| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 #!/bin/bash 2 ##### reinitialisation ldap des cn=machine ##### 3 # licence GPL 4 # auteur : denis bonnenfant 6/02/2008 5 ## 6 # $Id: reset-internet.sh 3280 2008-10-12 20:40:29Z dbo $ ## 7 if [ "$1" == "--help" -o "$1" == "-h" ] 8 then 9 echo "Script d'initialisation des enregistrements ldap cn=machine " 10 echo "normalement exécuté en tache cron" 11 echo "Usage : reset-internet.sh [utilisateur|machine]" 12 echo "--help cette aide" 13 exit 14 fi 15 # réinitialisation des droits d'accès à internet : doit être executé la nuit 16 # argument optionnel : un nom (login ou nom machine) 17 18 if [ -z "$1" ]; then 19 nom="*" 20 else 21 nom="$1" 22 fi 23 24 if [ -e /var/www/se3/includes/config.inc.php ]; then 25 dbhost=`cat /var/www/se3/includes/config.inc.php | grep "dbhost=" | cut -d = -f 2 |cut -d \" -f 2` 26 dbname=`cat /var/www/se3/includes/config.inc.php | grep "dbname=" | cut -d = -f 2 |cut -d \" -f 2` 27 dbuser=`cat /var/www/se3/includes/config.inc.php | grep "dbuser=" | cut -d = -f 2 |cut -d \" -f 2` 28 dbpass=`cat /var/www/se3/includes/config.inc.php | grep "dbpass=" | cut -d = -f 2 |cut -d \" -f 2` 29 else 30 echo "Fichier de conf inaccessible" >> $SE3LOG 31 exit 1 32 fi 33 34 # 35 # Recuperation des params LDAP 36 # 37 38 BASEDN=`echo "SELECT value FROM params WHERE name='ldap_base_dn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` 39 if [ -z "$BASEDN" ]; then 40 echo "Impossible d'accéder au paramètre BASEDN" 41 exit 1 42 fi 43 COMPUTERSRDN=`echo "SELECT value FROM params WHERE name='computersRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` 44 if [ -z "$COMPUTERSRDN" ]; then 45 echo "Impossible d'accéder au paramètre COMPUTERSRDN" 46 exit 1 47 fi 48 PEOPLERDN=`echo "SELECT value FROM params WHERE name='peopleRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` 49 if [ -z "$PEOPLERDN" ]; then 50 echo "Impossible d'accéder au paramètre PEOPLERDN" 51 exit 1 52 fi 53 PARCSRDN=`echo "SELECT value FROM params WHERE name='parcsRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` 54 if [ -z "$PARCSRDN" ]; then 55 echo "Impossible d'accéder au paramètre PARCSRDN" 56 exit 1 57 fi 58 ADMINRDN=`echo "SELECT value FROM params WHERE name='adminRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` 59 if [ -z "$ADMINRDN" ]; then 60 echo "Impossible d'accéder au paramètre ADMINRDN" 61 exit 1 62 fi 63 ADMINPW=`echo "SELECT value FROM params WHERE name='adminPw'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N` 64 if [ -z "$ADMINPW" ]; then 65 echo "Impossible d'accéder au paramètre ADMINPW" 66 exit 1 67 fi 68 69 # on verifie l'existence des parcs portables_profs et portables_eleves 70 # on cherche le parc portable prof 71 resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(cn=portables_profs)" cn | grep "cn: portables_profs" | cut -d " " -f2) 72 if [ -z "$resp" ]; then 73 ( echo "dn: cn=portables_profs,$PARCSRDN,$BASEDN" 74 echo "changetype: add" 75 echo "cn: portables_profs" 76 echo "objectClass: groupOfNames" 77 echo "member: cn=ordi-bidon,$COMPUTERSRDN,$BASEDN" 78 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 79 fi 80 # on cherche le parc portable eleve 81 resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(cn=portables_eleves)" cn | grep "cn: portables_eleves" | cut -d " " -f2) 82 if [ -z "$resp" ]; then 83 ( echo "dn: cn=portables_eleves,$PARCSRDN,$BASEDN" 84 echo "changetype: add" 85 echo "cn: portables_eleves" 86 echo "objectClass: groupOfNames" 87 echo "member: cn=ordi-bidon,$COMPUTERSRDN,$BASEDN" 88 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 89 fi 90 # on cherche le parc portable internes 91 resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(cn=portables_internes)" cn | grep "cn: portables_internes" | cut -d " " -f2) 92 if [ -z "$resp" ]; then 93 ( echo "dn: cn=portables_internes,$PARCSRDN,$BASEDN" 94 echo "changetype: add" 95 echo "cn: portables_internes" 96 echo "objectClass: groupOfNames" 97 echo "member: cn=ordi-bidon,$COMPUTERSRDN,$BASEDN" 98 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 99 fi 100 101 102 103 # On cherche les machines 104 echo "raz machines" 105 for machine in $(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$nom))" cn | grep "cn:" | cut -d ' ' -f2) ; do 106 droit_m=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$machine))" destinationIndicator | grep -i "destinationIndicator:" | cut -d " " -f2) 107 if [ -z "$droit_m" ]; then 108 ( echo "dn: cn=$machine,$COMPUTERSRDN,$BASEDN" 109 echo "changetype: modify" 110 echo "add: destinationIndicator" 111 echo "destinationIndicator: intranet:intranet:tous" 112 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 113 echo -n "." 114 else 115 droit_m_p=$(echo $droit_m | cut -d ":" -f1) 116 case $droit_m_p in 117 intranet|internet-cours|internet-pause|internet-soir|internet|total) 118 ;; 119 *) 120 droit_m_p="intranet" 121 ;; 122 esac 123 # 124 # on cherche le(s) parc(s) pour savoir si c'est un portable prof 125 resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(member=cn=$machine,$COMPUTERSRDN,$BASEDN)" cn | grep "cn: portables_" | cut -d " " -f2) 126 127 case $resp in 128 portables_profs) 129 descr="internet:internet:tous" 130 ;; 131 portables_eleves) 132 descr="internet-pause:internet-pause:tous" 133 ;; 134 portables_internes) 135 descr="internet-soir:internet-soir:tous" 136 ;; 137 # toutes les autres machines : on se base sur les scripts de login 138 *) 139 descr="$droit_m_p:intranet:tous" 140 ;; 141 esac 142 if [ "$droit_m" != "$descr" ]; then 143 ( echo "dn: cn=$machine,$COMPUTERSRDN,$BASEDN" 144 echo "changetype: modify" 145 echo "replace: destinationIndicator" 146 echo "destinationIndicator: $descr" 147 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 148 echo -n "." 149 fi 150 fi 151 done 152 153 # on cherche les utilisateurs et on réinitialise leurs droits 154 echo "raz utilisateurs" 155 for user in $(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$nom)" uid | grep "uid:" | cut -d " " -f2) ; do 156 droit_u=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$user)" destinationIndicator | grep -i "destinationIndicator:" | cut -d " " -f2) 157 if [ -z "$droit_u" ]; then 158 descr="eleve:aucun:tous" 159 ( echo "dn: uid=$user,$PEOPLERDN,$BASEDN" 160 echo "changetype: modify" 161 echo "add: destinationIndicator" 162 echo "destinationIndicator: $descr" 163 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 164 echo -n "." 165 else 166 droit_u_p=$(echo $droit_u | cut -d ":" -f1) 167 droit_u_t=$(echo $droit_u |cut -d ":" -f2) 168 plage_u=$(echo $droit_u |cut -d ":" -f3) 169 case $droit_u_p in 170 eleve) # eleve 171 case $plage_u in 172 tous) 173 # acces permanent ! 174 ;; 175 cours*) 176 droit_u_t="intranet" 177 plage_u="tous" 178 ;; 179 esac 180 ;; 181 prof|administratif|admin) # prof 182 droit_u_t="internet" 183 plage_u="tous" 184 ;; 185 *) 186 droit_u_p="eleve" 187 droit_u_t="aucun" 188 plage_u="tous" 189 ;; 190 191 esac 192 descr="$droit_u_p:$droit_u_t:$plage_u" 193 if [ "$droit_u" != "$descr" ]; then 194 ( echo "dn: uid=$user,$PEOPLERDN,$BASEDN" 195 echo "changetype: modify" 196 echo "replace: destinationIndicator" 197 echo "destinationIndicator: $descr" 198 )| ldapmodify -x -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null 199 echo -n "." 200 fi 201 fi 202 done
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Mar 17 22:47:18 2015 | Cross-referenced by PHPXref 0.7.1 |