#!/bin/sh ldap_add(){ # Add a DN if it doesn't already exist. Takes ldif-formatted attributes on stdin. # $1 = the DN _ldap_add_dn=$1; shift if ldap_search -s base -b "$_ldap_add_dn" dn > /dev/null 2>&1; then log "${_ldap_add_dn} already exists" else { printf 'dn: %s\n' "$_ldap_add_dn"; cat; } | { if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then ldapadd -Q "$@" else ldapadd -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@" fi } fi } ldap_modify(){ # Modify a DN. Takes ldif-formatted attributes on stdin. # $1 = the DN _ldap_modify_dn=$1; shift { printf 'dn: %s\nchangetype: modify\n' "$_ldap_modify_dn"; cat; } | { if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then ldapmodify -Q "$@" else ldapmodify -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@" fi } } ldap_delete(){ # Delete a DN. # $1 = the DN if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then ldapdelete -Q "$@" else ldapdelete -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" "$@" fi } ldap_search(){ # Perform an LDAP search # $1..$N = same as ldapsearch. if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then ldapsearch -QLLL "$@" else ldapsearch -o ldif_wrap=no -x -LLLZZ -D "$boxconf_dn" -w "$boxconf_password" "$@" fi } ldap_add_attribute(){ # Add a single attribute value to an object if it's not already present. # $1 = DN # $2 = attribute # $3 = value ldap_search -b "$1" -s base "(${2}=${3})" dn | grep -q '^dn:' || ldap_modify "$1" < /dev/null 2>&1 } ldap_passwd(){ # Set the userPassword attribute on a DN. # $1 = DN, $2 = password if [ "${BOXCONF_LDAP_SASL:-}" = true ]; then ldappasswd -Q -s "$2" "$1" else ldappasswd -ZZ -x -D "$boxconf_dn" -w "$boxconf_password" -s "$2" "$1" fi }