sed 's/^namingcontexts: //'` for i in $EXISTING_NAMING_CONTEXTS do if `echo $NAMING_CONTEXT | grep -i $i >/dev/null` then NAMING_CONFIGURED=1 break fi done if [ $NAMING_CONFIGURED -eq 0 ] then echo echo "The LDAP directory configuration doesn't contain a" echo "subtree for domain $NIS_DOMAIN \"$NAMING_CONTEXT\"" if [ $(ask "Do you want this script to add the subtree $NAMING_CONTEXT in the configuration" y) = "n" ] then echo "Please modify the managed suffixes before so that" echo "it is at least a parent of $NAMING_CONTEXT" echo "you can perform this task with the administration tool" echo echo "The current managed suffixes are : $EXISTING_NAMING_CONTEXTS" echo echo "If you want to set your own subtree for NIS mapping" echo "edit the $MAPPING_FILE file" echo "and uncomment the NAMING_CONTEXT variable" echo rm /var/yp/Makefile.$$ rm /var/yp/Makefile.preinstall exit 1 fi ./ldapmodify -c -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -p $NETSCAPE_PORT << % dn:cn=config,cn=ldbm changetype:modify add:nsslapd-suffix nsslapd-suffix:$NAMING_CONTEXT % fi # test if the nis plugin is already configured, # configure it in case not -> will require server restart ./ldapsearch -p $NETSCAPE_PORT -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -s base -b "cn=config,cn=ldbm" objectclass=* | grep "^nsslapd-plugin" | grep "nis-plugin" > /tmp/nis_plugin if [ -z `cat /tmp/nis_plugin` ] then NEED_RESTART=1 fi dsyppg if [ $? -ne 0 ] then NEED_RESTART=1 fi if [ "$NEED_RESTART" -eq "1" ] then ./ldapmodify -c -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -p $NETSCAPE_PORT << % dn:cn=nis-plugin,cn=plugins,cn=config changetype:add objectclass:nsslapdPlugin nsslapd-pluginpath:/opt/SUNWconn/ldap/lib/libypserv.so.1 nsslapd-plugininitfunc:nis_plugin_init nsslapd-plugintype:postoperation nsslapd-pluginenabled:on nsslapd-backend:cn=ldbm nsslapd-pluginid:nis-plugin nsslapd-pluginversion:1.0 nsslapd-pluginvendor:Sun-Netscape Alliance nsslapd-plugindescription:Solaris NIS synchronization plugin dn:cn=nis-plugin,cn=plugins,cn=config changetype:modify replace:nsslapd-pluginpath nsslapd-pluginpath:/opt/SUNWconn/ldap/lib/libypserv.so.1 dn:cn=nis-plugin,cn=plugins,cn=config changetype:modify replace:nsslapd-pluginenabled nsslapd-pluginenabled:on % fi echo "LDAP server configuration has been updated" if [ $NEED_RESTART -eq 1 ] then echo "It now needs to be restarted" if [ $(ask "Do you want this script to restart the LDAP server" y) = "n" ] then echo "Please restart the server manually and run this script again" exit 0 fi $NETSCAPE_STOP $NETSCAPE_START fi rm /tmp/nis_plugin # need to wait a little before LDAP server is available sleep 5 cd $NETSCAPE_PATH/shared/bin ./ldapmodify -c -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -p $NETSCAPE_PORT -f $BASEDIR/SUNWconn/ldap/default/schema/nis.at.conf ./ldapmodify -c -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -p $NETSCAPE_PORT -f $BASEDIR/SUNWconn/ldap/default/schema/nis.oc.conf echo "the LDAP schema has been modified" echo "" echo "Please enter the DN to use for updating NIS subtree" echo "This DN should be different from directory manager but should have" echo "all access on NIS subtree" echo "This user must be created in LDAP database before continuing this script" UPDATE_DN=`ask "Please enter the DN to use for updating NIS subtree" "cn=nis-admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"` UPDATE_PW=`passwdAsk "Please enter the password for $UPDATE_DN" ""` echo "rootdn $UPDATE_DN" > /etc/opt/SUNWconn/ldap/current/nis.conf echo "rootpw `$BASEDIR/SUNWconn/ldap/lib/dsypoff $UPDATE_PW`" >> /etc/opt/SUNWconn/ldap/current/nis.conf echo "ldapport $NETSCAPE_PORT" >> /etc/opt/SUNWconn/ldap/current/nis.conf echo "ldappath $NETSCAPE_PATH" >> /etc/opt/SUNWconn/ldap/current/nis.conf chmod 400 /etc/opt/SUNWconn/ldap/current/nis.conf # # ask if we are master or slave # HOSTNAME=`uname -n` MASTER_NAME="" MASTER=`ask "Is this host the master of the $NIS_DOMAIN domain (y/n)" y` if [ "$MASTER" = "y" ] then MASTER_NAME=$HOSTNAME else while test "$MASTER_NAME" = "" do if [ -d /var/yp/$NIS_DOMAIN -o -d /var/yp/binding/$NIS_DOMAIN ] then MASTER_NAME=`ypwhich -d $NIS_DOMAIN -m ypservers` else MASTER_NAME=`ask "Please enter the name of the master NIS server" $HOSTNAME` fi done fi # # edit the Makefile to call our scripts/binaries # cat <<% >/tmp/sed.$$ /\$(MULTI)/s/^/#/ /^MAKEDBM=/s!.*!MAKEDBM=$BASEDIR/SUNWconn/ldap/lib/dsmakedbm! /^MKALIAS=/s!.*!MKALIAS=$BASEDIR/SUNWconn/ldap/lib/dsmakealias! /^YPDBDIR=/s!.*!YPDBDIR=/var/yp/ldapsynch! % cd /var/yp sed -f /tmp/sed.$$ Makefile.tmp mv Makefile.tmp Makefile rm /tmp/sed.$$ # # restart the legacy NIS server to improve odds to # succcessfully issue ypwhich queries later in the script # if [ "$MASTER" = "y" ] then /usr/lib/netsvc/yp/ypstop /usr/lib/netsvc/yp/ypstart fi if [ "$MASTER_NAME" = $HOSTNAME ] then # # we are the master, ask for the location of the source files # SRC_FILE=`grep ^DIR Makefile | sed "s/.*= *//"` PSRC_FILE=`grep ^PWDIR Makefile | sed "s/.*= *//"` ASRC_FILE=`grep ^ALIASES Makefile | sed "s/.*= *//"` NSRC_FILE=`ask "Please enter the location of the maps source files" $SRC_FILE` if [ "$NSRC_FILE" != "$SRC_FILE" ] then LA_SRCFILE=`echo $NSRC_FILE | sed 's/\//\\\\\//g'` sed "s/^DIR *=.*/DIR=$LA_SRCFILE/" /var/yp/Makefile.$$ mv /var/yp/Makefile.$$ /var/yp/Makefile fi PASS_FILE=`ask "Please enter the location of the passwd source file" $NSRC_FILE` if [ "$PASS_FILE" != "$PSRC_FILE" ] then LA_SRCFILE=`echo $PASS_FILE | sed 's/\//\\\\\//g'` sed "s/^PWDIR *=.*/PWDIR=$LA_SRCFILE/" /var/yp/Makefile.$$ mv /var/yp/Makefile.$$ /var/yp/Makefile fi fi # # # we need to build a list of maps to manage to be able to add them # to the mapping file # # if a legacy NIS server for the domain is already running then # get the list from it # if we are a slave get the list from the master # # otherwise we will have to get it from the Makefile # and the list of source files # # delete the .time files # rm -f *.time ALL_MAPS= echo "Getting the list of maps" # # ask the server for all the maps # only for slaves. # if [ "$MASTER" != "y" ] then ALL_MAPS=`ypwhich -d $NIS_DOMAIN -m | sed "s/ .*//" | sort` elif [ "$ALL_MAPS" = "" ] then # # get the maps from /var/yp/Makefile # echo "Can't get list of maps from NIS," echo " getting them from NIS Makefile instead..." ALL_MAPS=`make -n 2>/dev/null | egrep "makedbm|mkalias|sendmail|makealias" | sed "s/.*\///;s/;.*$//" | egrep -v "dsmakedbm|mail.* *mail" | sort -u` fi echo "The list of detected maps is: " $ALL_MAPS echo "\nThis list might be incomplete" MAPS_LIST_NOK=`ask "Do you want to change it ?" n` while [ "$MAPS_LIST_NOK" = "y" ] do echo "Please continue to add the map names and stop with a blank line" for map in "$ALL_MAPS" do echo "next map to add: $map" done echo "next map to add: \c" while read map; test -n "$map" do ALL_MAPS="$ALL_MAPS $map" echo "next map to add: \c" done echo "The current list of maps is: " $ALL_MAPS MAPS_LIST_NOK=`ask "Do you want to change it ?" n` if [ "$MAPS_LIST_NOK" = "y" ] then ALL_MAPS="" fi done # # update the mapping file with the maps # the maps that we don't know will have the default mapping # change_nis_mapping $ALL_MAPS echo "For better performance of the import process" echo "it is useful to create some indexes in the LDAP server" if [ $(ask "Do you want this script to create these indexes automatically ?" y) = "y" ] then cd $NETSCAPE_PATH/shared/bin ./ldapmodify -c -D "$(echo $ADMIN_DN|sed 's/\"//g')" -w $ADMIN_PW -p $NETSCAPE_PORT << % >> /dev/null dn:cn=cn,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=iphostnumber,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=gidNumber,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=macAddress,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=sunNisKey,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=ipNetworkNumber,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=uid,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=uidNumber,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=ipProtocolNumber,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq dn:cn=oncRpcNumber,cn=index,cn=config,cn=ldbm changetype:add objectclass:nsIndex nssystemindex:false nsindextype:pres nsindextype:eq % fi # # Now everything is initialized, # we can call the dsypinit on all the maps # echo "" echo "You can import the current NIS data into the LDAP directory now or you can" echo "use the dsypinit command later." echo "The installation will not be complete and no data will be exported from" echo "LDAP to NIS until you use this command" echo "Importing the data can take a while depending in the amount of datas..." echo "" echo "Do you want to complete the installation" if [ $(ask "and import the existing NIS data into LDAP ?" y) = "n" ] then echo "To complete NIS extension installation run dsypinit -m or dsypinit -s command" exit 0 fi if [ "$MASTER_NAME" = $HOSTNAME ] then # # we are master # dsypinit -m -d $NIS_DOMAIN else # # we are a slave # YPDIR=/usr/lib/netsvc/yp YPSRV=/var/yp/binding/$NIS_DOMAIN if [ -x $YPDIR/ypbind ]; then if [ -d $YPSRV -a -f $YPSRV/ypservers ]; then $YPDIR/ypbind > /dev/null 2>&1 elif [ -d $YPSRV ]; then $YPDIR/ypbind -broadcast > /dev/null 2>&1 fi # do a ypwhich to force ypbind to get bound ypwhich -d $NIS_DOMAIN > /dev/null 2>&1 fi domainname $NIS_DOMAIN dsypinit -s $MASTER_NAME fi if [ $? -ne 0 ] then echo "dsypinit failed, restoring previous configuration" trapfunc fi echo $NIS_DOMAIN > /etc/defaultdomain # # That's all folks # exit 0