: !/bin/sh #///* #//************************************************************************* #//** * #//** Copyright (C) 2002-2011 Trans-Mit Pty. Ltd. Melbourne Australia * #//** This software may not be loaned, resold, changed or copied * #//** in any way without the express written permission of author * #//** and Trans-Mit Pty. Ltd., Australia. * #//** * #//************************************************************************* #//** #//** $Header: $ #//** $Author: $ #//** $Date: $ #//** $Locker: $ #//** #//************************************************************************* #//*/ # get env vars . /u/catcom/ldap_vars login="$1" password="$2" tmp1file="/tmp/LDAPauth$$" rm -f "$tmp1file" # both must not be blank if [ -z "$login" -o -z "$password" ]; then echo "$: ERROR - login and pasword must both be NON-BLANK" 1>&2 # return NOT authenticated exit 2 fi ############################################## # see ldap_vars for the following env vars # WB_LDAPURI # WB_LDAPHOST # WB_LDAPPORT # WB_BINDDN # WB_BINDPW # WB_BASEDN #----------------------------------- # set LDAPSERVER if [ -n "$WB_LDAPURI" ]; then LDAPSERVER="-H $WB_LDAPURI" else if [ -z "$WB_LDAPHOST" ]; then echo "$: ERROR - WB_LDAPURI or WB_LDAPHOST not set" 1>&2 # return NOT authenticated exit 3 fi LDAPSERVER="-h $WB_LDAPHOST" fi if [ -n "$WB_LDAPPORT" ]; then LDAPSERVER="$LDAPSERVER -p $WB_LDAPPORT" fi ## set LDAPADMIN_BIND #if [ -n "$WB_BINDDN" ]; then # # admin user bind # #LDAPADMIN_BIND=" -D $WB_BINDDN -w \"$WB_BINDPW\"" # LDAPADMIN_BIND="-D $WB_BINDDN" # if [ -n "$WB_BINDPW" ]; then # LDAPADMIN_BIND="$LDAPADMIN_BIND -w $WB_BINDPW" # fi #else # # anonymous bind # LDAPADMIN_BIND="" #fi if [ -z "$WB_BASEDN" ]; then echo "$: ERROR - WB_BASEDN not set" 1>&2 # return NOT authenticated exit 4 fi #----------------------------------- srchcn="$login" ##FILTER="(cn=$srchcn)" ##FILTER="(employeeID=$srchcn)" #FILTER="(sAMAccountName=$srchcn)" #FILTER="(cn=$srchcn)" #FILTER="(|(cn=$srchcn)(employeeID=$srchcn)(sAMAccountName=$srchcn)(mail=$srchcn))(userPrincipalName=$srchcn)" #FILTER="(&(memberOf=CN=GG-TELMAX-USERS,OU=TELMAX,OU=Commercial,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au)(|(cn=$srchcn)(employeeID=$srchcn)(sAMAccountName=$srchcn)(mail=$srchcn)(userPrincipalName=$srchcn)))" FILTER="(${WB_BASEFILTER}(|(cn=$srchcn)(employeeID=$srchcn)(sAMAccountName=$srchcn)(mail=$srchcn)(userPrincipalName=$srchcn)))" #----------------------------------- # unwrap warped lines in ldapserach output fixldapsearchoutput() { awk ' { if ( substr($0,1,1) == " " ) { lastline = lastline substr($0,2) next } if ( plast == 1 ) { print lastline lastline = "" plast = 0 } lastline = $0 plast = 1 } END { if ( plast == 1 ) print lastline }' } #----------------------------------- echo "$0: LDAPSERVER=[$LDAPSERVER]" 1>&2 echo "$0: WB_BINDDN=[$WB_BINDDN]" 1>&2 echo "$0: LDAPADMIN_BIND=[$LDAPADMIN_BIND]" 1>&2 echo "$0: WB_BASEDN=[$WB_BASEDN]" 1>&2 echo "$0: FILTER=[$FILTER]" 1>&2 echo "$0: using simple auth" 1>&2 #echo "ldapsearch -L \ # $LDAPSERVER \ # -x $LDAPADMIN_BIND \ # -b \"$WB_BASEDN\" \ # "$FILTER" \ # cn dn distinguishedName " #exit 0 LDAPresult="" ( (ldapsearch -L \ $LDAPSERVER -x \ -D "$WB_BINDDN" -w "$WB_BINDPW" \ -b "$WB_BASEDN" \ "$FILTER" \ cn dn distinguishedName \ 2>&1) | sed -e 's/\\/\\\\/g' | fixldapsearchoutput | \ while read af1 arest do echo "$0: af1=[$af1] arest=[$arest]" 1>&2 if [ "$af1" = "dn:" -o "$af1" = "distinguishedName:" ]; then distinguishedName="$arest" echo "distinguishedName=\"$distinguishedName\"" echo "export distinguishedName" echo "$0: initial BIND Found distinguishedName=[$distinguishedName]" 1>&2 fi if [ "$af1" = "#" -a "$arest" = "numEntries: 1" -a "$distinguishedName" != "" ]; then echo "$0: Initil admin BIND and search OK." 1>&2 # now bind with found distinguishedName and login password (ldapsearch -L \ $LDAPSERVER -x \ -D "$distinguishedName" -w "$password" \ -b "$WB_BASEDN" \ "$FILTER" \ cn displayName fullName \ mail $WB_LDAP_ATTRIB_DCUSER \ 2>&1) | fixldapsearchoutput | \ while read bf1 brest do echo "$0: bf1=[$bf1] brest=[$brest]" 1>&2 if [ "$bf1" = "cn:" ]; then cn="$brest" echo "cn=\"$cn\"" echo "export cn" echo "$0: Found cn=[$cn]" 1>&2 fi if [ "$bf1" = "displayName:" -o "$bf1" = "fullName:" ]; then displayName="$brest" echo "displayName=\"$displayName\"" echo "export displayName" echo "$0: Found displayName=[$displayName]" 1>&2 fi if [ "$bf1" = "sAMAccountName:" ]; then sAMAccountName="$brest" echo "email=\"$sAMAccountName\"" echo "export sAMAccountName" echo "$0: Found sAMAccountName=[$sAMAccountName]" 1>&2 fi if [ "$bf1" = "employeeID:" ]; then employeeID="$brest" echo "employeeID=\"$employeeID\"" echo "export employeeID" echo "$0: Found employeeID=[$employeeID]" 1>&2 fi if [ "$bf1" = "mail:" ]; then email="$brest" echo "email=\"$email\"" echo "export email" echo "$0: Found email=[$email]" 1>&2 fi if [ -n "$WB_LDAP_ATTRIB_DCUSER" -a "$bf1" = "${WB_LDAP_ATTRIB_DCUSER}:" ]; then tmpldapadcu="$brest" echo "$WB_LDAP_ATTRIB_DCUSER=\"$tmpldapadcu\"" echo "export $WB_LDAP_ATTRIB_DCUSER" echo "$0: Found $WB_LDAP_ATTRIB_DCUSER=[$tmpldapadcu]" 1>&2 fi if [ "$bf1" = "#" -a "$brest" = "numEntries: 1" ]; then echo "$0: user BIND OK." 1>&2 # authenticated OK. LDAPresult="0" echo "LDAPresult=\"$LDAPresult\"" echo "export LDAPresult" break fi done break fi done ) > "$tmp1file" . "$tmp1file" if [ -z "$LDAPresult" ]; then # NOT authenticated LDAPresult="1" echo "LDAPresult=\"$LDAPresult\"" echo "export LDAPresult" else cat "$tmp1file" fi #cp "$tmp1file" 1 rm -f "$tmp1file" # return result exit $LDAPresult