[ Index ]

PHP Cross Reference of Unnamed Project

title

Body

[close]

/se3-internet/sources/sbin/ -> reset-internet.sh (source)

   1  #!/bin/bash
   2  ##### reinitialisation ldap des  cn=machine #####
   3  # licence GPL
   4  # auteur : denis bonnenfant 6/02/2008
   5  ##
   6  # $Id: reset-internet.sh 3280 2008-10-12 20:40:29Z dbo $ ##
   7  if [ "$1" == "--help" -o "$1" == "-h" ]
   8  then
   9  echo "Script d'initialisation des enregistrements ldap cn=machine "
  10  echo "normalement exécuté en tache cron"
  11  echo "Usage : reset-internet.sh [utilisateur|machine]"
  12  echo "--help cette aide"
  13  exit
  14  fi
  15  # réinitialisation des droits d'accès à internet : doit être executé la nuit 
  16  # argument optionnel : un nom  (login ou nom machine)
  17  
  18  if [ -z "$1" ]; then
  19          nom="*"
  20  else
  21          nom="$1"
  22  fi
  23  
  24  if [ -e /var/www/se3/includes/config.inc.php ]; then
  25          dbhost=`cat /var/www/se3/includes/config.inc.php | grep "dbhost=" | cut -d = -f 2 |cut -d \" -f 2`
  26          dbname=`cat /var/www/se3/includes/config.inc.php | grep "dbname=" | cut -d = -f 2 |cut -d \" -f 2`
  27          dbuser=`cat /var/www/se3/includes/config.inc.php | grep "dbuser=" | cut -d = -f 2 |cut -d \" -f 2`
  28          dbpass=`cat /var/www/se3/includes/config.inc.php | grep "dbpass=" | cut -d = -f 2 |cut -d \" -f 2`
  29  else
  30          echo "Fichier de conf inaccessible" >> $SE3LOG
  31          exit 1
  32  fi
  33  
  34  #
  35  # Recuperation des params LDAP
  36  #
  37  
  38  BASEDN=`echo "SELECT value FROM params WHERE name='ldap_base_dn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N`
  39  if [ -z "$BASEDN" ]; then
  40          echo "Impossible d'accéder au paramètre BASEDN"
  41          exit 1
  42  fi
  43  COMPUTERSRDN=`echo "SELECT value FROM params WHERE name='computersRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N`
  44  if [ -z "$COMPUTERSRDN" ]; then
  45          echo "Impossible d'accéder au paramètre COMPUTERSRDN"
  46          exit 1
  47  fi
  48  PEOPLERDN=`echo "SELECT value FROM params WHERE name='peopleRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N`
  49  if [ -z "$PEOPLERDN" ]; then
  50          echo "Impossible d'accéder au paramètre PEOPLERDN"
  51          exit 1
  52  fi
  53  PARCSRDN=`echo "SELECT value FROM params WHERE name='parcsRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N`
  54  if [ -z "$PARCSRDN" ]; then
  55          echo "Impossible d'accéder au paramètre PARCSRDN"
  56          exit 1
  57  fi
  58  ADMINRDN=`echo "SELECT value FROM params WHERE name='adminRdn'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N`
  59  if [ -z "$ADMINRDN" ]; then
  60          echo "Impossible d'accéder au paramètre ADMINRDN"
  61          exit 1
  62  fi
  63  ADMINPW=`echo "SELECT value FROM params WHERE name='adminPw'" | mysql -h $dbhost $dbname -u $dbuser -p$dbpass -N`
  64  if [ -z "$ADMINPW" ]; then
  65          echo "Impossible d'accéder au paramètre ADMINPW"
  66          exit 1
  67  fi
  68  
  69  # on verifie l'existence des parcs portables_profs et portables_eleves 
  70  # on cherche le parc portable prof
  71      resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(cn=portables_profs)" cn | grep "cn: portables_profs" | cut -d " " -f2)
  72          if [ -z "$resp" ]; then 
  73          (    echo "dn: cn=portables_profs,$PARCSRDN,$BASEDN"
  74              echo "changetype: add"
  75              echo "cn: portables_profs"
  76              echo "objectClass: groupOfNames"
  77                    echo "member: cn=ordi-bidon,$COMPUTERSRDN,$BASEDN"
  78          )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
  79      fi
  80  # on cherche le parc portable eleve
  81      resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(cn=portables_eleves)" cn | grep "cn: portables_eleves" | cut -d " " -f2)
  82          if [ -z "$resp" ]; then 
  83          (    echo "dn: cn=portables_eleves,$PARCSRDN,$BASEDN"
  84              echo "changetype: add"
  85              echo "cn: portables_eleves"
  86              echo "objectClass: groupOfNames"
  87                    echo "member: cn=ordi-bidon,$COMPUTERSRDN,$BASEDN"
  88          )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
  89      fi
  90  # on cherche le parc portable internes
  91      resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(cn=portables_internes)" cn | grep "cn: portables_internes" | cut -d " " -f2)
  92          if [ -z "$resp" ]; then 
  93          (    echo "dn: cn=portables_internes,$PARCSRDN,$BASEDN"
  94              echo "changetype: add"
  95              echo "cn: portables_internes"
  96              echo "objectClass: groupOfNames"
  97                    echo "member: cn=ordi-bidon,$COMPUTERSRDN,$BASEDN"
  98          )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
  99      fi
 100  
 101  
 102  
 103  # On cherche les machines 
 104  echo "raz machines"
 105  for machine in $(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$nom))" cn | grep "cn:" | cut -d ' ' -f2) ; do
 106          droit_m=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $COMPUTERSRDN,$BASEDN "(&(objectClass=ipHost)(cn=$machine))" destinationIndicator | grep -i "destinationIndicator:" | cut -d " " -f2)
 107      if  [ -z "$droit_m" ]; then
 108              (    echo "dn: cn=$machine,$COMPUTERSRDN,$BASEDN"
 109              echo "changetype: modify"
 110              echo "add: destinationIndicator"
 111              echo "destinationIndicator: intranet:intranet:tous"  
 112              )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
 113          echo -n "."
 114      else
 115              droit_m_p=$(echo $droit_m | cut -d ":" -f1)
 116          case $droit_m_p in 
 117              intranet|internet-cours|internet-pause|internet-soir|internet|total)
 118              ;;
 119              *)
 120                  droit_m_p="intranet"
 121              ;;
 122          esac
 123  #
 124  # on cherche le(s) parc(s) pour savoir si c'est un portable prof
 125          resp=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PARCSRDN,$BASEDN "(member=cn=$machine,$COMPUTERSRDN,$BASEDN)" cn | grep "cn: portables_" | cut -d " " -f2)
 126      
 127          case $resp in
 128              portables_profs)
 129                  descr="internet:internet:tous"
 130              ;;
 131              portables_eleves)
 132                  descr="internet-pause:internet-pause:tous"
 133              ;;
 134              portables_internes)
 135                  descr="internet-soir:internet-soir:tous"
 136              ;;
 137  # toutes     les autres machines : on se base sur les scripts de login
 138              *)
 139                      descr="$droit_m_p:intranet:tous"
 140              ;;
 141          esac
 142          if [ "$droit_m" != "$descr" ]; then
 143                  (    echo "dn: cn=$machine,$COMPUTERSRDN,$BASEDN"
 144                  echo "changetype: modify"
 145                  echo "replace: destinationIndicator"
 146                  echo "destinationIndicator: $descr"  
 147                  )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
 148          echo -n "."
 149          fi
 150      fi
 151  done
 152  
 153  # on cherche les utilisateurs et on réinitialise leurs droits 
 154  echo "raz utilisateurs"
 155  for user in $(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$nom)" uid | grep "uid:" | cut -d " " -f2) ; do
 156      droit_u=$(ldapsearch -xLLL -D $ADMINRDN,$BASEDN -w $ADMINPW -b $PEOPLERDN,$BASEDN "(uid=$user)" destinationIndicator | grep -i "destinationIndicator:" | cut -d " " -f2)
 157      if [ -z "$droit_u" ]; then 
 158          descr="eleve:aucun:tous"
 159          (   echo "dn: uid=$user,$PEOPLERDN,$BASEDN"
 160                  echo "changetype: modify"
 161                  echo "add: destinationIndicator"
 162                  echo "destinationIndicator: $descr" 
 163          )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
 164          echo -n "."
 165      else
 166          droit_u_p=$(echo $droit_u | cut -d ":" -f1)
 167          droit_u_t=$(echo $droit_u |cut -d ":" -f2)
 168      plage_u=$(echo $droit_u |cut -d ":" -f3)
 169          case $droit_u_p in
 170            eleve) # eleve
 171           case $plage_u in
 172          tous)
 173              #  acces permanent !     
 174          ;;
 175              cours*)
 176                  droit_u_t="intranet"
 177              plage_u="tous"
 178          ;;
 179           esac    
 180            ;;       
 181            prof|administratif|admin) # prof
 182              droit_u_t="internet"
 183              plage_u="tous" 
 184            ;; 
 185        *)
 186                  droit_u_p="eleve"
 187              droit_u_t="aucun"
 188              plage_u="tous"
 189        ;;
 190              
 191          esac
 192          descr="$droit_u_p:$droit_u_t:$plage_u" 
 193      if [ "$droit_u" != "$descr" ]; then 
 194          (   echo "dn: uid=$user,$PEOPLERDN,$BASEDN"
 195              echo "changetype: modify"
 196              echo "replace: destinationIndicator"
 197              echo "destinationIndicator: $descr" 
 198          )| ldapmodify  -x  -D $ADMINRDN,$BASEDN -w $ADMINPW > /dev/null
 199          echo -n "."
 200      fi
 201     fi
 202  done


Generated: Tue Mar 17 22:47:18 2015 Cross-referenced by PHPXref 0.7.1