path: root/lib/60-ldap



#!/bin/sh

ldap_add(){
  # Add a DN if it doesn't already exist. Takes ldif-formatted attributes on stdin.
  # $1 = the DN
  _ldap_add_dn=$1; shift
  if ldap_search -s base -b "$_ldap_add_dn" dn > /dev/null 2>&1; then
    log "${_ldap_add_dn} already exists"
  else
    { printf 'dn: %s\n' "$_ldap_add_dn"; cat; } | {
      if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
        ldapadd -Q "$@"
      else
        ldapadd -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@"
      fi
    }
  fi
}

ldap_modify(){
  # Modify a DN. Takes ldif-formatted attributes on stdin.
  # $1 = the DN
  _ldap_modify_dn=$1; shift
  { printf 'dn: %s\nchangetype: modify\n' "$_ldap_modify_dn"; cat; } | {
    if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
      ldapmodify -Q "$@"
    else
      ldapmodify -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@"
    fi
  }
}

ldap_delete(){
  # Delete a DN.
  # $1 = the DN
  if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
    ldapdelete -Q "$@"
  else
    ldapdelete -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@"
  fi
}

ldap_search(){
  # Perform an LDAP search
  # $1..$N = same as ldapsearch.
  if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
    ldapsearch -QLLL "$@"
  else
    ldapsearch -o ldif_wrap=no -x -LLLZZ -D "$boxconf_dn" -w "$boxconf_password" "$@"
  fi
}

ldap_add_attribute(){
  # Add a single attribute value to an object if it's not already present.
  # $1 = DN
  # $2 = attribute
  # $3 = value
  ldap_search -b "$1" -s base "(${2}=${3})" dn | grep -q '^dn:' || ldap_modify "$1" <<EOF
add: ${2}
${2}: ${3}
EOF
}

ldap_replace_attribute(){
  # Replace all values for a single attribute.
  # $1 = DN
  # $2 = attribute
  # $3..$N = values
  _ldap_replattr_dn=$1; shift
  _ldap_replattr_attr=$1; shift

  ldap_modify "$_ldap_replattr_dn" <<EOF
replace: ${ldap_replattr_attr}
$(printf "${ldap_replattr_attr}: %s\n" "$@")
EOF
}

ldap_rdn_value(){
  # Get the leftmost attribute value from a DN.
  # $1 = DN
  echo "$1" | sed -E 's/^[^=]+=([^,]+),.*$/\1/'
}

ldap_dn_exists(){
  # Return 0 if DN exists, else 1.
  # $1 = DN
  ldap_search -s base -b "$1" dn > /dev/null 2>&1
}

ldap_passwd(){
  # Set the userPassword attribute on a DN.
  # $1 = DN, $2 = password
  if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
    ldappasswd -Q -s "$2" "$1"
  else
    ldappasswd -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" -s "$2" "$1"
  fi
}
#!/bin/sh

ldap_add(){
  # Add a DN if it doesn't already exist. Takes ldif-formatted attributes on stdin.
  # $1 = the DN
  _ldap_add_dn=$1; shift
  if ldap_search -s base -b "$_ldap_add_dn" dn > /dev/null 2>&1; then
    log "${_ldap_add_dn} already exists"
  else
    { printf 'dn: %s\n' "$_ldap_add_dn"; cat; } | {
      if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
        ldapadd -Q "$@"
      else
        ldapadd -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@"
      fi
    }
  fi
}

ldap_modify(){
  # Modify a DN. Takes ldif-formatted attributes on stdin.
  # $1 = the DN
  _ldap_modify_dn=$1; shift
  { printf 'dn: %s\nchangetype: modify\n' "$_ldap_modify_dn"; cat; } | {
    if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
      ldapmodify -Q "$@"
    else
      ldapmodify -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@"
    fi
  }
}

ldap_delete(){
  # Delete a DN.
  # $1 = the DN
  if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
    ldapdelete -Q "$@"
  else
    ldapdelete -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@"
  fi
}

ldap_search(){
  # Perform an LDAP search
  # $1..$N = same as ldapsearch.
  if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
    ldapsearch -QLLL "$@"
  else
    ldapsearch -o ldif_wrap=no -x -LLLZZ -D "$boxconf_dn" -w "$boxconf_password" "$@"
  fi
}

ldap_add_attribute(){
  # Add a single attribute value to an object if it's not already present.
  # $1 = DN
  # $2 = attribute
  # $3 = value
  ldap_search -b "$1" -s base "(${2}=${3})" dn | grep -q '^dn:' || ldap_modify "$1" <<EOF
add: ${2}
${2}: ${3}
EOF
}

ldap_replace_attribute(){
  # Replace all values for a single attribute.
  # $1 = DN
  # $2 = attribute
  # $3..$N = values
  _ldap_replattr_dn=$1; shift
  _ldap_replattr_attr=$1; shift

  ldap_modify "$_ldap_replattr_dn" <<EOF
replace: ${ldap_replattr_attr}
$(printf "${ldap_replattr_attr}: %s\n" "$@")
EOF
}

ldap_rdn_value(){
  # Get the leftmost attribute value from a DN.
  # $1 = DN
  echo "$1" | sed -E 's/^[^=]+=([^,]+),.*$/\1/'
}

ldap_dn_exists(){
  # Return 0 if DN exists, else 1.
  # $1 = DN
  ldap_search -s base -b "$1" dn > /dev/null 2>&1
}

ldap_passwd(){
  # Set the userPassword attribute on a DN.
  # $1 = DN, $2 = password
  if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then
    ldappasswd -Q -s "$2" "$1"
  else
    ldappasswd -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" -s "$2" "$1"
  fi
}