#!/bin/sh #------------------------------------------------------------------------------ # /var/install/bin/ldapclient-test-connection - test connection to ldap server # # Copyright (c) 2009-2023 The Eisfair Team, team(at)eisfair(dot)org # # Creation : 2012-06-18 jed # Last Update: $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #------------------------------------------------------------------------------ #include eislib etc. . /var/install/include/eislib . /var/install/include/jedlib #exec 2>/tmp/ldapclient-test-connection-trace-$$.log #set -x #============================================================================== # main #============================================================================== # set defaults homedir='/home/ldap' ldapclient_configfile=/etc/config.d/ldapclient ldapclient_pwfile=${homedir}/.ldapclient.pw ldapclient_logfile=/tmp/ldapclient-test-connection.log clrhome mecho --info "Test LDAP connection" mecho if [ -f ${ldapclient_configfile} ] then . ${ldapclient_configfile} if [ "${START_LDAPCLIENT}" = "yes" ] then ldap_hosturi="${LDAPCLIENT_LDAP_HOSTURI}" ldap_binddn="cn=${LDAPCLIENT_LDAP_ADMIN_NAME},${LDAPCLIENT_LDAP_BASEDN}" ldap_searchbase="ou=Addresses,${LDAPCLIENT_LDAP_BASEDN}" mecho "LDAP HostURI : ${ldap_hosturi}" mecho "LDAP BindDN : ${ldap_binddn}" mecho -n "Authentication: " if [ "${LDAPCLIENT_LDAP_AUTH}" = "yes" ] then # authenticated search mecho --info "enabled" mecho " Login : ${LDAPCLIENT_LDAP_ADMIN_NAME}" mecho -n " Password : " if [ -z "${LDAPCLIENT_LDAP_ADMIN_PASS}" ] then ldap_options="-D ${ldap_binddn} -W" mecho --warn "empty, need to entered" else ldap_options="-D ${ldap_binddn} -y ${ldapclient_pwfile}" mecho "******" # write password to file without LF (0a) echo -n "${LDAPCLIENT_LDAP_ADMIN_PASS}" > ${ldapclient_pwfile} chmod 0600 ${ldapclient_pwfile} fi else # anonymous search ldap_options='' mecho "disabled" fi # -z nn - limit number of returned results ldap_options="${ldap_options} -z 1" mecho "SSL cert check: ${LDAPCLIENT_SERVER_CERT_CHECK}" mecho mecho "Trying to read from LDAP directory ..." mecho rm -f ${ldapclient_logfile} { echo "---${EISTIME}----------------------------------------------------------" ldapsearch ${ldap_options} -x -b ${ldap_searchbase} -H ${ldap_hosturi} "(cn=*)" givenName sn cn homePhone mobile telephoneNumber mail # https://www.centos.org/docs/5/html/CDS/cli/8.0/Configuration_Command_File_ # Reference-Access_Log_and_Connection_Code_Reference-LDAP_Result_Codes.html # 0 - SUCCESS # 4 - SIZE_LIMIT_EXCEEDED if [ $? -eq 0 -o $? -eq 4 ] then echo echo "search requested succeded." else echo echo "search request failed!" fi echo "---------------------------------------------------------------------" } >> ${ldapclient_logfile} 2>> ${ldapclient_logfile} anykey # check if show-doc.cui supports colors color='' frame='' if $(grep -qE "^MENU=['\"]/var/install/bin/show-menu['\"]" /etc/config.d/setup) then color='--nocolor' frame='--noframe' fi /var/install/bin/show-doc.cui ${color} ${frame} --title ${ldapclient_logfile} ${ldapclient_logfile} rm -f ${ldapclient_pwfile} rm -f ${ldapclient_logfile} else mecho --warn "Parameter START_LDAPCLIENT='no' has been set!" fi else mecho --error "Configuration file '${ldapclient_configfile}' doesn't exist!" exit 1 fi exit 0